Architecture specific change in rpms/rust-tokio-async-await.git
by githook-noreply@fedoraproject.org
The package rpms/rust-tokio-async-await.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/rust-tokio-async-await.git/commit....
Change:
-ExclusiveArch: %{rust_arches}
Thanks.
Full change:
============
commit cb5b201c5db7762c2479e0217f6c16b7176af0b3
Author: Josh Stone <jistone(a)redhat.com>
Date: Wed Apr 1 15:11:37 2020 -0700
Nothing uses it anymore
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 144e617..0000000
--- a/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/tokio-async-await-0.1.7.crate
diff --git a/README.md b/README.md
deleted file mode 100644
index 2fc5fcd..0000000
--- a/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# rust-tokio-async-await
-
-The rust-tokio-async-await package
\ No newline at end of file
diff --git a/dead.package b/dead.package
new file mode 100644
index 0000000..7da3e7c
--- /dev/null
+++ b/dead.package
@@ -0,0 +1 @@
+Nothing uses it anymore
diff --git a/rust-tokio-async-await.spec b/rust-tokio-async-await.spec
deleted file mode 100644
index 0d75b25..0000000
--- a/rust-tokio-async-await.spec
+++ /dev/null
@@ -1,93 +0,0 @@
-# Generated by rust2rpm
-%bcond_with check
-%global debug_package %{nil}
-
-%global crate tokio-async-await
-
-Name: rust-%{crate}
-Version: 0.1.7
-Release: 3%{?dist}
-Summary: Experimental async/await support for Tokio
-
-License: MIT
-URL: https://crates.io/crates/tokio-async-await
-Source: %{crates_source}
-
-ExclusiveArch: %{rust_arches}
-
-BuildRequires: rust-packaging
-BuildRequires: (crate(futures/default) >= 0.1.23 with crate(futures/default) < 0.2.0)
-BuildRequires: (crate(tokio-io/default) >= 0.1.7 with crate(tokio-io/default) < 0.2.0)
-%if %{with check}
-BuildRequires: (crate(bytes/default) >= 0.4.9 with crate(bytes/default) < 0.5.0)
-BuildRequires: (crate(hyper/default) >= 0.12.8 with crate(hyper/default) < 0.13.0)
-BuildRequires: (crate(tokio/default) >= 0.1.8 with crate(tokio/default) < 0.2.0)
-%endif
-
-%global _description \
-Experimental async/await support for Tokio.
-
-%description %{_description}
-
-%package devel
-Summary: %{summary}
-BuildArch: noarch
-
-%description devel %{_description}
-
-This package contains library source intended for building other packages
-which use "%{crate}" crate.
-
-%files devel
-%license LICENSE
-%doc README.md
-%{cargo_registry}/%{crate}-%{version}/
-
-%package -n %{name}+default-devel
-Summary: %{summary}
-BuildArch: noarch
-
-%description -n %{name}+default-devel %{_description}
-
-This package contains library source intended for building other packages
-which use "default" feature of "%{crate}" crate.
-
-%files -n %{name}+default-devel
-%ghost %{cargo_registry}/%{crate}-%{version}/Cargo.toml
-
-%package -n %{name}+async-await-preview-devel
-Summary: %{summary}
-BuildArch: noarch
-
-%description -n %{name}+async-await-preview-devel %{_description}
-
-This package contains library source intended for building other packages
-which use "async-await-preview" feature of "%{crate}" crate.
-
-%files -n %{name}+async-await-preview-devel
-%ghost %{cargo_registry}/%{crate}-%{version}/Cargo.toml
-
-%prep
-%autosetup -n %{crate}-%{version_no_tilde} -p1
-%cargo_prep
-
-%build
-%cargo_build
-
-%install
-%cargo_install
-
-%if %{with check}
-%check
-%cargo_test
-%endif
-
-%changelog
-* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1.7-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1.7-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Tue Apr 23 15:25:05 CEST 2019 Igor Gnatenko <ignatenkobrain(a)fedoraproject.org> - 0.1.7-1
-- Initial package
diff --git a/sources b/sources
deleted file mode 100644
index f98d1a6..0000000
--- a/sources
+++ /dev/null
@@ -1 +0,0 @@
-SHA512 (tokio-async-await-0.1.7.crate) = 2ecc2b73eb67d8b13be39c7921f53e8f6b49095740b6c5014e5ecee63e54ed539a6d06a649fe6274af51e187dbe0f3edd131e408486655405afb8d689c51f7e1
4 years, 1 month
Architecture specific change in rpms/rust-crossbeam-channel0.3.git
by githook-noreply@fedoraproject.org
The package rpms/rust-crossbeam-channel0.3.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/rust-crossbeam-channel0.3.git/com....
Change:
-ExclusiveArch: %{rust_arches}
Thanks.
Full change:
============
commit 258f5eb90d2fa19cee0296f40a0e728846aec8cc
Author: Josh Stone <jistone(a)redhat.com>
Date: Wed Apr 1 15:07:18 2020 -0700
this compat package is no longer used
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 105d0e5..0000000
--- a/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/crossbeam-channel-0.3.9.crate
diff --git a/README.md b/README.md
deleted file mode 100644
index 78b8545..0000000
--- a/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# rust-crossbeam-channel0.3
-
-The rust-crossbeam-channel0.3 package
\ No newline at end of file
diff --git a/dead.package b/dead.package
new file mode 100644
index 0000000..5672ae3
--- /dev/null
+++ b/dead.package
@@ -0,0 +1 @@
+this compat package is no longer used
diff --git a/rust-crossbeam-channel0.3.spec b/rust-crossbeam-channel0.3.spec
deleted file mode 100644
index 2f66fba..0000000
--- a/rust-crossbeam-channel0.3.spec
+++ /dev/null
@@ -1,78 +0,0 @@
-# Generated by rust2rpm 10
-%bcond_with check
-%global debug_package %{nil}
-
-%global crate crossbeam-channel
-
-Name: rust-%{crate}0.3
-Version: 0.3.9
-Release: 2%{?dist}
-Summary: Multi-producer multi-consumer channels for message passing
-
-# Upstream license specification: MIT/Apache-2.0 AND BSD-2-Clause
-License: (MIT or ASL 2.0) and BSD
-URL: https://crates.io/crates/crossbeam-channel
-Source: %{crates_source}
-
-ExclusiveArch: %{rust_arches}
-%if %{__cargo_skip_build}
-BuildArch: noarch
-%endif
-
-BuildRequires: rust-packaging
-
-%global _description %{expand:
-Multi-producer multi-consumer channels for message passing.}
-
-%description %{_description}
-
-%package devel
-Summary: %{summary}
-BuildArch: noarch
-
-%description devel %{_description}
-
-This package contains library source intended for building other packages
-which use "%{crate}" crate.
-
-%files devel
-%license LICENSE-MIT LICENSE-APACHE LICENSE-THIRD-PARTY
-%doc README.md CHANGELOG.md
-%{cargo_registry}/%{crate}-%{version}/
-
-%package -n %{name}+default-devel
-Summary: %{summary}
-BuildArch: noarch
-
-%description -n %{name}+default-devel %{_description}
-
-This package contains library source intended for building other packages
-which use "default" feature of "%{crate}" crate.
-
-%files -n %{name}+default-devel
-%ghost %{cargo_registry}/%{crate}-%{version}/Cargo.toml
-
-%prep
-%autosetup -n %{crate}-%{version_no_tilde} -p1
-%cargo_prep
-
-%generate_buildrequires
-%cargo_generate_buildrequires
-
-%build
-%cargo_build
-
-%install
-%cargo_install
-
-%if %{with check}
-%check
-%cargo_test
-%endif
-
-%changelog
-* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.9-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Tue Nov 19 11:25:36 CET 2019 Igor Gnatenko <ignatenkobrain(a)fedoraproject.org> - 0.3.9-1
-- Initial package
diff --git a/sources b/sources
deleted file mode 100644
index 2018f43..0000000
--- a/sources
+++ /dev/null
@@ -1 +0,0 @@
-SHA512 (crossbeam-channel-0.3.9.crate) = 4cc876bab2bd8874cee4b96bc490e77778f10e99ab624ed7a8b73be94b59a40bcb340fdb81a1d14242f6a795557c9f8bcdcf17d6bf6829aff85c7c1e8bf00919
4 years, 1 month
Architecture specific change in rpms/netty.git
by githook-noreply@fedoraproject.org
The package rpms/netty.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/netty.git/commit/?id=70e05e5320c2....
Change:
+%ifarch %{arm}
Thanks.
Full change:
============
commit 70e05e5320c21df5f8781672a1efe2b466ee90a6
Author: Mohan Boddu <mboddu(a)bhujji.com>
Date: Wed Apr 1 14:50:00 2020 -0400
Unretirement for https://pagure.io/releng/issue/9375
Revert "Orphaned for 6+ weeks"
This reverts commit 2be698f2ec0aa74a1c301c897ec262fc8663249c.
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..859e799
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+/netty-4.0.42.Final.tar.gz
+/netty-4.1.13.Final.tar.gz
diff --git a/0001-Remove-OpenSSL-parts-depending-on-tcnative.patch b/0001-Remove-OpenSSL-parts-depending-on-tcnative.patch
new file mode 100644
index 0000000..aee0650
--- /dev/null
+++ b/0001-Remove-OpenSSL-parts-depending-on-tcnative.patch
@@ -0,0 +1,8985 @@
+From 39b320920d3473d8cbc94d4a35dad37fa236e278 Mon Sep 17 00:00:00 2001
+From: Severin Gehwolf <sgehwolf(a)redhat.com>
+Date: Thu, 20 Oct 2016 15:54:52 +0200
+Subject: [PATCH 1/3] Remove OpenSSL parts depending on tcnative.
+
+---
+ handler/pom.xml | 6 -
+ .../main/java/io/netty/handler/ssl/OpenSsl.java | 503 -----
+ .../handler/ssl/OpenSslCertificateException.java | 79 -
+ .../io/netty/handler/ssl/OpenSslClientContext.java | 211 --
+ .../java/io/netty/handler/ssl/OpenSslContext.java | 58 -
+ .../java/io/netty/handler/ssl/OpenSslEngine.java | 40 -
+ .../io/netty/handler/ssl/OpenSslEngineMap.java | 35 -
+ .../ssl/OpenSslExtendedKeyMaterialManager.java | 40 -
+ .../handler/ssl/OpenSslKeyMaterialManager.java | 179 --
+ .../io/netty/handler/ssl/OpenSslServerContext.java | 373 ----
+ .../handler/ssl/OpenSslServerSessionContext.java | 124 --
+ .../netty/handler/ssl/OpenSslSessionContext.java | 137 --
+ .../io/netty/handler/ssl/OpenSslSessionStats.java | 253 ---
+ .../netty/handler/ssl/OpenSslSessionTicketKey.java | 78 -
+ .../ssl/ReferenceCountedOpenSslClientContext.java | 298 ---
+ .../ssl/ReferenceCountedOpenSslContext.java | 867 ---------
+ .../handler/ssl/ReferenceCountedOpenSslEngine.java | 2037 --------------------
+ .../ssl/ReferenceCountedOpenSslServerContext.java | 239 ---
+ .../main/java/io/netty/handler/ssl/SslContext.java | 30 +-
+ .../main/java/io/netty/handler/ssl/SslHandler.java | 47 +-
+ .../netty/handler/ssl/ocsp/OcspClientHandler.java | 65 -
+ .../io/netty/handler/ssl/ocsp/package-info.java | 23 -
+ .../handler/ssl/JdkOpenSslEngineInteroptTest.java | 108 --
+ .../ssl/OpenSslCertificateExceptionTest.java | 49 -
+ .../handler/ssl/OpenSslClientContextTest.java | 38 -
+ .../io/netty/handler/ssl/OpenSslEngineTest.java | 661 -------
+ .../ssl/OpenSslJdkSslEngineInteroptTest.java | 114 --
+ .../ssl/OpenSslRenegotiateSmallBIOTest.java | 23 -
+ .../netty/handler/ssl/OpenSslRenegotiateTest.java | 36 -
+ .../handler/ssl/OpenSslServerContextTest.java | 39 -
+ .../io/netty/handler/ssl/OpenSslTestUtils.java | 27 -
+ .../java/io/netty/handler/ssl/PemEncodedTest.java | 95 -
+ .../ssl/ReferenceCountedOpenSslEngineTest.java | 57 -
+ .../java/io/netty/handler/ssl/SniClientTest.java | 161 --
+ .../java/io/netty/handler/ssl/SniHandlerTest.java | 496 -----
+ .../netty/handler/ssl/SslContextBuilderTest.java | 132 --
+ .../java/io/netty/handler/ssl/SslErrorTest.java | 255 ---
+ .../java/io/netty/handler/ssl/SslHandlerTest.java | 58 +-
+ .../java/io/netty/handler/ssl/ocsp/OcspTest.java | 501 -----
+ 39 files changed, 10 insertions(+), 8562 deletions(-)
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSsl.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslCertificateException.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslContext.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslEngine.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslEngineMap.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslExtendedKeyMaterialManager.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslKeyMaterialManager.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslServerSessionContext.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslSessionContext.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslSessionStats.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslSessionTicketKey.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslContext.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslServerContext.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/ocsp/OcspClientHandler.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/ocsp/package-info.java
+ delete mode 100644 handler/src/test/java/io/netty/handler/ssl/JdkOpenSslEngineInteroptTest.java
+ delete mode 100644 handler/src/test/java/io/netty/handler/ssl/OpenSslCertificateExceptionTest.java
+ delete mode 100644 handler/src/test/java/io/netty/handler/ssl/OpenSslClientContextTest.java
+ delete mode 100644 handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java
+ delete mode 100644 handler/src/test/java/io/netty/handler/ssl/OpenSslJdkSslEngineInteroptTest.java
+ delete mode 100644 handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateSmallBIOTest.java
+ delete mode 100644 handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateTest.java
+ delete mode 100644 handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java
+ delete mode 100644 handler/src/test/java/io/netty/handler/ssl/OpenSslTestUtils.java
+ delete mode 100644 handler/src/test/java/io/netty/handler/ssl/PemEncodedTest.java
+ delete mode 100644 handler/src/test/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngineTest.java
+ delete mode 100644 handler/src/test/java/io/netty/handler/ssl/SniClientTest.java
+ delete mode 100644 handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java
+ delete mode 100644 handler/src/test/java/io/netty/handler/ssl/SslContextBuilderTest.java
+ delete mode 100644 handler/src/test/java/io/netty/handler/ssl/SslErrorTest.java
+ delete mode 100644 handler/src/test/java/io/netty/handler/ssl/ocsp/OcspTest.java
+
+diff --git a/handler/pom.xml b/handler/pom.xml
+index 7535c45..d0ed1bc 100644
+--- a/handler/pom.xml
++++ b/handler/pom.xml
+@@ -50,12 +50,6 @@
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+- <groupId>${project.groupId}</groupId>
+- <artifactId>${tcnative.artifactId}</artifactId>
+- <classifier>${tcnative.classifier}</classifier>
+- <optional>true</optional>
+- </dependency>
+- <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ <optional>true</optional>
+diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSsl.java b/handler/src/main/java/io/netty/handler/ssl/OpenSsl.java
+deleted file mode 100644
+index d2f091a..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/OpenSsl.java
++++ /dev/null
+@@ -1,503 +0,0 @@
+-/*
+- * Copyright 2014 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-
+-package io.netty.handler.ssl;
+-
+-import io.netty.buffer.ByteBuf;
+-import io.netty.handler.ssl.util.SelfSignedCertificate;
+-import io.netty.util.ReferenceCountUtil;
+-import io.netty.util.ReferenceCounted;
+-import io.netty.util.internal.NativeLibraryLoader;
+-import io.netty.util.internal.SystemPropertyUtil;
+-import io.netty.util.internal.logging.InternalLogger;
+-import io.netty.util.internal.logging.InternalLoggerFactory;
+-import io.netty.internal.tcnative.Buffer;
+-import io.netty.internal.tcnative.Library;
+-import io.netty.internal.tcnative.SSL;
+-import io.netty.internal.tcnative.SSLContext;
+-
+-import java.security.AccessController;
+-import java.security.PrivilegedAction;
+-import java.util.Collections;
+-import java.util.LinkedHashSet;
+-import java.util.Locale;
+-import java.util.Set;
+-
+-/**
+- * Tells if <a href="http://netty.io/wiki/forked-tomcat-native.html">{@code netty-tcnative}</a> and its OpenSSL support
+- * are available.
+- */
+-public final class OpenSsl {
+-
+- private static final InternalLogger logger = InternalLoggerFactory.getInstance(OpenSsl.class);
+- private static final String LINUX = "linux";
+- private static final String UNKNOWN = "unknown";
+- private static final Throwable UNAVAILABILITY_CAUSE;
+-
+- static final Set<String> AVAILABLE_CIPHER_SUITES;
+- private static final Set<String> AVAILABLE_OPENSSL_CIPHER_SUITES;
+- private static final Set<String> AVAILABLE_JAVA_CIPHER_SUITES;
+- private static final boolean SUPPORTS_KEYMANAGER_FACTORY;
+- private static final boolean SUPPORTS_HOSTNAME_VALIDATION;
+- private static final boolean USE_KEYMANAGER_FACTORY;
+- private static final boolean SUPPORTS_OCSP;
+-
+- // Protocols
+- static final String PROTOCOL_SSL_V2_HELLO = "SSLv2Hello";
+- static final String PROTOCOL_SSL_V2 = "SSLv2";
+- static final String PROTOCOL_SSL_V3 = "SSLv3";
+- static final String PROTOCOL_TLS_V1 = "TLSv1";
+- static final String PROTOCOL_TLS_V1_1 = "TLSv1.1";
+- static final String PROTOCOL_TLS_V1_2 = "TLSv1.2";
+-
+- static final Set<String> SUPPORTED_PROTOCOLS_SET;
+-
+- static {
+- Throwable cause = null;
+-
+- // Test if netty-tcnative is in the classpath first.
+- try {
+- Class.forName("io.netty.internal.tcnative.SSL", false, OpenSsl.class.getClassLoader());
+- } catch (ClassNotFoundException t) {
+- cause = t;
+- logger.debug(
+- "netty-tcnative not in the classpath; " +
+- OpenSslEngine.class.getSimpleName() + " will be unavailable.");
+- }
+-
+- // If in the classpath, try to load the native library and initialize netty-tcnative.
+- if (cause == null) {
+- try {
+- // The JNI library was not already loaded. Load it now.
+- loadTcNative();
+- } catch (Throwable t) {
+- cause = t;
+- logger.debug(
+- "Failed to load netty-tcnative; " +
+- OpenSslEngine.class.getSimpleName() + " will be unavailable, unless the " +
+- "application has already loaded the symbols by some other means. " +
+- "See http://netty.io/wiki/forked-tomcat-native.html for more information.", t);
+- }
+-
+- try {
+- initializeTcNative();
+-
+- // The library was initialized successfully. If loading the library failed above,
+- // reset the cause now since it appears that the library was loaded by some other
+- // means.
+- cause = null;
+- } catch (Throwable t) {
+- if (cause == null) {
+- cause = t;
+- }
+- logger.debug(
+- "Failed to initialize netty-tcnative; " +
+- OpenSslEngine.class.getSimpleName() + " will be unavailable. " +
+- "See http://netty.io/wiki/forked-tomcat-native.html for more information.", t);
+- }
+- }
+-
+- UNAVAILABILITY_CAUSE = cause;
+-
+- if (cause == null) {
+- logger.debug("netty-tcnative using native library: {}", SSL.versionString());
+-
+- final Set<String> availableOpenSslCipherSuites = new LinkedHashSet<String>(128);
+- boolean supportsKeyManagerFactory = false;
+- boolean useKeyManagerFactory = false;
+- boolean supportsHostNameValidation = false;
+- try {
+- final long sslCtx = SSLContext.make(SSL.SSL_PROTOCOL_ALL, SSL.SSL_MODE_SERVER);
+- long certBio = 0;
+- SelfSignedCertificate cert = null;
+- try {
+- SSLContext.setCipherSuite(sslCtx, "ALL");
+- final long ssl = SSL.newSSL(sslCtx, true);
+- try {
+- for (String c: SSL.getCiphers(ssl)) {
+- // Filter out bad input.
+- if (c == null || c.isEmpty() || availableOpenSslCipherSuites.contains(c)) {
+- continue;
+- }
+- availableOpenSslCipherSuites.add(c);
+- }
+- try {
+- SSL.setHostNameValidation(ssl, 0, "netty.io");
+- supportsHostNameValidation = true;
+- } catch (Throwable ignore) {
+- logger.debug("Hostname Verification not supported.");
+- }
+- try {
+- cert = new SelfSignedCertificate();
+- certBio = ReferenceCountedOpenSslContext.toBIO(cert.cert());
+- SSL.setCertificateChainBio(ssl, certBio, false);
+- supportsKeyManagerFactory = true;
+- try {
+- useKeyManagerFactory = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
+- @Override
+- public Boolean run() {
+- return SystemPropertyUtil.getBoolean(
+- "io.netty.handler.ssl.openssl.useKeyManagerFactory", true);
+- }
+- });
+- } catch (Throwable ignore) {
+- logger.debug("Failed to get useKeyManagerFactory system property.");
+- }
+- } catch (Throwable ignore) {
+- logger.debug("KeyManagerFactory not supported.");
+- }
+- } finally {
+- SSL.freeSSL(ssl);
+- if (certBio != 0) {
+- SSL.freeBIO(certBio);
+- }
+- if (cert != null) {
+- cert.delete();
+- }
+- }
+- } finally {
+- SSLContext.free(sslCtx);
+- }
+- } catch (Exception e) {
+- logger.warn("Failed to get the list of available OpenSSL cipher suites.", e);
+- }
+- AVAILABLE_OPENSSL_CIPHER_SUITES = Collections.unmodifiableSet(availableOpenSslCipherSuites);
+-
+- final Set<String> availableJavaCipherSuites = new LinkedHashSet<String>(
+- AVAILABLE_OPENSSL_CIPHER_SUITES.size() * 2);
+- for (String cipher: AVAILABLE_OPENSSL_CIPHER_SUITES) {
+- // Included converted but also openssl cipher name
+- availableJavaCipherSuites.add(CipherSuiteConverter.toJava(cipher, "TLS"));
+- availableJavaCipherSuites.add(CipherSuiteConverter.toJava(cipher, "SSL"));
+- }
+- AVAILABLE_JAVA_CIPHER_SUITES = Collections.unmodifiableSet(availableJavaCipherSuites);
+-
+- final Set<String> availableCipherSuites = new LinkedHashSet<String>(
+- AVAILABLE_OPENSSL_CIPHER_SUITES.size() + AVAILABLE_JAVA_CIPHER_SUITES.size());
+- availableCipherSuites.addAll(AVAILABLE_OPENSSL_CIPHER_SUITES);
+- availableCipherSuites.addAll(AVAILABLE_JAVA_CIPHER_SUITES);
+-
+- AVAILABLE_CIPHER_SUITES = availableCipherSuites;
+- SUPPORTS_KEYMANAGER_FACTORY = supportsKeyManagerFactory;
+- SUPPORTS_HOSTNAME_VALIDATION = supportsHostNameValidation;
+- USE_KEYMANAGER_FACTORY = useKeyManagerFactory;
+-
+- Set<String> protocols = new LinkedHashSet<String>(6);
+- // Seems like there is no way to explicitly disable SSLv2Hello in openssl so it is always enabled
+- protocols.add(PROTOCOL_SSL_V2_HELLO);
+- if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV2)) {
+- protocols.add(PROTOCOL_SSL_V2);
+- }
+- if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV3)) {
+- protocols.add(PROTOCOL_SSL_V3);
+- }
+- if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1)) {
+- protocols.add(PROTOCOL_TLS_V1);
+- }
+- if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_1)) {
+- protocols.add(PROTOCOL_TLS_V1_1);
+- }
+- if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_2)) {
+- protocols.add(PROTOCOL_TLS_V1_2);
+- }
+-
+- SUPPORTED_PROTOCOLS_SET = Collections.unmodifiableSet(protocols);
+- SUPPORTS_OCSP = doesSupportOcsp();
+- } else {
+- AVAILABLE_OPENSSL_CIPHER_SUITES = Collections.emptySet();
+- AVAILABLE_JAVA_CIPHER_SUITES = Collections.emptySet();
+- AVAILABLE_CIPHER_SUITES = Collections.emptySet();
+- SUPPORTS_KEYMANAGER_FACTORY = false;
+- SUPPORTS_HOSTNAME_VALIDATION = false;
+- USE_KEYMANAGER_FACTORY = false;
+- SUPPORTED_PROTOCOLS_SET = Collections.emptySet();
+- SUPPORTS_OCSP = false;
+- }
+- }
+-
+- private static boolean doesSupportOcsp() {
+- boolean supportsOcsp = false;
+- if (version() >= 0x10002000L) {
+- long sslCtx = -1;
+- try {
+- sslCtx = SSLContext.make(SSL.SSL_PROTOCOL_TLSV1_2, SSL.SSL_MODE_SERVER);
+- SSLContext.enableOcsp(sslCtx, false);
+- supportsOcsp = true;
+- } catch (Exception ignore) {
+- // ignore
+- } finally {
+- if (sslCtx != -1) {
+- SSLContext.free(sslCtx);
+- }
+- }
+- }
+- return supportsOcsp;
+- }
+- private static boolean doesSupportProtocol(int protocol) {
+- long sslCtx = -1;
+- try {
+- sslCtx = SSLContext.make(protocol, SSL.SSL_MODE_COMBINED);
+- return true;
+- } catch (Exception ignore) {
+- return false;
+- } finally {
+- if (sslCtx != -1) {
+- SSLContext.free(sslCtx);
+- }
+- }
+- }
+-
+- /**
+- * Returns {@code true} if and only if
+- * <a href="http://netty.io/wiki/forked-tomcat-native.html">{@code netty-tcnative}</a> and its OpenSSL support
+- * are available.
+- */
+- public static boolean isAvailable() {
+- return UNAVAILABILITY_CAUSE == null;
+- }
+-
+- /**
+- * Returns {@code true} if the used version of openssl supports
+- * <a href="https://tools.ietf.org/html/rfc7301">ALPN</a>.
+- */
+- public static boolean isAlpnSupported() {
+- return version() >= 0x10002000L;
+- }
+-
+- /**
+- * Returns {@code true} if the used version of OpenSSL supports OCSP stapling.
+- */
+- public static boolean isOcspSupported() {
+- return SUPPORTS_OCSP;
+- }
+-
+- /**
+- * Returns the version of the used available OpenSSL library or {@code -1} if {@link #isAvailable()}
+- * returns {@code false}.
+- */
+- public static int version() {
+- return isAvailable() ? SSL.version() : -1;
+- }
+-
+- /**
+- * Returns the version string of the used available OpenSSL library or {@code null} if {@link #isAvailable()}
+- * returns {@code false}.
+- */
+- public static String versionString() {
+- return isAvailable() ? SSL.versionString() : null;
+- }
+-
+- /**
+- * Ensure that <a href="http://netty.io/wiki/forked-tomcat-native.html">{@code netty-tcnative}</a> and
+- * its OpenSSL support are available.
+- *
+- * @throws UnsatisfiedLinkError if unavailable
+- */
+- public static void ensureAvailability() {
+- if (UNAVAILABILITY_CAUSE != null) {
+- throw (Error) new UnsatisfiedLinkError(
+- "failed to load the required native library").initCause(UNAVAILABILITY_CAUSE);
+- }
+- }
+-
+- /**
+- * Returns the cause of unavailability of
+- * <a href="http://netty.io/wiki/forked-tomcat-native.html">{@code netty-tcnative}</a> and its OpenSSL support.
+- *
+- * @return the cause if unavailable. {@code null} if available.
+- */
+- public static Throwable unavailabilityCause() {
+- return UNAVAILABILITY_CAUSE;
+- }
+-
+- /**
+- * @deprecated use {@link #availableOpenSslCipherSuites()}
+- */
+- @Deprecated
+- public static Set<String> availableCipherSuites() {
+- return availableOpenSslCipherSuites();
+- }
+-
+- /**
+- * Returns all the available OpenSSL cipher suites.
+- * Please note that the returned array may include the cipher suites that are insecure or non-functional.
+- */
+- public static Set<String> availableOpenSslCipherSuites() {
+- return AVAILABLE_OPENSSL_CIPHER_SUITES;
+- }
+-
+- /**
+- * Returns all the available cipher suites (Java-style).
+- * Please note that the returned array may include the cipher suites that are insecure or non-functional.
+- */
+- public static Set<String> availableJavaCipherSuites() {
+- return AVAILABLE_JAVA_CIPHER_SUITES;
+- }
+-
+- /**
+- * Returns {@code true} if and only if the specified cipher suite is available in OpenSSL.
+- * Both Java-style cipher suite and OpenSSL-style cipher suite are accepted.
+- */
+- public static boolean isCipherSuiteAvailable(String cipherSuite) {
+- String converted = CipherSuiteConverter.toOpenSsl(cipherSuite);
+- if (converted != null) {
+- cipherSuite = converted;
+- }
+- return AVAILABLE_OPENSSL_CIPHER_SUITES.contains(cipherSuite);
+- }
+-
+- /**
+- * Returns {@code true} if {@link javax.net.ssl.KeyManagerFactory} is supported when using OpenSSL.
+- */
+- public static boolean supportsKeyManagerFactory() {
+- return SUPPORTS_KEYMANAGER_FACTORY;
+- }
+-
+- /**
+- * Returns {@code true} if <a href="https://wiki.openssl.org/index.php/Hostname_validation">Hostname Validation</a>
+- * is supported when using OpenSSL.
+- */
+- public static boolean supportsHostnameValidation() {
+- return SUPPORTS_HOSTNAME_VALIDATION;
+- }
+-
+- static boolean useKeyManagerFactory() {
+- return USE_KEYMANAGER_FACTORY;
+- }
+-
+- static long memoryAddress(ByteBuf buf) {
+- assert buf.isDirect();
+- return buf.hasMemoryAddress() ? buf.memoryAddress() : Buffer.address(buf.nioBuffer());
+- }
+-
+- private OpenSsl() { }
+-
+- private static void loadTcNative() throws Exception {
+- String os = normalizeOs(SystemPropertyUtil.get("os.name", ""));
+- String arch = normalizeArch(SystemPropertyUtil.get("os.arch", ""));
+-
+- Set<String> libNames = new LinkedHashSet<String>(4);
+- // First, try loading the platform-specific library. Platform-specific
+- // libraries will be available if using a tcnative uber jar.
+- libNames.add("netty-tcnative-" + os + '-' + arch);
+- if (LINUX.equalsIgnoreCase(os)) {
+- // Fedora SSL lib so naming (libssl.so.10 vs libssl.so.1.0.0)..
+- libNames.add("netty-tcnative-" + os + '-' + arch + "-fedora");
+- }
+- // finally the default library.
+- libNames.add("netty-tcnative");
+- // in Java 8, statically compiled JNI code is namespaced
+- libNames.add("netty_tcnative");
+-
+- NativeLibraryLoader.loadFirstAvailable(SSL.class.getClassLoader(),
+- libNames.toArray(new String[libNames.size()]));
+- }
+-
+- private static boolean initializeTcNative() throws Exception {
+- return Library.initialize();
+- }
+-
+- private static String normalizeOs(String value) {
+- value = normalize(value);
+- if (value.startsWith("aix")) {
+- return "aix";
+- }
+- if (value.startsWith("hpux")) {
+- return "hpux";
+- }
+- if (value.startsWith("os400")) {
+- // Avoid the names such as os4000
+- if (value.length() <= 5 || !Character.isDigit(value.charAt(5))) {
+- return "os400";
+- }
+- }
+- if (value.startsWith(LINUX)) {
+- return LINUX;
+- }
+- if (value.startsWith("macosx") || value.startsWith("osx")) {
+- return "osx";
+- }
+- if (value.startsWith("freebsd")) {
+- return "freebsd";
+- }
+- if (value.startsWith("openbsd")) {
+- return "openbsd";
+- }
+- if (value.startsWith("netbsd")) {
+- return "netbsd";
+- }
+- if (value.startsWith("solaris") || value.startsWith("sunos")) {
+- return "sunos";
+- }
+- if (value.startsWith("windows")) {
+- return "windows";
+- }
+-
+- return UNKNOWN;
+- }
+-
+- private static String normalizeArch(String value) {
+- value = normalize(value);
+- if (value.matches("^(x8664|amd64|ia32e|em64t|x64)$")) {
+- return "x86_64";
+- }
+- if (value.matches("^(x8632|x86|i[3-6]86|ia32|x32)$")) {
+- return "x86_32";
+- }
+- if (value.matches("^(ia64|itanium64)$")) {
+- return "itanium_64";
+- }
+- if (value.matches("^(sparc|sparc32)$")) {
+- return "sparc_32";
+- }
+- if (value.matches("^(sparcv9|sparc64)$")) {
+- return "sparc_64";
+- }
+- if (value.matches("^(arm|arm32)$")) {
+- return "arm_32";
+- }
+- if ("aarch64".equals(value)) {
+- return "aarch_64";
+- }
+- if (value.matches("^(ppc|ppc32)$")) {
+- return "ppc_32";
+- }
+- if ("ppc64".equals(value)) {
+- return "ppc_64";
+- }
+- if ("ppc64le".equals(value)) {
+- return "ppcle_64";
+- }
+- if ("s390".equals(value)) {
+- return "s390_32";
+- }
+- if ("s390x".equals(value)) {
+- return "s390_64";
+- }
+-
+- return UNKNOWN;
+- }
+-
+- private static String normalize(String value) {
+- return value.toLowerCase(Locale.US).replaceAll("[^a-z0-9]+", "");
+- }
+-
+- static void releaseIfNeeded(ReferenceCounted counted) {
+- if (counted.refCnt() > 0) {
+- ReferenceCountUtil.safeRelease(counted);
+- }
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslCertificateException.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslCertificateException.java
+deleted file mode 100644
+index 4672d00..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslCertificateException.java
++++ /dev/null
+@@ -1,79 +0,0 @@
+-/*
+- * Copyright 2016 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import io.netty.internal.tcnative.CertificateVerifier;
+-
+-import java.security.cert.CertificateException;
+-
+-/**
+- * A special {@link CertificateException} which allows to specify which error code is included in the
+- * SSL Record. This only work when {@link SslProvider#OPENSSL} or {@link SslProvider#OPENSSL_REFCNT} is used.
+- */
+-public final class OpenSslCertificateException extends CertificateException {
+- private static final long serialVersionUID = 5542675253797129798L;
+-
+- private final int errorCode;
+-
+- /**
+- * Construct a new exception with the
+- * <a href="https://www.openssl.org/docs/manmaster/apps/verify.html">error code</a>.
+- */
+- public OpenSslCertificateException(int errorCode) {
+- this((String) null, errorCode);
+- }
+-
+- /**
+- * Construct a new exception with the msg and
+- * <a href="https://www.openssl.org/docs/manmaster/apps/verify.html">error code</a> .
+- */
+- public OpenSslCertificateException(String msg, int errorCode) {
+- super(msg);
+- this.errorCode = checkErrorCode(errorCode);
+- }
+-
+- /**
+- * Construct a new exception with the msg, cause and
+- * <a href="https://www.openssl.org/docs/manmaster/apps/verify.html">error code</a> .
+- */
+- public OpenSslCertificateException(String message, Throwable cause, int errorCode) {
+- super(message, cause);
+- this.errorCode = checkErrorCode(errorCode);
+- }
+-
+- /**
+- * Construct a new exception with the cause and
+- * <a href="https://www.openssl.org/docs/manmaster/apps/verify.html">error code</a> .
+- */
+- public OpenSslCertificateException(Throwable cause, int errorCode) {
+- this(null, cause, errorCode);
+- }
+-
+- /**
+- * Return the <a href="https://www.openssl.org/docs/man1.0.2/apps/verify.html">error code</a> to use.
+- */
+- public int errorCode() {
+- return errorCode;
+- }
+-
+- private static int checkErrorCode(int errorCode) {
+- if (!CertificateVerifier.isValid(errorCode)) {
+- throw new IllegalArgumentException("errorCode '" + errorCode +
+- "' invalid, see https://www.openssl.org/docs/man1.0.2/apps/verify.html.");
+- }
+- return errorCode;
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java
+deleted file mode 100644
+index 46412e9..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java
++++ /dev/null
+@@ -1,211 +0,0 @@
+-/*
+- * Copyright 2014 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import io.netty.internal.tcnative.SSL;
+-
+-import java.io.File;
+-import java.security.PrivateKey;
+-import java.security.cert.X509Certificate;
+-
+-import javax.net.ssl.KeyManagerFactory;
+-import javax.net.ssl.SSLException;
+-import javax.net.ssl.TrustManager;
+-import javax.net.ssl.TrustManagerFactory;
+-
+-import static io.netty.handler.ssl.ReferenceCountedOpenSslClientContext.newSessionContext;
+-
+-/**
+- * A client-side {@link SslContext} which uses OpenSSL's SSL/TLS implementation.
+- * <p>This class will use a finalizer to ensure native resources are automatically cleaned up. To avoid finalizers
+- * and manually release the native memory see {@link ReferenceCountedOpenSslClientContext}.
+- */
+-public final class OpenSslClientContext extends OpenSslContext {
+- private final OpenSslSessionContext sessionContext;
+-
+- /**
+- * Creates a new instance.
+- * @deprecated use {@link SslContextBuilder}
+- */
+- @Deprecated
+- public OpenSslClientContext() throws SSLException {
+- this((File) null, null, null, null, null, null, null, IdentityCipherSuiteFilter.INSTANCE, null, 0, 0);
+- }
+-
+- /**
+- * Creates a new instance.
+- *
+- * @param certChainFile an X.509 certificate chain file in PEM format.
+- * {@code null} to use the system default
+- * @deprecated use {@link SslContextBuilder}
+- */
+- @Deprecated
+- public OpenSslClientContext(File certChainFile) throws SSLException {
+- this(certChainFile, null);
+- }
+-
+- /**
+- * Creates a new instance.
+- *
+- * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
+- * that verifies the certificates sent from servers.
+- * {@code null} to use the default.
+- * @deprecated use {@link SslContextBuilder}
+- */
+- @Deprecated
+- public OpenSslClientContext(TrustManagerFactory trustManagerFactory) throws SSLException {
+- this(null, trustManagerFactory);
+- }
+-
+- /**
+- * Creates a new instance.
+- *
+- * @param certChainFile an X.509 certificate chain file in PEM format.
+- * {@code null} to use the system default
+- * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
+- * that verifies the certificates sent from servers.
+- * {@code null} to use the default.
+- * @deprecated use {@link SslContextBuilder}
+- */
+- @Deprecated
+- public OpenSslClientContext(File certChainFile, TrustManagerFactory trustManagerFactory) throws SSLException {
+- this(certChainFile, trustManagerFactory, null, null, null, null, null,
+- IdentityCipherSuiteFilter.INSTANCE, null, 0, 0);
+- }
+-
+- /**
+- * Creates a new instance.
+- *
+- * @param certChainFile an X.509 certificate chain file in PEM format
+- * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
+- * that verifies the certificates sent from servers.
+- * {@code null} to use the default..
+- * @param ciphers the cipher suites to enable, in the order of preference.
+- * {@code null} to use the default cipher suites.
+- * @param apn Provides a means to configure parameters related to application protocol negotiation.
+- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
+- * {@code 0} to use the default value.
+- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
+- * {@code 0} to use the default value.
+- * @deprecated use {@link SslContextBuilder}
+- */
+- @Deprecated
+- public OpenSslClientContext(File certChainFile, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers,
+- ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout)
+- throws SSLException {
+- this(certChainFile, trustManagerFactory, null, null, null, null, ciphers, IdentityCipherSuiteFilter.INSTANCE,
+- apn, sessionCacheSize, sessionTimeout);
+- }
+-
+- /**
+- * Creates a new instance.
+- *
+- * @param certChainFile an X.509 certificate chain file in PEM format
+- * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
+- * that verifies the certificates sent from servers.
+- * {@code null} to use the default..
+- * @param ciphers the cipher suites to enable, in the order of preference.
+- * {@code null} to use the default cipher suites.
+- * @param cipherFilter a filter to apply over the supplied list of ciphers
+- * @param apn Provides a means to configure parameters related to application protocol negotiation.
+- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
+- * {@code 0} to use the default value.
+- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
+- * {@code 0} to use the default value.
+- * @deprecated use {@link SslContextBuilder}
+- */
+- @Deprecated
+- public OpenSslClientContext(File certChainFile, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers,
+- CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
+- long sessionCacheSize, long sessionTimeout) throws SSLException {
+- this(certChainFile, trustManagerFactory, null, null, null, null,
+- ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout);
+- }
+-
+- /**
+- * Creates a new instance.
+- * @param trustCertCollectionFile an X.509 certificate collection file in PEM format.
+- * {@code null} to use the system default
+- * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
+- * that verifies the certificates sent from servers.
+- * {@code null} to use the default or the results of parsing
+- * {@code trustCertCollectionFile}
+- * @param keyCertChainFile an X.509 certificate chain file in PEM format.
+- * This provides the public key for mutual authentication.
+- * {@code null} to use the system default
+- * @param keyFile a PKCS#8 private key file in PEM format.
+- * This provides the private key for mutual authentication.
+- * {@code null} for no mutual authentication.
+- * @param keyPassword the password of the {@code keyFile}.
+- * {@code null} if it's not password-protected.
+- * Ignored if {@code keyFile} is {@code null}.
+- * @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link javax.net.ssl.KeyManager}s
+- * that is used to encrypt data being sent to servers.
+- * {@code null} to use the default or the results of parsing
+- * {@code keyCertChainFile} and {@code keyFile}.
+- * @param ciphers the cipher suites to enable, in the order of preference.
+- * {@code null} to use the default cipher suites.
+- * @param cipherFilter a filter to apply over the supplied list of ciphers
+- * @param apn Application Protocol Negotiator object.
+- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
+- * {@code 0} to use the default value.
+- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
+- * {@code 0} to use the default value.
+- * @deprecated use {@link SslContextBuilder}
+- */
+- @Deprecated
+- public OpenSslClientContext(File trustCertCollectionFile, TrustManagerFactory trustManagerFactory,
+- File keyCertChainFile, File keyFile, String keyPassword,
+- KeyManagerFactory keyManagerFactory, Iterable<String> ciphers,
+- CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
+- long sessionCacheSize, long sessionTimeout)
+- throws SSLException {
+- this(toX509CertificatesInternal(trustCertCollectionFile), trustManagerFactory,
+- toX509CertificatesInternal(keyCertChainFile), toPrivateKeyInternal(keyFile, keyPassword),
+- keyPassword, keyManagerFactory, ciphers, cipherFilter, apn, null, sessionCacheSize,
+- sessionTimeout, false);
+- }
+-
+- OpenSslClientContext(X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
+- X509Certificate[] keyCertChain, PrivateKey key, String keyPassword,
+- KeyManagerFactory keyManagerFactory, Iterable<String> ciphers,
+- CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, String[] protocols,
+- long sessionCacheSize, long sessionTimeout, boolean enableOcsp)
+- throws SSLException {
+- super(ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout, SSL.SSL_MODE_CLIENT, keyCertChain,
+- ClientAuth.NONE, protocols, false, enableOcsp);
+- boolean success = false;
+- try {
+- sessionContext = newSessionContext(this, ctx, engineMap, trustCertCollection, trustManagerFactory,
+- keyCertChain, key, keyPassword, keyManagerFactory);
+- success = true;
+- } finally {
+- if (!success) {
+- release();
+- }
+- }
+- }
+-
+- @Override
+- public OpenSslSessionContext sessionContext() {
+- return sessionContext;
+- }
+-
+- @Override
+- OpenSslKeyMaterialManager keyMaterialManager() {
+- return null;
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslContext.java
+deleted file mode 100644
+index c4ca6b5..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslContext.java
++++ /dev/null
+@@ -1,58 +0,0 @@
+-/*
+- * Copyright 2014 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import io.netty.buffer.ByteBufAllocator;
+-
+-import java.security.cert.Certificate;
+-
+-import javax.net.ssl.SSLEngine;
+-import javax.net.ssl.SSLException;
+-
+-/**
+- * This class will use a finalizer to ensure native resources are automatically cleaned up. To avoid finalizers
+- * and manually release the native memory see {@link ReferenceCountedOpenSslContext}.
+- */
+-public abstract class OpenSslContext extends ReferenceCountedOpenSslContext {
+- OpenSslContext(Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apnCfg,
+- long sessionCacheSize, long sessionTimeout, int mode, Certificate[] keyCertChain,
+- ClientAuth clientAuth, String[] protocols, boolean startTls, boolean enableOcsp)
+- throws SSLException {
+- super(ciphers, cipherFilter, apnCfg, sessionCacheSize, sessionTimeout, mode, keyCertChain,
+- clientAuth, protocols, startTls, enableOcsp, false);
+- }
+-
+- OpenSslContext(Iterable<String> ciphers, CipherSuiteFilter cipherFilter,
+- OpenSslApplicationProtocolNegotiator apn, long sessionCacheSize,
+- long sessionTimeout, int mode, Certificate[] keyCertChain,
+- ClientAuth clientAuth, String[] protocols, boolean startTls,
+- boolean enableOcsp) throws SSLException {
+- super(ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout, mode, keyCertChain, clientAuth, protocols,
+- startTls, enableOcsp, false);
+- }
+-
+- @Override
+- final SSLEngine newEngine0(ByteBufAllocator alloc, String peerHost, int peerPort) {
+- return new OpenSslEngine(this, alloc, peerHost, peerPort);
+- }
+-
+- @Override
+- @SuppressWarnings("FinalizeDeclaration")
+- protected final void finalize() throws Throwable {
+- super.finalize();
+- OpenSsl.releaseIfNeeded(this);
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslEngine.java
+deleted file mode 100644
+index cbc7ee4..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslEngine.java
++++ /dev/null
+@@ -1,40 +0,0 @@
+-/*
+- * Copyright 2014 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import io.netty.buffer.ByteBufAllocator;
+-
+-import javax.net.ssl.SSLEngine;
+-
+-/**
+- * Implements a {@link SSLEngine} using
+- * <a href="https://www.openssl.org/docs/crypto/BIO_s_bio.html#EXAMPLE">OpenSSL BIO abstractions</a>.
+- * <p>
+- * This class will use a finalizer to ensure native resources are automatically cleaned up. To avoid finalizers
+- * and manually release the native memory see {@link ReferenceCountedOpenSslEngine}.
+- */
+-public final class OpenSslEngine extends ReferenceCountedOpenSslEngine {
+- OpenSslEngine(OpenSslContext context, ByteBufAllocator alloc, String peerHost, int peerPort) {
+- super(context, alloc, peerHost, peerPort, false);
+- }
+-
+- @Override
+- @SuppressWarnings("FinalizeDeclaration")
+- protected void finalize() throws Throwable {
+- super.finalize();
+- OpenSsl.releaseIfNeeded(this);
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslEngineMap.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslEngineMap.java
+deleted file mode 100644
+index 02131b4..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslEngineMap.java
++++ /dev/null
+@@ -1,35 +0,0 @@
+-/*
+- * Copyright 2014 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-interface OpenSslEngineMap {
+-
+- /**
+- * Remove the {@link OpenSslEngine} with the given {@code ssl} address and
+- * return it.
+- */
+- ReferenceCountedOpenSslEngine remove(long ssl);
+-
+- /**
+- * Add a {@link OpenSslEngine} to this {@link OpenSslEngineMap}.
+- */
+- void add(ReferenceCountedOpenSslEngine engine);
+-
+- /**
+- * Get the {@link OpenSslEngine} for the given {@code ssl} address.
+- */
+- ReferenceCountedOpenSslEngine get(long ssl);
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslExtendedKeyMaterialManager.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslExtendedKeyMaterialManager.java
+deleted file mode 100644
+index 38f6a7f..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslExtendedKeyMaterialManager.java
++++ /dev/null
+@@ -1,40 +0,0 @@
+-/*
+- * Copyright 2016 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import javax.net.ssl.X509ExtendedKeyManager;
+-import javax.security.auth.x500.X500Principal;
+-
+-final class OpenSslExtendedKeyMaterialManager extends OpenSslKeyMaterialManager {
+-
+- private final X509ExtendedKeyManager keyManager;
+-
+- OpenSslExtendedKeyMaterialManager(X509ExtendedKeyManager keyManager, String password) {
+- super(keyManager, password);
+- this.keyManager = keyManager;
+- }
+-
+- @Override
+- protected String chooseClientAlias(ReferenceCountedOpenSslEngine engine, String[] keyTypes,
+- X500Principal[] issuer) {
+- return keyManager.chooseEngineClientAlias(keyTypes, issuer, engine);
+- }
+-
+- @Override
+- protected String chooseServerAlias(ReferenceCountedOpenSslEngine engine, String type) {
+- return keyManager.chooseEngineServerAlias(type, null, engine);
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslKeyMaterialManager.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslKeyMaterialManager.java
+deleted file mode 100644
+index 2e48e8b..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslKeyMaterialManager.java
++++ /dev/null
+@@ -1,179 +0,0 @@
+-/*
+- * Copyright 2016 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import io.netty.buffer.ByteBufAllocator;
+-import io.netty.internal.tcnative.CertificateRequestedCallback;
+-import io.netty.internal.tcnative.SSL;
+-
+-import javax.net.ssl.SSLException;
+-import javax.net.ssl.X509KeyManager;
+-import javax.security.auth.x500.X500Principal;
+-import java.security.PrivateKey;
+-import java.security.cert.X509Certificate;
+-import java.util.HashMap;
+-import java.util.HashSet;
+-import java.util.Map;
+-import java.util.Set;
+-
+-import static io.netty.handler.ssl.ReferenceCountedOpenSslContext.freeBio;
+-import static io.netty.handler.ssl.ReferenceCountedOpenSslContext.toBIO;
+-
+-/**
+- * Manages key material for {@link OpenSslEngine}s and so set the right {@link PrivateKey}s and
+- * {@link X509Certificate}s.
+- */
+-class OpenSslKeyMaterialManager {
+-
+- // Code in this class is inspired by code of conscrypts:
+- // - https://android.googlesource.com/platform/external/
+- // conscrypt/+/master/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
+- // - https://android.googlesource.com/platform/external/
+- // conscrypt/+/master/src/main/java/org/conscrypt/SSLParametersImpl.java
+- //
+- static final String KEY_TYPE_RSA = "RSA";
+- static final String KEY_TYPE_DH_RSA = "DH_RSA";
+- static final String KEY_TYPE_EC = "EC";
+- static final String KEY_TYPE_EC_EC = "EC_EC";
+- static final String KEY_TYPE_EC_RSA = "EC_RSA";
+-
+- // key type mappings for types.
+- private static final Map<String, String> KEY_TYPES = new HashMap<String, String>();
+- static {
+- KEY_TYPES.put("RSA", KEY_TYPE_RSA);
+- KEY_TYPES.put("DHE_RSA", KEY_TYPE_RSA);
+- KEY_TYPES.put("ECDHE_RSA", KEY_TYPE_RSA);
+- KEY_TYPES.put("ECDHE_ECDSA", KEY_TYPE_EC);
+- KEY_TYPES.put("ECDH_RSA", KEY_TYPE_EC_RSA);
+- KEY_TYPES.put("ECDH_ECDSA", KEY_TYPE_EC_EC);
+- KEY_TYPES.put("DH_RSA", KEY_TYPE_DH_RSA);
+- }
+-
+- private final X509KeyManager keyManager;
+- private final String password;
+-
+- OpenSslKeyMaterialManager(X509KeyManager keyManager, String password) {
+- this.keyManager = keyManager;
+- this.password = password;
+- }
+-
+- void setKeyMaterial(ReferenceCountedOpenSslEngine engine) throws SSLException {
+- long ssl = engine.sslPointer();
+- String[] authMethods = SSL.authenticationMethods(ssl);
+- Set<String> aliases = new HashSet<String>(authMethods.length);
+- for (String authMethod : authMethods) {
+- String type = KEY_TYPES.get(authMethod);
+- if (type != null) {
+- String alias = chooseServerAlias(engine, type);
+- if (alias != null && aliases.add(alias)) {
+- setKeyMaterial(ssl, alias);
+- }
+- }
+- }
+- }
+-
+- CertificateRequestedCallback.KeyMaterial keyMaterial(ReferenceCountedOpenSslEngine engine, String[] keyTypes,
+- X500Principal[] issuer) throws SSLException {
+- String alias = chooseClientAlias(engine, keyTypes, issuer);
+- long keyBio = 0;
+- long keyCertChainBio = 0;
+- long pkey = 0;
+- long certChain = 0;
+-
+- try {
+- // TODO: Should we cache these and so not need to do a memory copy all the time ?
+- X509Certificate[] certificates = keyManager.getCertificateChain(alias);
+- if (certificates == null || certificates.length == 0) {
+- return null;
+- }
+-
+- PrivateKey key = keyManager.getPrivateKey(alias);
+- keyCertChainBio = toBIO(certificates);
+- certChain = SSL.parseX509Chain(keyCertChainBio);
+- if (key != null) {
+- keyBio = toBIO(key);
+- pkey = SSL.parsePrivateKey(keyBio, password);
+- }
+- CertificateRequestedCallback.KeyMaterial material = new CertificateRequestedCallback.KeyMaterial(
+- certChain, pkey);
+-
+- // Reset to 0 so we do not free these. This is needed as the client certificate callback takes ownership
+- // of both the key and the certificate if they are returned from this method, and thus must not
+- // be freed here.
+- certChain = pkey = 0;
+- return material;
+- } catch (SSLException e) {
+- throw e;
+- } catch (Exception e) {
+- throw new SSLException(e);
+- } finally {
+- freeBio(keyBio);
+- freeBio(keyCertChainBio);
+- SSL.freePrivateKey(pkey);
+- SSL.freeX509Chain(certChain);
+- }
+- }
+-
+- private void setKeyMaterial(long ssl, String alias) throws SSLException {
+- long keyBio = 0;
+- long keyCertChainBio = 0;
+- long keyCertChainBio2 = 0;
+-
+- try {
+- // TODO: Should we cache these and so not need to do a memory copy all the time ?
+- X509Certificate[] certificates = keyManager.getCertificateChain(alias);
+- if (certificates == null || certificates.length == 0) {
+- return;
+- }
+-
+- PrivateKey key = keyManager.getPrivateKey(alias);
+-
+- // Only encode one time
+- PemEncoded encoded = PemX509Certificate.toPEM(ByteBufAllocator.DEFAULT, true, certificates);
+- try {
+- keyCertChainBio = toBIO(ByteBufAllocator.DEFAULT, encoded.retain());
+- keyCertChainBio2 = toBIO(ByteBufAllocator.DEFAULT, encoded.retain());
+-
+- if (key != null) {
+- keyBio = toBIO(key);
+- }
+- SSL.setCertificateBio(ssl, keyCertChainBio, keyBio, password);
+-
+- // We may have more then one cert in the chain so add all of them now.
+- SSL.setCertificateChainBio(ssl, keyCertChainBio2, true);
+- } finally {
+- encoded.release();
+- }
+- } catch (SSLException e) {
+- throw e;
+- } catch (Exception e) {
+- throw new SSLException(e);
+- } finally {
+- freeBio(keyBio);
+- freeBio(keyCertChainBio);
+- freeBio(keyCertChainBio2);
+- }
+- }
+-
+- protected String chooseClientAlias(@SuppressWarnings("unused") ReferenceCountedOpenSslEngine engine,
+- String[] keyTypes, X500Principal[] issuer) {
+- return keyManager.chooseClientAlias(keyTypes, issuer, null);
+- }
+-
+- protected String chooseServerAlias(@SuppressWarnings("unused") ReferenceCountedOpenSslEngine engine, String type) {
+- return keyManager.chooseServerAlias(type, null, null);
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java
+deleted file mode 100644
+index f57434b..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java
++++ /dev/null
+@@ -1,373 +0,0 @@
+-/*
+- * Copyright 2014 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import io.netty.handler.ssl.ReferenceCountedOpenSslServerContext.ServerContext;
+-import io.netty.internal.tcnative.SSL;
+-
+-import java.io.File;
+-import java.security.PrivateKey;
+-import java.security.cert.X509Certificate;
+-
+-import javax.net.ssl.KeyManager;
+-import javax.net.ssl.KeyManagerFactory;
+-import javax.net.ssl.SSLException;
+-import javax.net.ssl.TrustManager;
+-import javax.net.ssl.TrustManagerFactory;
+-
+-import static io.netty.handler.ssl.ReferenceCountedOpenSslServerContext.newSessionContext;
+-
+-/**
+- * A server-side {@link SslContext} which uses OpenSSL's SSL/TLS implementation.
+- * <p>This class will use a finalizer to ensure native resources are automatically cleaned up. To avoid finalizers
+- * and manually release the native memory see {@link ReferenceCountedOpenSslServerContext}.
+- */
+-public final class OpenSslServerContext extends OpenSslContext {
+- private final OpenSslServerSessionContext sessionContext;
+- private final OpenSslKeyMaterialManager keyMaterialManager;
+-
+- /**
+- * Creates a new instance.
+- *
+- * @param certChainFile an X.509 certificate chain file in PEM format
+- * @param keyFile a PKCS#8 private key file in PEM format
+- * @deprecated use {@link SslContextBuilder}
+- */
+- @Deprecated
+- public OpenSslServerContext(File certChainFile, File keyFile) throws SSLException {
+- this(certChainFile, keyFile, null);
+- }
+-
+- /**
+- * Creates a new instance.
+- *
+- * @param certChainFile an X.509 certificate chain file in PEM format
+- * @param keyFile a PKCS#8 private key file in PEM format
+- * @param keyPassword the password of the {@code keyFile}.
+- * {@code null} if it's not password-protected.
+- * @deprecated use {@link SslContextBuilder}
+- */
+- @Deprecated
+- public OpenSslServerContext(File certChainFile, File keyFile, String keyPassword) throws SSLException {
+- this(certChainFile, keyFile, keyPassword, null, IdentityCipherSuiteFilter.INSTANCE,
+- ApplicationProtocolConfig.DISABLED, 0, 0);
+- }
+-
+- /**
+- * Creates a new instance.
+- *
+- * @param certChainFile an X.509 certificate chain file in PEM format
+- * @param keyFile a PKCS#8 private key file in PEM format
+- * @param keyPassword the password of the {@code keyFile}.
+- * {@code null} if it's not password-protected.
+- * @param ciphers the cipher suites to enable, in the order of preference.
+- * {@code null} to use the default cipher suites.
+- * @param apn Provides a means to configure parameters related to application protocol negotiation.
+- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
+- * {@code 0} to use the default value.
+- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
+- * {@code 0} to use the default value.
+- * @deprecated use {@link SslContextBuilder}
+- */
+- @Deprecated
+- public OpenSslServerContext(
+- File certChainFile, File keyFile, String keyPassword,
+- Iterable<String> ciphers, ApplicationProtocolConfig apn,
+- long sessionCacheSize, long sessionTimeout) throws SSLException {
+- this(certChainFile, keyFile, keyPassword, ciphers, IdentityCipherSuiteFilter.INSTANCE,
+- apn, sessionCacheSize, sessionTimeout);
+- }
+-
+- /**
+- * Creates a new instance.
+- *
+- * @param certChainFile an X.509 certificate chain file in PEM format
+- * @param keyFile a PKCS#8 private key file in PEM format
+- * @param keyPassword the password of the {@code keyFile}.
+- * {@code null} if it's not password-protected.
+- * @param ciphers the cipher suites to enable, in the order of preference.
+- * {@code null} to use the default cipher suites.
+- * @param nextProtocols the application layer protocols to accept, in the order of preference.
+- * {@code null} to disable TLS NPN/ALPN extension.
+- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
+- * {@code 0} to use the default value.
+- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
+- * {@code 0} to use the default value.
+- * @deprecated use {@link SslContextBuilder}
+- */
+- @Deprecated
+- public OpenSslServerContext(
+- File certChainFile, File keyFile, String keyPassword,
+- Iterable<String> ciphers, Iterable<String> nextProtocols,
+- long sessionCacheSize, long sessionTimeout) throws SSLException {
+- this(certChainFile, keyFile, keyPassword, ciphers,
+- toApplicationProtocolConfig(nextProtocols), sessionCacheSize, sessionTimeout);
+- }
+-
+- /**
+- * Creates a new instance.
+- *
+- * @param certChainFile an X.509 certificate chain file in PEM format
+- * @param keyFile a PKCS#8 private key file in PEM format
+- * @param keyPassword the password of the {@code keyFile}.
+- * {@code null} if it's not password-protected.
+- * @param ciphers the cipher suites to enable, in the order of preference.
+- * {@code null} to use the default cipher suites.
+- * @param config Application protocol config.
+- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
+- * {@code 0} to use the default value.
+- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
+- * {@code 0} to use the default value.
+- * @deprecated use {@link SslContextBuilder}
+- */
+- @Deprecated
+- public OpenSslServerContext(
+- File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory,
+- Iterable<String> ciphers, ApplicationProtocolConfig config,
+- long sessionCacheSize, long sessionTimeout) throws SSLException {
+- this(certChainFile, keyFile, keyPassword, trustManagerFactory, ciphers,
+- toNegotiator(config), sessionCacheSize, sessionTimeout);
+- }
+-
+- /**
+- * Creates a new instance.
+- *
+- * @param certChainFile an X.509 certificate chain file in PEM format
+- * @param keyFile a PKCS#8 private key file in PEM format
+- * @param keyPassword the password of the {@code keyFile}.
+- * {@code null} if it's not password-protected.
+- * @param ciphers the cipher suites to enable, in the order of preference.
+- * {@code null} to use the default cipher suites.
+- * @param apn Application protocol negotiator.
+- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
+- * {@code 0} to use the default value.
+- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
+- * {@code 0} to use the default value.
+- * @deprecated use {@link SslContextBuilder}
+- */
+- @Deprecated
+- public OpenSslServerContext(
+- File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory,
+- Iterable<String> ciphers, OpenSslApplicationProtocolNegotiator apn,
+- long sessionCacheSize, long sessionTimeout) throws SSLException {
+- this(null, trustManagerFactory, certChainFile, keyFile, keyPassword, null,
+- ciphers, null, apn, sessionCacheSize, sessionTimeout);
+- }
+-
+- /**
+- * Creates a new instance.
+- *
+- * @param certChainFile an X.509 certificate chain file in PEM format
+- * @param keyFile a PKCS#8 private key file in PEM format
+- * @param keyPassword the password of the {@code keyFile}.
+- * {@code null} if it's not password-protected.
+- * @param ciphers the cipher suites to enable, in the order of preference.
+- * {@code null} to use the default cipher suites.
+- * @param cipherFilter a filter to apply over the supplied list of ciphers
+- * @param apn Provides a means to configure parameters related to application protocol negotiation.
+- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
+- * {@code 0} to use the default value.
+- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
+- * {@code 0} to use the default value.
+- * @deprecated use {@link SslContextBuilder}
+- */
+- @Deprecated
+- public OpenSslServerContext(
+- File certChainFile, File keyFile, String keyPassword,
+- Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
+- long sessionCacheSize, long sessionTimeout) throws SSLException {
+- this(null, null, certChainFile, keyFile, keyPassword, null,
+- ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout);
+- }
+-
+- /**
+- * Creates a new instance.
+- *
+- * @param trustCertCollectionFile an X.509 certificate collection file in PEM format.
+- * This provides the certificate collection used for mutual authentication.
+- * {@code null} to use the system default
+- * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
+- * that verifies the certificates sent from clients.
+- * {@code null} to use the default or the results of parsing
+- * {@code trustCertCollectionFile}.
+- * @param keyCertChainFile an X.509 certificate chain file in PEM format
+- * @param keyFile a PKCS#8 private key file in PEM format
+- * @param keyPassword the password of the {@code keyFile}.
+- * {@code null} if it's not password-protected.
+- * @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link KeyManager}s
+- * that is used to encrypt data being sent to clients.
+- * {@code null} to use the default or the results of parsing
+- * {@code keyCertChainFile} and {@code keyFile}.
+- * @param ciphers the cipher suites to enable, in the order of preference.
+- * {@code null} to use the default cipher suites.
+- * @param cipherFilter a filter to apply over the supplied list of ciphers
+- * Only required if {@code provider} is {@link SslProvider#JDK}
+- * @param config Provides a means to configure parameters related to application protocol negotiation.
+- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
+- * {@code 0} to use the default value.
+- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
+- * {@code 0} to use the default value.
+- * @deprecated use {@link SslContextBuilder}
+- */
+- @Deprecated
+- public OpenSslServerContext(
+- File trustCertCollectionFile, TrustManagerFactory trustManagerFactory,
+- File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory,
+- Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig config,
+- long sessionCacheSize, long sessionTimeout) throws SSLException {
+- this(trustCertCollectionFile, trustManagerFactory, keyCertChainFile, keyFile, keyPassword, keyManagerFactory,
+- ciphers, cipherFilter, toNegotiator(config), sessionCacheSize, sessionTimeout);
+- }
+-
+- /**
+- * Creates a new instance.
+- *
+- * @param certChainFile an X.509 certificate chain file in PEM format
+- * @param keyFile a PKCS#8 private key file in PEM format
+- * @param keyPassword the password of the {@code keyFile}.
+- * {@code null} if it's not password-protected.
+- * @param ciphers the cipher suites to enable, in the order of preference.
+- * {@code null} to use the default cipher suites.
+- * @param cipherFilter a filter to apply over the supplied list of ciphers
+- * @param config Application protocol config.
+- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
+- * {@code 0} to use the default value.
+- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
+- * {@code 0} to use the default value.
+- * @deprecated use {@link SslContextBuilder}
+- */
+- @Deprecated
+- public OpenSslServerContext(File certChainFile, File keyFile, String keyPassword,
+- TrustManagerFactory trustManagerFactory, Iterable<String> ciphers,
+- CipherSuiteFilter cipherFilter, ApplicationProtocolConfig config,
+- long sessionCacheSize, long sessionTimeout) throws SSLException {
+- this(null, trustManagerFactory, certChainFile, keyFile, keyPassword, null, ciphers, cipherFilter,
+- toNegotiator(config), sessionCacheSize, sessionTimeout);
+- }
+-
+- /**
+- * Creates a new instance.
+- *
+- * @param certChainFile an X.509 certificate chain file in PEM format
+- * @param keyFile a PKCS#8 private key file in PEM format
+- * @param keyPassword the password of the {@code keyFile}.
+- * {@code null} if it's not password-protected.
+- * @param ciphers the cipher suites to enable, in the order of preference.
+- * {@code null} to use the default cipher suites.
+- * @param cipherFilter a filter to apply over the supplied list of ciphers
+- * @param apn Application protocol negotiator.
+- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
+- * {@code 0} to use the default value.
+- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
+- * {@code 0} to use the default value.
+- * @deprecated use {@link SslContextBuilder}}
+- */
+- @Deprecated
+- public OpenSslServerContext(
+- File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory,
+- Iterable<String> ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn,
+- long sessionCacheSize, long sessionTimeout) throws SSLException {
+- this(null, trustManagerFactory, certChainFile, keyFile, keyPassword, null, ciphers, cipherFilter,
+- apn, sessionCacheSize, sessionTimeout);
+- }
+-
+- /**
+- * Creates a new instance.
+- *
+- *
+- * @param trustCertCollectionFile an X.509 certificate collection file in PEM format.
+- * This provides the certificate collection used for mutual authentication.
+- * {@code null} to use the system default
+- * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
+- * that verifies the certificates sent from clients.
+- * {@code null} to use the default or the results of parsing
+- * {@code trustCertCollectionFile}.
+- * @param keyCertChainFile an X.509 certificate chain file in PEM format
+- * @param keyFile a PKCS#8 private key file in PEM format
+- * @param keyPassword the password of the {@code keyFile}.
+- * {@code null} if it's not password-protected.
+- * @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link KeyManager}s
+- * that is used to encrypt data being sent to clients.
+- * {@code null} to use the default or the results of parsing
+- * {@code keyCertChainFile} and {@code keyFile}.
+- * @param ciphers the cipher suites to enable, in the order of preference.
+- * {@code null} to use the default cipher suites.
+- * @param cipherFilter a filter to apply over the supplied list of ciphers
+- * Only required if {@code provider} is {@link SslProvider#JDK}
+- * @param apn Application Protocol Negotiator object
+- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
+- * {@code 0} to use the default value.
+- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
+- * {@code 0} to use the default value.
+- * @deprecated use {@link SslContextBuilder}
+- */
+- @Deprecated
+- public OpenSslServerContext(
+- File trustCertCollectionFile, TrustManagerFactory trustManagerFactory,
+- File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory,
+- Iterable<String> ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn,
+- long sessionCacheSize, long sessionTimeout) throws SSLException {
+- this(toX509CertificatesInternal(trustCertCollectionFile), trustManagerFactory,
+- toX509CertificatesInternal(keyCertChainFile), toPrivateKeyInternal(keyFile, keyPassword),
+- keyPassword, keyManagerFactory, ciphers, cipherFilter,
+- apn, sessionCacheSize, sessionTimeout, ClientAuth.NONE, null, false, false);
+- }
+-
+- OpenSslServerContext(
+- X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
+- X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
+- Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
+- long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth, String[] protocols, boolean startTls,
+- boolean enableOcsp) throws SSLException {
+- this(trustCertCollection, trustManagerFactory, keyCertChain, key, keyPassword, keyManagerFactory, ciphers,
+- cipherFilter, toNegotiator(apn), sessionCacheSize, sessionTimeout, clientAuth, protocols, startTls,
+- enableOcsp);
+- }
+-
+- @SuppressWarnings("deprecation")
+- private OpenSslServerContext(
+- X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
+- X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
+- Iterable<String> ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn,
+- long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth, String[] protocols, boolean startTls,
+- boolean enableOcsp) throws SSLException {
+- super(ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout, SSL.SSL_MODE_SERVER, keyCertChain,
+- clientAuth, protocols, startTls, enableOcsp);
+- // Create a new SSL_CTX and configure it.
+- boolean success = false;
+- try {
+- ServerContext context = newSessionContext(this, ctx, engineMap, trustCertCollection, trustManagerFactory,
+- keyCertChain, key, keyPassword, keyManagerFactory);
+- sessionContext = context.sessionContext;
+- keyMaterialManager = context.keyMaterialManager;
+- success = true;
+- } finally {
+- if (!success) {
+- release();
+- }
+- }
+- }
+-
+- @Override
+- public OpenSslServerSessionContext sessionContext() {
+- return sessionContext;
+- }
+-
+- @Override
+- OpenSslKeyMaterialManager keyMaterialManager() {
+- return keyMaterialManager;
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerSessionContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerSessionContext.java
+deleted file mode 100644
+index 8c92deb..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerSessionContext.java
++++ /dev/null
+@@ -1,124 +0,0 @@
+-/*
+- * Copyright 2014 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import io.netty.internal.tcnative.SSL;
+-import io.netty.internal.tcnative.SSLContext;
+-
+-import java.util.concurrent.locks.Lock;
+-
+-
+-/**
+- * {@link OpenSslSessionContext} implementation which offers extra methods which are only useful for the server-side.
+- */
+-public final class OpenSslServerSessionContext extends OpenSslSessionContext {
+- OpenSslServerSessionContext(ReferenceCountedOpenSslContext context) {
+- super(context);
+- }
+-
+- @Override
+- public void setSessionTimeout(int seconds) {
+- if (seconds < 0) {
+- throw new IllegalArgumentException();
+- }
+- Lock writerLock = context.ctxLock.writeLock();
+- writerLock.lock();
+- try {
+- SSLContext.setSessionCacheTimeout(context.ctx, seconds);
+- } finally {
+- writerLock.unlock();
+- }
+- }
+-
+- @Override
+- public int getSessionTimeout() {
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return (int) SSLContext.getSessionCacheTimeout(context.ctx);
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- @Override
+- public void setSessionCacheSize(int size) {
+- if (size < 0) {
+- throw new IllegalArgumentException();
+- }
+- Lock writerLock = context.ctxLock.writeLock();
+- writerLock.lock();
+- try {
+- SSLContext.setSessionCacheSize(context.ctx, size);
+- } finally {
+- writerLock.unlock();
+- }
+- }
+-
+- @Override
+- public int getSessionCacheSize() {
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return (int) SSLContext.getSessionCacheSize(context.ctx);
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- @Override
+- public void setSessionCacheEnabled(boolean enabled) {
+- long mode = enabled ? SSL.SSL_SESS_CACHE_SERVER : SSL.SSL_SESS_CACHE_OFF;
+-
+- Lock writerLock = context.ctxLock.writeLock();
+- writerLock.lock();
+- try {
+- SSLContext.setSessionCacheMode(context.ctx, mode);
+- } finally {
+- writerLock.unlock();
+- }
+- }
+-
+- @Override
+- public boolean isSessionCacheEnabled() {
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return SSLContext.getSessionCacheMode(context.ctx) == SSL.SSL_SESS_CACHE_SERVER;
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- /**
+- * Set the context within which session be reused (server side only)
+- * See <a href="http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html">
+- * man SSL_CTX_set_session_id_context</a>
+- *
+- * @param sidCtx can be any kind of binary data, it is therefore possible to use e.g. the name
+- * of the application and/or the hostname and/or service name
+- * @return {@code true} if success, {@code false} otherwise.
+- */
+- public boolean setSessionIdContext(byte[] sidCtx) {
+- Lock writerLock = context.ctxLock.writeLock();
+- writerLock.lock();
+- try {
+- return SSLContext.setSessionIdContext(context.ctx, sidCtx);
+- } finally {
+- writerLock.unlock();
+- }
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslSessionContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslSessionContext.java
+deleted file mode 100644
+index 846a968..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslSessionContext.java
++++ /dev/null
+@@ -1,137 +0,0 @@
+-/*
+- * Copyright 2014 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import io.netty.util.internal.ObjectUtil;
+-import io.netty.internal.tcnative.SSL;
+-import io.netty.internal.tcnative.SSLContext;
+-import io.netty.internal.tcnative.SessionTicketKey;
+-
+-import javax.net.ssl.SSLSession;
+-import javax.net.ssl.SSLSessionContext;
+-import java.util.Arrays;
+-import java.util.Enumeration;
+-import java.util.NoSuchElementException;
+-import java.util.concurrent.locks.Lock;
+-
+-/**
+- * OpenSSL specific {@link SSLSessionContext} implementation.
+- */
+-public abstract class OpenSslSessionContext implements SSLSessionContext {
+- private static final Enumeration<byte[]> EMPTY = new EmptyEnumeration();
+-
+- private final OpenSslSessionStats stats;
+- final ReferenceCountedOpenSslContext context;
+-
+- // IMPORTANT: We take the OpenSslContext and not just the long (which points the native instance) to prevent
+- // the GC to collect OpenSslContext as this would also free the pointer and so could result in a
+- // segfault when the user calls any of the methods here that try to pass the pointer down to the native
+- // level.
+- OpenSslSessionContext(ReferenceCountedOpenSslContext context) {
+- this.context = context;
+- stats = new OpenSslSessionStats(context);
+- }
+-
+- @Override
+- public SSLSession getSession(byte[] bytes) {
+- if (bytes == null) {
+- throw new NullPointerException("bytes");
+- }
+- return null;
+- }
+-
+- @Override
+- public Enumeration<byte[]> getIds() {
+- return EMPTY;
+- }
+-
+- /**
+- * Sets the SSL session ticket keys of this context.
+- * @deprecated use {@link #setTicketKeys(OpenSslSessionTicketKey...)}.
+- */
+- @Deprecated
+- public void setTicketKeys(byte[] keys) {
+- if (keys.length % SessionTicketKey.TICKET_KEY_SIZE != 0) {
+- throw new IllegalArgumentException("keys.length % " + SessionTicketKey.TICKET_KEY_SIZE + " != 0");
+- }
+- SessionTicketKey[] tickets = new SessionTicketKey[keys.length / SessionTicketKey.TICKET_KEY_SIZE];
+- for (int i = 0, a = 0; i < tickets.length; i++) {
+- byte[] name = Arrays.copyOfRange(keys, a, SessionTicketKey.NAME_SIZE);
+- a += SessionTicketKey.NAME_SIZE;
+- byte[] hmacKey = Arrays.copyOfRange(keys, a, SessionTicketKey.HMAC_KEY_SIZE);
+- i += SessionTicketKey.HMAC_KEY_SIZE;
+- byte[] aesKey = Arrays.copyOfRange(keys, a, SessionTicketKey.AES_KEY_SIZE);
+- a += SessionTicketKey.AES_KEY_SIZE;
+- tickets[i] = new SessionTicketKey(name, hmacKey, aesKey);
+- }
+- Lock writerLock = context.ctxLock.writeLock();
+- writerLock.lock();
+- try {
+- SSLContext.clearOptions(context.ctx, SSL.SSL_OP_NO_TICKET);
+- SSLContext.setSessionTicketKeys(context.ctx, tickets);
+- } finally {
+- writerLock.unlock();
+- }
+- }
+-
+- /**
+- * Sets the SSL session ticket keys of this context.
+- */
+- public void setTicketKeys(OpenSslSessionTicketKey... keys) {
+- ObjectUtil.checkNotNull(keys, "keys");
+- SessionTicketKey[] ticketKeys = new SessionTicketKey[keys.length];
+- for (int i = 0; i < ticketKeys.length; i++) {
+- ticketKeys[i] = keys[i].key;
+- }
+- Lock writerLock = context.ctxLock.writeLock();
+- writerLock.lock();
+- try {
+- SSLContext.clearOptions(context.ctx, SSL.SSL_OP_NO_TICKET);
+- SSLContext.setSessionTicketKeys(context.ctx, ticketKeys);
+- } finally {
+- writerLock.unlock();
+- }
+- }
+-
+- /**
+- * Enable or disable caching of SSL sessions.
+- */
+- public abstract void setSessionCacheEnabled(boolean enabled);
+-
+- /**
+- * Return {@code true} if caching of SSL sessions is enabled, {@code false} otherwise.
+- */
+- public abstract boolean isSessionCacheEnabled();
+-
+- /**
+- * Returns the stats of this context.
+- */
+- public OpenSslSessionStats stats() {
+- return stats;
+- }
+-
+- private static final class EmptyEnumeration implements Enumeration<byte[]> {
+- @Override
+- public boolean hasMoreElements() {
+- return false;
+- }
+-
+- @Override
+- public byte[] nextElement() {
+- throw new NoSuchElementException();
+- }
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslSessionStats.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslSessionStats.java
+deleted file mode 100644
+index f49b95f..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslSessionStats.java
++++ /dev/null
+@@ -1,253 +0,0 @@
+-/*
+- * Copyright 2014 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-
+-package io.netty.handler.ssl;
+-
+-import io.netty.internal.tcnative.SSLContext;
+-
+-import java.util.concurrent.locks.Lock;
+-
+-/**
+- * Stats exposed by an OpenSSL session context.
+- *
+- * @see <a href="https://www.openssl.org/docs/manmaster/man3/SSL_CTX_sess_number.html">SSL_CTX_sess_number</a>
+- */
+-public final class OpenSslSessionStats {
+-
+- private final ReferenceCountedOpenSslContext context;
+-
+- // IMPORTANT: We take the OpenSslContext and not just the long (which points the native instance) to prevent
+- // the GC to collect OpenSslContext as this would also free the pointer and so could result in a
+- // segfault when the user calls any of the methods here that try to pass the pointer down to the native
+- // level.
+- OpenSslSessionStats(ReferenceCountedOpenSslContext context) {
+- this.context = context;
+- }
+-
+- /**
+- * Returns the current number of sessions in the internal session cache.
+- */
+- public long number() {
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return SSLContext.sessionNumber(context.ctx);
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- /**
+- * Returns the number of started SSL/TLS handshakes in client mode.
+- */
+- public long connect() {
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return SSLContext.sessionConnect(context.ctx);
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- /**
+- * Returns the number of successfully established SSL/TLS sessions in client mode.
+- */
+- public long connectGood() {
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return SSLContext.sessionConnectGood(context.ctx);
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- /**
+- * Returns the number of start renegotiations in client mode.
+- */
+- public long connectRenegotiate() {
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return SSLContext.sessionConnectRenegotiate(context.ctx);
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- /**
+- * Returns the number of started SSL/TLS handshakes in server mode.
+- */
+- public long accept() {
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return SSLContext.sessionAccept(context.ctx);
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- /**
+- * Returns the number of successfully established SSL/TLS sessions in server mode.
+- */
+- public long acceptGood() {
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return SSLContext.sessionAcceptGood(context.ctx);
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- /**
+- * Returns the number of start renegotiations in server mode.
+- */
+- public long acceptRenegotiate() {
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return SSLContext.sessionAcceptRenegotiate(context.ctx);
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- /**
+- * Returns the number of successfully reused sessions. In client mode, a session set with {@code SSL_set_session}
+- * successfully reused is counted as a hit. In server mode, a session successfully retrieved from internal or
+- * external cache is counted as a hit.
+- */
+- public long hits() {
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return SSLContext.sessionHits(context.ctx);
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- /**
+- * Returns the number of successfully retrieved sessions from the external session cache in server mode.
+- */
+- public long cbHits() {
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return SSLContext.sessionCbHits(context.ctx);
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- /**
+- * Returns the number of sessions proposed by clients that were not found in the internal session cache
+- * in server mode.
+- */
+- public long misses() {
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return SSLContext.sessionMisses(context.ctx);
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- /**
+- * Returns the number of sessions proposed by clients and either found in the internal or external session cache
+- * in server mode, but that were invalid due to timeout. These sessions are not included in the {@link #hits()}
+- * count.
+- */
+- public long timeouts() {
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return SSLContext.sessionTimeouts(context.ctx);
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- /**
+- * Returns the number of sessions that were removed because the maximum session cache size was exceeded.
+- */
+- public long cacheFull() {
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return SSLContext.sessionCacheFull(context.ctx);
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- /**
+- * Returns the number of times a client presented a ticket that did not match any key in the list.
+- */
+- public long ticketKeyFail() {
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return SSLContext.sessionTicketKeyFail(context.ctx);
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- /**
+- * Returns the number of times a client did not present a ticket and we issued a new one
+- */
+- public long ticketKeyNew() {
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return SSLContext.sessionTicketKeyNew(context.ctx);
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- /**
+- * Returns the number of times a client presented a ticket derived from an older key,
+- * and we upgraded to the primary key.
+- */
+- public long ticketKeyRenew() {
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return SSLContext.sessionTicketKeyRenew(context.ctx);
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- /**
+- * Returns the number of times a client presented a ticket derived from the primary key.
+- */
+- public long ticketKeyResume() {
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return SSLContext.sessionTicketKeyResume(context.ctx);
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslSessionTicketKey.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslSessionTicketKey.java
+deleted file mode 100644
+index 79f71a6..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslSessionTicketKey.java
++++ /dev/null
+@@ -1,78 +0,0 @@
+-/*
+- * Copyright 2015 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import io.netty.internal.tcnative.SessionTicketKey;
+-
+-/**
+- * Session Ticket Key
+- */
+-public final class OpenSslSessionTicketKey {
+-
+- /**
+- * Size of session ticket key name
+- */
+- public static final int NAME_SIZE = SessionTicketKey.NAME_SIZE;
+- /**
+- * Size of session ticket key HMAC key
+- */
+- public static final int HMAC_KEY_SIZE = SessionTicketKey.HMAC_KEY_SIZE;
+- /**
+- * Size of session ticket key AES key
+- */
+- public static final int AES_KEY_SIZE = SessionTicketKey.AES_KEY_SIZE;
+- /**
+- * Size of session ticker key
+- */
+- public static final int TICKET_KEY_SIZE = SessionTicketKey.TICKET_KEY_SIZE;
+-
+- final SessionTicketKey key;
+-
+- /**
+- * Construct a OpenSslSessionTicketKey.
+- *
+- * @param name the name of the session ticket key
+- * @param hmacKey the HMAC key of the session ticket key
+- * @param aesKey the AES key of the session ticket key
+- */
+- public OpenSslSessionTicketKey(byte[] name, byte[] hmacKey, byte[] aesKey) {
+- key = new SessionTicketKey(name.clone(), hmacKey.clone(), aesKey.clone());
+- }
+-
+- /**
+- * Get name.
+- * @return the name of the session ticket key
+- */
+- public byte[] name() {
+- return key.getName().clone();
+- }
+-
+- /**
+- * Get HMAC key.
+- * @return the HMAC key of the session ticket key
+- */
+- public byte[] hmacKey() {
+- return key.getHmacKey().clone();
+- }
+-
+- /**
+- * Get AES Key.
+- * @return the AES key of the session ticket key
+- */
+- public byte[] aesKey() {
+- return key.getAesKey().clone();
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java
+deleted file mode 100644
+index b213573..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java
++++ /dev/null
+@@ -1,298 +0,0 @@
+-/*
+- * Copyright 2016 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import io.netty.util.internal.logging.InternalLogger;
+-import io.netty.util.internal.logging.InternalLoggerFactory;
+-import io.netty.internal.tcnative.CertificateRequestedCallback;
+-import io.netty.internal.tcnative.SSL;
+-import io.netty.internal.tcnative.SSLContext;
+-
+-import java.security.KeyStore;
+-import java.security.PrivateKey;
+-import java.security.cert.X509Certificate;
+-import java.util.HashSet;
+-import java.util.Set;
+-
+-import javax.net.ssl.KeyManagerFactory;
+-import javax.net.ssl.SSLException;
+-import javax.net.ssl.SSLHandshakeException;
+-import javax.net.ssl.TrustManagerFactory;
+-import javax.net.ssl.X509ExtendedKeyManager;
+-import javax.net.ssl.X509ExtendedTrustManager;
+-import javax.net.ssl.X509KeyManager;
+-import javax.net.ssl.X509TrustManager;
+-import javax.security.auth.x500.X500Principal;
+-
+-/**
+- * A client-side {@link SslContext} which uses OpenSSL's SSL/TLS implementation.
+- * <p>Instances of this class must be {@link #release() released} or else native memory will leak!
+- *
+- * <p>Instances of this class <strong>must not</strong> be released before any {@link ReferenceCountedOpenSslEngine}
+- * which depends upon the instance of this class is released. Otherwise if any method of
+- * {@link ReferenceCountedOpenSslEngine} is called which uses this class's JNI resources the JVM may crash.
+- */
+-public final class ReferenceCountedOpenSslClientContext extends ReferenceCountedOpenSslContext {
+- private static final InternalLogger logger =
+- InternalLoggerFactory.getInstance(ReferenceCountedOpenSslClientContext.class);
+- private final OpenSslSessionContext sessionContext;
+-
+- ReferenceCountedOpenSslClientContext(X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
+- X509Certificate[] keyCertChain, PrivateKey key, String keyPassword,
+- KeyManagerFactory keyManagerFactory, Iterable<String> ciphers,
+- CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
+- String[] protocols, long sessionCacheSize, long sessionTimeout,
+- boolean enableOcsp) throws SSLException {
+- super(ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout, SSL.SSL_MODE_CLIENT, keyCertChain,
+- ClientAuth.NONE, protocols, false, enableOcsp, true);
+- boolean success = false;
+- try {
+- sessionContext = newSessionContext(this, ctx, engineMap, trustCertCollection, trustManagerFactory,
+- keyCertChain, key, keyPassword, keyManagerFactory);
+- success = true;
+- } finally {
+- if (!success) {
+- release();
+- }
+- }
+- }
+-
+- @Override
+- OpenSslKeyMaterialManager keyMaterialManager() {
+- return null;
+- }
+-
+- @Override
+- public OpenSslSessionContext sessionContext() {
+- return sessionContext;
+- }
+-
+- static OpenSslSessionContext newSessionContext(ReferenceCountedOpenSslContext thiz, long ctx,
+- OpenSslEngineMap engineMap,
+- X509Certificate[] trustCertCollection,
+- TrustManagerFactory trustManagerFactory,
+- X509Certificate[] keyCertChain, PrivateKey key, String keyPassword,
+- KeyManagerFactory keyManagerFactory) throws SSLException {
+- if (key == null && keyCertChain != null || key != null && keyCertChain == null) {
+- throw new IllegalArgumentException(
+- "Either both keyCertChain and key needs to be null or none of them");
+- }
+- try {
+- if (!OpenSsl.useKeyManagerFactory()) {
+- if (keyManagerFactory != null) {
+- throw new IllegalArgumentException(
+- "KeyManagerFactory not supported");
+- }
+- if (keyCertChain != null/* && key != null*/) {
+- setKeyMaterial(ctx, keyCertChain, key, keyPassword);
+- }
+- } else {
+- // javadocs state that keyManagerFactory has precedent over keyCertChain
+- if (keyManagerFactory == null && keyCertChain != null) {
+- keyManagerFactory = buildKeyManagerFactory(
+- keyCertChain, key, keyPassword, keyManagerFactory);
+- }
+-
+- if (keyManagerFactory != null) {
+- X509KeyManager keyManager = chooseX509KeyManager(keyManagerFactory.getKeyManagers());
+- OpenSslKeyMaterialManager materialManager = useExtendedKeyManager(keyManager) ?
+- new OpenSslExtendedKeyMaterialManager(
+- (X509ExtendedKeyManager) keyManager, keyPassword) :
+- new OpenSslKeyMaterialManager(keyManager, keyPassword);
+- SSLContext.setCertRequestedCallback(ctx, new OpenSslCertificateRequestedCallback(
+- engineMap, materialManager));
+- }
+- }
+- } catch (Exception e) {
+- throw new SSLException("failed to set certificate and key", e);
+- }
+-
+- SSLContext.setVerify(ctx, SSL.SSL_CVERIFY_NONE, VERIFY_DEPTH);
+-
+- try {
+- if (trustCertCollection != null) {
+- trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory);
+- } else if (trustManagerFactory == null) {
+- trustManagerFactory = TrustManagerFactory.getInstance(
+- TrustManagerFactory.getDefaultAlgorithm());
+- trustManagerFactory.init((KeyStore) null);
+- }
+- final X509TrustManager manager = chooseTrustManager(trustManagerFactory.getTrustManagers());
+-
+- // IMPORTANT: The callbacks set for verification must be static to prevent memory leak as
+- // otherwise the context can never be collected. This is because the JNI code holds
+- // a global reference to the callbacks.
+- //
+- // See https://github.com/netty/netty/issues/5372
+-
+- // Use this to prevent an error when running on java < 7
+- if (useExtendedTrustManager(manager)) {
+- SSLContext.setCertVerifyCallback(ctx,
+- new ExtendedTrustManagerVerifyCallback(engineMap, (X509ExtendedTrustManager) manager));
+- } else {
+- SSLContext.setCertVerifyCallback(ctx, new TrustManagerVerifyCallback(engineMap, manager));
+- }
+- } catch (Exception e) {
+- throw new SSLException("unable to setup trustmanager", e);
+- }
+- return new OpenSslClientSessionContext(thiz);
+- }
+-
+- // No cache is currently supported for client side mode.
+- static final class OpenSslClientSessionContext extends OpenSslSessionContext {
+- OpenSslClientSessionContext(ReferenceCountedOpenSslContext context) {
+- super(context);
+- }
+-
+- @Override
+- public void setSessionTimeout(int seconds) {
+- if (seconds < 0) {
+- throw new IllegalArgumentException();
+- }
+- }
+-
+- @Override
+- public int getSessionTimeout() {
+- return 0;
+- }
+-
+- @Override
+- public void setSessionCacheSize(int size) {
+- if (size < 0) {
+- throw new IllegalArgumentException();
+- }
+- }
+-
+- @Override
+- public int getSessionCacheSize() {
+- return 0;
+- }
+-
+- @Override
+- public void setSessionCacheEnabled(boolean enabled) {
+- // ignored
+- }
+-
+- @Override
+- public boolean isSessionCacheEnabled() {
+- return false;
+- }
+- }
+-
+- private static final class TrustManagerVerifyCallback extends AbstractCertificateVerifier {
+- private final X509TrustManager manager;
+-
+- TrustManagerVerifyCallback(OpenSslEngineMap engineMap, X509TrustManager manager) {
+- super(engineMap);
+- this.manager = manager;
+- }
+-
+- @Override
+- void verify(ReferenceCountedOpenSslEngine engine, X509Certificate[] peerCerts, String auth)
+- throws Exception {
+- manager.checkServerTrusted(peerCerts, auth);
+- }
+- }
+-
+- private static final class ExtendedTrustManagerVerifyCallback extends AbstractCertificateVerifier {
+- private final X509ExtendedTrustManager manager;
+-
+- ExtendedTrustManagerVerifyCallback(OpenSslEngineMap engineMap, X509ExtendedTrustManager manager) {
+- super(engineMap);
+- this.manager = manager;
+- }
+-
+- @Override
+- void verify(ReferenceCountedOpenSslEngine engine, X509Certificate[] peerCerts, String auth)
+- throws Exception {
+- manager.checkServerTrusted(peerCerts, auth, engine);
+- }
+- }
+-
+- private static final class OpenSslCertificateRequestedCallback implements CertificateRequestedCallback {
+- private final OpenSslEngineMap engineMap;
+- private final OpenSslKeyMaterialManager keyManagerHolder;
+-
+- OpenSslCertificateRequestedCallback(OpenSslEngineMap engineMap, OpenSslKeyMaterialManager keyManagerHolder) {
+- this.engineMap = engineMap;
+- this.keyManagerHolder = keyManagerHolder;
+- }
+-
+- @Override
+- public KeyMaterial requested(long ssl, byte[] keyTypeBytes, byte[][] asn1DerEncodedPrincipals) {
+- final ReferenceCountedOpenSslEngine engine = engineMap.get(ssl);
+- try {
+- final Set<String> keyTypesSet = supportedClientKeyTypes(keyTypeBytes);
+- final String[] keyTypes = keyTypesSet.toArray(new String[keyTypesSet.size()]);
+- final X500Principal[] issuers;
+- if (asn1DerEncodedPrincipals == null) {
+- issuers = null;
+- } else {
+- issuers = new X500Principal[asn1DerEncodedPrincipals.length];
+- for (int i = 0; i < asn1DerEncodedPrincipals.length; i++) {
+- issuers[i] = new X500Principal(asn1DerEncodedPrincipals[i]);
+- }
+- }
+- return keyManagerHolder.keyMaterial(engine, keyTypes, issuers);
+- } catch (Throwable cause) {
+- logger.debug("request of key failed", cause);
+- SSLHandshakeException e = new SSLHandshakeException("General OpenSslEngine problem");
+- e.initCause(cause);
+- engine.handshakeException = e;
+- return null;
+- }
+- }
+-
+- /**
+- * Gets the supported key types for client certificates.
+- *
+- * @param clientCertificateTypes {@code ClientCertificateType} values provided by the server.
+- * See https://www.ietf.org/assignments/tls-parameters/tls-parameters.xml.
+- * @return supported key types that can be used in {@code X509KeyManager.chooseClientAlias} and
+- * {@code X509ExtendedKeyManager.chooseEngineClientAlias}.
+- */
+- private static Set<String> supportedClientKeyTypes(byte[] clientCertificateTypes) {
+- Set<String> result = new HashSet<String>(clientCertificateTypes.length);
+- for (byte keyTypeCode : clientCertificateTypes) {
+- String keyType = clientKeyType(keyTypeCode);
+- if (keyType == null) {
+- // Unsupported client key type -- ignore
+- continue;
+- }
+- result.add(keyType);
+- }
+- return result;
+- }
+-
+- private static String clientKeyType(byte clientCertificateType) {
+- // See also http://www.ietf.org/assignments/tls-parameters/tls-parameters.xml
+- switch (clientCertificateType) {
+- case CertificateRequestedCallback.TLS_CT_RSA_SIGN:
+- return OpenSslKeyMaterialManager.KEY_TYPE_RSA; // RFC rsa_sign
+- case CertificateRequestedCallback.TLS_CT_RSA_FIXED_DH:
+- return OpenSslKeyMaterialManager.KEY_TYPE_DH_RSA; // RFC rsa_fixed_dh
+- case CertificateRequestedCallback.TLS_CT_ECDSA_SIGN:
+- return OpenSslKeyMaterialManager.KEY_TYPE_EC; // RFC ecdsa_sign
+- case CertificateRequestedCallback.TLS_CT_RSA_FIXED_ECDH:
+- return OpenSslKeyMaterialManager.KEY_TYPE_EC_RSA; // RFC rsa_fixed_ecdh
+- case CertificateRequestedCallback.TLS_CT_ECDSA_FIXED_ECDH:
+- return OpenSslKeyMaterialManager.KEY_TYPE_EC_EC; // RFC ecdsa_fixed_ecdh
+- default:
+- return null;
+- }
+- }
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslContext.java b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslContext.java
+deleted file mode 100644
+index ee049ab..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslContext.java
++++ /dev/null
+@@ -1,867 +0,0 @@
+-/*
+- * Copyright 2016 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import io.netty.buffer.ByteBuf;
+-import io.netty.buffer.ByteBufAllocator;
+-import io.netty.internal.tcnative.CertificateVerifier;
+-import io.netty.internal.tcnative.SSL;
+-import io.netty.internal.tcnative.SSLContext;
+-import io.netty.util.AbstractReferenceCounted;
+-import io.netty.util.ReferenceCounted;
+-import io.netty.util.ResourceLeakDetector;
+-import io.netty.util.ResourceLeakDetectorFactory;
+-import io.netty.util.ResourceLeakTracker;
+-import io.netty.util.internal.PlatformDependent;
+-import io.netty.util.internal.StringUtil;
+-import io.netty.util.internal.SystemPropertyUtil;
+-import io.netty.util.internal.logging.InternalLogger;
+-import io.netty.util.internal.logging.InternalLoggerFactory;
+-
+-import java.security.AccessController;
+-import java.security.PrivateKey;
+-import java.security.PrivilegedAction;
+-import java.security.cert.CertPathValidatorException;
+-import java.security.cert.Certificate;
+-import java.security.cert.CertificateExpiredException;
+-import java.security.cert.CertificateNotYetValidException;
+-import java.security.cert.CertificateRevokedException;
+-import java.security.cert.X509Certificate;
+-import java.util.ArrayList;
+-import java.util.Arrays;
+-import java.util.Collections;
+-import java.util.List;
+-import java.util.Map;
+-
+-import java.util.concurrent.locks.Lock;
+-import java.util.concurrent.locks.ReadWriteLock;
+-import java.util.concurrent.locks.ReentrantReadWriteLock;
+-import javax.net.ssl.KeyManager;
+-import javax.net.ssl.SSLEngine;
+-import javax.net.ssl.SSLException;
+-import javax.net.ssl.SSLHandshakeException;
+-import javax.net.ssl.TrustManager;
+-import javax.net.ssl.X509ExtendedKeyManager;
+-import javax.net.ssl.X509ExtendedTrustManager;
+-import javax.net.ssl.X509KeyManager;
+-import javax.net.ssl.X509TrustManager;
+-
+-import static io.netty.util.internal.ObjectUtil.checkNotNull;
+-import static io.netty.util.internal.ObjectUtil.checkPositiveOrZero;
+-
+-/**
+- * An implementation of {@link SslContext} which works with libraries that support the
+- * <a href="https://www.openssl.org/">OpenSsl</a> C library API.
+- * <p>Instances of this class must be {@link #release() released} or else native memory will leak!
+- *
+- * <p>Instances of this class <strong>must not</strong> be released before any {@link ReferenceCountedOpenSslEngine}
+- * which depends upon the instance of this class is released. Otherwise if any method of
+- * {@link ReferenceCountedOpenSslEngine} is called which uses this class's JNI resources the JVM may crash.
+- */
+-public abstract class ReferenceCountedOpenSslContext extends SslContext implements ReferenceCounted {
+- private static final InternalLogger logger =
+- InternalLoggerFactory.getInstance(ReferenceCountedOpenSslContext.class);
+- /**
+- * To make it easier for users to replace JDK implementation with OpenSsl version we also use
+- * {@code jdk.tls.rejectClientInitiatedRenegotiation} to allow disabling client initiated renegotiation.
+- * Java8+ uses this system property as well.
+- * <p>
+- * See also <a href="http://blog.ivanristic.com/2014/03/ssl-tls-improvements-in-java-8.html">
+- * Significant SSL/TLS improvements in Java 8</a>
+- */
+- private static final boolean JDK_REJECT_CLIENT_INITIATED_RENEGOTIATION =
+- AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
+- @Override
+- public Boolean run() {
+- return SystemPropertyUtil.getBoolean("jdk.tls.rejectClientInitiatedRenegotiation", false);
+- }
+- });
+-
+- private static final int DEFAULT_BIO_NON_APPLICATION_BUFFER_SIZE =
+- AccessController.doPrivileged(new PrivilegedAction<Integer>() {
+- @Override
+- public Integer run() {
+- return Math.max(1,
+- SystemPropertyUtil.getInt("io.netty.handler.ssl.openssl.bioNonApplicationBufferSize",
+- 2048));
+- }
+- });
+-
+- private static final List<String> DEFAULT_CIPHERS;
+- private static final Integer DH_KEY_LENGTH;
+- private static final ResourceLeakDetector<ReferenceCountedOpenSslContext> leakDetector =
+- ResourceLeakDetectorFactory.instance().newResourceLeakDetector(ReferenceCountedOpenSslContext.class);
+-
+- // TODO: Maybe make configurable ?
+- protected static final int VERIFY_DEPTH = 10;
+-
+- /**
+- * The OpenSSL SSL_CTX object.
+- *
+- * <strong>{@link #ctxLock} must be hold while using ctx!</strong>
+- */
+- protected long ctx;
+- private final List<String> unmodifiableCiphers;
+- private final long sessionCacheSize;
+- private final long sessionTimeout;
+- private final OpenSslApplicationProtocolNegotiator apn;
+- private final int mode;
+-
+- // Reference Counting
+- private final ResourceLeakTracker<ReferenceCountedOpenSslContext> leak;
+- private final AbstractReferenceCounted refCnt = new AbstractReferenceCounted() {
+- @Override
+- public ReferenceCounted touch(Object hint) {
+- if (leak != null) {
+- leak.record(hint);
+- }
+-
+- return ReferenceCountedOpenSslContext.this;
+- }
+-
+- @Override
+- protected void deallocate() {
+- destroy();
+- if (leak != null) {
+- boolean closed = leak.close(ReferenceCountedOpenSslContext.this);
+- assert closed;
+- }
+- }
+- };
+-
+- final Certificate[] keyCertChain;
+- final ClientAuth clientAuth;
+- final String[] protocols;
+- final boolean enableOcsp;
+- final OpenSslEngineMap engineMap = new DefaultOpenSslEngineMap();
+- final ReadWriteLock ctxLock = new ReentrantReadWriteLock();
+-
+- private volatile boolean rejectRemoteInitiatedRenegotiation;
+- private volatile int bioNonApplicationBufferSize = DEFAULT_BIO_NON_APPLICATION_BUFFER_SIZE;
+-
+- static final OpenSslApplicationProtocolNegotiator NONE_PROTOCOL_NEGOTIATOR =
+- new OpenSslApplicationProtocolNegotiator() {
+- @Override
+- public ApplicationProtocolConfig.Protocol protocol() {
+- return ApplicationProtocolConfig.Protocol.NONE;
+- }
+-
+- @Override
+- public List<String> protocols() {
+- return Collections.emptyList();
+- }
+-
+- @Override
+- public ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior() {
+- return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
+- }
+-
+- @Override
+- public ApplicationProtocolConfig.SelectedListenerFailureBehavior selectedListenerFailureBehavior() {
+- return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
+- }
+- };
+-
+- static {
+- List<String> ciphers = new ArrayList<String>();
+- // XXX: Make sure to sync this list with JdkSslEngineFactory.
+- Collections.addAll(
+- ciphers,
+- "ECDHE-ECDSA-AES256-GCM-SHA384",
+- "ECDHE-ECDSA-AES128-GCM-SHA256",
+- "ECDHE-RSA-AES128-GCM-SHA256",
+- "ECDHE-RSA-AES128-SHA",
+- "ECDHE-RSA-AES256-SHA",
+- "AES128-GCM-SHA256",
+- "AES128-SHA",
+- "AES256-SHA");
+- DEFAULT_CIPHERS = Collections.unmodifiableList(ciphers);
+-
+- if (logger.isDebugEnabled()) {
+- logger.debug("Default cipher suite (OpenSSL): " + ciphers);
+- }
+-
+- Integer dhLen = null;
+-
+- try {
+- String dhKeySize = AccessController.doPrivileged(new PrivilegedAction<String>() {
+- @Override
+- public String run() {
+- return SystemPropertyUtil.get("jdk.tls.ephemeralDHKeySize");
+- }
+- });
+- if (dhKeySize != null) {
+- try {
+- dhLen = Integer.valueOf(dhKeySize);
+- } catch (NumberFormatException e) {
+- logger.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: "
+- + dhKeySize);
+- }
+- }
+- } catch (Throwable ignore) {
+- // ignore
+- }
+- DH_KEY_LENGTH = dhLen;
+- }
+-
+- ReferenceCountedOpenSslContext(Iterable<String> ciphers, CipherSuiteFilter cipherFilter,
+- ApplicationProtocolConfig apnCfg, long sessionCacheSize, long sessionTimeout,
+- int mode, Certificate[] keyCertChain, ClientAuth clientAuth, String[] protocols,
+- boolean startTls, boolean enableOcsp, boolean leakDetection) throws SSLException {
+- this(ciphers, cipherFilter, toNegotiator(apnCfg), sessionCacheSize, sessionTimeout, mode, keyCertChain,
+- clientAuth, protocols, startTls, enableOcsp, leakDetection);
+- }
+-
+- ReferenceCountedOpenSslContext(Iterable<String> ciphers, CipherSuiteFilter cipherFilter,
+- OpenSslApplicationProtocolNegotiator apn, long sessionCacheSize,
+- long sessionTimeout, int mode, Certificate[] keyCertChain,
+- ClientAuth clientAuth, String[] protocols, boolean startTls, boolean enableOcsp,
+- boolean leakDetection) throws SSLException {
+- super(startTls);
+-
+- OpenSsl.ensureAvailability();
+-
+- if (enableOcsp && !OpenSsl.isOcspSupported()) {
+- throw new IllegalStateException("OCSP is not supported.");
+- }
+-
+- if (mode != SSL.SSL_MODE_SERVER && mode != SSL.SSL_MODE_CLIENT) {
+- throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
+- }
+- leak = leakDetection ? leakDetector.track(this) : null;
+- this.mode = mode;
+- this.clientAuth = isServer() ? checkNotNull(clientAuth, "clientAuth") : ClientAuth.NONE;
+- this.protocols = protocols;
+- this.enableOcsp = enableOcsp;
+-
+- if (mode == SSL.SSL_MODE_SERVER) {
+- rejectRemoteInitiatedRenegotiation =
+- JDK_REJECT_CLIENT_INITIATED_RENEGOTIATION;
+- }
+- this.keyCertChain = keyCertChain == null ? null : keyCertChain.clone();
+- final List<String> convertedCiphers;
+- if (ciphers == null) {
+- convertedCiphers = null;
+- } else {
+- convertedCiphers = new ArrayList<String>();
+- for (String c : ciphers) {
+- if (c == null) {
+- break;
+- }
+-
+- String converted = CipherSuiteConverter.toOpenSsl(c);
+- if (converted != null) {
+- c = converted;
+- }
+- convertedCiphers.add(c);
+- }
+- }
+-
+- unmodifiableCiphers = Arrays.asList(checkNotNull(cipherFilter, "cipherFilter").filterCipherSuites(
+- convertedCiphers, DEFAULT_CIPHERS, OpenSsl.availableOpenSslCipherSuites()));
+-
+- this.apn = checkNotNull(apn, "apn");
+-
+- // Create a new SSL_CTX and configure it.
+- boolean success = false;
+- try {
+- try {
+- ctx = SSLContext.make(SSL.SSL_PROTOCOL_ALL, mode);
+- } catch (Exception e) {
+- throw new SSLException("failed to create an SSL_CTX", e);
+- }
+-
+- SSLContext.setOptions(ctx, SSLContext.getOptions(ctx) |
+- SSL.SSL_OP_NO_SSLv2 |
+- SSL.SSL_OP_NO_SSLv3 |
+- SSL.SSL_OP_CIPHER_SERVER_PREFERENCE |
+-
+- // We do not support compression at the moment so we should explicitly disable it.
+- SSL.SSL_OP_NO_COMPRESSION |
+-
+- // Disable ticket support by default to be more inline with SSLEngineImpl of the JDK.
+- // This also let SSLSession.getId() work the same way for the JDK implementation and the
+- // OpenSSLEngine. If tickets are supported SSLSession.getId() will only return an ID on the
+- // server-side if it could make use of tickets.
+- SSL.SSL_OP_NO_TICKET);
+-
+- // We need to enable SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER as the memory address may change between
+- // calling OpenSSLEngine.wrap(...).
+- // See https://github.com/netty/netty-tcnative/issues/100
+- SSLContext.setMode(ctx, SSLContext.getMode(ctx) | SSL.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+-
+- if (DH_KEY_LENGTH != null) {
+- SSLContext.setTmpDHLength(ctx, DH_KEY_LENGTH);
+- }
+-
+- /* List the ciphers that are permitted to negotiate. */
+- try {
+- SSLContext.setCipherSuite(ctx, CipherSuiteConverter.toOpenSsl(unmodifiableCiphers));
+- } catch (SSLException e) {
+- throw e;
+- } catch (Exception e) {
+- throw new SSLException("failed to set cipher suite: " + unmodifiableCiphers, e);
+- }
+-
+- List<String> nextProtoList = apn.protocols();
+- /* Set next protocols for next protocol negotiation extension, if specified */
+- if (!nextProtoList.isEmpty()) {
+- String[] appProtocols = nextProtoList.toArray(new String[nextProtoList.size()]);
+- int selectorBehavior = opensslSelectorFailureBehavior(apn.selectorFailureBehavior());
+-
+- switch (apn.protocol()) {
+- case NPN:
+- SSLContext.setNpnProtos(ctx, appProtocols, selectorBehavior);
+- break;
+- case ALPN:
+- SSLContext.setAlpnProtos(ctx, appProtocols, selectorBehavior);
+- break;
+- case NPN_AND_ALPN:
+- SSLContext.setNpnProtos(ctx, appProtocols, selectorBehavior);
+- SSLContext.setAlpnProtos(ctx, appProtocols, selectorBehavior);
+- break;
+- default:
+- throw new Error();
+- }
+- }
+-
+- /* Set session cache size, if specified */
+- if (sessionCacheSize > 0) {
+- this.sessionCacheSize = sessionCacheSize;
+- SSLContext.setSessionCacheSize(ctx, sessionCacheSize);
+- } else {
+- // Get the default session cache size using SSLContext.setSessionCacheSize()
+- this.sessionCacheSize = sessionCacheSize = SSLContext.setSessionCacheSize(ctx, 20480);
+- // Revert the session cache size to the default value.
+- SSLContext.setSessionCacheSize(ctx, sessionCacheSize);
+- }
+-
+- /* Set session timeout, if specified */
+- if (sessionTimeout > 0) {
+- this.sessionTimeout = sessionTimeout;
+- SSLContext.setSessionCacheTimeout(ctx, sessionTimeout);
+- } else {
+- // Get the default session timeout using SSLContext.setSessionCacheTimeout()
+- this.sessionTimeout = sessionTimeout = SSLContext.setSessionCacheTimeout(ctx, 300);
+- // Revert the session timeout to the default value.
+- SSLContext.setSessionCacheTimeout(ctx, sessionTimeout);
+- }
+-
+- if (enableOcsp) {
+- SSLContext.enableOcsp(ctx, isClient());
+- }
+- success = true;
+- } finally {
+- if (!success) {
+- release();
+- }
+- }
+- }
+-
+- private static int opensslSelectorFailureBehavior(ApplicationProtocolConfig.SelectorFailureBehavior behavior) {
+- switch (behavior) {
+- case NO_ADVERTISE:
+- return SSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE;
+- case CHOOSE_MY_LAST_PROTOCOL:
+- return SSL.SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL;
+- default:
+- throw new Error();
+- }
+- }
+-
+- @Override
+- public final List<String> cipherSuites() {
+- return unmodifiableCiphers;
+- }
+-
+- @Override
+- public final long sessionCacheSize() {
+- return sessionCacheSize;
+- }
+-
+- @Override
+- public final long sessionTimeout() {
+- return sessionTimeout;
+- }
+-
+- @Override
+- public ApplicationProtocolNegotiator applicationProtocolNegotiator() {
+- return apn;
+- }
+-
+- @Override
+- public final boolean isClient() {
+- return mode == SSL.SSL_MODE_CLIENT;
+- }
+-
+- @Override
+- public final SSLEngine newEngine(ByteBufAllocator alloc, String peerHost, int peerPort) {
+- return newEngine0(alloc, peerHost, peerPort);
+- }
+-
+- SSLEngine newEngine0(ByteBufAllocator alloc, String peerHost, int peerPort) {
+- return new ReferenceCountedOpenSslEngine(this, alloc, peerHost, peerPort, true);
+- }
+-
+- abstract OpenSslKeyMaterialManager keyMaterialManager();
+-
+- /**
+- * Returns a new server-side {@link SSLEngine} with the current configuration.
+- */
+- @Override
+- public final SSLEngine newEngine(ByteBufAllocator alloc) {
+- return newEngine(alloc, null, -1);
+- }
+-
+- /**
+- * Returns the pointer to the {@code SSL_CTX} object for this {@link ReferenceCountedOpenSslContext}.
+- * Be aware that it is freed as soon as the {@link #finalize()} method is called.
+- * At this point {@code 0} will be returned.
+- *
+- * @deprecated this method is considered unsafe as the returned pointer may be released later. Dont use it!
+- */
+- @Deprecated
+- public final long context() {
+- Lock readerLock = ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return ctx;
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- /**
+- * Returns the stats of this context.
+- *
+- * @deprecated use {@link #sessionContext#stats()}
+- */
+- @Deprecated
+- public final OpenSslSessionStats stats() {
+- return sessionContext().stats();
+- }
+-
+- /**
+- * Specify if remote initiated renegotiation is supported or not. If not supported and the remote side tries
+- * to initiate a renegotiation a {@link SSLHandshakeException} will be thrown during decoding.
+- */
+- public void setRejectRemoteInitiatedRenegotiation(boolean rejectRemoteInitiatedRenegotiation) {
+- this.rejectRemoteInitiatedRenegotiation = rejectRemoteInitiatedRenegotiation;
+- }
+-
+- /**
+- * Returns if remote initiated renegotiation is supported or not.
+- */
+- public boolean getRejectRemoteInitiatedRenegotiation() {
+- return rejectRemoteInitiatedRenegotiation;
+- }
+-
+- /**
+- * Set the size of the buffer used by the BIO for non-application based writes
+- * (e.g. handshake, renegotiation, etc...).
+- */
+- public void setBioNonApplicationBufferSize(int bioNonApplicationBufferSize) {
+- this.bioNonApplicationBufferSize =
+- checkPositiveOrZero(bioNonApplicationBufferSize, "bioNonApplicationBufferSize");
+- }
+-
+- /**
+- * Returns the size of the buffer used by the BIO for non-application based writes
+- */
+- public int getBioNonApplicationBufferSize() {
+- return bioNonApplicationBufferSize;
+- }
+-
+- /**
+- * Sets the SSL session ticket keys of this context.
+- *
+- * @deprecated use {@link OpenSslSessionContext#setTicketKeys(byte[])}
+- */
+- @Deprecated
+- public final void setTicketKeys(byte[] keys) {
+- sessionContext().setTicketKeys(keys);
+- }
+-
+- @Override
+- public abstract OpenSslSessionContext sessionContext();
+-
+- /**
+- * Returns the pointer to the {@code SSL_CTX} object for this {@link ReferenceCountedOpenSslContext}.
+- * Be aware that it is freed as soon as the {@link #release()} method is called.
+- * At this point {@code 0} will be returned.
+- *
+- * @deprecated this method is considered unsafe as the returned pointer may be released later. Dont use it!
+- */
+- @Deprecated
+- public final long sslCtxPointer() {
+- Lock readerLock = ctxLock.readLock();
+- readerLock.lock();
+- try {
+- return ctx;
+- } finally {
+- readerLock.unlock();
+- }
+- }
+-
+- // IMPORTANT: This method must only be called from either the constructor or the finalizer as a user MUST never
+- // get access to an OpenSslSessionContext after this method was called to prevent the user from
+- // producing a segfault.
+- private void destroy() {
+- Lock writerLock = ctxLock.writeLock();
+- writerLock.lock();
+- try {
+- if (ctx != 0) {
+- if (enableOcsp) {
+- SSLContext.disableOcsp(ctx);
+- }
+-
+- SSLContext.free(ctx);
+- ctx = 0;
+- }
+- } finally {
+- writerLock.unlock();
+- }
+- }
+-
+- protected static X509Certificate[] certificates(byte[][] chain) {
+- X509Certificate[] peerCerts = new X509Certificate[chain.length];
+- for (int i = 0; i < peerCerts.length; i++) {
+- peerCerts[i] = new OpenSslX509Certificate(chain[i]);
+- }
+- return peerCerts;
+- }
+-
+- protected static X509TrustManager chooseTrustManager(TrustManager[] managers) {
+- for (TrustManager m : managers) {
+- if (m instanceof X509TrustManager) {
+- return (X509TrustManager) m;
+- }
+- }
+- throw new IllegalStateException("no X509TrustManager found");
+- }
+-
+- protected static X509KeyManager chooseX509KeyManager(KeyManager[] kms) {
+- for (KeyManager km : kms) {
+- if (km instanceof X509KeyManager) {
+- return (X509KeyManager) km;
+- }
+- }
+- throw new IllegalStateException("no X509KeyManager found");
+- }
+-
+- /**
+- * Translate a {@link ApplicationProtocolConfig} object to a
+- * {@link OpenSslApplicationProtocolNegotiator} object.
+- *
+- * @param config The configuration which defines the translation
+- * @return The results of the translation
+- */
+- static OpenSslApplicationProtocolNegotiator toNegotiator(ApplicationProtocolConfig config) {
+- if (config == null) {
+- return NONE_PROTOCOL_NEGOTIATOR;
+- }
+-
+- switch (config.protocol()) {
+- case NONE:
+- return NONE_PROTOCOL_NEGOTIATOR;
+- case ALPN:
+- case NPN:
+- case NPN_AND_ALPN:
+- switch (config.selectedListenerFailureBehavior()) {
+- case CHOOSE_MY_LAST_PROTOCOL:
+- case ACCEPT:
+- switch (config.selectorFailureBehavior()) {
+- case CHOOSE_MY_LAST_PROTOCOL:
+- case NO_ADVERTISE:
+- return new OpenSslDefaultApplicationProtocolNegotiator(
+- config);
+- default:
+- throw new UnsupportedOperationException(
+- new StringBuilder("OpenSSL provider does not support ")
+- .append(config.selectorFailureBehavior())
+- .append(" behavior").toString());
+- }
+- default:
+- throw new UnsupportedOperationException(
+- new StringBuilder("OpenSSL provider does not support ")
+- .append(config.selectedListenerFailureBehavior())
+- .append(" behavior").toString());
+- }
+- default:
+- throw new Error();
+- }
+- }
+-
+- static boolean useExtendedTrustManager(X509TrustManager trustManager) {
+- return PlatformDependent.javaVersion() >= 7 && trustManager instanceof X509ExtendedTrustManager;
+- }
+-
+- static boolean useExtendedKeyManager(X509KeyManager keyManager) {
+- return PlatformDependent.javaVersion() >= 7 && keyManager instanceof X509ExtendedKeyManager;
+- }
+-
+- @Override
+- public final int refCnt() {
+- return refCnt.refCnt();
+- }
+-
+- @Override
+- public final ReferenceCounted retain() {
+- refCnt.retain();
+- return this;
+- }
+-
+- @Override
+- public final ReferenceCounted retain(int increment) {
+- refCnt.retain(increment);
+- return this;
+- }
+-
+- @Override
+- public final ReferenceCounted touch() {
+- refCnt.touch();
+- return this;
+- }
+-
+- @Override
+- public final ReferenceCounted touch(Object hint) {
+- refCnt.touch(hint);
+- return this;
+- }
+-
+- @Override
+- public final boolean release() {
+- return refCnt.release();
+- }
+-
+- @Override
+- public final boolean release(int decrement) {
+- return refCnt.release(decrement);
+- }
+-
+- abstract static class AbstractCertificateVerifier extends CertificateVerifier {
+- private final OpenSslEngineMap engineMap;
+-
+- AbstractCertificateVerifier(OpenSslEngineMap engineMap) {
+- this.engineMap = engineMap;
+- }
+-
+- @Override
+- public final int verify(long ssl, byte[][] chain, String auth) {
+- X509Certificate[] peerCerts = certificates(chain);
+- final ReferenceCountedOpenSslEngine engine = engineMap.get(ssl);
+- try {
+- verify(engine, peerCerts, auth);
+- return CertificateVerifier.X509_V_OK;
+- } catch (Throwable cause) {
+- logger.debug("verification of certificate failed", cause);
+- SSLHandshakeException e = new SSLHandshakeException("General OpenSslEngine problem");
+- e.initCause(cause);
+- engine.handshakeException = e;
+-
+- // Try to extract the correct error code that should be used.
+- if (cause instanceof OpenSslCertificateException) {
+- // This will never return a negative error code as its validated when constructing the
+- // OpenSslCertificateException.
+- return ((OpenSslCertificateException) cause).errorCode();
+- }
+- if (cause instanceof CertificateExpiredException) {
+- return CertificateVerifier.X509_V_ERR_CERT_HAS_EXPIRED;
+- }
+- if (cause instanceof CertificateNotYetValidException) {
+- return CertificateVerifier.X509_V_ERR_CERT_NOT_YET_VALID;
+- }
+- if (PlatformDependent.javaVersion() >= 7) {
+- if (cause instanceof CertificateRevokedException) {
+- return CertificateVerifier.X509_V_ERR_CERT_REVOKED;
+- }
+-
+- // The X509TrustManagerImpl uses a Validator which wraps a CertPathValidatorException into
+- // an CertificateException. So we need to handle the wrapped CertPathValidatorException to be
+- // able to send the correct alert.
+- Throwable wrapped = cause.getCause();
+- while (wrapped != null) {
+- if (wrapped instanceof CertPathValidatorException) {
+- CertPathValidatorException ex = (CertPathValidatorException) wrapped;
+- CertPathValidatorException.Reason reason = ex.getReason();
+- if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
+- return CertificateVerifier.X509_V_ERR_CERT_HAS_EXPIRED;
+- }
+- if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
+- return CertificateVerifier.X509_V_ERR_CERT_NOT_YET_VALID;
+- }
+- if (reason == CertPathValidatorException.BasicReason.REVOKED) {
+- return CertificateVerifier.X509_V_ERR_CERT_REVOKED;
+- }
+- }
+- wrapped = wrapped.getCause();
+- }
+- }
+-
+- // Could not detect a specific error code to use, so fallback to a default code.
+- return CertificateVerifier.X509_V_ERR_UNSPECIFIED;
+- }
+- }
+-
+- abstract void verify(ReferenceCountedOpenSslEngine engine, X509Certificate[] peerCerts,
+- String auth) throws Exception;
+- }
+-
+- private static final class DefaultOpenSslEngineMap implements OpenSslEngineMap {
+- private final Map<Long, ReferenceCountedOpenSslEngine> engines = PlatformDependent.newConcurrentHashMap();
+-
+- @Override
+- public ReferenceCountedOpenSslEngine remove(long ssl) {
+- return engines.remove(ssl);
+- }
+-
+- @Override
+- public void add(ReferenceCountedOpenSslEngine engine) {
+- engines.put(engine.sslPointer(), engine);
+- }
+-
+- @Override
+- public ReferenceCountedOpenSslEngine get(long ssl) {
+- return engines.get(ssl);
+- }
+- }
+-
+- static void setKeyMaterial(long ctx, X509Certificate[] keyCertChain, PrivateKey key, String keyPassword)
+- throws SSLException {
+- /* Load the certificate file and private key. */
+- long keyBio = 0;
+- long keyCertChainBio = 0;
+- long keyCertChainBio2 = 0;
+- PemEncoded encoded = null;
+- try {
+- // Only encode one time
+- encoded = PemX509Certificate.toPEM(ByteBufAllocator.DEFAULT, true, keyCertChain);
+- keyCertChainBio = toBIO(ByteBufAllocator.DEFAULT, encoded.retain());
+- keyCertChainBio2 = toBIO(ByteBufAllocator.DEFAULT, encoded.retain());
+-
+- if (key != null) {
+- keyBio = toBIO(key);
+- }
+-
+- SSLContext.setCertificateBio(
+- ctx, keyCertChainBio, keyBio,
+- keyPassword == null ? StringUtil.EMPTY_STRING : keyPassword);
+- // We may have more then one cert in the chain so add all of them now.
+- SSLContext.setCertificateChainBio(ctx, keyCertChainBio2, true);
+- } catch (SSLException e) {
+- throw e;
+- } catch (Exception e) {
+- throw new SSLException("failed to set certificate and key", e);
+- } finally {
+- freeBio(keyBio);
+- freeBio(keyCertChainBio);
+- freeBio(keyCertChainBio2);
+- if (encoded != null) {
+- encoded.release();
+- }
+- }
+- }
+-
+- static void freeBio(long bio) {
+- if (bio != 0) {
+- SSL.freeBIO(bio);
+- }
+- }
+-
+- /**
+- * Return the pointer to a <a href="https://www.openssl.org/docs/crypto/BIO_get_mem_ptr.html">in-memory BIO</a>
+- * or {@code 0} if the {@code key} is {@code null}. The BIO contains the content of the {@code key}.
+- */
+- static long toBIO(PrivateKey key) throws Exception {
+- if (key == null) {
+- return 0;
+- }
+-
+- ByteBufAllocator allocator = ByteBufAllocator.DEFAULT;
+- PemEncoded pem = PemPrivateKey.toPEM(allocator, true, key);
+- try {
+- return toBIO(allocator, pem.retain());
+- } finally {
+- pem.release();
+- }
+- }
+-
+- /**
+- * Return the pointer to a <a href="https://www.openssl.org/docs/crypto/BIO_get_mem_ptr.html">in-memory BIO</a>
+- * or {@code 0} if the {@code certChain} is {@code null}. The BIO contains the content of the {@code certChain}.
+- */
+- static long toBIO(X509Certificate... certChain) throws Exception {
+- if (certChain == null) {
+- return 0;
+- }
+-
+- if (certChain.length == 0) {
+- throw new IllegalArgumentException("certChain can't be empty");
+- }
+-
+- ByteBufAllocator allocator = ByteBufAllocator.DEFAULT;
+- PemEncoded pem = PemX509Certificate.toPEM(allocator, true, certChain);
+- try {
+- return toBIO(allocator, pem.retain());
+- } finally {
+- pem.release();
+- }
+- }
+-
+- static long toBIO(ByteBufAllocator allocator, PemEncoded pem) throws Exception {
+- try {
+- // We can turn direct buffers straight into BIOs. No need to
+- // make a yet another copy.
+- ByteBuf content = pem.content();
+-
+- if (content.isDirect()) {
+- return newBIO(content.retainedSlice());
+- }
+-
+- ByteBuf buffer = allocator.directBuffer(content.readableBytes());
+- try {
+- buffer.writeBytes(content, content.readerIndex(), content.readableBytes());
+- return newBIO(buffer.retainedSlice());
+- } finally {
+- try {
+- // If the contents of the ByteBuf is sensitive (e.g. a PrivateKey) we
+- // need to zero out the bytes of the copy before we're releasing it.
+- if (pem.isSensitive()) {
+- SslUtils.zeroout(buffer);
+- }
+- } finally {
+- buffer.release();
+- }
+- }
+- } finally {
+- pem.release();
+- }
+- }
+-
+- private static long newBIO(ByteBuf buffer) throws Exception {
+- try {
+- long bio = SSL.newMemBIO();
+- int readable = buffer.readableBytes();
+- if (SSL.bioWrite(bio, OpenSsl.memoryAddress(buffer) + buffer.readerIndex(), readable) != readable) {
+- SSL.freeBIO(bio);
+- throw new IllegalStateException("Could not write data to memory BIO");
+- }
+- return bio;
+- } finally {
+- buffer.release();
+- }
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java
+deleted file mode 100644
+index 27460c7..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java
++++ /dev/null
+@@ -1,2037 +0,0 @@
+-/*
+- * Copyright 2016 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import io.netty.buffer.ByteBuf;
+-import io.netty.buffer.ByteBufAllocator;
+-import io.netty.internal.tcnative.Buffer;
+-import io.netty.internal.tcnative.SSL;
+-import io.netty.util.AbstractReferenceCounted;
+-import io.netty.util.ReferenceCounted;
+-import io.netty.util.ResourceLeakDetector;
+-import io.netty.util.ResourceLeakDetectorFactory;
+-import io.netty.util.ResourceLeakTracker;
+-import io.netty.util.internal.EmptyArrays;
+-import io.netty.util.internal.PlatformDependent;
+-import io.netty.util.internal.StringUtil;
+-import io.netty.util.internal.ThrowableUtil;
+-import io.netty.util.internal.UnstableApi;
+-import io.netty.util.internal.logging.InternalLogger;
+-import io.netty.util.internal.logging.InternalLoggerFactory;
+-
+-import java.nio.ByteBuffer;
+-import java.nio.ReadOnlyBufferException;
+-import java.security.Principal;
+-import java.security.cert.Certificate;
+-import java.util.ArrayList;
+-import java.util.Arrays;
+-import java.util.Collection;
+-import java.util.HashMap;
+-import java.util.List;
+-import java.util.Map;
+-import java.util.concurrent.atomic.AtomicIntegerFieldUpdater;
+-
+-import java.util.concurrent.locks.Lock;
+-import javax.net.ssl.SSLEngine;
+-import javax.net.ssl.SSLEngineResult;
+-import javax.net.ssl.SSLException;
+-import javax.net.ssl.SSLHandshakeException;
+-import javax.net.ssl.SSLParameters;
+-import javax.net.ssl.SSLPeerUnverifiedException;
+-import javax.net.ssl.SSLSession;
+-import javax.net.ssl.SSLSessionBindingEvent;
+-import javax.net.ssl.SSLSessionBindingListener;
+-import javax.net.ssl.SSLSessionContext;
+-import javax.security.cert.X509Certificate;
+-
+-import static io.netty.handler.ssl.OpenSsl.memoryAddress;
+-import static io.netty.handler.ssl.SslUtils.SSL_RECORD_HEADER_LENGTH;
+-import static io.netty.util.internal.EmptyArrays.EMPTY_CERTIFICATES;
+-import static io.netty.util.internal.EmptyArrays.EMPTY_JAVAX_X509_CERTIFICATES;
+-import static io.netty.util.internal.ObjectUtil.checkNotNull;
+-import static java.lang.Math.min;
+-import static javax.net.ssl.SSLEngineResult.HandshakeStatus.FINISHED;
+-import static javax.net.ssl.SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
+-import static javax.net.ssl.SSLEngineResult.HandshakeStatus.NEED_WRAP;
+-import static javax.net.ssl.SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
+-import static javax.net.ssl.SSLEngineResult.Status.BUFFER_OVERFLOW;
+-import static javax.net.ssl.SSLEngineResult.Status.BUFFER_UNDERFLOW;
+-import static javax.net.ssl.SSLEngineResult.Status.CLOSED;
+-import static javax.net.ssl.SSLEngineResult.Status.OK;
+-
+-/**
+- * Implements a {@link SSLEngine} using
+- * <a href="https://www.openssl.org/docs/crypto/BIO_s_bio.html#EXAMPLE">OpenSSL BIO abstractions</a>.
+- * <p>Instances of this class must be {@link #release() released} or else native memory will leak!
+- *
+- * <p>Instances of this class <strong>must</strong> be released before the {@link ReferenceCountedOpenSslContext}
+- * the instance depends upon are released. Otherwise if any method of this class is called which uses the
+- * the {@link ReferenceCountedOpenSslContext} JNI resources the JVM may crash.
+- */
+-public class ReferenceCountedOpenSslEngine extends SSLEngine implements ReferenceCounted {
+-
+- private static final InternalLogger logger = InternalLoggerFactory.getInstance(ReferenceCountedOpenSslEngine.class);
+-
+- private static final SSLException BEGIN_HANDSHAKE_ENGINE_CLOSED = ThrowableUtil.unknownStackTrace(
+- new SSLException("engine closed"), ReferenceCountedOpenSslEngine.class, "beginHandshake()");
+- private static final SSLException HANDSHAKE_ENGINE_CLOSED = ThrowableUtil.unknownStackTrace(
+- new SSLException("engine closed"), ReferenceCountedOpenSslEngine.class, "handshake()");
+- private static final SSLException RENEGOTIATION_UNSUPPORTED = ThrowableUtil.unknownStackTrace(
+- new SSLException("renegotiation unsupported"), ReferenceCountedOpenSslEngine.class, "beginHandshake()");
+- private static final ResourceLeakDetector<ReferenceCountedOpenSslEngine> leakDetector =
+- ResourceLeakDetectorFactory.instance().newResourceLeakDetector(ReferenceCountedOpenSslEngine.class);
+- /**
+- * <a href="https://www.openssl.org/docs/man1.0.2/crypto/X509_check_host.html">The flags argument is usually 0</a>.
+- */
+- private static final int DEFAULT_HOSTNAME_VALIDATION_FLAGS = 0;
+-
+- static final int MAX_PLAINTEXT_LENGTH = 16 * 1024; // 2^14
+-
+- /**
+- * This is the maximum overhead when encrypting plaintext as defined by
+- * <a href="https://www.ietf.org/rfc/rfc5246.txt">rfc5264</a>,
+- * <a href="https://www.ietf.org/rfc/rfc5289.txt">rfc5289</a> and openssl implementation itself.
+- *
+- * Please note that we use a padding of 16 here as openssl uses PKC#5 which uses 16 bytes while the spec itself
+- * allow up to 255 bytes. 16 bytes is the max for PKC#5 (which handles it the same way as PKC#7) as we use a block
+- * size of 16. See <a href="https://tools.ietf.org/html/rfc5652#section-6.3">rfc5652#section-6.3</a>.
+- *
+- * TLS Header (5) + 16 (IV) + 48 (MAC) + 1 (Padding_length field) + 15 (Padding) + 1 (ContentType) +
+- * 2 (ProtocolVersion) + 2 (Length)
+- *
+- * TODO: We may need to review this calculation once TLS 1.3 becomes available.
+- */
+- static final int MAX_TLS_RECORD_OVERHEAD_LENGTH = SSL_RECORD_HEADER_LENGTH + 16 + 48 + 1 + 15 + 1 + 2 + 2;
+-
+- static final int MAX_ENCRYPTED_PACKET_LENGTH = MAX_PLAINTEXT_LENGTH + MAX_TLS_RECORD_OVERHEAD_LENGTH;
+-
+- private static final AtomicIntegerFieldUpdater<ReferenceCountedOpenSslEngine> DESTROYED_UPDATER =
+- AtomicIntegerFieldUpdater.newUpdater(ReferenceCountedOpenSslEngine.class, "destroyed");
+-
+- private static final String INVALID_CIPHER = "SSL_NULL_WITH_NULL_NULL";
+- private static final SSLEngineResult NEED_UNWRAP_OK = new SSLEngineResult(OK, NEED_UNWRAP, 0, 0);
+- private static final SSLEngineResult NEED_UNWRAP_CLOSED = new SSLEngineResult(CLOSED, NEED_UNWRAP, 0, 0);
+- private static final SSLEngineResult NEED_WRAP_OK = new SSLEngineResult(OK, NEED_WRAP, 0, 0);
+- private static final SSLEngineResult NEED_WRAP_CLOSED = new SSLEngineResult(CLOSED, NEED_WRAP, 0, 0);
+- private static final SSLEngineResult CLOSED_NOT_HANDSHAKING = new SSLEngineResult(CLOSED, NOT_HANDSHAKING, 0, 0);
+-
+- // OpenSSL state
+- private long ssl;
+- private long networkBIO;
+- private boolean certificateSet;
+-
+- private enum HandshakeState {
+- /**
+- * Not started yet.
+- */
+- NOT_STARTED,
+- /**
+- * Started via unwrap/wrap.
+- */
+- STARTED_IMPLICITLY,
+- /**
+- * Started via {@link #beginHandshake()}.
+- */
+- STARTED_EXPLICITLY,
+-
+- /**
+- * Handshake is finished.
+- */
+- FINISHED
+- }
+-
+- private HandshakeState handshakeState = HandshakeState.NOT_STARTED;
+- private boolean renegotiationPending;
+- private boolean receivedShutdown;
+- private volatile int destroyed;
+-
+- // Reference Counting
+- private final ResourceLeakTracker<ReferenceCountedOpenSslEngine> leak;
+- private final AbstractReferenceCounted refCnt = new AbstractReferenceCounted() {
+- @Override
+- public ReferenceCounted touch(Object hint) {
+- if (leak != null) {
+- leak.record(hint);
+- }
+-
+- return ReferenceCountedOpenSslEngine.this;
+- }
+-
+- @Override
+- protected void deallocate() {
+- shutdown();
+- if (leak != null) {
+- boolean closed = leak.close(ReferenceCountedOpenSslEngine.this);
+- assert closed;
+- }
+- }
+- };
+-
+- private volatile ClientAuth clientAuth = ClientAuth.NONE;
+-
+- // Updated once a new handshake is started and so the SSLSession reused.
+- private volatile long lastAccessed = -1;
+-
+- private String endPointIdentificationAlgorithm;
+- // Store as object as AlgorithmConstraints only exists since java 7.
+- private Object algorithmConstraints;
+- private List<String> sniHostNames;
+-
+- // Mark as volatile as accessed by checkSniHostnameMatch(...) and also not specify the SNIMatcher type to allow us
+- // using it with java7.
+- private volatile Collection<?> matchers;
+-
+- // SSL Engine status variables
+- private boolean isInboundDone;
+- private boolean outboundClosed;
+-
+- private final boolean clientMode;
+- private final ByteBufAllocator alloc;
+- private final OpenSslEngineMap engineMap;
+- private final OpenSslApplicationProtocolNegotiator apn;
+- private final boolean rejectRemoteInitiatedRenegotiation;
+- private final OpenSslSession session;
+- private final Certificate[] localCerts;
+- private final ByteBuffer[] singleSrcBuffer = new ByteBuffer[1];
+- private final ByteBuffer[] singleDstBuffer = new ByteBuffer[1];
+- private final OpenSslKeyMaterialManager keyMaterialManager;
+- private final boolean enableOcsp;
+-
+- // This is package-private as we set it from OpenSslContext if an exception is thrown during
+- // the verification step.
+- SSLHandshakeException handshakeException;
+-
+- /**
+- * Create a new instance.
+- * @param context Reference count release responsibility is not transferred! The callee still owns this object.
+- * @param alloc The allocator to use.
+- * @param peerHost The peer host name.
+- * @param peerPort The peer port.
+- * @param leakDetection {@code true} to enable leak detection of this object.
+- */
+- ReferenceCountedOpenSslEngine(ReferenceCountedOpenSslContext context, ByteBufAllocator alloc, String peerHost,
+- int peerPort, boolean leakDetection) {
+- super(peerHost, peerPort);
+- OpenSsl.ensureAvailability();
+- leak = leakDetection ? leakDetector.track(this) : null;
+- this.alloc = checkNotNull(alloc, "alloc");
+- apn = (OpenSslApplicationProtocolNegotiator) context.applicationProtocolNegotiator();
+- session = new OpenSslSession(context.sessionContext());
+- clientMode = context.isClient();
+- engineMap = context.engineMap;
+- rejectRemoteInitiatedRenegotiation = context.getRejectRemoteInitiatedRenegotiation();
+- localCerts = context.keyCertChain;
+- keyMaterialManager = context.keyMaterialManager();
+- enableOcsp = context.enableOcsp;
+-
+- Lock readerLock = context.ctxLock.readLock();
+- readerLock.lock();
+- try {
+- ssl = SSL.newSSL(context.ctx, !context.isClient());
+- } finally {
+- readerLock.unlock();
+- }
+- try {
+- networkBIO = SSL.bioNewByteBuffer(ssl, context.getBioNonApplicationBufferSize());
+-
+- // Set the client auth mode, this needs to be done via setClientAuth(...) method so we actually call the
+- // needed JNI methods.
+- setClientAuth(clientMode ? ClientAuth.NONE : context.clientAuth);
+-
+- if (context.protocols != null) {
+- setEnabledProtocols(context.protocols);
+- }
+-
+- // Use SNI if peerHost was specified
+- // See https://github.com/netty/netty/issues/4746
+- if (clientMode && peerHost != null) {
+- SSL.setTlsExtHostName(ssl, peerHost);
+- }
+-
+- if (enableOcsp) {
+- SSL.enableOcsp(ssl);
+- }
+- } catch (Throwable cause) {
+- SSL.freeSSL(ssl);
+- PlatformDependent.throwException(cause);
+- }
+- }
+-
+- /**
+- * Sets the OCSP response.
+- */
+- @UnstableApi
+- public void setOcspResponse(byte[] response) {
+- if (!enableOcsp) {
+- throw new IllegalStateException("OCSP stapling is not enabled");
+- }
+-
+- if (clientMode) {
+- throw new IllegalStateException("Not a server SSLEngine");
+- }
+-
+- synchronized (this) {
+- SSL.setOcspResponse(ssl, response);
+- }
+- }
+-
+- /**
+- * Returns the OCSP response or {@code null} if the server didn't provide a stapled OCSP response.
+- */
+- @UnstableApi
+- public byte[] getOcspResponse() {
+- if (!enableOcsp) {
+- throw new IllegalStateException("OCSP stapling is not enabled");
+- }
+-
+- if (!clientMode) {
+- throw new IllegalStateException("Not a client SSLEngine");
+- }
+-
+- synchronized (this) {
+- return SSL.getOcspResponse(ssl);
+- }
+- }
+-
+- @Override
+- public final int refCnt() {
+- return refCnt.refCnt();
+- }
+-
+- @Override
+- public final ReferenceCounted retain() {
+- refCnt.retain();
+- return this;
+- }
+-
+- @Override
+- public final ReferenceCounted retain(int increment) {
+- refCnt.retain(increment);
+- return this;
+- }
+-
+- @Override
+- public final ReferenceCounted touch() {
+- refCnt.touch();
+- return this;
+- }
+-
+- @Override
+- public final ReferenceCounted touch(Object hint) {
+- refCnt.touch(hint);
+- return this;
+- }
+-
+- @Override
+- public final boolean release() {
+- return refCnt.release();
+- }
+-
+- @Override
+- public final boolean release(int decrement) {
+- return refCnt.release(decrement);
+- }
+-
+- @Override
+- public final synchronized SSLSession getHandshakeSession() {
+- // Javadocs state return value should be:
+- // null if this instance is not currently handshaking, or if the current handshake has not
+- // progressed far enough to create a basic SSLSession. Otherwise, this method returns the
+- // SSLSession currently being negotiated.
+- switch(handshakeState) {
+- case NOT_STARTED:
+- case FINISHED:
+- return null;
+- default:
+- return session;
+- }
+- }
+-
+- /**
+- * Returns the pointer to the {@code SSL} object for this {@link ReferenceCountedOpenSslEngine}.
+- * Be aware that it is freed as soon as the {@link #release()} or {@link #shutdown()} methods are called.
+- * At this point {@code 0} will be returned.
+- */
+- public final synchronized long sslPointer() {
+- return ssl;
+- }
+-
+- /**
+- * Destroys this engine.
+- */
+- public final synchronized void shutdown() {
+- if (DESTROYED_UPDATER.compareAndSet(this, 0, 1)) {
+- engineMap.remove(ssl);
+- SSL.freeSSL(ssl);
+- ssl = networkBIO = 0;
+-
+- isInboundDone = outboundClosed = true;
+- }
+-
+- // On shutdown clear all errors
+- SSL.clearError();
+- }
+-
+- /**
+- * Write plaintext data to the OpenSSL internal BIO
+- *
+- * Calling this function with src.remaining == 0 is undefined.
+- */
+- private int writePlaintextData(final ByteBuffer src, int len) {
+- final int pos = src.position();
+- final int limit = src.limit();
+- final int sslWrote;
+-
+- if (src.isDirect()) {
+- sslWrote = SSL.writeToSSL(ssl, Buffer.address(src) + pos, len);
+- if (sslWrote > 0) {
+- src.position(pos + sslWrote);
+- }
+- } else {
+- ByteBuf buf = alloc.directBuffer(len);
+- try {
+- src.limit(pos + len);
+-
+- buf.setBytes(0, src);
+- src.limit(limit);
+-
+- sslWrote = SSL.writeToSSL(ssl, memoryAddress(buf), len);
+- if (sslWrote > 0) {
+- src.position(pos + sslWrote);
+- } else {
+- src.position(pos);
+- }
+- } finally {
+- buf.release();
+- }
+- }
+- return sslWrote;
+- }
+-
+- /**
+- * Write encrypted data to the OpenSSL network BIO.
+- */
+- private ByteBuf writeEncryptedData(final ByteBuffer src, int len) {
+- final int pos = src.position();
+- if (src.isDirect()) {
+- SSL.bioSetByteBuffer(networkBIO, Buffer.address(src) + pos, len, false);
+- } else {
+- final ByteBuf buf = alloc.directBuffer(len);
+- try {
+- final int limit = src.limit();
+- src.limit(pos + len);
+- buf.writeBytes(src);
+- // Restore the original position and limit because we don't want to consume from `src`.
+- src.position(pos);
+- src.limit(limit);
+-
+- SSL.bioSetByteBuffer(networkBIO, memoryAddress(buf), len, false);
+- return buf;
+- } catch (Throwable cause) {
+- buf.release();
+- PlatformDependent.throwException(cause);
+- }
+- }
+- return null;
+- }
+-
+- /**
+- * Read plaintext data from the OpenSSL internal BIO
+- */
+- private int readPlaintextData(final ByteBuffer dst) {
+- final int sslRead;
+- final int pos = dst.position();
+- if (dst.isDirect()) {
+- sslRead = SSL.readFromSSL(ssl, Buffer.address(dst) + pos, dst.limit() - pos);
+- if (sslRead > 0) {
+- dst.position(pos + sslRead);
+- }
+- } else {
+- final int limit = dst.limit();
+- final int len = min(MAX_ENCRYPTED_PACKET_LENGTH, limit - pos);
+- final ByteBuf buf = alloc.directBuffer(len);
+- try {
+- sslRead = SSL.readFromSSL(ssl, memoryAddress(buf), len);
+- if (sslRead > 0) {
+- dst.limit(pos + sslRead);
+- buf.getBytes(buf.readerIndex(), dst);
+- dst.limit(limit);
+- }
+- } finally {
+- buf.release();
+- }
+- }
+-
+- return sslRead;
+- }
+-
+- @Override
+- public final SSLEngineResult wrap(
+- final ByteBuffer[] srcs, int offset, final int length, final ByteBuffer dst) throws SSLException {
+- // Throw required runtime exceptions
+- if (srcs == null) {
+- throw new IllegalArgumentException("srcs is null");
+- }
+- if (dst == null) {
+- throw new IllegalArgumentException("dst is null");
+- }
+-
+- if (offset >= srcs.length || offset + length > srcs.length) {
+- throw new IndexOutOfBoundsException(
+- "offset: " + offset + ", length: " + length +
+- " (expected: offset <= offset + length <= srcs.length (" + srcs.length + "))");
+- }
+-
+- if (dst.isReadOnly()) {
+- throw new ReadOnlyBufferException();
+- }
+-
+- synchronized (this) {
+- if (isOutboundDone()) {
+- // All drained in the outbound buffer
+- return isInboundDone() || isDestroyed() ? CLOSED_NOT_HANDSHAKING : NEED_UNWRAP_CLOSED;
+- }
+-
+- int bytesProduced = 0;
+- ByteBuf bioReadCopyBuf = null;
+- try {
+- // Setup the BIO buffer so that we directly write the encryption results into dst.
+- if (dst.isDirect()) {
+- SSL.bioSetByteBuffer(networkBIO, Buffer.address(dst) + dst.position(), dst.remaining(),
+- true);
+- } else {
+- bioReadCopyBuf = alloc.directBuffer(dst.remaining());
+- SSL.bioSetByteBuffer(networkBIO, memoryAddress(bioReadCopyBuf), bioReadCopyBuf.writableBytes(),
+- true);
+- }
+-
+- int bioLengthBefore = SSL.bioLengthByteBuffer(networkBIO);
+-
+- // Explicit use outboundClosed as we want to drain any bytes that are still present.
+- if (outboundClosed) {
+- // There is something left to drain.
+- // See https://github.com/netty/netty/issues/6260
+- bytesProduced = SSL.bioFlushByteBuffer(networkBIO);
+- if (bytesProduced <= 0) {
+- return newResultMayFinishHandshake(NOT_HANDSHAKING, 0, 0);
+- }
+- // It is possible when the outbound was closed there was not enough room in the non-application
+- // buffers to hold the close_notify. We should keep trying to close until we consume all the data
+- // OpenSSL can give us.
+- if (!doSSLShutdown()) {
+- return newResultMayFinishHandshake(NOT_HANDSHAKING, 0, bytesProduced);
+- }
+- bytesProduced = bioLengthBefore - SSL.bioLengthByteBuffer(networkBIO);
+- return newResultMayFinishHandshake(NEED_WRAP, 0, bytesProduced);
+- }
+-
+- // Flush any data that may be implicitly generated by OpenSSL (handshake, close, etc..).
+- SSLEngineResult.HandshakeStatus status = NOT_HANDSHAKING;
+- // Prepare OpenSSL to work in server mode and receive handshake
+- if (handshakeState != HandshakeState.FINISHED) {
+- if (handshakeState != HandshakeState.STARTED_EXPLICITLY) {
+- // Update accepted so we know we triggered the handshake via wrap
+- handshakeState = HandshakeState.STARTED_IMPLICITLY;
+- }
+-
+- // Flush any data that may have been written implicitly during the handshake by OpenSSL.
+- bytesProduced = SSL.bioFlushByteBuffer(networkBIO);
+-
+- if (bytesProduced > 0 && handshakeException != null) {
+- // TODO(scott): It is possible that when the handshake failed there was not enough room in the
+- // non-application buffers to hold the alert. We should get all the data before progressing on.
+- // However I'm not aware of a way to do this with the OpenSSL APIs.
+- // See https://github.com/netty/netty/issues/6385.
+-
+- // We produced / consumed some data during the handshake, signal back to the caller.
+- // If there is a handshake exception and we have produced data, we should send the data before
+- // we allow handshake() to throw the handshake exception.
+- return newResult(NEED_WRAP, 0, bytesProduced);
+- }
+-
+- status = handshake();
+-
+- if (renegotiationPending && status == FINISHED) {
+- // If renegotiationPending is true that means when we attempted to start renegotiation
+- // the BIO buffer didn't have enough space to hold the HelloRequest which prompts the
+- // client to initiate a renegotiation. At this point the HelloRequest has been written
+- // so we can actually start the handshake process.
+- renegotiationPending = false;
+- SSL.setState(ssl, SSL.SSL_ST_ACCEPT);
+- handshakeState = HandshakeState.STARTED_EXPLICITLY;
+- status = handshake();
+- }
+-
+- // Handshake may have generated more data, for example if the internal SSL buffer is small
+- // we may have freed up space by flushing above.
+- bytesProduced = bioLengthBefore - SSL.bioLengthByteBuffer(networkBIO);
+-
+- if (bytesProduced > 0) {
+- // If we have filled up the dst buffer and we have not finished the handshake we should try to
+- // wrap again. Otherwise we should only try to wrap again if there is still data pending in
+- // SSL buffers.
+- return newResult(mayFinishHandshake(status != FINISHED ?
+- bytesProduced == bioLengthBefore ? NEED_WRAP :
+- getHandshakeStatus(SSL.bioLengthNonApplication(networkBIO)) : FINISHED),
+- 0, bytesProduced);
+- }
+-
+- if (status == NEED_UNWRAP) {
+- // Signal if the outbound is done or not.
+- return isOutboundDone() ? NEED_UNWRAP_CLOSED : NEED_UNWRAP_OK;
+- }
+-
+- // Explicit use outboundClosed and not outboundClosed() as we want to drain any bytes that are
+- // still present.
+- if (outboundClosed) {
+- bytesProduced = SSL.bioFlushByteBuffer(networkBIO);
+- return newResultMayFinishHandshake(status, 0, bytesProduced);
+- }
+- }
+-
+- int srcsLen = 0;
+- final int endOffset = offset + length;
+- for (int i = offset; i < endOffset; ++i) {
+- final ByteBuffer src = srcs[i];
+- if (src == null) {
+- throw new IllegalArgumentException("srcs[" + i + "] is null");
+- }
+- if (srcsLen == MAX_PLAINTEXT_LENGTH) {
+- continue;
+- }
+-
+- srcsLen += src.remaining();
+- if (srcsLen > MAX_PLAINTEXT_LENGTH || srcsLen < 0) {
+- // If srcLen > MAX_PLAINTEXT_LENGTH or secLen < 0 just set it to MAX_PLAINTEXT_LENGTH.
+- // This also help us to guard against overflow.
+- // We not break out here as we still need to check for null entries in srcs[].
+- srcsLen = MAX_PLAINTEXT_LENGTH;
+- }
+- }
+-
+- // we will only produce a single TLS packet, and we don't aggregate src buffers,
+- // so we always fix the number of buffers to 1 when checking if the dst buffer is large enough.
+- if (dst.remaining() < calculateOutNetBufSize(srcsLen, 1)) {
+- return new SSLEngineResult(BUFFER_OVERFLOW, getHandshakeStatus(), 0, 0);
+- }
+-
+- // There was no pending data in the network BIO -- encrypt any application data
+- int bytesConsumed = 0;
+- // Flush any data that may have been written implicitly by OpenSSL in case a shutdown/alert occurs.
+- bytesProduced = SSL.bioFlushByteBuffer(networkBIO);
+- for (; offset < endOffset; ++offset) {
+- final ByteBuffer src = srcs[offset];
+- final int remaining = src.remaining();
+- if (remaining == 0) {
+- continue;
+- }
+-
+- // Write plaintext application data to the SSL engine
+- int bytesWritten = writePlaintextData(src, min(remaining, MAX_PLAINTEXT_LENGTH - bytesConsumed));
+-
+- if (bytesWritten > 0) {
+- bytesConsumed += bytesWritten;
+-
+- // Determine how much encrypted data was generated:
+- final int pendingNow = SSL.bioLengthByteBuffer(networkBIO);
+- bytesProduced += bioLengthBefore - pendingNow;
+- bioLengthBefore = pendingNow;
+-
+- return newResultMayFinishHandshake(status, bytesConsumed, bytesProduced);
+- } else {
+- int sslError = SSL.getError(ssl, bytesWritten);
+- if (sslError == SSL.SSL_ERROR_ZERO_RETURN) {
+- // This means the connection was shutdown correctly, close inbound and outbound
+- if (!receivedShutdown) {
+- closeAll();
+-
+- bytesProduced += bioLengthBefore - SSL.bioLengthByteBuffer(networkBIO);
+-
+- // If we have filled up the dst buffer and we have not finished the handshake we should
+- // try to wrap again. Otherwise we should only try to wrap again if there is still data
+- // pending in SSL buffers.
+- SSLEngineResult.HandshakeStatus hs = mayFinishHandshake(
+- status != FINISHED ? bytesProduced == dst.remaining() ? NEED_WRAP
+- : getHandshakeStatus(SSL.bioLengthNonApplication(networkBIO))
+- : FINISHED);
+- return newResult(hs, bytesConsumed, bytesProduced);
+- }
+-
+- return newResult(NOT_HANDSHAKING, bytesConsumed, bytesProduced);
+- } else if (sslError == SSL.SSL_ERROR_WANT_READ) {
+- // If there is no pending data to read from BIO we should go back to event loop and try
+- // to read more data [1]. It is also possible that event loop will detect the socket has
+- // been closed. [1] https://www.openssl.org/docs/manmaster/ssl/SSL_write.html
+- return newResult(NEED_UNWRAP, bytesConsumed, bytesProduced);
+- } else if (sslError == SSL.SSL_ERROR_WANT_WRITE) {
+- // SSL_ERROR_WANT_WRITE typically means that the underlying transport is not writable
+- // and we should set the "want write" flag on the selector and try again when the
+- // underlying transport is writable [1]. However we are not directly writing to the
+- // underlying transport and instead writing to a BIO buffer. The OpenSsl documentation
+- // says we should do the following [1]:
+- //
+- // "When using a buffering BIO, like a BIO pair, data must be written into or retrieved
+- // out of the BIO before being able to continue."
+- //
+- // So we attempt to drain the BIO buffer below, but if there is no data this condition
+- // is undefined and we assume their is a fatal error with the openssl engine and close.
+- // [1] https://www.openssl.org/docs/manmaster/ssl/SSL_write.html
+- return newResult(NEED_WRAP, bytesConsumed, bytesProduced);
+- } else {
+- // Everything else is considered as error
+- throw shutdownWithError("SSL_write");
+- }
+- }
+- }
+- return newResultMayFinishHandshake(status, bytesConsumed, bytesProduced);
+- } finally {
+- SSL.bioClearByteBuffer(networkBIO);
+- if (bioReadCopyBuf == null) {
+- dst.position(dst.position() + bytesProduced);
+- } else {
+- assert bioReadCopyBuf.readableBytes() <= dst.remaining() : "The destination buffer " + dst +
+- " didn't have enough remaining space to hold the encrypted content in " + bioReadCopyBuf;
+- dst.put(bioReadCopyBuf.internalNioBuffer(bioReadCopyBuf.readerIndex(), bytesProduced));
+- bioReadCopyBuf.release();
+- }
+- }
+- }
+- }
+-
+- private SSLEngineResult newResult(SSLEngineResult.HandshakeStatus hs, int bytesConsumed, int bytesProduced) {
+- return newResult(OK, hs, bytesConsumed, bytesProduced);
+- }
+-
+- private SSLEngineResult newResult(SSLEngineResult.Status status, SSLEngineResult.HandshakeStatus hs,
+- int bytesConsumed, int bytesProduced) {
+- // If isOutboundDone, then the data from the network BIO
+- // was the close_notify message and all was consumed we are not required to wait
+- // for the receipt the peer's close_notify message -- shutdown.
+- if (isOutboundDone()) {
+- if (isInboundDone()) {
+- // If the inbound was done as well, we need to ensure we return NOT_HANDSHAKING to signal we are done.
+- hs = NOT_HANDSHAKING;
+-
+- // As the inbound and the outbound is done we can shutdown the engine now.
+- shutdown();
+- }
+- return new SSLEngineResult(CLOSED, hs, bytesConsumed, bytesProduced);
+- }
+- return new SSLEngineResult(status, hs, bytesConsumed, bytesProduced);
+- }
+-
+- private SSLEngineResult newResultMayFinishHandshake(SSLEngineResult.HandshakeStatus hs,
+- int bytesConsumed, int bytesProduced) throws SSLException {
+- return newResult(mayFinishHandshake(hs != FINISHED ? getHandshakeStatus() : FINISHED),
+- bytesConsumed, bytesProduced);
+- }
+-
+- private SSLEngineResult newResultMayFinishHandshake(SSLEngineResult.Status status,
+- SSLEngineResult.HandshakeStatus hs,
+- int bytesConsumed, int bytesProduced) throws SSLException {
+- return newResult(status, mayFinishHandshake(hs != FINISHED ? getHandshakeStatus() : FINISHED),
+- bytesConsumed, bytesProduced);
+- }
+-
+- /**
+- * Log the error, shutdown the engine and throw an exception.
+- */
+- private SSLException shutdownWithError(String operations) {
+- String err = SSL.getLastError();
+- return shutdownWithError(operations, err);
+- }
+-
+- private SSLException shutdownWithError(String operation, String err) {
+- if (logger.isDebugEnabled()) {
+- logger.debug("{} failed: OpenSSL error: {}", operation, err);
+- }
+-
+- // There was an internal error -- shutdown
+- shutdown();
+- if (handshakeState == HandshakeState.FINISHED) {
+- return new SSLException(err);
+- }
+- return new SSLHandshakeException(err);
+- }
+-
+- public final SSLEngineResult unwrap(
+- final ByteBuffer[] srcs, int srcsOffset, final int srcsLength,
+- final ByteBuffer[] dsts, int dstsOffset, final int dstsLength) throws SSLException {
+-
+- // Throw required runtime exceptions
+- if (srcs == null) {
+- throw new NullPointerException("srcs");
+- }
+- if (srcsOffset >= srcs.length
+- || srcsOffset + srcsLength > srcs.length) {
+- throw new IndexOutOfBoundsException(
+- "offset: " + srcsOffset + ", length: " + srcsLength +
+- " (expected: offset <= offset + length <= srcs.length (" + srcs.length + "))");
+- }
+- if (dsts == null) {
+- throw new IllegalArgumentException("dsts is null");
+- }
+- if (dstsOffset >= dsts.length || dstsOffset + dstsLength > dsts.length) {
+- throw new IndexOutOfBoundsException(
+- "offset: " + dstsOffset + ", length: " + dstsLength +
+- " (expected: offset <= offset + length <= dsts.length (" + dsts.length + "))");
+- }
+- long capacity = 0;
+- final int dstsEndOffset = dstsOffset + dstsLength;
+- for (int i = dstsOffset; i < dstsEndOffset; i ++) {
+- ByteBuffer dst = dsts[i];
+- if (dst == null) {
+- throw new IllegalArgumentException("dsts[" + i + "] is null");
+- }
+- if (dst.isReadOnly()) {
+- throw new ReadOnlyBufferException();
+- }
+- capacity += dst.remaining();
+- }
+-
+- final int srcsEndOffset = srcsOffset + srcsLength;
+- long len = 0;
+- for (int i = srcsOffset; i < srcsEndOffset; i++) {
+- ByteBuffer src = srcs[i];
+- if (src == null) {
+- throw new IllegalArgumentException("srcs[" + i + "] is null");
+- }
+- len += src.remaining();
+- }
+-
+- synchronized (this) {
+- if (isInboundDone()) {
+- return isOutboundDone() || isDestroyed() ? CLOSED_NOT_HANDSHAKING : NEED_WRAP_CLOSED;
+- }
+-
+- SSLEngineResult.HandshakeStatus status = NOT_HANDSHAKING;
+- // Prepare OpenSSL to work in server mode and receive handshake
+- if (handshakeState != HandshakeState.FINISHED) {
+- if (handshakeState != HandshakeState.STARTED_EXPLICITLY) {
+- // Update accepted so we know we triggered the handshake via wrap
+- handshakeState = HandshakeState.STARTED_IMPLICITLY;
+- }
+-
+- status = handshake();
+- if (status == NEED_WRAP) {
+- return NEED_WRAP_OK;
+- }
+- // Check if the inbound is considered to be closed if so let us try to wrap again.
+- if (isInboundDone) {
+- return NEED_WRAP_CLOSED;
+- }
+- }
+-
+- if (len < SSL_RECORD_HEADER_LENGTH) {
+- return newResultMayFinishHandshake(BUFFER_UNDERFLOW, status, 0, 0);
+- }
+-
+- int packetLength = SslUtils.getEncryptedPacketLength(srcs, srcsOffset);
+-
+- if (packetLength == SslUtils.NOT_ENCRYPTED) {
+- throw new NotSslRecordException("not an SSL/TLS record");
+- }
+-
+- if (packetLength - SSL_RECORD_HEADER_LENGTH > capacity) {
+- // No enough space in the destination buffer so signal the caller
+- // that the buffer needs to be increased.
+- return newResultMayFinishHandshake(BUFFER_OVERFLOW, status, 0, 0);
+- }
+-
+- if (len < packetLength) {
+- // We either have no enough data to read the packet length at all or not enough for reading
+- // the whole packet.
+- return newResultMayFinishHandshake(BUFFER_UNDERFLOW, status, 0, 0);
+- }
+-
+- // This must always be the case when we reached here as if not we returned BUFFER_UNDERFLOW.
+- assert srcsOffset < srcsEndOffset;
+-
+- // This must always be the case if we reached here.
+- assert capacity > 0;
+-
+- // Number of produced bytes
+- int bytesProduced = 0;
+- int bytesConsumed = 0;
+- try {
+- for (; srcsOffset < srcsEndOffset; ++srcsOffset) {
+- ByteBuffer src = srcs[srcsOffset];
+- int remaining = src.remaining();
+- if (remaining == 0) {
+- // We must skip empty buffers as BIO_write will return 0 if asked to write something
+- // with length 0.
+- continue;
+- }
+- // Write more encrypted data into the BIO. Ensure we only read one packet at a time as
+- // stated in the SSLEngine javadocs.
+- int pendingEncryptedBytes = min(packetLength, remaining);
+- ByteBuf bioWriteCopyBuf = writeEncryptedData(src, pendingEncryptedBytes);
+- try {
+- readLoop:
+- for (; dstsOffset < dstsEndOffset; ++dstsOffset) {
+- ByteBuffer dst = dsts[dstsOffset];
+- if (!dst.hasRemaining()) {
+- // No space left in the destination buffer, skip it.
+- continue;
+- }
+-
+- int bytesRead = readPlaintextData(dst);
+- // We are directly using the ByteBuffer memory for the write, and so we only know what
+- // has been consumed after we let SSL decrypt the data. At this point we should update
+- // the number of bytes consumed, update the ByteBuffer position, and release temp
+- // ByteBuf.
+- int localBytesConsumed = pendingEncryptedBytes - SSL.bioLengthByteBuffer(networkBIO);
+- bytesConsumed += localBytesConsumed;
+- packetLength -= localBytesConsumed;
+- pendingEncryptedBytes -= localBytesConsumed;
+- src.position(src.position() + localBytesConsumed);
+-
+- if (bytesRead > 0) {
+- bytesProduced += bytesRead;
+-
+- if (!dst.hasRemaining()) {
+- // Move to the next dst buffer as this one is full.
+- continue;
+- }
+- if (packetLength == 0) {
+- // We read everything return now.
+- return newResultMayFinishHandshake(isInboundDone() ? CLOSED : OK, status,
+- bytesConsumed, bytesProduced);
+- }
+- // try to write again to the BIO. stop reading from it by break out of the readLoop.
+- break;
+- } else {
+- int sslError = SSL.getError(ssl, bytesRead);
+- if (sslError == SSL.SSL_ERROR_WANT_READ || sslError == SSL.SSL_ERROR_WANT_WRITE) {
+- // break to the outer loop as we want to read more data which means we need to
+- // write more to the BIO.
+- break readLoop;
+- } else if (sslError == SSL.SSL_ERROR_ZERO_RETURN) {
+- // This means the connection was shutdown correctly, close inbound and outbound
+- if (!receivedShutdown) {
+- closeAll();
+- }
+- return newResultMayFinishHandshake(isInboundDone() ? CLOSED : OK, status,
+- bytesConsumed, bytesProduced);
+- } else {
+- return sslReadErrorResult(SSL.getLastErrorNumber(), bytesConsumed,
+- bytesProduced);
+- }
+- }
+- }
+-
+- // Either we have no more dst buffers to put the data, or no more data to generate; we are done.
+- if (dstsOffset >= dstsEndOffset || packetLength == 0) {
+- break;
+- }
+- } finally {
+- if (bioWriteCopyBuf != null) {
+- bioWriteCopyBuf.release();
+- }
+- }
+- }
+- } finally {
+- SSL.bioClearByteBuffer(networkBIO);
+- rejectRemoteInitiatedRenegotiation();
+- }
+-
+- // Check to see if we received a close_notify message from the peer.
+- if (!receivedShutdown && (SSL.getShutdown(ssl) & SSL.SSL_RECEIVED_SHUTDOWN) == SSL.SSL_RECEIVED_SHUTDOWN) {
+- closeAll();
+- }
+-
+- return newResultMayFinishHandshake(isInboundDone() ? CLOSED : OK, status, bytesConsumed, bytesProduced);
+- }
+- }
+-
+- private SSLEngineResult sslReadErrorResult(int err, int bytesConsumed, int bytesProduced) throws SSLException {
+- String errStr = SSL.getErrorString(err);
+-
+- // Check if we have a pending handshakeException and if so see if we need to consume all pending data from the
+- // BIO first or can just shutdown and throw it now.
+- // This is needed so we ensure close_notify etc is correctly send to the remote peer.
+- // See https://github.com/netty/netty/issues/3900
+- if (SSL.bioLengthNonApplication(networkBIO) > 0) {
+- if (handshakeException == null && handshakeState != HandshakeState.FINISHED) {
+- // we seems to have data left that needs to be transfered and so the user needs
+- // call wrap(...). Store the error so we can pick it up later.
+- handshakeException = new SSLHandshakeException(errStr);
+- }
+- return new SSLEngineResult(OK, NEED_WRAP, bytesConsumed, bytesProduced);
+- }
+- throw shutdownWithError("SSL_read", errStr);
+- }
+-
+- private void closeAll() throws SSLException {
+- receivedShutdown = true;
+- closeOutbound();
+- closeInbound();
+- }
+-
+- private void rejectRemoteInitiatedRenegotiation() throws SSLHandshakeException {
+- if (rejectRemoteInitiatedRenegotiation && SSL.getHandshakeCount(ssl) > 1) {
+- // TODO: In future versions me may also want to send a fatal_alert to the client and so notify it
+- // that the renegotiation failed.
+- shutdown();
+- throw new SSLHandshakeException("remote-initiated renegotiation not allowed");
+- }
+- }
+-
+- public final SSLEngineResult unwrap(final ByteBuffer[] srcs, final ByteBuffer[] dsts) throws SSLException {
+- return unwrap(srcs, 0, srcs.length, dsts, 0, dsts.length);
+- }
+-
+- private ByteBuffer[] singleSrcBuffer(ByteBuffer src) {
+- singleSrcBuffer[0] = src;
+- return singleSrcBuffer;
+- }
+-
+- private void resetSingleSrcBuffer() {
+- singleSrcBuffer[0] = null;
+- }
+-
+- private ByteBuffer[] singleDstBuffer(ByteBuffer src) {
+- singleDstBuffer[0] = src;
+- return singleDstBuffer;
+- }
+-
+- private void resetSingleDstBuffer() {
+- singleDstBuffer[0] = null;
+- }
+-
+- @Override
+- public final synchronized SSLEngineResult unwrap(
+- final ByteBuffer src, final ByteBuffer[] dsts, final int offset, final int length) throws SSLException {
+- try {
+- return unwrap(singleSrcBuffer(src), 0, 1, dsts, offset, length);
+- } finally {
+- resetSingleSrcBuffer();
+- }
+- }
+-
+- @Override
+- public final synchronized SSLEngineResult wrap(ByteBuffer src, ByteBuffer dst) throws SSLException {
+- try {
+- return wrap(singleSrcBuffer(src), dst);
+- } finally {
+- resetSingleSrcBuffer();
+- }
+- }
+-
+- @Override
+- public final synchronized SSLEngineResult unwrap(ByteBuffer src, ByteBuffer dst) throws SSLException {
+- try {
+- return unwrap(singleSrcBuffer(src), singleDstBuffer(dst));
+- } finally {
+- resetSingleSrcBuffer();
+- resetSingleDstBuffer();
+- }
+- }
+-
+- @Override
+- public final synchronized SSLEngineResult unwrap(ByteBuffer src, ByteBuffer[] dsts) throws SSLException {
+- try {
+- return unwrap(singleSrcBuffer(src), dsts);
+- } finally {
+- resetSingleSrcBuffer();
+- }
+- }
+-
+- @Override
+- public final Runnable getDelegatedTask() {
+- // Currently, we do not delegate SSL computation tasks
+- // TODO: in the future, possibly create tasks to do encrypt / decrypt async
+-
+- return null;
+- }
+-
+- @Override
+- public final synchronized void closeInbound() throws SSLException {
+- if (isInboundDone) {
+- return;
+- }
+-
+- isInboundDone = true;
+-
+- if (isOutboundDone()) {
+- // Only call shutdown if there is no outbound data pending.
+- // See https://github.com/netty/netty/issues/6167
+- shutdown();
+- }
+-
+- if (handshakeState != HandshakeState.NOT_STARTED && !receivedShutdown) {
+- throw new SSLException(
+- "Inbound closed before receiving peer's close_notify: possible truncation attack?");
+- }
+- }
+-
+- @Override
+- public final synchronized boolean isInboundDone() {
+- return isInboundDone;
+- }
+-
+- @Override
+- public final synchronized void closeOutbound() {
+- if (outboundClosed) {
+- return;
+- }
+-
+- outboundClosed = true;
+-
+- if (handshakeState != HandshakeState.NOT_STARTED && !isDestroyed()) {
+- int mode = SSL.getShutdown(ssl);
+- if ((mode & SSL.SSL_SENT_SHUTDOWN) != SSL.SSL_SENT_SHUTDOWN) {
+- doSSLShutdown();
+- }
+- } else {
+- // engine closing before initial handshake
+- shutdown();
+- }
+- }
+-
+- /**
+- * Attempt to call {@link SSL#shutdownSSL(long)}.
+- * @return {@code false} if the call to {@link SSL#shutdownSSL(long)} was not attempted or returned an error.
+- */
+- private boolean doSSLShutdown() {
+- if (SSL.isInInit(ssl) != 0) {
+- // Only try to call SSL_shutdown if we are not in the init state anymore.
+- // Otherwise we will see 'error:140E0197:SSL routines:SSL_shutdown:shutdown while in init' in our logs.
+- //
+- // See also http://hg.nginx.org/nginx/rev/062c189fee20
+- return false;
+- }
+- int err = SSL.shutdownSSL(ssl);
+- if (err < 0) {
+- int sslErr = SSL.getError(ssl, err);
+- if (sslErr == SSL.SSL_ERROR_SYSCALL || sslErr == SSL.SSL_ERROR_SSL) {
+- if (logger.isDebugEnabled()) {
+- logger.debug("SSL_shutdown failed: OpenSSL error: {}", SSL.getLastError());
+- }
+- // There was an internal error -- shutdown
+- shutdown();
+- return false;
+- }
+- SSL.clearError();
+- }
+- return true;
+- }
+-
+- @Override
+- public final synchronized boolean isOutboundDone() {
+- // Check if there is anything left in the outbound buffer.
+- // We need to ensure we only call SSL.pendingWrittenBytesInBIO(...) if the engine was not destroyed yet.
+- return outboundClosed && (networkBIO == 0 || SSL.bioLengthNonApplication(networkBIO) == 0);
+- }
+-
+- @Override
+- public final String[] getSupportedCipherSuites() {
+- return OpenSsl.AVAILABLE_CIPHER_SUITES.toArray(new String[OpenSsl.AVAILABLE_CIPHER_SUITES.size()]);
+- }
+-
+- @Override
+- public final String[] getEnabledCipherSuites() {
+- final String[] enabled;
+- synchronized (this) {
+- if (!isDestroyed()) {
+- enabled = SSL.getCiphers(ssl);
+- } else {
+- return EmptyArrays.EMPTY_STRINGS;
+- }
+- }
+- if (enabled == null) {
+- return EmptyArrays.EMPTY_STRINGS;
+- } else {
+- synchronized (this) {
+- for (int i = 0; i < enabled.length; i++) {
+- String mapped = toJavaCipherSuite(enabled[i]);
+- if (mapped != null) {
+- enabled[i] = mapped;
+- }
+- }
+- }
+- return enabled;
+- }
+- }
+-
+- @Override
+- public final void setEnabledCipherSuites(String[] cipherSuites) {
+- checkNotNull(cipherSuites, "cipherSuites");
+-
+- final StringBuilder buf = new StringBuilder();
+- for (String c: cipherSuites) {
+- if (c == null) {
+- break;
+- }
+-
+- String converted = CipherSuiteConverter.toOpenSsl(c);
+- if (converted == null) {
+- converted = c;
+- }
+-
+- if (!OpenSsl.isCipherSuiteAvailable(converted)) {
+- throw new IllegalArgumentException("unsupported cipher suite: " + c + '(' + converted + ')');
+- }
+-
+- buf.append(converted);
+- buf.append(':');
+- }
+-
+- if (buf.length() == 0) {
+- throw new IllegalArgumentException("empty cipher suites");
+- }
+- buf.setLength(buf.length() - 1);
+-
+- final String cipherSuiteSpec = buf.toString();
+-
+- synchronized (this) {
+- if (!isDestroyed()) {
+- try {
+- SSL.setCipherSuites(ssl, cipherSuiteSpec);
+- } catch (Exception e) {
+- throw new IllegalStateException("failed to enable cipher suites: " + cipherSuiteSpec, e);
+- }
+- } else {
+- throw new IllegalStateException("failed to enable cipher suites: " + cipherSuiteSpec);
+- }
+- }
+- }
+-
+- @Override
+- public final String[] getSupportedProtocols() {
+- return OpenSsl.SUPPORTED_PROTOCOLS_SET.toArray(new String[OpenSsl.SUPPORTED_PROTOCOLS_SET.size()]);
+- }
+-
+- @Override
+- public final String[] getEnabledProtocols() {
+- List<String> enabled = new ArrayList<String>(6);
+- // Seems like there is no way to explicit disable SSLv2Hello in openssl so it is always enabled
+- enabled.add(OpenSsl.PROTOCOL_SSL_V2_HELLO);
+-
+- int opts;
+- synchronized (this) {
+- if (!isDestroyed()) {
+- opts = SSL.getOptions(ssl);
+- } else {
+- return enabled.toArray(new String[1]);
+- }
+- }
+- if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1, OpenSsl.PROTOCOL_TLS_V1)) {
+- enabled.add(OpenSsl.PROTOCOL_TLS_V1);
+- }
+- if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_1, OpenSsl.PROTOCOL_TLS_V1_1)) {
+- enabled.add(OpenSsl.PROTOCOL_TLS_V1_1);
+- }
+- if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_2, OpenSsl.PROTOCOL_TLS_V1_2)) {
+- enabled.add(OpenSsl.PROTOCOL_TLS_V1_2);
+- }
+- if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv2, OpenSsl.PROTOCOL_SSL_V2)) {
+- enabled.add(OpenSsl.PROTOCOL_SSL_V2);
+- }
+- if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv3, OpenSsl.PROTOCOL_SSL_V3)) {
+- enabled.add(OpenSsl.PROTOCOL_SSL_V3);
+- }
+- return enabled.toArray(new String[enabled.size()]);
+- }
+-
+- private static boolean isProtocolEnabled(int opts, int disableMask, String protocolString) {
+- // We also need to check if the actual protocolString is supported as depending on the openssl API
+- // implementations it may use a disableMask of 0 (BoringSSL is doing this for example).
+- return (opts & disableMask) == 0 && OpenSsl.SUPPORTED_PROTOCOLS_SET.contains(protocolString);
+- }
+-
+- @Override
+- public final void setEnabledProtocols(String[] protocols) {
+- if (protocols == null) {
+- // This is correct from the API docs
+- throw new IllegalArgumentException();
+- }
+- boolean sslv2 = false;
+- boolean sslv3 = false;
+- boolean tlsv1 = false;
+- boolean tlsv1_1 = false;
+- boolean tlsv1_2 = false;
+- for (String p: protocols) {
+- if (!OpenSsl.SUPPORTED_PROTOCOLS_SET.contains(p)) {
+- throw new IllegalArgumentException("Protocol " + p + " is not supported.");
+- }
+- if (p.equals(OpenSsl.PROTOCOL_SSL_V2)) {
+- sslv2 = true;
+- } else if (p.equals(OpenSsl.PROTOCOL_SSL_V3)) {
+- sslv3 = true;
+- } else if (p.equals(OpenSsl.PROTOCOL_TLS_V1)) {
+- tlsv1 = true;
+- } else if (p.equals(OpenSsl.PROTOCOL_TLS_V1_1)) {
+- tlsv1_1 = true;
+- } else if (p.equals(OpenSsl.PROTOCOL_TLS_V1_2)) {
+- tlsv1_2 = true;
+- }
+- }
+- synchronized (this) {
+- if (!isDestroyed()) {
+- // Clear out options which disable protocols
+- SSL.clearOptions(ssl, SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_NO_TLSv1 |
+- SSL.SSL_OP_NO_TLSv1_1 | SSL.SSL_OP_NO_TLSv1_2);
+-
+- int opts = 0;
+- if (!sslv2) {
+- opts |= SSL.SSL_OP_NO_SSLv2;
+- }
+- if (!sslv3) {
+- opts |= SSL.SSL_OP_NO_SSLv3;
+- }
+- if (!tlsv1) {
+- opts |= SSL.SSL_OP_NO_TLSv1;
+- }
+- if (!tlsv1_1) {
+- opts |= SSL.SSL_OP_NO_TLSv1_1;
+- }
+- if (!tlsv1_2) {
+- opts |= SSL.SSL_OP_NO_TLSv1_2;
+- }
+-
+- // Disable protocols we do not want
+- SSL.setOptions(ssl, opts);
+- } else {
+- throw new IllegalStateException("failed to enable protocols: " + Arrays.asList(protocols));
+- }
+- }
+- }
+-
+- @Override
+- public final SSLSession getSession() {
+- return session;
+- }
+-
+- @Override
+- public final synchronized void beginHandshake() throws SSLException {
+- switch (handshakeState) {
+- case STARTED_IMPLICITLY:
+- checkEngineClosed(BEGIN_HANDSHAKE_ENGINE_CLOSED);
+-
+- // A user did not start handshake by calling this method by him/herself,
+- // but handshake has been started already by wrap() or unwrap() implicitly.
+- // Because it's the user's first time to call this method, it is unfair to
+- // raise an exception. From the user's standpoint, he or she never asked
+- // for renegotiation.
+-
+- handshakeState = HandshakeState.STARTED_EXPLICITLY; // Next time this method is invoked by the user,
+- // we should raise an exception.
+- break;
+- case STARTED_EXPLICITLY:
+- // Nothing to do as the handshake is not done yet.
+- break;
+- case FINISHED:
+- if (clientMode) {
+- // Only supported for server mode at the moment.
+- throw RENEGOTIATION_UNSUPPORTED;
+- }
+- // For renegotiate on the server side we need to issue the following command sequence with openssl:
+- //
+- // SSL_renegotiate(ssl)
+- // SSL_do_handshake(ssl)
+- // ssl->state = SSL_ST_ACCEPT
+- // SSL_do_handshake(ssl)
+- //
+- // Because of this we fall-through to call handshake() after setting the state, as this will also take
+- // care of updating the internal OpenSslSession object.
+- //
+- // See also:
+- // https://github.com/apache/httpd/blob/2.4.16/modules/ssl/ssl_engine_kernel...
+- // http://h71000.www7.hp.com/doc/83final/ba554_90007/ch04s03.html
+- int status;
+- if ((status = SSL.renegotiate(ssl)) != 1 || (status = SSL.doHandshake(ssl)) != 1) {
+- int err = SSL.getError(ssl, status);
+- if (err == SSL.SSL_ERROR_WANT_READ || err == SSL.SSL_ERROR_WANT_WRITE) {
+- // If the internal SSL buffer is small it is possible that doHandshake may "fail" because
+- // there is not enough room to write, so we should wait until the renegotiation has been.
+- renegotiationPending = true;
+- handshakeState = HandshakeState.STARTED_EXPLICITLY;
+- lastAccessed = System.currentTimeMillis();
+- return;
+- } else {
+- throw shutdownWithError("renegotiation failed");
+- }
+- }
+-
+- SSL.setState(ssl, SSL.SSL_ST_ACCEPT);
+-
+- lastAccessed = System.currentTimeMillis();
+-
+- // fall-through
+- case NOT_STARTED:
+- handshakeState = HandshakeState.STARTED_EXPLICITLY;
+- handshake();
+- break;
+- default:
+- throw new Error();
+- }
+- }
+-
+- private void checkEngineClosed(SSLException cause) throws SSLException {
+- if (isDestroyed()) {
+- throw cause;
+- }
+- }
+-
+- private static SSLEngineResult.HandshakeStatus pendingStatus(int pendingStatus) {
+- // Depending on if there is something left in the BIO we need to WRAP or UNWRAP
+- return pendingStatus > 0 ? NEED_WRAP : NEED_UNWRAP;
+- }
+-
+- private static boolean isEmpty(Object[] arr) {
+- return arr == null || arr.length == 0;
+- }
+-
+- private static boolean isEmpty(byte[] cert) {
+- return cert == null || cert.length == 0;
+- }
+-
+- private SSLEngineResult.HandshakeStatus handshake() throws SSLException {
+- if (handshakeState == HandshakeState.FINISHED) {
+- return FINISHED;
+- }
+- checkEngineClosed(HANDSHAKE_ENGINE_CLOSED);
+-
+- // Check if we have a pending handshakeException and if so see if we need to consume all pending data from the
+- // BIO first or can just shutdown and throw it now.
+- // This is needed so we ensure close_notify etc is correctly send to the remote peer.
+- // See https://github.com/netty/netty/issues/3900
+- SSLHandshakeException exception = handshakeException;
+- if (exception != null) {
+- if (SSL.bioLengthNonApplication(networkBIO) > 0) {
+- // There is something pending, we need to consume it first via a WRAP so we don't loose anything.
+- return NEED_WRAP;
+- }
+- // No more data left to send to the remote peer, so null out the exception field, shutdown and throw
+- // the exception.
+- handshakeException = null;
+- shutdown();
+- throw exception;
+- }
+-
+- // Adding the OpenSslEngine to the OpenSslEngineMap so it can be used in the AbstractCertificateVerifier.
+- engineMap.add(this);
+- if (lastAccessed == -1) {
+- lastAccessed = System.currentTimeMillis();
+- }
+-
+- if (!certificateSet && keyMaterialManager != null) {
+- certificateSet = true;
+- keyMaterialManager.setKeyMaterial(this);
+- }
+-
+- int code = SSL.doHandshake(ssl);
+- if (code <= 0) {
+- // Check if we have a pending exception that was created during the handshake and if so throw it after
+- // shutdown the connection.
+- if (handshakeException != null) {
+- exception = handshakeException;
+- handshakeException = null;
+- shutdown();
+- throw exception;
+- }
+-
+- int sslError = SSL.getError(ssl, code);
+- if (sslError == SSL.SSL_ERROR_WANT_READ || sslError == SSL.SSL_ERROR_WANT_WRITE) {
+- return pendingStatus(SSL.bioLengthNonApplication(networkBIO));
+- } else {
+- // Everything else is considered as error
+- throw shutdownWithError("SSL_do_handshake");
+- }
+- }
+- // if SSL_do_handshake returns > 0 or sslError == SSL.SSL_ERROR_NAME it means the handshake was finished.
+- session.handshakeFinished();
+- engineMap.remove(ssl);
+- return FINISHED;
+- }
+-
+- private SSLEngineResult.HandshakeStatus mayFinishHandshake(SSLEngineResult.HandshakeStatus status)
+- throws SSLException {
+- if (status == NOT_HANDSHAKING && handshakeState != HandshakeState.FINISHED) {
+- // If the status was NOT_HANDSHAKING and we not finished the handshake we need to call
+- // SSL_do_handshake() again
+- return handshake();
+- }
+- return status;
+- }
+-
+- @Override
+- public final synchronized SSLEngineResult.HandshakeStatus getHandshakeStatus() {
+- // Check if we are in the initial handshake phase or shutdown phase
+- return needPendingStatus() ? pendingStatus(SSL.bioLengthNonApplication(networkBIO)) : NOT_HANDSHAKING;
+- }
+-
+- private SSLEngineResult.HandshakeStatus getHandshakeStatus(int pending) {
+- // Check if we are in the initial handshake phase or shutdown phase
+- return needPendingStatus() ? pendingStatus(pending) : NOT_HANDSHAKING;
+- }
+-
+- private boolean needPendingStatus() {
+- return handshakeState != HandshakeState.NOT_STARTED && !isDestroyed()
+- && (handshakeState != HandshakeState.FINISHED || isInboundDone() || isOutboundDone());
+- }
+-
+- /**
+- * Converts the specified OpenSSL cipher suite to the Java cipher suite.
+- */
+- private String toJavaCipherSuite(String openSslCipherSuite) {
+- if (openSslCipherSuite == null) {
+- return null;
+- }
+-
+- String prefix = toJavaCipherSuitePrefix(SSL.getVersion(ssl));
+- return CipherSuiteConverter.toJava(openSslCipherSuite, prefix);
+- }
+-
+- /**
+- * Converts the protocol version string returned by {@link SSL#getVersion(long)} to protocol family string.
+- */
+- private static String toJavaCipherSuitePrefix(String protocolVersion) {
+- final char c;
+- if (protocolVersion == null || protocolVersion.isEmpty()) {
+- c = 0;
+- } else {
+- c = protocolVersion.charAt(0);
+- }
+-
+- switch (c) {
+- case 'T':
+- return "TLS";
+- case 'S':
+- return "SSL";
+- default:
+- return "UNKNOWN";
+- }
+- }
+-
+- @Override
+- public final void setUseClientMode(boolean clientMode) {
+- if (clientMode != this.clientMode) {
+- throw new UnsupportedOperationException();
+- }
+- }
+-
+- @Override
+- public final boolean getUseClientMode() {
+- return clientMode;
+- }
+-
+- @Override
+- public final void setNeedClientAuth(boolean b) {
+- setClientAuth(b ? ClientAuth.REQUIRE : ClientAuth.NONE);
+- }
+-
+- @Override
+- public final boolean getNeedClientAuth() {
+- return clientAuth == ClientAuth.REQUIRE;
+- }
+-
+- @Override
+- public final void setWantClientAuth(boolean b) {
+- setClientAuth(b ? ClientAuth.OPTIONAL : ClientAuth.NONE);
+- }
+-
+- @Override
+- public final boolean getWantClientAuth() {
+- return clientAuth == ClientAuth.OPTIONAL;
+- }
+-
+- /**
+- * See <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_verify.html">SSL_set_verify</a> and
+- * {@link SSL#setVerify(long, int, int)}.
+- */
+- @UnstableApi
+- public final synchronized void setVerify(int verifyMode, int depth) {
+- SSL.setVerify(ssl, verifyMode, depth);
+- }
+-
+- private void setClientAuth(ClientAuth mode) {
+- if (clientMode) {
+- return;
+- }
+- synchronized (this) {
+- if (clientAuth == mode) {
+- // No need to issue any JNI calls if the mode is the same
+- return;
+- }
+- switch (mode) {
+- case NONE:
+- SSL.setVerify(ssl, SSL.SSL_CVERIFY_NONE, ReferenceCountedOpenSslContext.VERIFY_DEPTH);
+- break;
+- case REQUIRE:
+- SSL.setVerify(ssl, SSL.SSL_CVERIFY_REQUIRED, ReferenceCountedOpenSslContext.VERIFY_DEPTH);
+- break;
+- case OPTIONAL:
+- SSL.setVerify(ssl, SSL.SSL_CVERIFY_OPTIONAL, ReferenceCountedOpenSslContext.VERIFY_DEPTH);
+- break;
+- default:
+- throw new Error(mode.toString());
+- }
+- clientAuth = mode;
+- }
+- }
+-
+- @Override
+- public final void setEnableSessionCreation(boolean b) {
+- if (b) {
+- throw new UnsupportedOperationException();
+- }
+- }
+-
+- @Override
+- public final boolean getEnableSessionCreation() {
+- return false;
+- }
+-
+- @Override
+- public final synchronized SSLParameters getSSLParameters() {
+- SSLParameters sslParameters = super.getSSLParameters();
+-
+- int version = PlatformDependent.javaVersion();
+- if (version >= 7) {
+- sslParameters.setEndpointIdentificationAlgorithm(endPointIdentificationAlgorithm);
+- Java7SslParametersUtils.setAlgorithmConstraints(sslParameters, algorithmConstraints);
+- if (version >= 8) {
+- if (sniHostNames != null) {
+- Java8SslUtils.setSniHostNames(sslParameters, sniHostNames);
+- }
+- if (!isDestroyed()) {
+- Java8SslUtils.setUseCipherSuitesOrder(
+- sslParameters, (SSL.getOptions(ssl) & SSL.SSL_OP_CIPHER_SERVER_PREFERENCE) != 0);
+- }
+-
+- Java8SslUtils.setSNIMatchers(sslParameters, matchers);
+- }
+- }
+- return sslParameters;
+- }
+-
+- @Override
+- public final synchronized void setSSLParameters(SSLParameters sslParameters) {
+- int version = PlatformDependent.javaVersion();
+- if (version >= 7) {
+- if (sslParameters.getAlgorithmConstraints() != null) {
+- throw new IllegalArgumentException("AlgorithmConstraints are not supported.");
+- }
+-
+- if (version >= 8) {
+- if (!isDestroyed()) {
+- if (clientMode) {
+- final List<String> sniHostNames = Java8SslUtils.getSniHostNames(sslParameters);
+- for (String name: sniHostNames) {
+- SSL.setTlsExtHostName(ssl, name);
+- }
+- this.sniHostNames = sniHostNames;
+- }
+- if (Java8SslUtils.getUseCipherSuitesOrder(sslParameters)) {
+- SSL.setOptions(ssl, SSL.SSL_OP_CIPHER_SERVER_PREFERENCE);
+- } else {
+- SSL.clearOptions(ssl, SSL.SSL_OP_CIPHER_SERVER_PREFERENCE);
+- }
+- }
+- matchers = sslParameters.getSNIMatchers();
+- }
+-
+- final String endPointIdentificationAlgorithm = sslParameters.getEndpointIdentificationAlgorithm();
+- final boolean endPointVerificationEnabled = endPointIdentificationAlgorithm != null &&
+- !endPointIdentificationAlgorithm.isEmpty();
+- SSL.setHostNameValidation(ssl, DEFAULT_HOSTNAME_VALIDATION_FLAGS,
+- endPointVerificationEnabled ? getPeerHost() : null);
+- // If the user asks for hostname verification we must ensure we verify the peer.
+- // If the user disables hostname verification we leave it up to the user to change the mode manually.
+- if (clientMode && endPointVerificationEnabled) {
+- SSL.setVerify(ssl, SSL.SSL_CVERIFY_REQUIRED, -1);
+- }
+-
+- this.endPointIdentificationAlgorithm = endPointIdentificationAlgorithm;
+- algorithmConstraints = sslParameters.getAlgorithmConstraints();
+- }
+- super.setSSLParameters(sslParameters);
+- }
+-
+- private boolean isDestroyed() {
+- return destroyed != 0;
+- }
+-
+- static int calculateOutNetBufSize(int pendingBytes, int numComponents) {
+- return (int) min(MAX_ENCRYPTED_PACKET_LENGTH,
+- pendingBytes + (long) MAX_TLS_RECORD_OVERHEAD_LENGTH * numComponents);
+- }
+-
+- final boolean checkSniHostnameMatch(String hostname) {
+- return Java8SslUtils.checkSniHostnameMatch(matchers, hostname);
+- }
+-
+- private final class OpenSslSession implements SSLSession, ApplicationProtocolAccessor {
+- private final OpenSslSessionContext sessionContext;
+-
+- // These are guarded by synchronized(OpenSslEngine.this) as handshakeFinished() may be triggered by any
+- // thread.
+- private X509Certificate[] x509PeerCerts;
+- private Certificate[] peerCerts;
+- private String protocol;
+- private String applicationProtocol;
+- private String cipher;
+- private byte[] id;
+- private long creationTime;
+-
+- // lazy init for memory reasons
+- private Map<String, Object> values;
+-
+- OpenSslSession(OpenSslSessionContext sessionContext) {
+- this.sessionContext = sessionContext;
+- }
+-
+- @Override
+- public byte[] getId() {
+- synchronized (ReferenceCountedOpenSslEngine.this) {
+- if (id == null) {
+- return EmptyArrays.EMPTY_BYTES;
+- }
+- return id.clone();
+- }
+- }
+-
+- @Override
+- public SSLSessionContext getSessionContext() {
+- return sessionContext;
+- }
+-
+- @Override
+- public long getCreationTime() {
+- synchronized (ReferenceCountedOpenSslEngine.this) {
+- if (creationTime == 0 && !isDestroyed()) {
+- creationTime = SSL.getTime(ssl) * 1000L;
+- }
+- }
+- return creationTime;
+- }
+-
+- @Override
+- public long getLastAccessedTime() {
+- long lastAccessed = ReferenceCountedOpenSslEngine.this.lastAccessed;
+- // if lastAccessed is -1 we will just return the creation time as the handshake was not started yet.
+- return lastAccessed == -1 ? getCreationTime() : lastAccessed;
+- }
+-
+- @Override
+- public void invalidate() {
+- synchronized (ReferenceCountedOpenSslEngine.this) {
+- if (!isDestroyed()) {
+- SSL.setTimeout(ssl, 0);
+- }
+- }
+- }
+-
+- @Override
+- public boolean isValid() {
+- synchronized (ReferenceCountedOpenSslEngine.this) {
+- if (!isDestroyed()) {
+- return System.currentTimeMillis() - (SSL.getTimeout(ssl) * 1000L) < (SSL.getTime(ssl) * 1000L);
+- }
+- }
+- return false;
+- }
+-
+- @Override
+- public void putValue(String name, Object value) {
+- if (name == null) {
+- throw new NullPointerException("name");
+- }
+- if (value == null) {
+- throw new NullPointerException("value");
+- }
+- Map<String, Object> values = this.values;
+- if (values == null) {
+- // Use size of 2 to keep the memory overhead small
+- values = this.values = new HashMap<String, Object>(2);
+- }
+- Object old = values.put(name, value);
+- if (value instanceof SSLSessionBindingListener) {
+- ((SSLSessionBindingListener) value).valueBound(new SSLSessionBindingEvent(this, name));
+- }
+- notifyUnbound(old, name);
+- }
+-
+- @Override
+- public Object getValue(String name) {
+- if (name == null) {
+- throw new NullPointerException("name");
+- }
+- if (values == null) {
+- return null;
+- }
+- return values.get(name);
+- }
+-
+- @Override
+- public void removeValue(String name) {
+- if (name == null) {
+- throw new NullPointerException("name");
+- }
+- Map<String, Object> values = this.values;
+- if (values == null) {
+- return;
+- }
+- Object old = values.remove(name);
+- notifyUnbound(old, name);
+- }
+-
+- @Override
+- public String[] getValueNames() {
+- Map<String, Object> values = this.values;
+- if (values == null || values.isEmpty()) {
+- return EmptyArrays.EMPTY_STRINGS;
+- }
+- return values.keySet().toArray(new String[values.size()]);
+- }
+-
+- private void notifyUnbound(Object value, String name) {
+- if (value instanceof SSLSessionBindingListener) {
+- ((SSLSessionBindingListener) value).valueUnbound(new SSLSessionBindingEvent(this, name));
+- }
+- }
+-
+- /**
+- * Finish the handshake and so init everything in the {@link OpenSslSession} that should be accessible by
+- * the user.
+- */
+- void handshakeFinished() throws SSLException {
+- synchronized (ReferenceCountedOpenSslEngine.this) {
+- if (!isDestroyed()) {
+- id = SSL.getSessionId(ssl);
+- cipher = toJavaCipherSuite(SSL.getCipherForSSL(ssl));
+- protocol = SSL.getVersion(ssl);
+-
+- initPeerCerts();
+- selectApplicationProtocol();
+-
+- handshakeState = HandshakeState.FINISHED;
+- } else {
+- throw new SSLException("Already closed");
+- }
+- }
+- }
+-
+- /**
+- * Init peer certificates that can be obtained via {@link #getPeerCertificateChain()}
+- * and {@link #getPeerCertificates()}.
+- */
+- private void initPeerCerts() {
+- // Return the full chain from the JNI layer.
+- byte[][] chain = SSL.getPeerCertChain(ssl);
+- if (clientMode) {
+- if (isEmpty(chain)) {
+- peerCerts = EMPTY_CERTIFICATES;
+- x509PeerCerts = EMPTY_JAVAX_X509_CERTIFICATES;
+- } else {
+- peerCerts = new Certificate[chain.length];
+- x509PeerCerts = new X509Certificate[chain.length];
+- initCerts(chain, 0);
+- }
+- } else {
+- // if used on the server side SSL_get_peer_cert_chain(...) will not include the remote peer
+- // certificate. We use SSL_get_peer_certificate to get it in this case and add it to our
+- // array later.
+- //
+- // See https://www.openssl.org/docs/ssl/SSL_get_peer_cert_chain.html
+- byte[] clientCert = SSL.getPeerCertificate(ssl);
+- if (isEmpty(clientCert)) {
+- peerCerts = EMPTY_CERTIFICATES;
+- x509PeerCerts = EMPTY_JAVAX_X509_CERTIFICATES;
+- } else {
+- if (isEmpty(chain)) {
+- peerCerts = new Certificate[] {new OpenSslX509Certificate(clientCert)};
+- x509PeerCerts = new X509Certificate[] {new OpenSslJavaxX509Certificate(clientCert)};
+- } else {
+- peerCerts = new Certificate[chain.length + 1];
+- x509PeerCerts = new X509Certificate[chain.length + 1];
+- peerCerts[0] = new OpenSslX509Certificate(clientCert);
+- x509PeerCerts[0] = new OpenSslJavaxX509Certificate(clientCert);
+- initCerts(chain, 1);
+- }
+- }
+- }
+- }
+-
+- private void initCerts(byte[][] chain, int startPos) {
+- for (int i = 0; i < chain.length; i++) {
+- int certPos = startPos + i;
+- peerCerts[certPos] = new OpenSslX509Certificate(chain[i]);
+- x509PeerCerts[certPos] = new OpenSslJavaxX509Certificate(chain[i]);
+- }
+- }
+-
+- /**
+- * Select the application protocol used.
+- */
+- private void selectApplicationProtocol() throws SSLException {
+- ApplicationProtocolConfig.SelectedListenerFailureBehavior behavior = apn.selectedListenerFailureBehavior();
+- List<String> protocols = apn.protocols();
+- String applicationProtocol;
+- switch (apn.protocol()) {
+- case NONE:
+- break;
+- // We always need to check for applicationProtocol == null as the remote peer may not support
+- // the TLS extension or may have returned an empty selection.
+- case ALPN:
+- applicationProtocol = SSL.getAlpnSelected(ssl);
+- if (applicationProtocol != null) {
+- this.applicationProtocol = selectApplicationProtocol(
+- protocols, behavior, applicationProtocol);
+- }
+- break;
+- case NPN:
+- applicationProtocol = SSL.getNextProtoNegotiated(ssl);
+- if (applicationProtocol != null) {
+- this.applicationProtocol = selectApplicationProtocol(
+- protocols, behavior, applicationProtocol);
+- }
+- break;
+- case NPN_AND_ALPN:
+- applicationProtocol = SSL.getAlpnSelected(ssl);
+- if (applicationProtocol == null) {
+- applicationProtocol = SSL.getNextProtoNegotiated(ssl);
+- }
+- if (applicationProtocol != null) {
+- this.applicationProtocol = selectApplicationProtocol(
+- protocols, behavior, applicationProtocol);
+- }
+- break;
+- default:
+- throw new Error();
+- }
+- }
+-
+- private String selectApplicationProtocol(List<String> protocols,
+- ApplicationProtocolConfig.SelectedListenerFailureBehavior behavior,
+- String applicationProtocol) throws SSLException {
+- if (behavior == ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT) {
+- return applicationProtocol;
+- } else {
+- int size = protocols.size();
+- assert size > 0;
+- if (protocols.contains(applicationProtocol)) {
+- return applicationProtocol;
+- } else {
+- if (behavior == ApplicationProtocolConfig.SelectedListenerFailureBehavior.CHOOSE_MY_LAST_PROTOCOL) {
+- return protocols.get(size - 1);
+- } else {
+- throw new SSLException("unknown protocol " + applicationProtocol);
+- }
+- }
+- }
+- }
+-
+- @Override
+- public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
+- synchronized (ReferenceCountedOpenSslEngine.this) {
+- if (isEmpty(peerCerts)) {
+- throw new SSLPeerUnverifiedException("peer not verified");
+- }
+- return peerCerts.clone();
+- }
+- }
+-
+- @Override
+- public Certificate[] getLocalCertificates() {
+- if (localCerts == null) {
+- return null;
+- }
+- return localCerts.clone();
+- }
+-
+- @Override
+- public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
+- synchronized (ReferenceCountedOpenSslEngine.this) {
+- if (isEmpty(x509PeerCerts)) {
+- throw new SSLPeerUnverifiedException("peer not verified");
+- }
+- return x509PeerCerts.clone();
+- }
+- }
+-
+- @Override
+- public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
+- Certificate[] peer = getPeerCertificates();
+- // No need for null or length > 0 is needed as this is done in getPeerCertificates()
+- // already.
+- return ((java.security.cert.X509Certificate) peer[0]).getSubjectX500Principal();
+- }
+-
+- @Override
+- public Principal getLocalPrincipal() {
+- Certificate[] local = localCerts;
+- if (local == null || local.length == 0) {
+- return null;
+- }
+- return ((java.security.cert.X509Certificate) local[0]).getIssuerX500Principal();
+- }
+-
+- @Override
+- public String getCipherSuite() {
+- synchronized (ReferenceCountedOpenSslEngine.this) {
+- if (cipher == null) {
+- return INVALID_CIPHER;
+- }
+- return cipher;
+- }
+- }
+-
+- @Override
+- public String getProtocol() {
+- String protocol = this.protocol;
+- if (protocol == null) {
+- synchronized (ReferenceCountedOpenSslEngine.this) {
+- if (!isDestroyed()) {
+- protocol = SSL.getVersion(ssl);
+- } else {
+- protocol = StringUtil.EMPTY_STRING;
+- }
+- }
+- }
+- return protocol;
+- }
+-
+- @Override
+- public String getApplicationProtocol() {
+- synchronized (ReferenceCountedOpenSslEngine.this) {
+- return applicationProtocol;
+- }
+- }
+-
+- @Override
+- public String getPeerHost() {
+- return ReferenceCountedOpenSslEngine.this.getPeerHost();
+- }
+-
+- @Override
+- public int getPeerPort() {
+- return ReferenceCountedOpenSslEngine.this.getPeerPort();
+- }
+-
+- @Override
+- public int getPacketBufferSize() {
+- return MAX_ENCRYPTED_PACKET_LENGTH;
+- }
+-
+- @Override
+- public int getApplicationBufferSize() {
+- return MAX_PLAINTEXT_LENGTH;
+- }
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslServerContext.java b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslServerContext.java
+deleted file mode 100644
+index 4c9df31..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslServerContext.java
++++ /dev/null
+@@ -1,239 +0,0 @@
+-/*
+- * Copyright 2016 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import io.netty.internal.tcnative.SSL;
+-import io.netty.internal.tcnative.SSLContext;
+-import io.netty.internal.tcnative.SniHostNameMatcher;
+-import io.netty.util.internal.PlatformDependent;
+-import io.netty.util.internal.logging.InternalLogger;
+-import io.netty.util.internal.logging.InternalLoggerFactory;
+-
+-import java.security.KeyStore;
+-import java.security.PrivateKey;
+-import java.security.cert.X509Certificate;
+-import javax.net.ssl.KeyManagerFactory;
+-import javax.net.ssl.SSLException;
+-import javax.net.ssl.TrustManagerFactory;
+-import javax.net.ssl.X509ExtendedKeyManager;
+-import javax.net.ssl.X509ExtendedTrustManager;
+-import javax.net.ssl.X509KeyManager;
+-import javax.net.ssl.X509TrustManager;
+-
+-import static io.netty.util.internal.ObjectUtil.checkNotNull;
+-
+-/**
+- * A server-side {@link SslContext} which uses OpenSSL's SSL/TLS implementation.
+- * <p>Instances of this class must be {@link #release() released} or else native memory will leak!
+- *
+- * <p>Instances of this class <strong>must not</strong> be released before any {@link ReferenceCountedOpenSslEngine}
+- * which depends upon the instance of this class is released. Otherwise if any method of
+- * {@link ReferenceCountedOpenSslEngine} is called which uses this class's JNI resources the JVM may crash.
+- */
+-public final class ReferenceCountedOpenSslServerContext extends ReferenceCountedOpenSslContext {
+- private static final InternalLogger logger =
+- InternalLoggerFactory.getInstance(ReferenceCountedOpenSslServerContext.class);
+- private static final byte[] ID = {'n', 'e', 't', 't', 'y'};
+- private final OpenSslServerSessionContext sessionContext;
+- private final OpenSslKeyMaterialManager keyMaterialManager;
+-
+- ReferenceCountedOpenSslServerContext(
+- X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
+- X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
+- Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
+- long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth, String[] protocols, boolean startTls,
+- boolean enableOcsp) throws SSLException {
+- this(trustCertCollection, trustManagerFactory, keyCertChain, key, keyPassword, keyManagerFactory, ciphers,
+- cipherFilter, toNegotiator(apn), sessionCacheSize, sessionTimeout, clientAuth, protocols, startTls,
+- enableOcsp);
+- }
+-
+- private ReferenceCountedOpenSslServerContext(
+- X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
+- X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
+- Iterable<String> ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn,
+- long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth, String[] protocols, boolean startTls,
+- boolean enableOcsp) throws SSLException {
+- super(ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout, SSL.SSL_MODE_SERVER, keyCertChain,
+- clientAuth, protocols, startTls, enableOcsp, true);
+- // Create a new SSL_CTX and configure it.
+- boolean success = false;
+- try {
+- ServerContext context = newSessionContext(this, ctx, engineMap, trustCertCollection, trustManagerFactory,
+- keyCertChain, key, keyPassword, keyManagerFactory);
+- sessionContext = context.sessionContext;
+- keyMaterialManager = context.keyMaterialManager;
+- success = true;
+- } finally {
+- if (!success) {
+- release();
+- }
+- }
+- }
+-
+- @Override
+- public OpenSslServerSessionContext sessionContext() {
+- return sessionContext;
+- }
+-
+- @Override
+- OpenSslKeyMaterialManager keyMaterialManager() {
+- return keyMaterialManager;
+- }
+-
+- static final class ServerContext {
+- OpenSslServerSessionContext sessionContext;
+- OpenSslKeyMaterialManager keyMaterialManager;
+- }
+-
+- static ServerContext newSessionContext(ReferenceCountedOpenSslContext thiz, long ctx, OpenSslEngineMap engineMap,
+- X509Certificate[] trustCertCollection,
+- TrustManagerFactory trustManagerFactory,
+- X509Certificate[] keyCertChain, PrivateKey key,
+- String keyPassword, KeyManagerFactory keyManagerFactory)
+- throws SSLException {
+- ServerContext result = new ServerContext();
+- try {
+- SSLContext.setVerify(ctx, SSL.SSL_CVERIFY_NONE, VERIFY_DEPTH);
+- if (!OpenSsl.useKeyManagerFactory()) {
+- if (keyManagerFactory != null) {
+- throw new IllegalArgumentException(
+- "KeyManagerFactory not supported");
+- }
+- checkNotNull(keyCertChain, "keyCertChain");
+-
+- setKeyMaterial(ctx, keyCertChain, key, keyPassword);
+- } else {
+- // javadocs state that keyManagerFactory has precedent over keyCertChain, and we must have a
+- // keyManagerFactory for the server so build one if it is not specified.
+- if (keyManagerFactory == null) {
+- keyManagerFactory = buildKeyManagerFactory(
+- keyCertChain, key, keyPassword, keyManagerFactory);
+- }
+- X509KeyManager keyManager = chooseX509KeyManager(keyManagerFactory.getKeyManagers());
+- result.keyMaterialManager = useExtendedKeyManager(keyManager) ?
+- new OpenSslExtendedKeyMaterialManager(
+- (X509ExtendedKeyManager) keyManager, keyPassword) :
+- new OpenSslKeyMaterialManager(keyManager, keyPassword);
+- }
+- } catch (Exception e) {
+- throw new SSLException("failed to set certificate and key", e);
+- }
+- try {
+- if (trustCertCollection != null) {
+- trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory);
+- } else if (trustManagerFactory == null) {
+- // Mimic the way SSLContext.getInstance(KeyManager[], null, null) works
+- trustManagerFactory = TrustManagerFactory.getInstance(
+- TrustManagerFactory.getDefaultAlgorithm());
+- trustManagerFactory.init((KeyStore) null);
+- }
+-
+- final X509TrustManager manager = chooseTrustManager(trustManagerFactory.getTrustManagers());
+-
+- // IMPORTANT: The callbacks set for verification must be static to prevent memory leak as
+- // otherwise the context can never be collected. This is because the JNI code holds
+- // a global reference to the callbacks.
+- //
+- // See https://github.com/netty/netty/issues/5372
+-
+- // Use this to prevent an error when running on java < 7
+- if (useExtendedTrustManager(manager)) {
+- SSLContext.setCertVerifyCallback(ctx,
+- new ExtendedTrustManagerVerifyCallback(engineMap, (X509ExtendedTrustManager) manager));
+- } else {
+- SSLContext.setCertVerifyCallback(ctx, new TrustManagerVerifyCallback(engineMap, manager));
+- }
+-
+- X509Certificate[] issuers = manager.getAcceptedIssuers();
+- if (issuers != null && issuers.length > 0) {
+- long bio = 0;
+- try {
+- bio = toBIO(issuers);
+- if (!SSLContext.setCACertificateBio(ctx, bio)) {
+- throw new SSLException("unable to setup accepted issuers for trustmanager " + manager);
+- }
+- } finally {
+- freeBio(bio);
+- }
+- }
+-
+- if (PlatformDependent.javaVersion() >= 8) {
+- // Only do on Java8+ as SNIMatcher is not supported in earlier releases.
+- // IMPORTANT: The callbacks set for hostname matching must be static to prevent memory leak as
+- // otherwise the context can never be collected. This is because the JNI code holds
+- // a global reference to the matcher.
+- SSLContext.setSniHostnameMatcher(ctx, new OpenSslSniHostnameMatcher(engineMap));
+- }
+- } catch (SSLException e) {
+- throw e;
+- } catch (Exception e) {
+- throw new SSLException("unable to setup trustmanager", e);
+- }
+-
+- result.sessionContext = new OpenSslServerSessionContext(thiz);
+- result.sessionContext.setSessionIdContext(ID);
+- return result;
+- }
+-
+- private static final class TrustManagerVerifyCallback extends AbstractCertificateVerifier {
+- private final X509TrustManager manager;
+-
+- TrustManagerVerifyCallback(OpenSslEngineMap engineMap, X509TrustManager manager) {
+- super(engineMap);
+- this.manager = manager;
+- }
+-
+- @Override
+- void verify(ReferenceCountedOpenSslEngine engine, X509Certificate[] peerCerts, String auth)
+- throws Exception {
+- manager.checkClientTrusted(peerCerts, auth);
+- }
+- }
+-
+- private static final class ExtendedTrustManagerVerifyCallback extends AbstractCertificateVerifier {
+- private final X509ExtendedTrustManager manager;
+-
+- ExtendedTrustManagerVerifyCallback(OpenSslEngineMap engineMap, X509ExtendedTrustManager manager) {
+- super(engineMap);
+- this.manager = manager;
+- }
+-
+- @Override
+- void verify(ReferenceCountedOpenSslEngine engine, X509Certificate[] peerCerts, String auth)
+- throws Exception {
+- manager.checkClientTrusted(peerCerts, auth, engine);
+- }
+- }
+-
+- private static final class OpenSslSniHostnameMatcher implements SniHostNameMatcher {
+- private final OpenSslEngineMap engineMap;
+-
+- OpenSslSniHostnameMatcher(OpenSslEngineMap engineMap) {
+- this.engineMap = engineMap;
+- }
+-
+- @Override
+- public boolean match(long ssl, String hostname) {
+- ReferenceCountedOpenSslEngine engine = engineMap.get(ssl);
+- if (engine != null) {
+- return engine.checkSniHostnameMatch(hostname);
+- }
+- logger.warn("No ReferenceCountedOpenSslEngine found for SSL pointer: {}", ssl);
+- return false;
+- }
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/SslContext.java b/handler/src/main/java/io/netty/handler/ssl/SslContext.java
+index 4998d0d..8dbc3cf 100644
+--- a/handler/src/main/java/io/netty/handler/ssl/SslContext.java
++++ b/handler/src/main/java/io/netty/handler/ssl/SslContext.java
+@@ -115,11 +115,7 @@ public abstract class SslContext {
+ }
+
+ private static SslProvider defaultProvider() {
+- if (OpenSsl.isAvailable()) {
+- return SslProvider.OPENSSL;
+- } else {
+- return SslProvider.JDK;
+- }
++ return SslProvider.JDK;
+ }
+
+ /**
+@@ -416,18 +412,6 @@ public abstract class SslContext {
+ trustCertCollection, trustManagerFactory, keyCertChain, key, keyPassword,
+ keyManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout,
+ clientAuth, protocols, startTls);
+- case OPENSSL:
+- verifyNullSslContextProvider(provider, sslContextProvider);
+- return new OpenSslServerContext(
+- trustCertCollection, trustManagerFactory, keyCertChain, key, keyPassword,
+- keyManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout,
+- clientAuth, protocols, startTls, enableOcsp);
+- case OPENSSL_REFCNT:
+- verifyNullSslContextProvider(provider, sslContextProvider);
+- return new ReferenceCountedOpenSslServerContext(
+- trustCertCollection, trustManagerFactory, keyCertChain, key, keyPassword,
+- keyManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout,
+- clientAuth, protocols, startTls, enableOcsp);
+ default:
+ throw new Error(provider.toString());
+ }
+@@ -770,18 +754,6 @@ public abstract class SslContext {
+ return new JdkSslClientContext(sslContextProvider,
+ trustCert, trustManagerFactory, keyCertChain, key, keyPassword,
+ keyManagerFactory, ciphers, cipherFilter, apn, protocols, sessionCacheSize, sessionTimeout);
+- case OPENSSL:
+- verifyNullSslContextProvider(provider, sslContextProvider);
+- return new OpenSslClientContext(
+- trustCert, trustManagerFactory, keyCertChain, key, keyPassword,
+- keyManagerFactory, ciphers, cipherFilter, apn, protocols, sessionCacheSize, sessionTimeout,
+- enableOcsp);
+- case OPENSSL_REFCNT:
+- verifyNullSslContextProvider(provider, sslContextProvider);
+- return new ReferenceCountedOpenSslClientContext(
+- trustCert, trustManagerFactory, keyCertChain, key, keyPassword,
+- keyManagerFactory, ciphers, cipherFilter, apn, protocols, sessionCacheSize, sessionTimeout,
+- enableOcsp);
+ default:
+ throw new Error(provider.toString());
+ }
+diff --git a/handler/src/main/java/io/netty/handler/ssl/SslHandler.java b/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
+index c054964..05c451a 100644
+--- a/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
++++ b/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
+@@ -159,6 +159,12 @@ import static io.netty.handler.ssl.SslUtils.getEncryptedPacketLength;
+ * <a href="https://github.com/netty/netty/issues/832">#832</a> in our issue tracker.
+ */
+ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundHandler {
++ private static final int MAX_PLAINTEXT_LENGTH = 16 * 1024; // 2^14
++ private static final int MAX_COMPRESSED_LENGTH = MAX_PLAINTEXT_LENGTH + 1024;
++ private static final int MAX_CIPHERTEXT_LENGTH = MAX_COMPRESSED_LENGTH + 1024;
++ // Header (5) + Data (2^14) + Compression (1024) + Encryption (1024) + MAC (20) + Padding (256)
++ static final int MAX_ENCRYPTED_PACKET_LENGTH = MAX_CIPHERTEXT_LENGTH + 5 + 20 + 256;
++ static final int MAX_ENCRYPTION_OVERHEAD_LENGTH = MAX_ENCRYPTED_PACKET_LENGTH - MAX_PLAINTEXT_LENGTH;
+
+ private static final InternalLogger logger =
+ InternalLoggerFactory.getInstance(SslHandler.class);
+@@ -181,40 +187,6 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
+ new ClosedChannelException(), SslHandler.class, "channelInactive(...)");
+
+ private enum SslEngineType {
+- TCNATIVE(true, COMPOSITE_CUMULATOR) {
+- @Override
+- SSLEngineResult unwrap(SslHandler handler, ByteBuf in, int readerIndex, int len, ByteBuf out)
+- throws SSLException {
+- int nioBufferCount = in.nioBufferCount();
+- int writerIndex = out.writerIndex();
+- final SSLEngineResult result;
+- if (nioBufferCount > 1) {
+- /*
+- * If {@link OpenSslEngine} is in use,
+- * we can use a special {@link OpenSslEngine#unwrap(ByteBuffer[], ByteBuffer[])} method
+- * that accepts multiple {@link ByteBuffer}s without additional memory copies.
+- */
+- ReferenceCountedOpenSslEngine opensslEngine = (ReferenceCountedOpenSslEngine) handler.engine;
+- try {
+- handler.singleBuffer[0] = toByteBuffer(out, writerIndex,
+- out.writableBytes());
+- result = opensslEngine.unwrap(in.nioBuffers(readerIndex, len), handler.singleBuffer);
+- } finally {
+- handler.singleBuffer[0] = null;
+- }
+- } else {
+- result = handler.engine.unwrap(toByteBuffer(in, readerIndex, len),
+- toByteBuffer(out, writerIndex, out.writableBytes()));
+- }
+- out.writerIndex(writerIndex + result.bytesProduced());
+- return result;
+- }
+-
+- @Override
+- int calculateWrapBufferCapacity(SslHandler handler, int pendingBytes, int numComponents) {
+- return ReferenceCountedOpenSslEngine.calculateOutNetBufSize(pendingBytes, numComponents);
+- }
+- },
+ CONSCRYPT(true, COMPOSITE_CUMULATOR) {
+ @Override
+ SSLEngineResult unwrap(SslHandler handler, ByteBuf in, int readerIndex, int len, ByteBuf out)
+@@ -265,9 +237,6 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
+ };
+
+ static SslEngineType forEngine(SSLEngine engine) {
+- if (engine instanceof ReferenceCountedOpenSslEngine) {
+- return TCNATIVE;
+- }
+ if (engine instanceof ConscryptAlpnSslEngine) {
+ return CONSCRYPT;
+ }
+@@ -1034,7 +1003,7 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
+
+ boolean nonSslRecord = false;
+
+- while (totalLength < ReferenceCountedOpenSslEngine.MAX_ENCRYPTED_PACKET_LENGTH) {
++ while (totalLength < MAX_ENCRYPTED_PACKET_LENGTH) {
+ final int readableBytes = endOffset - offset;
+ if (readableBytes < SslUtils.SSL_RECORD_HEADER_LENGTH) {
+ break;
+@@ -1055,7 +1024,7 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
+ }
+
+ int newTotalLength = totalLength + packetLength;
+- if (newTotalLength > ReferenceCountedOpenSslEngine.MAX_ENCRYPTED_PACKET_LENGTH) {
++ if (newTotalLength > MAX_ENCRYPTED_PACKET_LENGTH) {
+ // Don't read too much.
+ break;
+ }
+diff --git a/handler/src/main/java/io/netty/handler/ssl/ocsp/OcspClientHandler.java b/handler/src/main/java/io/netty/handler/ssl/ocsp/OcspClientHandler.java
+deleted file mode 100644
+index aff0949..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/ocsp/OcspClientHandler.java
++++ /dev/null
+@@ -1,65 +0,0 @@
+-/*
+- * Copyright 2017 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl.ocsp;
+-
+-import io.netty.channel.ChannelHandlerContext;
+-import io.netty.channel.ChannelInboundHandlerAdapter;
+-import io.netty.handler.ssl.ReferenceCountedOpenSslContext;
+-import io.netty.handler.ssl.ReferenceCountedOpenSslEngine;
+-import io.netty.handler.ssl.SslHandshakeCompletionEvent;
+-import io.netty.util.internal.ObjectUtil;
+-import io.netty.util.internal.ThrowableUtil;
+-import io.netty.util.internal.UnstableApi;
+-
+-import javax.net.ssl.SSLHandshakeException;
+-
+-/**
+- * A handler for SSL clients to handle and act upon stapled OCSP responses.
+- *
+- * @see ReferenceCountedOpenSslContext#enableOcsp()
+- * @see ReferenceCountedOpenSslEngine#getOcspResponse()
+- */
+-@UnstableApi
+-public abstract class OcspClientHandler extends ChannelInboundHandlerAdapter {
+-
+- private static final SSLHandshakeException OCSP_VERIFICATION_EXCEPTION = ThrowableUtil.unknownStackTrace(
+- new SSLHandshakeException("Bad OCSP response"), OcspClientHandler.class, "verify(...)");
+-
+- private final ReferenceCountedOpenSslEngine engine;
+-
+- protected OcspClientHandler(ReferenceCountedOpenSslEngine engine) {
+- this.engine = ObjectUtil.checkNotNull(engine, "engine");
+- }
+-
+- /**
+- * @see ReferenceCountedOpenSslEngine#getOcspResponse()
+- */
+- protected abstract boolean verify(ChannelHandlerContext ctx, ReferenceCountedOpenSslEngine engine) throws Exception;
+-
+- @Override
+- public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
+- if (evt instanceof SslHandshakeCompletionEvent) {
+- ctx.pipeline().remove(this);
+-
+- SslHandshakeCompletionEvent event = (SslHandshakeCompletionEvent) evt;
+- if (event.isSuccess() && !verify(ctx, engine)) {
+- throw OCSP_VERIFICATION_EXCEPTION;
+- }
+- }
+-
+- ctx.fireUserEventTriggered(evt);
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/ocsp/package-info.java b/handler/src/main/java/io/netty/handler/ssl/ocsp/package-info.java
+deleted file mode 100644
+index 2883ff4..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/ocsp/package-info.java
++++ /dev/null
+@@ -1,23 +0,0 @@
+-/*
+- * Copyright 2017 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-
+-/**
+- * <a href="https://en.wikipedia.org/wiki/OCSP_stapling">OCSP stapling</a>,
+- * formally known as the TLS Certificate Status Request extension, is an
+- * alternative approach to the Online Certificate Status Protocol (OCSP)
+- * for checking the revocation status of X.509 digital certificates.
+- */
+-package io.netty.handler.ssl.ocsp;
+diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkOpenSslEngineInteroptTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkOpenSslEngineInteroptTest.java
+deleted file mode 100644
+index d696d6b..0000000
+--- a/handler/src/test/java/io/netty/handler/ssl/JdkOpenSslEngineInteroptTest.java
++++ /dev/null
+@@ -1,108 +0,0 @@
+-/*
+- * Copyright 2016 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import org.junit.BeforeClass;
+-import org.junit.Test;
+-import org.junit.runner.RunWith;
+-import org.junit.runners.Parameterized;
+-
+-import java.util.ArrayList;
+-import java.util.Collection;
+-import java.util.List;
+-
+-import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
+-import static io.netty.internal.tcnative.SSL.SSL_CVERIFY_IGNORED;
+-import static org.junit.Assume.assumeTrue;
+-
+-(a)RunWith(Parameterized.class)
+-public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
+-
+- @Parameterized.Parameters(name = "{index}: bufferType = {0}")
+- public static Collection<Object> data() {
+- List<Object> params = new ArrayList<Object>();
+- for (BufferType type: BufferType.values()) {
+- params.add(type);
+- }
+- return params;
+- }
+-
+- public JdkOpenSslEngineInteroptTest(BufferType type) {
+- super(type);
+- }
+-
+- @BeforeClass
+- public static void checkOpenSsl() {
+- assumeTrue(OpenSsl.isAvailable());
+- }
+-
+- @Override
+- protected SslProvider sslClientProvider() {
+- return SslProvider.JDK;
+- }
+-
+- @Override
+- protected SslProvider sslServerProvider() {
+- return SslProvider.OPENSSL;
+- }
+-
+- @Override
+- @Test
+- public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception {
+- checkShouldUseKeyManagerFactory();
+- super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth();
+- }
+-
+- @Override
+- @Test
+- public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception {
+- checkShouldUseKeyManagerFactory();
+- super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth();
+- }
+-
+- @Override
+- @Test
+- public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception {
+- checkShouldUseKeyManagerFactory();
+- super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth();
+- }
+-
+- @Override
+- @Test
+- public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
+- checkShouldUseKeyManagerFactory();
+- super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth();
+- }
+-
+- @Override
+- @Test
+- public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
+- checkShouldUseKeyManagerFactory();
+- super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth();
+- }
+-
+- @Override
+- protected void mySetupMutualAuthServerInitSslHandler(SslHandler handler) {
+- ReferenceCountedOpenSslEngine engine = (ReferenceCountedOpenSslEngine) handler.engine();
+- engine.setVerify(SSL_CVERIFY_IGNORED, 1);
+- }
+-
+- @Override
+- protected boolean mySetupMutualAuthServerIsValidClientException(Throwable cause) {
+- // TODO(scott): work around for a JDK issue. The exception should be SSLHandshakeException.
+- return super.mySetupMutualAuthServerIsValidClientException(cause) || causedBySSLException(cause);
+- }
+-}
+diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslCertificateExceptionTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslCertificateExceptionTest.java
+deleted file mode 100644
+index 229e853..0000000
+--- a/handler/src/test/java/io/netty/handler/ssl/OpenSslCertificateExceptionTest.java
++++ /dev/null
+@@ -1,49 +0,0 @@
+-/*
+- * Copyright 2017 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import io.netty.internal.tcnative.CertificateVerifier;
+-import org.junit.Assert;
+-import org.junit.Assume;
+-import org.junit.BeforeClass;
+-import org.junit.Test;
+-
+-import java.lang.reflect.Field;
+-
+-public class OpenSslCertificateExceptionTest {
+-
+- @BeforeClass
+- public static void assumeOpenSsl() {
+- Assume.assumeTrue(OpenSsl.isAvailable());
+- }
+-
+- @Test
+- public void testValidErrorCode() throws Exception {
+- Field[] fields = CertificateVerifier.class.getFields();
+- for (Field field : fields) {
+- if (field.isAccessible()) {
+- int errorCode = field.getInt(null);
+- OpenSslCertificateException exception = new OpenSslCertificateException(errorCode);
+- Assert.assertEquals(errorCode, exception.errorCode());
+- }
+- }
+- }
+-
+- @Test(expected = IllegalArgumentException.class)
+- public void testNonValidErrorCode() {
+- new OpenSslCertificateException(Integer.MIN_VALUE);
+- }
+-}
+diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslClientContextTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslClientContextTest.java
+deleted file mode 100644
+index 6011cf7..0000000
+--- a/handler/src/test/java/io/netty/handler/ssl/OpenSslClientContextTest.java
++++ /dev/null
+@@ -1,38 +0,0 @@
+-/*
+- * Copyright 2016 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
+-import org.junit.BeforeClass;
+-
+-import javax.net.ssl.SSLException;
+-import java.io.File;
+-
+-import static org.junit.Assume.assumeTrue;
+-
+-public class OpenSslClientContextTest extends SslContextTest {
+-
+- @BeforeClass
+- public static void checkOpenSsl() {
+- assumeTrue(OpenSsl.isAvailable());
+- }
+-
+- @Override
+- protected SslContext newServerContext(File crtFile, File keyFile, String pass) throws SSLException {
+- return new OpenSslClientContext(crtFile, InsecureTrustManagerFactory.INSTANCE, crtFile, keyFile, pass,
+- null, null, IdentityCipherSuiteFilter.INSTANCE, ApplicationProtocolConfig.DISABLED, 0, 0);
+- }
+-}
+diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java
+deleted file mode 100644
+index 5939b66..0000000
+--- a/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java
++++ /dev/null
+@@ -1,661 +0,0 @@
+-/*
+- * Copyright 2015 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import io.netty.buffer.UnpooledByteBufAllocator;
+-import io.netty.handler.ssl.ApplicationProtocolConfig.Protocol;
+-import io.netty.handler.ssl.ApplicationProtocolConfig.SelectedListenerFailureBehavior;
+-import io.netty.handler.ssl.ApplicationProtocolConfig.SelectorFailureBehavior;
+-import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
+-import io.netty.handler.ssl.util.SelfSignedCertificate;
+-import io.netty.util.internal.PlatformDependent;
+-import org.junit.Assume;
+-import org.junit.BeforeClass;
+-import org.junit.Test;
+-import org.junit.runner.RunWith;
+-import org.junit.runners.Parameterized;
+-
+-import java.nio.ByteBuffer;
+-import java.security.AlgorithmConstraints;
+-import java.security.AlgorithmParameters;
+-import java.security.CryptoPrimitive;
+-import java.security.Key;
+-import java.util.ArrayList;
+-import java.util.Collection;
+-import java.util.List;
+-import java.util.Set;
+-import javax.net.ssl.SSLEngine;
+-import javax.net.ssl.SSLEngineResult;
+-import javax.net.ssl.SSLException;
+-import javax.net.ssl.SSLParameters;
+-
+-import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
+-import static io.netty.handler.ssl.ReferenceCountedOpenSslEngine.MAX_ENCRYPTED_PACKET_LENGTH;
+-import static io.netty.handler.ssl.ReferenceCountedOpenSslEngine.MAX_TLS_RECORD_OVERHEAD_LENGTH;
+-import static io.netty.handler.ssl.ReferenceCountedOpenSslEngine.MAX_PLAINTEXT_LENGTH;
+-import static io.netty.internal.tcnative.SSL.SSL_CVERIFY_IGNORED;
+-import static java.lang.Integer.MAX_VALUE;
+-import static org.junit.Assert.assertEquals;
+-import static org.junit.Assert.assertFalse;
+-import static org.junit.Assert.assertNull;
+-import static org.junit.Assert.assertSame;
+-import static org.junit.Assert.assertTrue;
+-import static org.junit.Assume.assumeTrue;
+-
+-(a)RunWith(Parameterized.class)
+-public class OpenSslEngineTest extends SSLEngineTest {
+- private static final String PREFERRED_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http2";
+- private static final String FALLBACK_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http1_1";
+-
+- @Parameterized.Parameters(name = "{index}: bufferType = {0}")
+- public static Collection<Object> data() {
+- List<Object> params = new ArrayList<Object>();
+- for (BufferType type: BufferType.values()) {
+- params.add(type);
+- }
+- return params;
+- }
+-
+- public OpenSslEngineTest(BufferType type) {
+- super(type);
+- }
+-
+- @BeforeClass
+- public static void checkOpenSsl() {
+- assumeTrue(OpenSsl.isAvailable());
+- }
+-
+- @Override
+- @Test
+- public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception {
+- checkShouldUseKeyManagerFactory();
+- super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth();
+- }
+-
+- @Override
+- @Test
+- public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception {
+- checkShouldUseKeyManagerFactory();
+- super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth();
+- }
+-
+- @Override
+- @Test
+- public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception {
+- checkShouldUseKeyManagerFactory();
+- super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth();
+- }
+-
+- @Override
+- @Test
+- public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
+- checkShouldUseKeyManagerFactory();
+- super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth();
+- }
+-
+- @Override
+- @Test
+- public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
+- checkShouldUseKeyManagerFactory();
+- super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth();
+- }
+-
+- @Override
+- @Test
+- public void testClientHostnameValidationSuccess() throws InterruptedException, SSLException {
+- assumeTrue(OpenSsl.supportsHostnameValidation());
+- super.testClientHostnameValidationSuccess();
+- }
+-
+- @Override
+- @Test
+- public void testClientHostnameValidationFail() throws InterruptedException, SSLException {
+- assumeTrue(OpenSsl.supportsHostnameValidation());
+- super.testClientHostnameValidationFail();
+- }
+-
+- @Test
+- public void testNpn() throws Exception {
+- ApplicationProtocolConfig apn = acceptingNegotiator(Protocol.NPN,
+- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
+- setupHandlers(apn);
+- runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
+- }
+-
+- @Test
+- public void testAlpn() throws Exception {
+- assumeTrue(OpenSsl.isAlpnSupported());
+- ApplicationProtocolConfig apn = acceptingNegotiator(Protocol.ALPN,
+- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
+- setupHandlers(apn);
+- runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
+- }
+-
+- @Test
+- public void testAlpnCompatibleProtocolsDifferentClientOrder() throws Exception {
+- assumeTrue(OpenSsl.isAlpnSupported());
+- ApplicationProtocolConfig clientApn = acceptingNegotiator(Protocol.ALPN,
+- FALLBACK_APPLICATION_LEVEL_PROTOCOL, PREFERRED_APPLICATION_LEVEL_PROTOCOL);
+- ApplicationProtocolConfig serverApn = acceptingNegotiator(Protocol.ALPN,
+- PREFERRED_APPLICATION_LEVEL_PROTOCOL, FALLBACK_APPLICATION_LEVEL_PROTOCOL);
+- setupHandlers(serverApn, clientApn);
+- assertNull(serverException);
+- runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
+- }
+-
+- @Test
+- public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
+- testEnablingAnAlreadyDisabledSslProtocol(new String[]{PROTOCOL_SSL_V2_HELLO},
+- new String[]{PROTOCOL_SSL_V2_HELLO, PROTOCOL_TLS_V1_2});
+- }
+- @Test
+- public void testWrapBuffersNoWritePendingError() throws Exception {
+- clientSslCtx = SslContextBuilder.forClient()
+- .trustManager(InsecureTrustManagerFactory.INSTANCE)
+- .sslProvider(sslClientProvider())
+- .build();
+- SelfSignedCertificate ssc = new SelfSignedCertificate();
+- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
+- .sslProvider(sslServerProvider())
+- .build();
+- SSLEngine clientEngine = null;
+- SSLEngine serverEngine = null;
+- try {
+- clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
+- serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
+- handshake(clientEngine, serverEngine);
+-
+- ByteBuffer src = allocateBuffer(1024 * 10);
+- byte[] data = new byte[src.capacity()];
+- PlatformDependent.threadLocalRandom().nextBytes(data);
+- src.put(data).flip();
+- ByteBuffer dst = allocateBuffer(1);
+- // Try to wrap multiple times so we are more likely to hit the issue.
+- for (int i = 0; i < 100; i++) {
+- src.position(0);
+- dst.position(0);
+- assertSame(SSLEngineResult.Status.BUFFER_OVERFLOW, clientEngine.wrap(src, dst).getStatus());
+- }
+- } finally {
+- cleanupClientSslEngine(clientEngine);
+- cleanupServerSslEngine(serverEngine);
+- }
+- }
+-
+- @Test
+- public void testOnlySmallBufferNeededForWrap() throws Exception {
+- clientSslCtx = SslContextBuilder.forClient()
+- .trustManager(InsecureTrustManagerFactory.INSTANCE)
+- .sslProvider(sslClientProvider())
+- .build();
+- SelfSignedCertificate ssc = new SelfSignedCertificate();
+- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
+- .sslProvider(sslServerProvider())
+- .build();
+- SSLEngine clientEngine = null;
+- SSLEngine serverEngine = null;
+- try {
+- clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
+- serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
+- handshake(clientEngine, serverEngine);
+-
+- // Allocate a buffer which is small enough and set the limit to the capacity to mark its whole content
+- // as readable.
+- int srcLen = 1024;
+- ByteBuffer src = allocateBuffer(srcLen);
+-
+- ByteBuffer dstTooSmall = allocateBuffer(
+- src.capacity() + MAX_TLS_RECORD_OVERHEAD_LENGTH - 1);
+- ByteBuffer dst = allocateBuffer(
+- src.capacity() + MAX_TLS_RECORD_OVERHEAD_LENGTH);
+-
+- // Check that we fail to wrap if the dst buffers capacity is not at least
+- // src.capacity() + ReferenceCountedOpenSslEngine.MAX_TLS_RECORD_OVERHEAD_LENGTH
+- SSLEngineResult result = clientEngine.wrap(src, dstTooSmall);
+- assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, result.getStatus());
+- assertEquals(0, result.bytesConsumed());
+- assertEquals(0, result.bytesProduced());
+- assertEquals(src.remaining(), src.capacity());
+- assertEquals(dst.remaining(), dst.capacity());
+-
+- // Check that we can wrap with a dst buffer that has the capacity of
+- // src.capacity() + ReferenceCountedOpenSslEngine.MAX_TLS_RECORD_OVERHEAD_LENGTH
+- result = clientEngine.wrap(src, dst);
+- assertEquals(SSLEngineResult.Status.OK, result.getStatus());
+- assertEquals(srcLen, result.bytesConsumed());
+- assertEquals(0, src.remaining());
+- assertTrue(result.bytesProduced() > srcLen);
+- assertEquals(src.capacity() - result.bytesConsumed(), src.remaining());
+- assertEquals(dst.capacity() - result.bytesProduced(), dst.remaining());
+- } finally {
+- cleanupClientSslEngine(clientEngine);
+- cleanupServerSslEngine(serverEngine);
+- }
+- }
+-
+- @Test
+- public void testNeededDstCapacityIsCorrectlyCalculated() throws Exception {
+- clientSslCtx = SslContextBuilder.forClient()
+- .trustManager(InsecureTrustManagerFactory.INSTANCE)
+- .sslProvider(sslClientProvider())
+- .build();
+- SelfSignedCertificate ssc = new SelfSignedCertificate();
+- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
+- .sslProvider(sslServerProvider())
+- .build();
+- SSLEngine clientEngine = null;
+- SSLEngine serverEngine = null;
+- try {
+- clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
+- serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
+- handshake(clientEngine, serverEngine);
+-
+- ByteBuffer src = allocateBuffer(1024);
+- ByteBuffer src2 = src.duplicate();
+-
+- ByteBuffer dst = allocateBuffer(src.capacity()
+- + MAX_TLS_RECORD_OVERHEAD_LENGTH);
+-
+- SSLEngineResult result = clientEngine.wrap(new ByteBuffer[] { src, src2 }, dst);
+- assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, result.getStatus());
+- assertEquals(0, src.position());
+- assertEquals(0, src2.position());
+- assertEquals(0, dst.position());
+- assertEquals(0, result.bytesConsumed());
+- assertEquals(0, result.bytesProduced());
+- } finally {
+- cleanupClientSslEngine(clientEngine);
+- cleanupServerSslEngine(serverEngine);
+- }
+- }
+-
+- @Test
+- public void testSrcsLenOverFlowCorrectlyHandled() throws Exception {
+- clientSslCtx = SslContextBuilder.forClient()
+- .trustManager(InsecureTrustManagerFactory.INSTANCE)
+- .sslProvider(sslClientProvider())
+- .build();
+- SelfSignedCertificate ssc = new SelfSignedCertificate();
+- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
+- .sslProvider(sslServerProvider())
+- .build();
+- SSLEngine clientEngine = null;
+- SSLEngine serverEngine = null;
+- try {
+- clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
+- serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
+- handshake(clientEngine, serverEngine);
+-
+- ByteBuffer src = allocateBuffer(1024);
+- List<ByteBuffer> srcList = new ArrayList<ByteBuffer>();
+- long srcsLen = 0;
+- long maxLen = ((long) MAX_VALUE) * 2;
+-
+- while (srcsLen < maxLen) {
+- ByteBuffer dup = src.duplicate();
+- srcList.add(dup);
+- srcsLen += dup.capacity();
+- }
+-
+- ByteBuffer[] srcs = srcList.toArray(new ByteBuffer[srcList.size()]);
+-
+- ByteBuffer dst = allocateBuffer(MAX_ENCRYPTED_PACKET_LENGTH - 1);
+-
+- SSLEngineResult result = clientEngine.wrap(srcs, dst);
+- assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, result.getStatus());
+-
+- for (ByteBuffer buffer : srcs) {
+- assertEquals(0, buffer.position());
+- }
+- assertEquals(0, dst.position());
+- assertEquals(0, result.bytesConsumed());
+- assertEquals(0, result.bytesProduced());
+- } finally {
+- cleanupClientSslEngine(clientEngine);
+- cleanupServerSslEngine(serverEngine);
+- }
+- }
+-
+- @Test
+- public void testCalculateOutNetBufSizeOverflow() {
+- assertEquals(MAX_ENCRYPTED_PACKET_LENGTH,
+- ReferenceCountedOpenSslEngine.calculateOutNetBufSize(MAX_VALUE, 1));
+- }
+-
+- @Test
+- public void testCalculateOutNetBufSize0() {
+- assertEquals(MAX_TLS_RECORD_OVERHEAD_LENGTH,
+- ReferenceCountedOpenSslEngine.calculateOutNetBufSize(0, 1));
+- }
+-
+- @Test
+- public void testCalculateOutNetBufSizeMaxEncryptedPacketLength() {
+- assertEquals(MAX_ENCRYPTED_PACKET_LENGTH,
+- ReferenceCountedOpenSslEngine.calculateOutNetBufSize(MAX_ENCRYPTED_PACKET_LENGTH + 1, 2));
+- }
+-
+- @Override
+- protected void mySetupMutualAuthServerInitSslHandler(SslHandler handler) {
+- ReferenceCountedOpenSslEngine engine = (ReferenceCountedOpenSslEngine) handler.engine();
+- engine.setVerify(SSL_CVERIFY_IGNORED, 1);
+- }
+-
+- @Test
+- public void testWrapWithDifferentSizesTLSv1() throws Exception {
+- clientSslCtx = SslContextBuilder.forClient()
+- .trustManager(InsecureTrustManagerFactory.INSTANCE)
+- .sslProvider(sslClientProvider())
+- .build();
+- SelfSignedCertificate ssc = new SelfSignedCertificate();
+- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
+- .sslProvider(sslServerProvider())
+- .build();
+-
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ADH-AES128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "AES128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ECDHE-RSA-AES128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ADH-CAMELLIA128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "DES-CBC3-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "AECDH-AES128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "AECDH-DES-CBC3-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "CAMELLIA128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "DHE-RSA-AES256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "SEED-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "RC4-MD5");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ADH-AES256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "AES256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ADH-SEED-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ADH-DES-CBC3-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "EDH-RSA-DES-CBC3-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ADH-RC4-MD5");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "IDEA-CBC-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "DHE-RSA-AES128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "RC4-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "CAMELLIA256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "AECDH-RC4-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "DHE-RSA-SEED-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "AECDH-AES256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ECDHE-RSA-DES-CBC3-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ADH-CAMELLIA256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "DHE-RSA-CAMELLIA256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ECDHE-RSA-AES256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "DHE-RSA-CAMELLIA128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ECDHE-RSA-RC4-SHA");
+- }
+-
+- @Test
+- public void testWrapWithDifferentSizesTLSv1_1() throws Exception {
+- clientSslCtx = SslContextBuilder.forClient()
+- .trustManager(InsecureTrustManagerFactory.INSTANCE)
+- .sslProvider(sslClientProvider())
+- .build();
+- SelfSignedCertificate ssc = new SelfSignedCertificate();
+- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
+- .sslProvider(sslServerProvider())
+- .build();
+-
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "DHE-RSA-AES256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "DHE-RSA-CAMELLIA256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ADH-CAMELLIA256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ADH-AES256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "AES256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "CAMELLIA256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "AECDH-AES128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "DHE-RSA-CAMELLIA128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ADH-AES128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ADH-SEED-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ADH-CAMELLIA128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "SEED-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "CAMELLIA128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "IDEA-CBC-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "AECDH-RC4-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ADH-RC4-MD5");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "RC4-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ECDHE-RSA-DES-CBC3-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "EDH-RSA-DES-CBC3-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "AECDH-DES-CBC3-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ADH-DES-CBC3-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "DES-CBC3-SHA");
+- }
+-
+- @Test
+- public void testWrapWithDifferentSizesTLSv1_2() throws Exception {
+- clientSslCtx = SslContextBuilder.forClient()
+- .trustManager(InsecureTrustManagerFactory.INSTANCE)
+- .sslProvider(sslClientProvider())
+- .build();
+- SelfSignedCertificate ssc = new SelfSignedCertificate();
+- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
+- .sslProvider(sslServerProvider())
+- .build();
+-
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-AES128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AES128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-CAMELLIA128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-AES256-GCM-SHA384");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DES-CBC3-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AECDH-AES128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AES128-GCM-SHA256");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-AES128-GCM-SHA256");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-SHA384");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AECDH-DES-CBC3-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AES256-GCM-SHA384");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AES256-SHA256");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-GCM-SHA256");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA256");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "CAMELLIA128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-AES256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "SEED-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "RC4-MD5");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-AES256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AES256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-SEED-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-AES128-SHA256");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-DES-CBC3-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "EDH-RSA-DES-CBC3-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-RC4-MD5");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "IDEA-CBC-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-AES128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "RC4-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "CAMELLIA256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-AES128-GCM-SHA256");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AES128-SHA256");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AECDH-RC4-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-AES256-GCM-SHA384");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-SEED-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-AES256-SHA256");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AECDH-AES256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-DES-CBC3-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-CAMELLIA256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-GCM-SHA384");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-CAMELLIA256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-AES256-SHA256");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-AES128-SHA256");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-CAMELLIA128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-RC4-SHA");
+- }
+-
+- @Test
+- public void testWrapWithDifferentSizesSSLv3() throws Exception {
+- clientSslCtx = SslContextBuilder.forClient()
+- .trustManager(InsecureTrustManagerFactory.INSTANCE)
+- .sslProvider(sslClientProvider())
+- .build();
+- SelfSignedCertificate ssc = new SelfSignedCertificate();
+- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
+- .sslProvider(sslServerProvider())
+- .build();
+-
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-AES128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "AES128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-CAMELLIA128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "DES-CBC3-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "AECDH-AES128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "AECDH-DES-CBC3-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "CAMELLIA128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "DHE-RSA-AES256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "SEED-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "RC4-MD5");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-AES256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "AES256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-SEED-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-DES-CBC3-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "EDH-RSA-DES-CBC3-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-RC4-MD5");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "IDEA-CBC-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "DHE-RSA-AES128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "RC4-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "CAMELLIA256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "AECDH-RC4-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "DHE-RSA-SEED-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "AECDH-AES256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ECDHE-RSA-DES-CBC3-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-CAMELLIA256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "DHE-RSA-CAMELLIA256-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "DHE-RSA-CAMELLIA128-SHA");
+- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ECDHE-RSA-RC4-SHA");
+- }
+-
+- private void testWrapWithDifferentSizes(String protocol, String cipher) throws Exception {
+- assumeTrue(OpenSsl.SUPPORTED_PROTOCOLS_SET.contains(protocol));
+- if (!OpenSsl.isCipherSuiteAvailable(cipher)) {
+- return;
+- }
+-
+- SSLEngine clientEngine = null;
+- SSLEngine serverEngine = null;
+- try {
+- clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
+- serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
+- clientEngine.setEnabledCipherSuites(new String[] { cipher });
+- clientEngine.setEnabledProtocols(new String[] { protocol });
+- serverEngine.setEnabledCipherSuites(new String[] { cipher });
+- serverEngine.setEnabledProtocols(new String[] { protocol });
+-
+- try {
+- handshake(clientEngine, serverEngine);
+- } catch (SSLException e) {
+- if (e.getMessage().contains("unsupported protocol")) {
+- Assume.assumeNoException(protocol + " not supported with cipher " + cipher, e);
+- }
+- throw e;
+- }
+-
+- int srcLen = 64;
+- do {
+- testWrapDstBigEnough(clientEngine, srcLen);
+- srcLen += 64;
+- } while (srcLen < MAX_PLAINTEXT_LENGTH);
+-
+- testWrapDstBigEnough(clientEngine, MAX_PLAINTEXT_LENGTH);
+- } finally {
+- cleanupClientSslEngine(clientEngine);
+- cleanupServerSslEngine(serverEngine);
+- }
+- }
+-
+- private void testWrapDstBigEnough(SSLEngine engine, int srcLen) throws SSLException {
+- ByteBuffer src = allocateBuffer(srcLen);
+- ByteBuffer dst = allocateBuffer(srcLen + MAX_TLS_RECORD_OVERHEAD_LENGTH);
+-
+- SSLEngineResult result = engine.wrap(src, dst);
+- assertEquals(SSLEngineResult.Status.OK, result.getStatus());
+- int consumed = result.bytesConsumed();
+- int produced = result.bytesProduced();
+- assertEquals(srcLen, consumed);
+- assertTrue(produced > consumed);
+-
+- dst.flip();
+- assertEquals(produced, dst.remaining());
+- assertFalse(src.hasRemaining());
+- }
+-
+- @Test
+- public void testSNIMatchersDoesNotThrow() throws Exception {
+- assumeTrue(PlatformDependent.javaVersion() >= 8);
+- SelfSignedCertificate ssc = new SelfSignedCertificate();
+- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
+- .sslProvider(sslServerProvider())
+- .build();
+-
+- SSLEngine engine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
+- try {
+- SSLParameters parameters = new SSLParameters();
+- Java8SslTestUtils.setSNIMatcher(parameters);
+- engine.setSSLParameters(parameters);
+- } finally {
+- cleanupServerSslEngine(engine);
+- ssc.delete();
+- }
+- }
+-
+- @Test(expected = IllegalArgumentException.class)
+- public void testAlgorithmConstraintsThrows() throws Exception {
+- SelfSignedCertificate ssc = new SelfSignedCertificate();
+- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
+- .sslProvider(sslServerProvider())
+- .build();
+-
+- SSLEngine engine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
+- try {
+- SSLParameters parameters = new SSLParameters();
+- parameters.setAlgorithmConstraints(new AlgorithmConstraints() {
+- @Override
+- public boolean permits(
+- Set<CryptoPrimitive> primitives, String algorithm, AlgorithmParameters parameters) {
+- return false;
+- }
+-
+- @Override
+- public boolean permits(Set<CryptoPrimitive> primitives, Key key) {
+- return false;
+- }
+-
+- @Override
+- public boolean permits(
+- Set<CryptoPrimitive> primitives, String algorithm, Key key, AlgorithmParameters parameters) {
+- return false;
+- }
+- });
+- engine.setSSLParameters(parameters);
+- } finally {
+- cleanupServerSslEngine(engine);
+- ssc.delete();
+- }
+- }
+-
+- @Override
+- protected SslProvider sslClientProvider() {
+- return SslProvider.OPENSSL;
+- }
+-
+- @Override
+- protected SslProvider sslServerProvider() {
+- return SslProvider.OPENSSL;
+- }
+-
+- private static ApplicationProtocolConfig acceptingNegotiator(Protocol protocol,
+- String... supportedProtocols) {
+- return new ApplicationProtocolConfig(protocol,
+- SelectorFailureBehavior.NO_ADVERTISE,
+- SelectedListenerFailureBehavior.ACCEPT,
+- supportedProtocols);
+- }
+-}
+diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslJdkSslEngineInteroptTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslJdkSslEngineInteroptTest.java
+deleted file mode 100644
+index f63a16f..0000000
+--- a/handler/src/test/java/io/netty/handler/ssl/OpenSslJdkSslEngineInteroptTest.java
++++ /dev/null
+@@ -1,114 +0,0 @@
+-/*
+- * Copyright 2016 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import org.junit.BeforeClass;
+-import org.junit.Ignore;
+-import org.junit.Test;
+-
+-import javax.net.ssl.SSLException;
+-import org.junit.runner.RunWith;
+-import org.junit.runners.Parameterized;
+-
+-import java.util.ArrayList;
+-import java.util.Collection;
+-import java.util.List;
+-
+-import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
+-import static org.junit.Assume.assumeTrue;
+-
+-(a)RunWith(Parameterized.class)
+-public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
+-
+- @Parameterized.Parameters(name = "{index}: bufferType = {0}")
+- public static Collection<Object> data() {
+- List<Object> params = new ArrayList<Object>();
+- for (BufferType type: BufferType.values()) {
+- params.add(type);
+- }
+- return params;
+- }
+-
+- public OpenSslJdkSslEngineInteroptTest(BufferType type) {
+- super(type);
+- }
+-
+- @BeforeClass
+- public static void checkOpenSsl() {
+- assumeTrue(OpenSsl.isAvailable());
+- }
+-
+- @Override
+- protected SslProvider sslClientProvider() {
+- return SslProvider.OPENSSL;
+- }
+-
+- @Override
+- protected SslProvider sslServerProvider() {
+- return SslProvider.JDK;
+- }
+-
+- @Ignore /* Does the JDK support a "max certificate chain length"? */
+- @Override
+- public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
+- }
+-
+- @Ignore /* Does the JDK support a "max certificate chain length"? */
+- @Override
+- public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
+- }
+-
+- @Override
+- @Test
+- public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception {
+- checkShouldUseKeyManagerFactory();
+- super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth();
+- }
+-
+- @Override
+- @Test
+- public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception {
+- checkShouldUseKeyManagerFactory();
+- super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth();
+- }
+-
+- @Override
+- @Test
+- public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception {
+- checkShouldUseKeyManagerFactory();
+- super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth();
+- }
+-
+- @Override
+- @Test
+- public void testClientHostnameValidationSuccess() throws InterruptedException, SSLException {
+- assumeTrue(OpenSsl.supportsHostnameValidation());
+- super.testClientHostnameValidationSuccess();
+- }
+-
+- @Override
+- @Test
+- public void testClientHostnameValidationFail() throws InterruptedException, SSLException {
+- assumeTrue(OpenSsl.supportsHostnameValidation());
+- super.testClientHostnameValidationFail();
+- }
+-
+- @Override
+- protected boolean mySetupMutualAuthServerIsValidServerException(Throwable cause) {
+- // TODO(scott): work around for a JDK issue. The exception should be SSLHandshakeException.
+- return super.mySetupMutualAuthServerIsValidServerException(cause) || causedBySSLException(cause);
+- }
+-}
+diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateSmallBIOTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateSmallBIOTest.java
+deleted file mode 100644
+index 3959e64..0000000
+--- a/handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateSmallBIOTest.java
++++ /dev/null
+@@ -1,23 +0,0 @@
+-/*
+- * Copyright 2017 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-public class OpenSslRenegotiateSmallBIOTest extends OpenSslRenegotiateTest {
+- @Override
+- protected void initSslServerContext(SslContext context) {
+- ((ReferenceCountedOpenSslContext) context).setBioNonApplicationBufferSize(1);
+- }
+-}
+diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateTest.java
+deleted file mode 100644
+index 8f3dfee..0000000
+--- a/handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateTest.java
++++ /dev/null
+@@ -1,36 +0,0 @@
+-/*
+- * Copyright 2015 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import org.junit.BeforeClass;
+-
+-import static org.junit.Assume.assumeFalse;
+-import static org.junit.Assume.assumeTrue;
+-
+-public class OpenSslRenegotiateTest extends RenegotiateTest {
+-
+- @BeforeClass
+- public static void checkOpenSsl() {
+- assumeTrue(OpenSsl.isAvailable());
+- // BoringSSL does not support renegotiation intentionally.
+- assumeFalse("BoringSSL".equals(OpenSsl.versionString()));
+- }
+-
+- @Override
+- protected SslProvider serverSslProvider() {
+- return SslProvider.OPENSSL;
+- }
+-}
+diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java
+deleted file mode 100644
+index f22d045..0000000
+--- a/handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java
++++ /dev/null
+@@ -1,39 +0,0 @@
+-/*
+- * Copyright 2016 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-
+-package io.netty.handler.ssl;
+-
+-import org.junit.Assume;
+-import org.junit.BeforeClass;
+-
+-import javax.net.ssl.SSLException;
+-import java.io.File;
+-
+-import static org.junit.Assume.assumeTrue;
+-
+-public class OpenSslServerContextTest extends SslContextTest {
+-
+- @BeforeClass
+- public static void checkOpenSsl() {
+- assumeTrue(OpenSsl.isAvailable());
+- }
+-
+- @Override
+- protected SslContext newServerContext(File crtFile, File keyFile, String pass) throws SSLException {
+- Assume.assumeTrue(OpenSsl.isAvailable());
+- return new OpenSslServerContext(crtFile, keyFile, pass);
+- }
+-}
+diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslTestUtils.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslTestUtils.java
+deleted file mode 100644
+index 7882a61..0000000
+--- a/handler/src/test/java/io/netty/handler/ssl/OpenSslTestUtils.java
++++ /dev/null
+@@ -1,27 +0,0 @@
+-/*
+- * Copyright 2017 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import static org.junit.Assume.assumeTrue;
+-
+-final class OpenSslTestUtils {
+- private OpenSslTestUtils() {
+- }
+-
+- static void checkShouldUseKeyManagerFactory() {
+- assumeTrue(OpenSsl.supportsKeyManagerFactory() && OpenSsl.useKeyManagerFactory());
+- }
+-}
+diff --git a/handler/src/test/java/io/netty/handler/ssl/PemEncodedTest.java b/handler/src/test/java/io/netty/handler/ssl/PemEncodedTest.java
+deleted file mode 100644
+index 793f772..0000000
+--- a/handler/src/test/java/io/netty/handler/ssl/PemEncodedTest.java
++++ /dev/null
+@@ -1,95 +0,0 @@
+-/*
+- * Copyright 2016 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-
+-package io.netty.handler.ssl;
+-
+-import static org.junit.Assert.assertEquals;
+-import static org.junit.Assert.assertTrue;
+-import static org.junit.Assume.assumeFalse;
+-import static org.junit.Assume.assumeTrue;
+-
+-import java.io.ByteArrayOutputStream;
+-import java.io.File;
+-import java.io.FileInputStream;
+-
+-import org.junit.Test;
+-
+-import io.netty.handler.ssl.util.SelfSignedCertificate;
+-import io.netty.util.ReferenceCountUtil;
+-
+-public class PemEncodedTest {
+-
+- @Test
+- public void testPemEncodedOpenSsl() throws Exception {
+- testPemEncoded(SslProvider.OPENSSL);
+- }
+-
+- @Test
+- public void testPemEncodedOpenSslRef() throws Exception {
+- testPemEncoded(SslProvider.OPENSSL_REFCNT);
+- }
+-
+- private static void testPemEncoded(SslProvider provider) throws Exception {
+- assumeTrue(OpenSsl.isAvailable());
+- assumeFalse(OpenSsl.useKeyManagerFactory());
+- PemPrivateKey pemKey;
+- PemX509Certificate pemCert;
+- SelfSignedCertificate ssc = new SelfSignedCertificate();
+- try {
+- pemKey = PemPrivateKey.valueOf(toByteArray(ssc.privateKey()));
+- pemCert = PemX509Certificate.valueOf(toByteArray(ssc.certificate()));
+- } finally {
+- ssc.delete();
+- }
+-
+- SslContext context = SslContextBuilder.forServer(pemKey, pemCert)
+- .sslProvider(provider)
+- .build();
+- assertEquals(1, pemKey.refCnt());
+- assertEquals(1, pemCert.refCnt());
+- try {
+- assertTrue(context instanceof ReferenceCountedOpenSslContext);
+- } finally {
+- ReferenceCountUtil.release(context);
+- assertRelease(pemKey);
+- assertRelease(pemCert);
+- }
+- }
+-
+- private static void assertRelease(PemEncoded encoded) {
+- assertTrue(encoded.release());
+- }
+-
+- private static byte[] toByteArray(File file) throws Exception {
+- FileInputStream in = new FileInputStream(file);
+- try {
+- ByteArrayOutputStream baos = new ByteArrayOutputStream();
+- try {
+- byte[] buf = new byte[1024];
+- int len;
+- while ((len = in.read(buf)) != -1) {
+- baos.write(buf, 0, len);
+- }
+- } finally {
+- baos.close();
+- }
+-
+- return baos.toByteArray();
+- } finally {
+- in.close();
+- }
+- }
+-}
+diff --git a/handler/src/test/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngineTest.java
+deleted file mode 100644
+index 6d38940..0000000
+--- a/handler/src/test/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngineTest.java
++++ /dev/null
+@@ -1,57 +0,0 @@
+-/*
+- * Copyright 2016 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import io.netty.util.ReferenceCountUtil;
+-
+-import javax.net.ssl.SSLEngine;
+-
+-public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest {
+-
+- public ReferenceCountedOpenSslEngineTest(BufferType type) {
+- super(type);
+- }
+-
+- @Override
+- protected SslProvider sslClientProvider() {
+- return SslProvider.OPENSSL_REFCNT;
+- }
+-
+- @Override
+- protected SslProvider sslServerProvider() {
+- return SslProvider.OPENSSL_REFCNT;
+- }
+-
+- @Override
+- protected void cleanupClientSslContext(SslContext ctx) {
+- ReferenceCountUtil.release(ctx);
+- }
+-
+- @Override
+- protected void cleanupClientSslEngine(SSLEngine engine) {
+- ReferenceCountUtil.release(engine);
+- }
+-
+- @Override
+- protected void cleanupServerSslContext(SslContext ctx) {
+- ReferenceCountUtil.release(ctx);
+- }
+-
+- @Override
+- protected void cleanupServerSslEngine(SSLEngine engine) {
+- ReferenceCountUtil.release(engine);
+- }
+-}
+diff --git a/handler/src/test/java/io/netty/handler/ssl/SniClientTest.java b/handler/src/test/java/io/netty/handler/ssl/SniClientTest.java
+deleted file mode 100644
+index 3193d20..0000000
+--- a/handler/src/test/java/io/netty/handler/ssl/SniClientTest.java
++++ /dev/null
+@@ -1,161 +0,0 @@
+-/*
+- * Copyright 2016 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import io.netty.bootstrap.Bootstrap;
+-import io.netty.bootstrap.ServerBootstrap;
+-import io.netty.buffer.ByteBufAllocator;
+-import io.netty.channel.Channel;
+-import io.netty.channel.ChannelInitializer;
+-import io.netty.channel.DefaultEventLoopGroup;
+-import io.netty.channel.EventLoopGroup;
+-import io.netty.channel.local.LocalAddress;
+-import io.netty.channel.local.LocalChannel;
+-import io.netty.channel.local.LocalServerChannel;
+-import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
+-import io.netty.handler.ssl.util.SelfSignedCertificate;
+-import io.netty.util.Mapping;
+-import io.netty.util.concurrent.Promise;
+-import io.netty.util.internal.PlatformDependent;
+-import org.junit.Assert;
+-import org.junit.Assume;
+-import org.junit.Test;
+-
+-import java.nio.channels.ClosedChannelException;
+-
+-public class SniClientTest {
+-
+- @Test(timeout = 30000)
+- public void testSniClientJdkSslServerJdkSsl() throws Exception {
+- testSniClient(SslProvider.JDK, SslProvider.JDK);
+- }
+-
+- @Test(timeout = 30000)
+- public void testSniClientOpenSslServerOpenSsl() throws Exception {
+- Assume.assumeTrue(OpenSsl.isAvailable());
+- testSniClient(SslProvider.OPENSSL, SslProvider.OPENSSL);
+- }
+-
+- @Test(timeout = 30000)
+- public void testSniClientJdkSslServerOpenSsl() throws Exception {
+- Assume.assumeTrue(OpenSsl.isAvailable());
+- testSniClient(SslProvider.JDK, SslProvider.OPENSSL);
+- }
+-
+- @Test(timeout = 30000)
+- public void testSniClientOpenSslServerJdkSsl() throws Exception {
+- Assume.assumeTrue(OpenSsl.isAvailable());
+- testSniClient(SslProvider.OPENSSL, SslProvider.JDK);
+- }
+-
+- @Test(timeout = 30000)
+- public void testSniSNIMatcherMatchesClientJdkSslServerJdkSsl() throws Exception {
+- Assume.assumeTrue(PlatformDependent.javaVersion() >= 8);
+- SniClientJava8TestUtil.testSniClient(SslProvider.JDK, SslProvider.JDK, true);
+- }
+-
+- @Test(timeout = 30000, expected = ClosedChannelException.class)
+- public void testSniSNIMatcherDoesNotMatchClientJdkSslServerJdkSsl() throws Exception {
+- Assume.assumeTrue(PlatformDependent.javaVersion() >= 8);
+- SniClientJava8TestUtil.testSniClient(SslProvider.JDK, SslProvider.JDK, false);
+- }
+-
+- @Test(timeout = 30000)
+- public void testSniSNIMatcherMatchesClientOpenSslServerOpenSsl() throws Exception {
+- Assume.assumeTrue(PlatformDependent.javaVersion() >= 8);
+- Assume.assumeTrue(OpenSsl.isAvailable());
+- SniClientJava8TestUtil.testSniClient(SslProvider.OPENSSL, SslProvider.OPENSSL, true);
+- }
+-
+- @Test(timeout = 30000, expected = ClosedChannelException.class)
+- public void testSniSNIMatcherDoesNotMatchClientOpenSslServerOpenSsl() throws Exception {
+- Assume.assumeTrue(PlatformDependent.javaVersion() >= 8);
+- Assume.assumeTrue(OpenSsl.isAvailable());
+- SniClientJava8TestUtil.testSniClient(SslProvider.OPENSSL, SslProvider.OPENSSL, false);
+- }
+-
+- @Test(timeout = 30000)
+- public void testSniSNIMatcherMatchesClientJdkSslServerOpenSsl() throws Exception {
+- Assume.assumeTrue(PlatformDependent.javaVersion() >= 8);
+- Assume.assumeTrue(OpenSsl.isAvailable());
+- SniClientJava8TestUtil.testSniClient(SslProvider.JDK, SslProvider.OPENSSL, true);
+- }
+-
+- @Test(timeout = 30000, expected = ClosedChannelException.class)
+- public void testSniSNIMatcherDoesNotMatchClientJdkSslServerOpenSsl() throws Exception {
+- Assume.assumeTrue(PlatformDependent.javaVersion() >= 8);
+- Assume.assumeTrue(OpenSsl.isAvailable());
+- SniClientJava8TestUtil.testSniClient(SslProvider.JDK, SslProvider.OPENSSL, false);
+- }
+-
+- @Test(timeout = 30000)
+- public void testSniSNIMatcherMatchesClientOpenSslServerJdkSsl() throws Exception {
+- Assume.assumeTrue(PlatformDependent.javaVersion() >= 8);
+- Assume.assumeTrue(OpenSsl.isAvailable());
+- SniClientJava8TestUtil.testSniClient(SslProvider.OPENSSL, SslProvider.JDK, true);
+- }
+-
+- @Test(timeout = 30000, expected = ClosedChannelException.class)
+- public void testSniSNIMatcherDoesNotMatchClientOpenSslServerJdkSsl() throws Exception {
+- Assume.assumeTrue(PlatformDependent.javaVersion() >= 8);
+- Assume.assumeTrue(OpenSsl.isAvailable());
+- SniClientJava8TestUtil.testSniClient(SslProvider.OPENSSL, SslProvider.JDK, false);
+- }
+-
+- private static void testSniClient(SslProvider sslClientProvider, SslProvider sslServerProvider) throws Exception {
+- final String sniHost = "sni.netty.io";
+- LocalAddress address = new LocalAddress("test");
+- EventLoopGroup group = new DefaultEventLoopGroup(1);
+- Channel sc = null;
+- Channel cc = null;
+- try {
+- SelfSignedCertificate cert = new SelfSignedCertificate();
+- final SslContext sslServerContext = SslContextBuilder.forServer(cert.key(), cert.cert())
+- .sslProvider(sslServerProvider).build();
+-
+- final Promise<String> promise = group.next().newPromise();
+- ServerBootstrap sb = new ServerBootstrap();
+- sc = sb.group(group).channel(LocalServerChannel.class).childHandler(new ChannelInitializer<Channel>() {
+- @Override
+- protected void initChannel(Channel ch) throws Exception {
+- ch.pipeline().addFirst(new SniHandler(new Mapping<String, SslContext>() {
+- @Override
+- public SslContext map(String input) {
+- promise.setSuccess(input);
+- return sslServerContext;
+- }
+- }));
+- }
+- }).bind(address).syncUninterruptibly().channel();
+-
+- SslContext sslContext = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE)
+- .sslProvider(sslClientProvider).build();
+- Bootstrap cb = new Bootstrap();
+- cc = cb.group(group).channel(LocalChannel.class).handler(new SslHandler(
+- sslContext.newEngine(ByteBufAllocator.DEFAULT, sniHost, -1)))
+- .connect(address).syncUninterruptibly().channel();
+- Assert.assertEquals(sniHost, promise.syncUninterruptibly().getNow());
+- } finally {
+- if (cc != null) {
+- cc.close().syncUninterruptibly();
+- }
+- if (sc != null) {
+- sc.close().syncUninterruptibly();
+- }
+- group.shutdownGracefully();
+- }
+- }
+-}
+diff --git a/handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java b/handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java
+deleted file mode 100644
+index 07c87c6..0000000
+--- a/handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java
++++ /dev/null
+@@ -1,496 +0,0 @@
+-/*
+- * Copyright 2014 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-
+-package io.netty.handler.ssl;
+-
+-import static org.hamcrest.CoreMatchers.is;
+-import static org.hamcrest.CoreMatchers.nullValue;
+-import static org.junit.Assert.assertEquals;
+-import static org.junit.Assert.assertThat;
+-import static org.junit.Assert.assertTrue;
+-import static org.junit.Assume.assumeTrue;
+-
+-import java.io.File;
+-import java.net.InetSocketAddress;
+-import java.util.ArrayList;
+-import java.util.List;
+-import java.util.concurrent.CountDownLatch;
+-import java.util.concurrent.TimeUnit;
+-
+-import javax.net.ssl.SSLEngine;
+-
+-import org.junit.Test;
+-
+-import io.netty.bootstrap.Bootstrap;
+-import io.netty.bootstrap.ServerBootstrap;
+-import io.netty.buffer.ByteBufAllocator;
+-import io.netty.buffer.Unpooled;
+-import io.netty.channel.Channel;
+-import io.netty.channel.ChannelFuture;
+-import io.netty.channel.ChannelHandlerContext;
+-import io.netty.channel.ChannelInitializer;
+-import io.netty.channel.ChannelPipeline;
+-import io.netty.channel.DefaultEventLoopGroup;
+-import io.netty.channel.EventLoopGroup;
+-import io.netty.channel.embedded.EmbeddedChannel;
+-import io.netty.channel.local.LocalAddress;
+-import io.netty.channel.local.LocalChannel;
+-import io.netty.channel.local.LocalServerChannel;
+-import io.netty.channel.nio.NioEventLoopGroup;
+-import io.netty.channel.socket.nio.NioServerSocketChannel;
+-import io.netty.channel.socket.nio.NioSocketChannel;
+-import io.netty.handler.codec.DecoderException;
+-import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
+-import io.netty.handler.ssl.util.SelfSignedCertificate;
+-import io.netty.util.DomainNameMapping;
+-import io.netty.util.DomainNameMappingBuilder;
+-import io.netty.util.Mapping;
+-import io.netty.util.ReferenceCountUtil;
+-import io.netty.util.ReferenceCounted;
+-import io.netty.util.concurrent.Promise;
+-import io.netty.util.internal.ObjectUtil;
+-import io.netty.util.internal.StringUtil;
+-import org.junit.runner.RunWith;
+-import org.junit.runners.Parameterized;
+-
+-(a)RunWith(Parameterized.class)
+-public class SniHandlerTest {
+-
+- private static ApplicationProtocolConfig newApnConfig() {
+- return new ApplicationProtocolConfig(
+- ApplicationProtocolConfig.Protocol.ALPN,
+- // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
+- ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
+- // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
+- ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
+- "myprotocol");
+- }
+-
+- private static void assumeApnSupported(SslProvider provider) {
+- switch (provider) {
+- case OPENSSL:
+- case OPENSSL_REFCNT:
+- assumeTrue(OpenSsl.isAlpnSupported());
+- break;
+- case JDK:
+- assumeTrue(JettyAlpnSslEngine.isAvailable());
+- break;
+- default:
+- throw new Error();
+- }
+- }
+-
+- private static SslContext makeSslContext(SslProvider provider, boolean apn) throws Exception {
+- if (apn) {
+- assumeApnSupported(provider);
+- }
+-
+- File keyFile = new File(SniHandlerTest.class.getResource("test_encrypted.pem").getFile());
+- File crtFile = new File(SniHandlerTest.class.getResource("test.crt").getFile());
+-
+- SslContextBuilder sslCtxBuilder = SslContextBuilder.forServer(crtFile, keyFile, "12345")
+- .sslProvider(provider);
+- if (apn) {
+- sslCtxBuilder.applicationProtocolConfig(newApnConfig());
+- }
+- return sslCtxBuilder.build();
+- }
+-
+- private static SslContext makeSslClientContext(SslProvider provider, boolean apn) throws Exception {
+- if (apn) {
+- assumeApnSupported(provider);
+- }
+-
+- File crtFile = new File(SniHandlerTest.class.getResource("test.crt").getFile());
+-
+- SslContextBuilder sslCtxBuilder = SslContextBuilder.forClient().trustManager(crtFile).sslProvider(provider);
+- if (apn) {
+- sslCtxBuilder.applicationProtocolConfig(newApnConfig());
+- }
+- return sslCtxBuilder.build();
+- }
+-
+- @Parameterized.Parameters(name = "{index}: sslProvider={0}")
+- public static Iterable<?> data() {
+- List<SslProvider> params = new ArrayList<SslProvider>(3);
+- if (OpenSsl.isAvailable()) {
+- params.add(SslProvider.OPENSSL);
+- params.add(SslProvider.OPENSSL_REFCNT);
+- }
+- params.add(SslProvider.JDK);
+- return params;
+- }
+-
+- private final SslProvider provider;
+-
+- public SniHandlerTest(SslProvider provider) {
+- this.provider = provider;
+- }
+-
+- @Test
+- public void testServerNameParsing() throws Exception {
+- SslContext nettyContext = makeSslContext(provider, false);
+- SslContext leanContext = makeSslContext(provider, false);
+- SslContext leanContext2 = makeSslContext(provider, false);
+-
+- try {
+- DomainNameMapping<SslContext> mapping = new DomainNameMappingBuilder<SslContext>(nettyContext)
+- .add("*.netty.io", nettyContext)
+- // input with custom cases
+- .add("*.LEANCLOUD.CN", leanContext)
+- // a hostname conflict with previous one, since we are using order-sensitive config,
+- // the engine won't be used with the handler.
+- .add("chat4.leancloud.cn", leanContext2)
+- .build();
+-
+- SniHandler handler = new SniHandler(mapping);
+- EmbeddedChannel ch = new EmbeddedChannel(handler);
+-
+- try {
+- // hex dump of a client hello packet, which contains hostname "CHAT4.LEANCLOUD.CN"
+- String tlsHandshakeMessageHex1 = "16030100";
+- // part 2
+- String tlsHandshakeMessageHex = "c6010000c20303bb0855d66532c05a0ef784f7c384feeafa68b3" +
+- "b655ac7288650d5eed4aa3fb52000038c02cc030009fcca9cca8ccaac02b" +
+- "c02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d" +
+- "009c003d003c0035002f00ff010000610000001700150000124348415434" +
+- "2e4c45414e434c4f55442e434e000b000403000102000a000a0008001d00" +
+- "170019001800230000000d0020001e060106020603050105020503040104" +
+- "0204030301030203030201020202030016000000170000";
+-
+- ch.writeInbound(Unpooled.wrappedBuffer(StringUtil.decodeHexDump(tlsHandshakeMessageHex1)));
+- ch.writeInbound(Unpooled.wrappedBuffer(StringUtil.decodeHexDump(tlsHandshakeMessageHex)));
+-
+- // This should produce an alert
+- assertTrue(ch.finish());
+-
+- assertThat(handler.hostname(), is("chat4.leancloud.cn"));
+- assertThat(handler.sslContext(), is(leanContext));
+- } finally {
+- ch.finishAndReleaseAll();
+- }
+- } finally {
+- releaseAll(leanContext, leanContext2, nettyContext);
+- }
+- }
+-
+- @Test(expected = DecoderException.class)
+- public void testNonAsciiServerNameParsing() throws Exception {
+- SslContext nettyContext = makeSslContext(provider, false);
+- SslContext leanContext = makeSslContext(provider, false);
+- SslContext leanContext2 = makeSslContext(provider, false);
+-
+- try {
+- DomainNameMapping<SslContext> mapping = new DomainNameMappingBuilder<SslContext>(nettyContext)
+- .add("*.netty.io", nettyContext)
+- // input with custom cases
+- .add("*.LEANCLOUD.CN", leanContext)
+- // a hostname conflict with previous one, since we are using order-sensitive config,
+- // the engine won't be used with the handler.
+- .add("chat4.leancloud.cn", leanContext2)
+- .build();
+-
+- SniHandler handler = new SniHandler(mapping);
+- EmbeddedChannel ch = new EmbeddedChannel(handler);
+-
+- try {
+- // hex dump of a client hello packet, which contains an invalid hostname "CHAT4LEANCLOUDCN"
+- String tlsHandshakeMessageHex1 = "16030100";
+- // part 2
+- String tlsHandshakeMessageHex = "bd010000b90303a74225676d1814ba57faff3b366" +
+- "3656ed05ee9dbb2a4dbb1bb1c32d2ea5fc39e0000000100008c0000001700150000164348" +
+- "415434E380824C45414E434C4F5544E38082434E000b000403000102000a00340032000e0" +
+- "00d0019000b000c00180009000a0016001700080006000700140015000400050012001300" +
+- "0100020003000f0010001100230000000d0020001e0601060206030501050205030401040" +
+- "20403030103020303020102020203000f00010133740000";
+-
+- // Push the handshake message.
+- // Decode should fail because of the badly encoded "HostName" string in the SNI extension
+- // that isn't ASCII as per RFC 6066 - https://tools.ietf.org/html/rfc6066#page-6
+- ch.writeInbound(Unpooled.wrappedBuffer(StringUtil.decodeHexDump(tlsHandshakeMessageHex1)));
+- ch.writeInbound(Unpooled.wrappedBuffer(StringUtil.decodeHexDump(tlsHandshakeMessageHex)));
+- } finally {
+- ch.finishAndReleaseAll();
+- }
+- } finally {
+- releaseAll(leanContext, leanContext2, nettyContext);
+- }
+- }
+-
+- @Test
+- public void testFallbackToDefaultContext() throws Exception {
+- SslContext nettyContext = makeSslContext(provider, false);
+- SslContext leanContext = makeSslContext(provider, false);
+- SslContext leanContext2 = makeSslContext(provider, false);
+-
+- try {
+- DomainNameMapping<SslContext> mapping = new DomainNameMappingBuilder<SslContext>(nettyContext)
+- .add("*.netty.io", nettyContext)
+- // input with custom cases
+- .add("*.LEANCLOUD.CN", leanContext)
+- // a hostname conflict with previous one, since we are using order-sensitive config,
+- // the engine won't be used with the handler.
+- .add("chat4.leancloud.cn", leanContext2)
+- .build();
+-
+- SniHandler handler = new SniHandler(mapping);
+- EmbeddedChannel ch = new EmbeddedChannel(handler);
+-
+- // invalid
+- byte[] message = {22, 3, 1, 0, 0};
+-
+- try {
+- // Push the handshake message.
+- ch.writeInbound(Unpooled.wrappedBuffer(message));
+- } catch (Exception e) {
+- // expected
+- }
+-
+- assertThat(ch.finish(), is(false));
+- assertThat(handler.hostname(), nullValue());
+- assertThat(handler.sslContext(), is(nettyContext));
+- } finally {
+- releaseAll(leanContext, leanContext2, nettyContext);
+- }
+- }
+-
+- @Test
+- public void testSniWithApnHandler() throws Exception {
+- SslContext nettyContext = makeSslContext(provider, true);
+- SslContext sniContext = makeSslContext(provider, true);
+- final SslContext clientContext = makeSslClientContext(provider, true);
+- try {
+- final CountDownLatch serverApnDoneLatch = new CountDownLatch(1);
+- final CountDownLatch clientApnDoneLatch = new CountDownLatch(1);
+-
+- final DomainNameMapping<SslContext> mapping = new DomainNameMappingBuilder<SslContext>(nettyContext)
+- .add("*.netty.io", nettyContext)
+- .add("sni.fake.site", sniContext).build();
+- final SniHandler handler = new SniHandler(mapping);
+- EventLoopGroup group = new NioEventLoopGroup(2);
+- Channel serverChannel = null;
+- Channel clientChannel = null;
+- try {
+- ServerBootstrap sb = new ServerBootstrap();
+- sb.group(group);
+- sb.channel(NioServerSocketChannel.class);
+- sb.childHandler(new ChannelInitializer<Channel>() {
+- @Override
+- protected void initChannel(Channel ch) throws Exception {
+- ChannelPipeline p = ch.pipeline();
+- // Server side SNI.
+- p.addLast(handler);
+- // Catch the notification event that APN has completed successfully.
+- p.addLast(new ApplicationProtocolNegotiationHandler("foo") {
+- @Override
+- protected void configurePipeline(ChannelHandlerContext ctx, String protocol) {
+- serverApnDoneLatch.countDown();
+- }
+- });
+- }
+- });
+-
+- Bootstrap cb = new Bootstrap();
+- cb.group(group);
+- cb.channel(NioSocketChannel.class);
+- cb.handler(new ChannelInitializer<Channel>() {
+- @Override
+- protected void initChannel(Channel ch) throws Exception {
+- ch.pipeline().addLast(new SslHandler(clientContext.newEngine(
+- ch.alloc(), "sni.fake.site", -1)));
+- // Catch the notification event that APN has completed successfully.
+- ch.pipeline().addLast(new ApplicationProtocolNegotiationHandler("foo") {
+- @Override
+- protected void configurePipeline(ChannelHandlerContext ctx, String protocol) {
+- clientApnDoneLatch.countDown();
+- }
+- });
+- }
+- });
+-
+- serverChannel = sb.bind(new InetSocketAddress(0)).sync().channel();
+-
+- ChannelFuture ccf = cb.connect(serverChannel.localAddress());
+- assertTrue(ccf.awaitUninterruptibly().isSuccess());
+- clientChannel = ccf.channel();
+-
+- assertTrue(serverApnDoneLatch.await(5, TimeUnit.SECONDS));
+- assertTrue(clientApnDoneLatch.await(5, TimeUnit.SECONDS));
+- assertThat(handler.hostname(), is("sni.fake.site"));
+- assertThat(handler.sslContext(), is(sniContext));
+- } finally {
+- if (serverChannel != null) {
+- serverChannel.close().sync();
+- }
+- if (clientChannel != null) {
+- clientChannel.close().sync();
+- }
+- group.shutdownGracefully(0, 0, TimeUnit.MICROSECONDS);
+- }
+- } finally {
+- releaseAll(clientContext, nettyContext, sniContext);
+- }
+- }
+-
+- @Test(timeout = 30000)
+- public void testReplaceHandler() throws Exception {
+- switch (provider) {
+- case OPENSSL:
+- case OPENSSL_REFCNT:
+- final String sniHost = "sni.netty.io";
+- LocalAddress address = new LocalAddress("testReplaceHandler-" + Math.random());
+- EventLoopGroup group = new DefaultEventLoopGroup(1);
+- Channel sc = null;
+- Channel cc = null;
+- SslContext sslContext = null;
+-
+- SelfSignedCertificate cert = new SelfSignedCertificate();
+-
+- try {
+- final SslContext sslServerContext = SslContextBuilder
+- .forServer(cert.key(), cert.cert())
+- .sslProvider(provider)
+- .build();
+-
+- final Mapping<String, SslContext> mapping = new Mapping<String, SslContext>() {
+- @Override
+- public SslContext map(String input) {
+- return sslServerContext;
+- }
+- };
+-
+- final Promise<Void> releasePromise = group.next().newPromise();
+-
+- final SniHandler handler = new SniHandler(mapping) {
+- @Override
+- protected void replaceHandler(ChannelHandlerContext ctx,
+- String hostname, final SslContext sslContext)
+- throws Exception {
+-
+- boolean success = false;
+- try {
+- // The SniHandler's replaceHandler() method allows us to implement custom behavior.
+- // As an example, we want to release() the SslContext upon channelInactive() or rather
+- // when the SslHandler closes it's SslEngine. If you take a close look at SslHandler
+- // you'll see that it's doing it in the #handlerRemoved0() method.
+-
+- SSLEngine sslEngine = sslContext.newEngine(ctx.alloc());
+- try {
+- SslHandler customSslHandler = new CustomSslHandler(sslContext, sslEngine) {
+- @Override
+- public void handlerRemoved0(ChannelHandlerContext ctx) throws Exception {
+- try {
+- super.handlerRemoved0(ctx);
+- } finally {
+- releasePromise.trySuccess(null);
+- }
+- }
+- };
+- ctx.pipeline().replace(this, CustomSslHandler.class.getName(), customSslHandler);
+- success = true;
+- } finally {
+- if (!success) {
+- ReferenceCountUtil.safeRelease(sslEngine);
+- }
+- }
+- } finally {
+- if (!success) {
+- ReferenceCountUtil.safeRelease(sslContext);
+- releasePromise.cancel(true);
+- }
+- }
+- }
+- };
+-
+- ServerBootstrap sb = new ServerBootstrap();
+- sc = sb.group(group).channel(LocalServerChannel.class)
+- .childHandler(new ChannelInitializer<Channel>() {
+- @Override
+- protected void initChannel(Channel ch) throws Exception {
+- ch.pipeline().addFirst(handler);
+- }
+- }).bind(address).syncUninterruptibly().channel();
+-
+- sslContext = SslContextBuilder.forClient().sslProvider(provider)
+- .trustManager(InsecureTrustManagerFactory.INSTANCE).build();
+-
+- Bootstrap cb = new Bootstrap();
+- cc = cb.group(group).channel(LocalChannel.class).handler(new SslHandler(
+- sslContext.newEngine(ByteBufAllocator.DEFAULT, sniHost, -1)))
+- .connect(address).syncUninterruptibly().channel();
+-
+- cc.writeAndFlush(Unpooled.wrappedBuffer("Hello, World!".getBytes()))
+- .syncUninterruptibly();
+-
+- // Notice how the server's SslContext refCnt is 1
+- assertEquals(1, ((ReferenceCounted) sslServerContext).refCnt());
+-
+- // The client disconnects
+- cc.close().syncUninterruptibly();
+- if (!releasePromise.awaitUninterruptibly(10L, TimeUnit.SECONDS)) {
+- throw new IllegalStateException("It doesn't seem #replaceHandler() got called.");
+- }
+-
+- // We should have successfully release() the SslContext
+- assertEquals(0, ((ReferenceCounted) sslServerContext).refCnt());
+- } finally {
+- if (cc != null) {
+- cc.close().syncUninterruptibly();
+- }
+- if (sc != null) {
+- sc.close().syncUninterruptibly();
+- }
+- if (sslContext != null) {
+- ReferenceCountUtil.release(sslContext);
+- }
+- group.shutdownGracefully();
+-
+- cert.delete();
+- }
+- case JDK:
+- return;
+- default:
+- throw new Error();
+- }
+- }
+-
+- /**
+- * This is a {@link SslHandler} that will call {@code release()} on the {@link SslContext} when
+- * the client disconnects.
+- *
+- * @see SniHandlerTest#testReplaceHandler()
+- */
+- private static class CustomSslHandler extends SslHandler {
+- private final SslContext sslContext;
+-
+- public CustomSslHandler(SslContext sslContext, SSLEngine sslEngine) {
+- super(sslEngine);
+- this.sslContext = ObjectUtil.checkNotNull(sslContext, "sslContext");
+- }
+-
+- @Override
+- public void handlerRemoved0(ChannelHandlerContext ctx) throws Exception {
+- super.handlerRemoved0(ctx);
+- ReferenceCountUtil.release(sslContext);
+- }
+- }
+-
+- private static void releaseAll(SslContext... contexts) {
+- for (SslContext ctx: contexts) {
+- ReferenceCountUtil.release(ctx);
+- }
+- }
+-}
+diff --git a/handler/src/test/java/io/netty/handler/ssl/SslContextBuilderTest.java b/handler/src/test/java/io/netty/handler/ssl/SslContextBuilderTest.java
+deleted file mode 100644
+index 752424c..0000000
+--- a/handler/src/test/java/io/netty/handler/ssl/SslContextBuilderTest.java
++++ /dev/null
+@@ -1,132 +0,0 @@
+-/*
+- * Copyright 2015 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import static org.junit.Assert.assertFalse;
+-import static org.junit.Assert.assertTrue;
+-
+-import io.netty.buffer.UnpooledByteBufAllocator;
+-import io.netty.handler.ssl.util.SelfSignedCertificate;
+-import org.junit.Assume;
+-import org.junit.Test;
+-
+-import javax.net.ssl.SSLEngine;
+-
+-public class SslContextBuilderTest {
+-
+- @Test
+- public void testClientContextFromFileJdk() throws Exception {
+- testClientContextFromFile(SslProvider.JDK);
+- }
+-
+- @Test
+- public void testClientContextFromFileOpenssl() throws Exception {
+- Assume.assumeTrue(OpenSsl.isAvailable());
+- testClientContextFromFile(SslProvider.OPENSSL);
+- }
+-
+- @Test
+- public void testClientContextJdk() throws Exception {
+- testClientContext(SslProvider.JDK);
+- }
+-
+- @Test
+- public void testClientContextOpenssl() throws Exception {
+- Assume.assumeTrue(OpenSsl.isAvailable());
+- testClientContext(SslProvider.OPENSSL);
+- }
+-
+- @Test
+- public void testServerContextFromFileJdk() throws Exception {
+- testServerContextFromFile(SslProvider.JDK);
+- }
+-
+- @Test
+- public void testServerContextFromFileOpenssl() throws Exception {
+- Assume.assumeTrue(OpenSsl.isAvailable());
+- testServerContextFromFile(SslProvider.OPENSSL);
+- }
+-
+- @Test
+- public void testServerContextJdk() throws Exception {
+- testServerContext(SslProvider.JDK);
+- }
+-
+- @Test
+- public void testServerContextOpenssl() throws Exception {
+- Assume.assumeTrue(OpenSsl.isAvailable());
+- testServerContext(SslProvider.OPENSSL);
+- }
+-
+- private static void testClientContextFromFile(SslProvider provider) throws Exception {
+- SelfSignedCertificate cert = new SelfSignedCertificate();
+- SslContextBuilder builder = SslContextBuilder.forClient()
+- .sslProvider(provider)
+- .keyManager(cert.certificate(),
+- cert.privateKey())
+- .trustManager(cert.certificate())
+- .clientAuth(ClientAuth.OPTIONAL);
+- SslContext context = builder.build();
+- SSLEngine engine = context.newEngine(UnpooledByteBufAllocator.DEFAULT);
+- assertFalse(engine.getWantClientAuth());
+- assertFalse(engine.getNeedClientAuth());
+- engine.closeInbound();
+- engine.closeOutbound();
+- }
+-
+- private static void testClientContext(SslProvider provider) throws Exception {
+- SelfSignedCertificate cert = new SelfSignedCertificate();
+- SslContextBuilder builder = SslContextBuilder.forClient()
+- .sslProvider(provider)
+- .keyManager(cert.key(), cert.cert())
+- .trustManager(cert.cert())
+- .clientAuth(ClientAuth.OPTIONAL);
+- SslContext context = builder.build();
+- SSLEngine engine = context.newEngine(UnpooledByteBufAllocator.DEFAULT);
+- assertFalse(engine.getWantClientAuth());
+- assertFalse(engine.getNeedClientAuth());
+- engine.closeInbound();
+- engine.closeOutbound();
+- }
+-
+- private static void testServerContextFromFile(SslProvider provider) throws Exception {
+- SelfSignedCertificate cert = new SelfSignedCertificate();
+- SslContextBuilder builder = SslContextBuilder.forServer(cert.certificate(), cert.privateKey())
+- .sslProvider(provider)
+- .trustManager(cert.certificate())
+- .clientAuth(ClientAuth.OPTIONAL);
+- SslContext context = builder.build();
+- SSLEngine engine = context.newEngine(UnpooledByteBufAllocator.DEFAULT);
+- assertTrue(engine.getWantClientAuth());
+- assertFalse(engine.getNeedClientAuth());
+- engine.closeInbound();
+- engine.closeOutbound();
+- }
+-
+- private static void testServerContext(SslProvider provider) throws Exception {
+- SelfSignedCertificate cert = new SelfSignedCertificate();
+- SslContextBuilder builder = SslContextBuilder.forServer(cert.key(), cert.cert())
+- .sslProvider(provider)
+- .trustManager(cert.cert())
+- .clientAuth(ClientAuth.REQUIRE);
+- SslContext context = builder.build();
+- SSLEngine engine = context.newEngine(UnpooledByteBufAllocator.DEFAULT);
+- assertFalse(engine.getWantClientAuth());
+- assertTrue(engine.getNeedClientAuth());
+- engine.closeInbound();
+- engine.closeOutbound();
+- }
+-}
+diff --git a/handler/src/test/java/io/netty/handler/ssl/SslErrorTest.java b/handler/src/test/java/io/netty/handler/ssl/SslErrorTest.java
+deleted file mode 100644
+index aacdb69..0000000
+--- a/handler/src/test/java/io/netty/handler/ssl/SslErrorTest.java
++++ /dev/null
+@@ -1,255 +0,0 @@
+-/*
+- * Copyright 2016 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import io.netty.bootstrap.Bootstrap;
+-import io.netty.bootstrap.ServerBootstrap;
+-import io.netty.channel.Channel;
+-import io.netty.channel.ChannelHandlerContext;
+-import io.netty.channel.ChannelInboundHandlerAdapter;
+-import io.netty.channel.ChannelInitializer;
+-import io.netty.channel.EventLoopGroup;
+-import io.netty.channel.nio.NioEventLoopGroup;
+-import io.netty.channel.socket.nio.NioServerSocketChannel;
+-import io.netty.channel.socket.nio.NioSocketChannel;
+-import io.netty.handler.logging.LogLevel;
+-import io.netty.handler.logging.LoggingHandler;
+-import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
+-import io.netty.handler.ssl.util.SelfSignedCertificate;
+-import io.netty.handler.ssl.util.SimpleTrustManagerFactory;
+-import io.netty.util.ReferenceCountUtil;
+-import io.netty.util.concurrent.Promise;
+-import io.netty.util.internal.EmptyArrays;
+-import org.junit.Assume;
+-import org.junit.Test;
+-import org.junit.runner.RunWith;
+-import org.junit.runners.Parameterized;
+-
+-import javax.net.ssl.ManagerFactoryParameters;
+-import javax.net.ssl.SSLException;
+-import javax.net.ssl.TrustManager;
+-import javax.net.ssl.X509TrustManager;
+-import javax.security.auth.x500.X500Principal;
+-import java.io.File;
+-import java.security.KeyStore;
+-import java.security.cert.CRLReason;
+-import java.security.cert.CertPathValidatorException;
+-import java.security.cert.CertificateException;
+-import java.security.cert.CertificateExpiredException;
+-import java.security.cert.CertificateNotYetValidException;
+-import java.security.cert.CertificateRevokedException;
+-import java.security.cert.Extension;
+-import java.security.cert.X509Certificate;
+-import java.util.ArrayList;
+-import java.util.Collection;
+-import java.util.Collections;
+-import java.util.Date;
+-import java.util.List;
+-import java.util.Locale;
+-
+-
+-(a)RunWith(Parameterized.class)
+-public class SslErrorTest {
+-
+- @Parameterized.Parameters(name = "{index}: serverProvider = {0}, clientProvider = {1}, exception = {2}")
+- public static Collection<Object[]> data() {
+- List<SslProvider> serverProviders = new ArrayList<SslProvider>(2);
+- List<SslProvider> clientProviders = new ArrayList<SslProvider>(3);
+-
+- if (OpenSsl.isAvailable()) {
+- serverProviders.add(SslProvider.OPENSSL);
+- serverProviders.add(SslProvider.OPENSSL_REFCNT);
+- clientProviders.add(SslProvider.OPENSSL);
+- clientProviders.add(SslProvider.OPENSSL_REFCNT);
+- }
+- // We not test with SslProvider.JDK on the server side as the JDK implementation currently just send the same
+- // alert all the time, sigh.....
+- clientProviders.add(SslProvider.JDK);
+-
+- List<CertificateException> exceptions = new ArrayList<CertificateException>(6);
+- exceptions.add(new CertificateExpiredException());
+- exceptions.add(new CertificateNotYetValidException());
+- exceptions.add(new CertificateRevokedException(
+- new Date(), CRLReason.AA_COMPROMISE, new X500Principal(""),
+- Collections.<String, Extension>emptyMap()));
+-
+- // Also use wrapped exceptions as this is what the JDK implementation of X509TrustManagerFactory is doing.
+- exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.EXPIRED));
+- exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.NOT_YET_VALID));
+- exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.REVOKED));
+-
+- List<Object[]> params = new ArrayList<Object[]>();
+- for (SslProvider serverProvider: serverProviders) {
+- for (SslProvider clientProvider: clientProviders) {
+- for (CertificateException exception: exceptions) {
+- params.add(new Object[] { serverProvider, clientProvider, exception});
+- }
+- }
+- }
+- return params;
+- }
+-
+- private static CertificateException newCertificateException(CertPathValidatorException.Reason reason) {
+- return new TestCertificateException(
+- new CertPathValidatorException("x", null, null, -1, reason));
+- }
+-
+- private final SslProvider serverProvider;
+- private final SslProvider clientProvider;
+- private final CertificateException exception;
+-
+- public SslErrorTest(SslProvider serverProvider, SslProvider clientProvider, CertificateException exception) {
+- this.serverProvider = serverProvider;
+- this.clientProvider = clientProvider;
+- this.exception = exception;
+- }
+-
+- @Test(timeout = 30000)
+- public void testCorrectAlert() throws Exception {
+- // As this only works correctly at the moment when OpenSslEngine is used on the server-side there is
+- // no need to run it if there is no openssl is available at all.
+- Assume.assumeTrue(OpenSsl.isAvailable());
+-
+- SelfSignedCertificate ssc = new SelfSignedCertificate();
+- final SslContext sslServerCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
+- .sslProvider(serverProvider)
+- .trustManager(new SimpleTrustManagerFactory() {
+- @Override
+- protected void engineInit(KeyStore keyStore) { }
+- @Override
+- protected void engineInit(ManagerFactoryParameters managerFactoryParameters) { }
+-
+- @Override
+- protected TrustManager[] engineGetTrustManagers() {
+- return new TrustManager[] { new X509TrustManager() {
+-
+- @Override
+- public void checkClientTrusted(X509Certificate[] x509Certificates, String s)
+- throws CertificateException {
+- throw exception;
+- }
+-
+- @Override
+- public void checkServerTrusted(X509Certificate[] x509Certificates, String s)
+- throws CertificateException {
+- // NOOP
+- }
+-
+- @Override
+- public X509Certificate[] getAcceptedIssuers() {
+- return EmptyArrays.EMPTY_X509_CERTIFICATES;
+- }
+- } };
+- }
+- }).clientAuth(ClientAuth.REQUIRE).build();
+-
+- final SslContext sslClientCtx = SslContextBuilder.forClient()
+- .trustManager(InsecureTrustManagerFactory.INSTANCE)
+- .keyManager(new File(getClass().getResource("test.crt").getFile()),
+- new File(getClass().getResource("test_unencrypted.pem").getFile()))
+- .sslProvider(clientProvider).build();
+-
+- Channel serverChannel = null;
+- Channel clientChannel = null;
+- EventLoopGroup group = new NioEventLoopGroup();
+- try {
+- serverChannel = new ServerBootstrap().group(group)
+- .channel(NioServerSocketChannel.class)
+- .handler(new LoggingHandler(LogLevel.INFO))
+- .childHandler(new ChannelInitializer<Channel>() {
+- @Override
+- protected void initChannel(Channel ch) throws Exception {
+- ch.pipeline().addLast(sslServerCtx.newHandler(ch.alloc()));
+- ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {
+-
+- @Override
+- public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
+- ctx.close();
+- }
+- });
+- }
+- }).bind(0).sync().channel();
+-
+- final Promise<Void> promise = group.next().newPromise();
+-
+- clientChannel = new Bootstrap().group(group)
+- .channel(NioSocketChannel.class)
+- .handler(new ChannelInitializer<Channel>() {
+- @Override
+- protected void initChannel(Channel ch) throws Exception {
+- ch.pipeline().addLast(sslClientCtx.newHandler(ch.alloc()));
+- ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {
+- @Override
+- public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
+- // Unwrap as its wrapped by a DecoderException
+- Throwable unwrappedCause = cause.getCause();
+- if (unwrappedCause instanceof SSLException) {
+- if (exception instanceof TestCertificateException) {
+- CertPathValidatorException.Reason reason =
+- ((CertPathValidatorException) exception.getCause()).getReason();
+- if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
+- verifyException(unwrappedCause, "expired", promise);
+- } else if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
+- verifyException(unwrappedCause, "bad", promise);
+- } else if (reason == CertPathValidatorException.BasicReason.REVOKED) {
+- verifyException(unwrappedCause, "revoked", promise);
+- }
+- } else if (exception instanceof CertificateExpiredException) {
+- verifyException(unwrappedCause, "expired", promise);
+- } else if (exception instanceof CertificateNotYetValidException) {
+- verifyException(unwrappedCause, "bad", promise);
+- } else if (exception instanceof CertificateRevokedException) {
+- verifyException(unwrappedCause, "revoked", promise);
+- }
+- }
+- }
+- });
+- }
+- }).connect(serverChannel.localAddress()).syncUninterruptibly().channel();
+- // Block until we received the correct exception
+- promise.syncUninterruptibly();
+- } finally {
+- if (clientChannel != null) {
+- clientChannel.close().syncUninterruptibly();
+- }
+- if (serverChannel != null) {
+- serverChannel.close().syncUninterruptibly();
+- }
+- group.shutdownGracefully();
+-
+- ReferenceCountUtil.release(sslServerCtx);
+- ReferenceCountUtil.release(sslClientCtx);
+- }
+- }
+-
+- // Its a bit hacky to verify against the message that is part of the exception but there is no other way
+- // at the moment as there are no different exceptions for the different alerts.
+- private static void verifyException(Throwable cause, String messagePart, Promise<Void> promise) {
+- String message = cause.getMessage();
+- if (message.toLowerCase(Locale.UK).contains(messagePart.toLowerCase(Locale.UK))) {
+- promise.setSuccess(null);
+- } else {
+- promise.setFailure(new AssertionError("message not contains '" + messagePart + "': " + message));
+- }
+- }
+-
+- private static final class TestCertificateException extends CertificateException {
+-
+- public TestCertificateException(Throwable cause) {
+- super(cause);
+- }
+- }
+-}
+diff --git a/handler/src/test/java/io/netty/handler/ssl/SslHandlerTest.java b/handler/src/test/java/io/netty/handler/ssl/SslHandlerTest.java
+index 5ef43de..52c4d22 100644
+--- a/handler/src/test/java/io/netty/handler/ssl/SslHandlerTest.java
++++ b/handler/src/test/java/io/netty/handler/ssl/SslHandlerTest.java
+@@ -121,35 +121,6 @@ public class SslHandlerTest {
+ }
+ }
+
+- @Test
+- public void testReleaseSslEngine() throws Exception {
+- assumeTrue(OpenSsl.isAvailable());
+-
+- SelfSignedCertificate cert = new SelfSignedCertificate();
+- try {
+- SslContext sslContext = SslContextBuilder.forServer(cert.certificate(), cert.privateKey())
+- .sslProvider(SslProvider.OPENSSL)
+- .build();
+- try {
+- SSLEngine sslEngine = sslContext.newEngine(ByteBufAllocator.DEFAULT);
+- EmbeddedChannel ch = new EmbeddedChannel(new SslHandler(sslEngine));
+-
+- assertEquals(1, ((ReferenceCounted) sslContext).refCnt());
+- assertEquals(1, ((ReferenceCounted) sslEngine).refCnt());
+-
+- assertTrue(ch.finishAndReleaseAll());
+- ch.close().syncUninterruptibly();
+-
+- assertEquals(1, ((ReferenceCounted) sslContext).refCnt());
+- assertEquals(0, ((ReferenceCounted) sslEngine).refCnt());
+- } finally {
+- ReferenceCountUtil.release(sslContext);
+- }
+- } finally {
+- cert.delete();
+- }
+- }
+-
+ private static final class TlsReadTest extends ChannelOutboundHandlerAdapter {
+ private volatile boolean readIssued;
+
+@@ -279,13 +250,6 @@ public class SslHandlerTest {
+ testAlertProducedAndSend(SslProvider.JDK);
+ }
+
+- @Test(timeout = 30000)
+- public void testAlertProducedAndSendOpenSsl() throws Exception {
+- assumeTrue(OpenSsl.isAvailable());
+- testAlertProducedAndSend(SslProvider.OPENSSL);
+- testAlertProducedAndSend(SslProvider.OPENSSL_REFCNT);
+- }
+-
+ private void testAlertProducedAndSend(SslProvider provider) throws Exception {
+ SelfSignedCertificate ssc = new SelfSignedCertificate();
+
+@@ -425,12 +389,6 @@ public class SslHandlerTest {
+ testCloseNotify(SslProvider.JDK, 5000, false);
+ }
+
+- @Test(timeout = 30000)
+- public void testCloseNotifyReceivedOpenSsl() throws Exception {
+- assumeTrue(OpenSsl.isAvailable());
+- testCloseNotify(SslProvider.OPENSSL, 5000, false);
+- testCloseNotify(SslProvider.OPENSSL_REFCNT, 5000, false);
+- }
+
+ @Test(timeout = 30000)
+ public void testCloseNotifyReceivedJdkTimeout() throws Exception {
+@@ -438,24 +396,10 @@ public class SslHandlerTest {
+ }
+
+ @Test(timeout = 30000)
+- public void testCloseNotifyReceivedOpenSslTimeout() throws Exception {
+- assumeTrue(OpenSsl.isAvailable());
+- testCloseNotify(SslProvider.OPENSSL, 100, true);
+- testCloseNotify(SslProvider.OPENSSL_REFCNT, 100, true);
+- }
+-
+- @Test(timeout = 30000)
+ public void testCloseNotifyNotWaitForResponseJdk() throws Exception {
+ testCloseNotify(SslProvider.JDK, 0, false);
+ }
+
+- @Test(timeout = 30000)
+- public void testCloseNotifyNotWaitForResponseOpenSsl() throws Exception {
+- assumeTrue(OpenSsl.isAvailable());
+- testCloseNotify(SslProvider.OPENSSL, 0, false);
+- testCloseNotify(SslProvider.OPENSSL_REFCNT, 0, false);
+- }
+-
+ private static void testCloseNotify(SslProvider provider, final long closeNotifyReadTimeout, final boolean timeout)
+ throws Exception {
+ SelfSignedCertificate ssc = new SelfSignedCertificate();
+@@ -720,7 +664,7 @@ public class SslHandlerTest {
+ switch (provider) {
+ case OPENSSL:
+ case OPENSSL_REFCNT:
+- return OpenSsl.isAvailable();
++ return false;
+ default:
+ return true;
+ }
+diff --git a/handler/src/test/java/io/netty/handler/ssl/ocsp/OcspTest.java b/handler/src/test/java/io/netty/handler/ssl/ocsp/OcspTest.java
+deleted file mode 100644
+index 4aecc74..0000000
+--- a/handler/src/test/java/io/netty/handler/ssl/ocsp/OcspTest.java
++++ /dev/null
+@@ -1,501 +0,0 @@
+-/*
+- * Copyright 2017 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-
+-package io.netty.handler.ssl.ocsp;
+-
+-import io.netty.bootstrap.Bootstrap;
+-import io.netty.bootstrap.ServerBootstrap;
+-import io.netty.buffer.ByteBufAllocator;
+-import io.netty.buffer.Unpooled;
+-import io.netty.channel.Channel;
+-import io.netty.channel.ChannelHandler;
+-import io.netty.channel.ChannelHandlerContext;
+-import io.netty.channel.ChannelInboundHandlerAdapter;
+-import io.netty.channel.ChannelInitializer;
+-import io.netty.channel.ChannelPipeline;
+-import io.netty.channel.DefaultEventLoopGroup;
+-import io.netty.channel.EventLoopGroup;
+-import io.netty.channel.local.LocalAddress;
+-import io.netty.channel.local.LocalChannel;
+-import io.netty.channel.local.LocalServerChannel;
+-import io.netty.handler.ssl.OpenSsl;
+-import io.netty.handler.ssl.ReferenceCountedOpenSslEngine;
+-import io.netty.handler.ssl.SslContext;
+-import io.netty.handler.ssl.SslContextBuilder;
+-import io.netty.handler.ssl.SslHandler;
+-import io.netty.handler.ssl.SslProvider;
+-import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
+-import io.netty.handler.ssl.util.SelfSignedCertificate;
+-import io.netty.util.CharsetUtil;
+-import io.netty.util.ReferenceCountUtil;
+-
+-import java.net.SocketAddress;
+-import java.util.concurrent.CountDownLatch;
+-import java.util.concurrent.TimeUnit;
+-import java.util.concurrent.TimeoutException;
+-import java.util.concurrent.atomic.AtomicReference;
+-
+-import javax.net.ssl.SSLHandshakeException;
+-
+-import org.junit.BeforeClass;
+-import org.junit.Test;
+-
+-import static org.junit.Assert.assertArrayEquals;
+-import static org.junit.Assert.assertNotNull;
+-import static org.junit.Assert.assertNotSame;
+-import static org.junit.Assert.assertNull;
+-import static org.junit.Assert.assertSame;
+-import static org.junit.Assert.assertTrue;
+-import static org.junit.Assume.assumeTrue;
+-
+-public class OcspTest {
+-
+- @BeforeClass
+- public static void checkOcspSupported() {
+- assumeTrue(OpenSsl.isOcspSupported());
+- }
+-
+- @Test(expected = IllegalArgumentException.class)
+- public void testJdkClientEnableOcsp() throws Exception {
+- SslContextBuilder.forClient()
+- .sslProvider(SslProvider.JDK)
+- .enableOcsp(true)
+- .build();
+- }
+-
+- @Test(expected = IllegalArgumentException.class)
+- public void testJdkServerEnableOcsp() throws Exception {
+- SelfSignedCertificate ssc = new SelfSignedCertificate();
+- try {
+- SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
+- .sslProvider(SslProvider.JDK)
+- .enableOcsp(true)
+- .build();
+- } finally {
+- ssc.delete();
+- }
+- }
+-
+- @Test(expected = IllegalStateException.class)
+- public void testClientOcspNotEnabledOpenSsl() throws Exception {
+- testClientOcspNotEnabled(SslProvider.OPENSSL);
+- }
+-
+- @Test(expected = IllegalStateException.class)
+- public void testClientOcspNotEnabledOpenSslRefCnt() throws Exception {
+- testClientOcspNotEnabled(SslProvider.OPENSSL_REFCNT);
+- }
+-
+- private void testClientOcspNotEnabled(SslProvider sslProvider) throws Exception {
+- SslContext context = SslContextBuilder.forClient()
+- .sslProvider(sslProvider)
+- .build();
+- try {
+- SslHandler sslHandler = context.newHandler(ByteBufAllocator.DEFAULT);
+- ReferenceCountedOpenSslEngine engine = (ReferenceCountedOpenSslEngine) sslHandler.engine();
+- try {
+- engine.getOcspResponse();
+- } finally {
+- engine.release();
+- }
+- } finally {
+- ReferenceCountUtil.release(context);
+- }
+- }
+-
+- @Test(expected = IllegalStateException.class)
+- public void testServerOcspNotEnabledOpenSsl() throws Exception {
+- testServerOcspNotEnabled(SslProvider.OPENSSL);
+- }
+-
+- @Test(expected = IllegalStateException.class)
+- public void testServerOcspNotEnabledOpenSslRefCnt() throws Exception {
+- testServerOcspNotEnabled(SslProvider.OPENSSL_REFCNT);
+- }
+-
+- private void testServerOcspNotEnabled(SslProvider sslProvider) throws Exception {
+- SelfSignedCertificate ssc = new SelfSignedCertificate();
+- try {
+- SslContext context = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
+- .sslProvider(sslProvider)
+- .build();
+- try {
+- SslHandler sslHandler = context.newHandler(ByteBufAllocator.DEFAULT);
+- ReferenceCountedOpenSslEngine engine = (ReferenceCountedOpenSslEngine) sslHandler.engine();
+- try {
+- engine.setOcspResponse(new byte[] { 1, 2, 3 });
+- } finally {
+- engine.release();
+- }
+- } finally {
+- ReferenceCountUtil.release(context);
+- }
+- } finally {
+- ssc.delete();
+- }
+- }
+-
+- @Test(timeout = 10000L)
+- public void testClientAcceptingOcspStapleOpenSsl() throws Exception {
+- testClientAcceptingOcspStaple(SslProvider.OPENSSL);
+- }
+-
+- @Test(timeout = 10000L)
+- public void testClientAcceptingOcspStapleOpenSslRefCnt() throws Exception {
+- testClientAcceptingOcspStaple(SslProvider.OPENSSL_REFCNT);
+- }
+-
+- /**
+- * The Server provides an OCSP staple and the Client accepts it.
+- */
+- private void testClientAcceptingOcspStaple(SslProvider sslProvider) throws Exception {
+- final CountDownLatch latch = new CountDownLatch(1);
+- ChannelInboundHandlerAdapter serverHandler = new ChannelInboundHandlerAdapter() {
+- @Override
+- public void channelActive(ChannelHandlerContext ctx) throws Exception {
+- ctx.writeAndFlush(Unpooled.wrappedBuffer("Hello, World!".getBytes()));
+- ctx.fireChannelActive();
+- }
+- };
+-
+- ChannelInboundHandlerAdapter clientHandler = new ChannelInboundHandlerAdapter() {
+- @Override
+- public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
+- try {
+- ReferenceCountUtil.release(msg);
+- } finally {
+- latch.countDown();
+- }
+- }
+- };
+-
+- byte[] response = newOcspResponse();
+- TestClientOcspContext callback = new TestClientOcspContext(true);
+-
+- handshake(sslProvider, latch, serverHandler, response, clientHandler, callback);
+-
+- byte[] actual = callback.response();
+-
+- assertNotNull(actual);
+- assertNotSame(response, actual);
+- assertArrayEquals(response, actual);
+- }
+-
+- @Test(timeout = 10000L)
+- public void testClientRejectingOcspStapleOpenSsl() throws Exception {
+- testClientRejectingOcspStaple(SslProvider.OPENSSL);
+- }
+-
+- @Test(timeout = 10000L)
+- public void testClientRejectingOcspStapleOpenSslRefCnt() throws Exception {
+- testClientRejectingOcspStaple(SslProvider.OPENSSL_REFCNT);
+- }
+-
+- /**
+- * The Server provides an OCSP staple and the Client rejects it.
+- */
+- private void testClientRejectingOcspStaple(SslProvider sslProvider) throws Exception {
+- final AtomicReference<Throwable> causeRef = new AtomicReference<Throwable>();
+- final CountDownLatch latch = new CountDownLatch(1);
+-
+- ChannelInboundHandlerAdapter clientHandler = new ChannelInboundHandlerAdapter() {
+- @Override
+- public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {
+- try {
+- causeRef.set(cause);
+- } finally {
+- latch.countDown();
+- }
+- }
+- };
+-
+- byte[] response = newOcspResponse();
+- TestClientOcspContext callback = new TestClientOcspContext(false);
+-
+- handshake(sslProvider, latch, null, response, clientHandler, callback);
+-
+- byte[] actual = callback.response();
+-
+- assertNotNull(actual);
+- assertNotSame(response, actual);
+- assertArrayEquals(response, actual);
+-
+- Throwable cause = causeRef.get();
+- assertTrue("" + cause, cause instanceof SSLHandshakeException);
+- }
+-
+- @Test(timeout = 10000L)
+- public void testServerHasNoStapleOpenSsl() throws Exception {
+- testServerHasNoStaple(SslProvider.OPENSSL);
+- }
+-
+- @Test(timeout = 10000L)
+- public void testServerHasNoStapleOpenSslRefCnt() throws Exception {
+- testServerHasNoStaple(SslProvider.OPENSSL_REFCNT);
+- }
+-
+- /**
+- * The server has OCSP stapling enabled but doesn't provide a staple.
+- */
+- private void testServerHasNoStaple(SslProvider sslProvider) throws Exception {
+- final CountDownLatch latch = new CountDownLatch(1);
+- ChannelInboundHandlerAdapter serverHandler = new ChannelInboundHandlerAdapter() {
+- @Override
+- public void channelActive(ChannelHandlerContext ctx) throws Exception {
+- ctx.writeAndFlush(Unpooled.wrappedBuffer("Hello, World!".getBytes()));
+- ctx.fireChannelActive();
+- }
+- };
+-
+- ChannelInboundHandlerAdapter clientHandler = new ChannelInboundHandlerAdapter() {
+- @Override
+- public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
+- try {
+- ReferenceCountUtil.release(msg);
+- } finally {
+- latch.countDown();
+- }
+- }
+- };
+-
+- byte[] response = null;
+- TestClientOcspContext callback = new TestClientOcspContext(true);
+-
+- handshake(sslProvider, latch, serverHandler, response, clientHandler, callback);
+-
+- byte[] actual = callback.response();
+-
+- assertNull(response);
+- assertNull(actual);
+- }
+-
+- @Test(timeout = 10000L)
+- public void testClientExceptionOpenSsl() throws Exception {
+- testClientException(SslProvider.OPENSSL);
+- }
+-
+- @Test(timeout = 10000L)
+- public void testClientExceptionOpenSslRefCnt() throws Exception {
+- testClientException(SslProvider.OPENSSL_REFCNT);
+- }
+-
+- /**
+- * Testing what happens if the {@link OcspClientCallback} throws an {@link Exception}.
+- *
+- * The exception should bubble up on the client side and the connection should get closed.
+- */
+- private void testClientException(SslProvider sslProvider) throws Exception {
+- final AtomicReference<Throwable> causeRef = new AtomicReference<Throwable>();
+- final CountDownLatch latch = new CountDownLatch(1);
+-
+- ChannelInboundHandlerAdapter clientHandler = new ChannelInboundHandlerAdapter() {
+- @Override
+- public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {
+- try {
+- causeRef.set(cause);
+- } finally {
+- latch.countDown();
+- }
+- }
+- };
+-
+- final OcspTestException clientException = new OcspTestException("testClientException");
+- byte[] response = newOcspResponse();
+- OcspClientCallback callback = new OcspClientCallback() {
+- @Override
+- public boolean verify(byte[] response) throws Exception {
+- throw clientException;
+- }
+- };
+-
+- handshake(sslProvider, latch, null, response, clientHandler, callback);
+-
+- assertSame(clientException, causeRef.get());
+- }
+-
+- private static void handshake(SslProvider sslProvider, CountDownLatch latch, ChannelHandler serverHandler,
+- byte[] response, ChannelHandler clientHandler, OcspClientCallback callback) throws Exception {
+-
+- SelfSignedCertificate ssc = new SelfSignedCertificate();
+- try {
+- SslContext serverSslContext = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
+- .sslProvider(sslProvider)
+- .enableOcsp(true)
+- .build();
+-
+- try {
+- SslContext clientSslContext = SslContextBuilder.forClient()
+- .sslProvider(sslProvider)
+- .enableOcsp(true)
+- .trustManager(InsecureTrustManagerFactory.INSTANCE)
+- .build();
+-
+- try {
+- EventLoopGroup group = new DefaultEventLoopGroup();
+- try {
+- LocalAddress address = new LocalAddress("handshake-" + Math.random());
+- Channel server = newServer(group, address, serverSslContext, response, serverHandler);
+- Channel client = newClient(group, address, clientSslContext, callback, clientHandler);
+- try {
+- assertTrue("Something went wrong.", latch.await(10L, TimeUnit.SECONDS));
+- } finally {
+- client.close().syncUninterruptibly();
+- server.close().syncUninterruptibly();
+- }
+- } finally {
+- group.shutdownGracefully(1L, 1L, TimeUnit.SECONDS);
+- }
+- } finally {
+- ReferenceCountUtil.release(clientSslContext);
+- }
+- } finally {
+- ReferenceCountUtil.release(serverSslContext);
+- }
+- } finally {
+- ssc.delete();
+- }
+- }
+-
+- private static Channel newServer(EventLoopGroup group, SocketAddress address,
+- SslContext context, byte[] response, ChannelHandler handler) {
+-
+- ServerBootstrap bootstrap = new ServerBootstrap()
+- .channel(LocalServerChannel.class)
+- .group(group)
+- .childHandler(newServerHandler(context, response, handler));
+-
+- return bootstrap.bind(address)
+- .syncUninterruptibly()
+- .channel();
+- }
+-
+- private static Channel newClient(EventLoopGroup group, SocketAddress address,
+- SslContext context, OcspClientCallback callback, ChannelHandler handler) {
+-
+- Bootstrap bootstrap = new Bootstrap()
+- .channel(LocalChannel.class)
+- .group(group)
+- .handler(newClientHandler(context, callback, handler));
+-
+- return bootstrap.connect(address)
+- .syncUninterruptibly()
+- .channel();
+- }
+-
+- private static ChannelHandler newServerHandler(final SslContext context,
+- final byte[] response, final ChannelHandler handler) {
+- return new ChannelInitializer<Channel>() {
+- @Override
+- protected void initChannel(Channel ch) throws Exception {
+- ChannelPipeline pipeline = ch.pipeline();
+- SslHandler sslHandler = context.newHandler(ch.alloc());
+-
+- if (response != null) {
+- ReferenceCountedOpenSslEngine engine = (ReferenceCountedOpenSslEngine) sslHandler.engine();
+- engine.setOcspResponse(response);
+- }
+-
+- pipeline.addLast(sslHandler);
+-
+- if (handler != null) {
+- pipeline.addLast(handler);
+- }
+- }
+- };
+- }
+-
+- private static ChannelHandler newClientHandler(final SslContext context,
+- final OcspClientCallback callback, final ChannelHandler handler) {
+- return new ChannelInitializer<Channel>() {
+- @Override
+- protected void initChannel(Channel ch) throws Exception {
+- ChannelPipeline pipeline = ch.pipeline();
+-
+- SslHandler sslHandler = context.newHandler(ch.alloc());
+- ReferenceCountedOpenSslEngine engine = (ReferenceCountedOpenSslEngine) sslHandler.engine();
+-
+- pipeline.addLast(sslHandler);
+- pipeline.addLast(new OcspClientCallbackHandler(engine, callback));
+-
+- if (handler != null) {
+- pipeline.addLast(handler);
+- }
+- }
+- };
+- }
+-
+- private static byte[] newOcspResponse() {
+- // Assume we got the OCSP staple from somewhere. Using a bogus byte[]
+- // in the test because getting a true staple from the CA is quite involved.
+- // It requires HttpCodec and Bouncycastle and the test may be very unreliable
+- // because the OCSP responder servers are basically being DDoS'd by the
+- // Internet.
+-
+- return "I am a bogus OCSP staple. OpenSSL does not care about the format of the byte[]!"
+- .getBytes(CharsetUtil.US_ASCII);
+- }
+-
+- private interface OcspClientCallback {
+- boolean verify(byte[] staple) throws Exception;
+- }
+-
+- private static final class TestClientOcspContext implements OcspClientCallback {
+-
+- private final CountDownLatch latch = new CountDownLatch(1);
+- private final boolean valid;
+-
+- private volatile byte[] response;
+-
+- public TestClientOcspContext(boolean valid) {
+- this.valid = valid;
+- }
+-
+- public byte[] response() throws InterruptedException, TimeoutException {
+- assertTrue(latch.await(10L, TimeUnit.SECONDS));
+- return response;
+- }
+-
+- @Override
+- public boolean verify(byte[] response) throws Exception {
+- this.response = response;
+- latch.countDown();
+-
+- return valid;
+- }
+- }
+-
+- private static final class OcspClientCallbackHandler extends OcspClientHandler {
+-
+- private final OcspClientCallback callback;
+-
+- public OcspClientCallbackHandler(ReferenceCountedOpenSslEngine engine, OcspClientCallback callback) {
+- super(engine);
+- this.callback = callback;
+- }
+-
+- @Override
+- protected boolean verify(ChannelHandlerContext ctx, ReferenceCountedOpenSslEngine engine) throws Exception {
+- byte[] response = engine.getOcspResponse();
+- return callback.verify(response);
+- }
+- }
+-
+- private static final class OcspTestException extends IllegalStateException {
+- public OcspTestException(String message) {
+- super(message);
+- }
+- }
+-}
+--
+2.9.4
+
diff --git a/0002-Remove-NPN-ALPN.patch b/0002-Remove-NPN-ALPN.patch
new file mode 100644
index 0000000..73749cc
--- /dev/null
+++ b/0002-Remove-NPN-ALPN.patch
@@ -0,0 +1,884 @@
+From cfb6f2a620525a94d6964c287792f2645bff4f4a Mon Sep 17 00:00:00 2001
+From: Severin Gehwolf <sgehwolf(a)redhat.com>
+Date: Thu, 20 Oct 2016 16:18:10 +0200
+Subject: [PATCH 2/2] Remove NPN ALPN
+
+---
+ .../ssl/JdkAlpnApplicationProtocolNegotiator.java | 120 ---------
+ .../io/netty/handler/ssl/JdkAlpnSslEngine.java | 124 ----------
+ .../ssl/JdkNpnApplicationProtocolNegotiator.java | 120 ---------
+ .../java/io/netty/handler/ssl/JdkNpnSslEngine.java | 122 ---------
+ .../java/io/netty/handler/ssl/JdkSslContext.java | 44 ----
+ .../io/netty/handler/ssl/JdkSslEngineTest.java | 273 ---------------------
+ 6 files changed, 803 deletions(-)
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JdkAlpnSslEngine.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JdkNpnSslEngine.java
+
+diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
+deleted file mode 100644
+index aaaf5b7..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
++++ /dev/null
+@@ -1,120 +0,0 @@
+-/*
+- * Copyright 2014 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import javax.net.ssl.SSLEngine;
+-
+-/**
+- * The {@link JdkApplicationProtocolNegotiator} to use if you need ALPN and are using {@link SslProvider#JDK}.
+- */
+-public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator {
+- private static final SslEngineWrapperFactory ALPN_WRAPPER = new SslEngineWrapperFactory() {
+- {
+- if (!JdkAlpnSslEngine.isAvailable()) {
+- throw new RuntimeException("ALPN unsupported. Is your classpatch configured correctly?"
+- + " See http://www.eclipse.org/jetty/documentation/current/alpn-chapter.html#alpn...");
+- }
+- }
+-
+- @Override
+- public SSLEngine wrapSslEngine(SSLEngine engine, JdkApplicationProtocolNegotiator applicationNegotiator,
+- boolean isServer) {
+- return new JdkAlpnSslEngine(engine, applicationNegotiator, isServer);
+- }
+- };
+-
+- /**
+- * Create a new instance.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkAlpnApplicationProtocolNegotiator(Iterable<String> protocols) {
+- this(false, protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkAlpnApplicationProtocolNegotiator(String... protocols) {
+- this(false, protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkAlpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, Iterable<String> protocols) {
+- this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkAlpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, String... protocols) {
+- this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected.
+- * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkAlpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols,
+- boolean serverFailIfNoCommonProtocols, Iterable<String> protocols) {
+- this(serverFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY,
+- clientFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY,
+- protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected.
+- * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkAlpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols,
+- boolean serverFailIfNoCommonProtocols, String... protocols) {
+- this(serverFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY,
+- clientFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY,
+- protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param selectorFactory The factory which provides classes responsible for selecting the protocol.
+- * @param listenerFactory The factory which provides to be notified of which protocol was selected.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkAlpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory,
+- ProtocolSelectionListenerFactory listenerFactory, Iterable<String> protocols) {
+- super(ALPN_WRAPPER, selectorFactory, listenerFactory, protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param selectorFactory The factory which provides classes responsible for selecting the protocol.
+- * @param listenerFactory The factory which provides to be notified of which protocol was selected.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkAlpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory,
+- ProtocolSelectionListenerFactory listenerFactory, String... protocols) {
+- super(ALPN_WRAPPER, selectorFactory, listenerFactory, protocols);
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnSslEngine.java
+deleted file mode 100644
+index bdf3aca..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnSslEngine.java
++++ /dev/null
+@@ -1,124 +0,0 @@
+-/*
+- * Copyright 2014 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import static io.netty.util.internal.ObjectUtil.checkNotNull;
+-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectionListener;
+-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector;
+-
+-import java.util.LinkedHashSet;
+-import java.util.List;
+-
+-import javax.net.ssl.SSLEngine;
+-import javax.net.ssl.SSLException;
+-import javax.net.ssl.SSLHandshakeException;
+-
+-import org.eclipse.jetty.alpn.ALPN;
+-import org.eclipse.jetty.alpn.ALPN.ClientProvider;
+-import org.eclipse.jetty.alpn.ALPN.ServerProvider;
+-
+-final class JdkAlpnSslEngine extends JdkSslEngine {
+- private static boolean available;
+-
+- static boolean isAvailable() {
+- updateAvailability();
+- return available;
+- }
+-
+- private static void updateAvailability() {
+- if (available) {
+- return;
+- }
+-
+- try {
+- // Always use bootstrap class loader.
+- Class.forName("sun.security.ssl.ALPNExtension", true, null);
+- available = true;
+- } catch (Exception ignore) {
+- // alpn-boot was not loaded.
+- }
+- }
+-
+- JdkAlpnSslEngine(SSLEngine engine, final JdkApplicationProtocolNegotiator applicationNegotiator, boolean server) {
+- super(engine);
+- checkNotNull(applicationNegotiator, "applicationNegotiator");
+-
+- if (server) {
+- final ProtocolSelector protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory()
+- .newSelector(this, new LinkedHashSet<String>(applicationNegotiator.protocols())),
+- "protocolSelector");
+- ALPN.put(engine, new ServerProvider() {
+- @Override
+- public String select(List<String> protocols) throws SSLException {
+- try {
+- return protocolSelector.select(protocols);
+- } catch (SSLHandshakeException e) {
+- throw e;
+- } catch (Throwable t) {
+- SSLHandshakeException e = new SSLHandshakeException(t.getMessage());
+- e.initCause(t);
+- throw e;
+- }
+- }
+-
+- @Override
+- public void unsupported() {
+- protocolSelector.unsupported();
+- }
+- });
+- } else {
+- final ProtocolSelectionListener protocolListener = checkNotNull(applicationNegotiator
+- .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()),
+- "protocolListener");
+- ALPN.put(engine, new ClientProvider() {
+- @Override
+- public List<String> protocols() {
+- return applicationNegotiator.protocols();
+- }
+-
+- @Override
+- public void selected(String protocol) throws SSLException {
+- try {
+- protocolListener.selected(protocol);
+- } catch (SSLHandshakeException e) {
+- throw e;
+- } catch (Throwable t) {
+- SSLHandshakeException e = new SSLHandshakeException(t.getMessage());
+- e.initCause(t);
+- throw e;
+- }
+- }
+-
+- @Override
+- public void unsupported() {
+- protocolListener.unsupported();
+- }
+- });
+- }
+- }
+-
+- @Override
+- public void closeInbound() throws SSLException {
+- ALPN.remove(getWrappedEngine());
+- super.closeInbound();
+- }
+-
+- @Override
+- public void closeOutbound() {
+- ALPN.remove(getWrappedEngine());
+- super.closeOutbound();
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java
+deleted file mode 100644
+index c893f05..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java
++++ /dev/null
+@@ -1,120 +0,0 @@
+-/*
+- * Copyright 2014 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import javax.net.ssl.SSLEngine;
+-
+-/**
+- * The {@link JdkApplicationProtocolNegotiator} to use if you need NPN and are using {@link SslProvider#JDK}.
+- */
+-public final class JdkNpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator {
+- private static final SslEngineWrapperFactory NPN_WRAPPER = new SslEngineWrapperFactory() {
+- {
+- if (!JdkNpnSslEngine.isAvailable()) {
+- throw new RuntimeException("NPN unsupported. Is your classpatch configured correctly?"
+- + " See http://www.eclipse.org/jetty/documentation/current/npn-chapter.html#npn-s...");
+- }
+- }
+-
+- @Override
+- public SSLEngine wrapSslEngine(SSLEngine engine, JdkApplicationProtocolNegotiator applicationNegotiator,
+- boolean isServer) {
+- return new JdkNpnSslEngine(engine, applicationNegotiator, isServer);
+- }
+- };
+-
+- /**
+- * Create a new instance.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkNpnApplicationProtocolNegotiator(Iterable<String> protocols) {
+- this(false, protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkNpnApplicationProtocolNegotiator(String... protocols) {
+- this(false, protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkNpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, Iterable<String> protocols) {
+- this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkNpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, String... protocols) {
+- this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected.
+- * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkNpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols,
+- boolean serverFailIfNoCommonProtocols, Iterable<String> protocols) {
+- this(clientFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY,
+- serverFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY,
+- protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected.
+- * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkNpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols,
+- boolean serverFailIfNoCommonProtocols, String... protocols) {
+- this(clientFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY,
+- serverFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY,
+- protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param selectorFactory The factory which provides classes responsible for selecting the protocol.
+- * @param listenerFactory The factory which provides to be notified of which protocol was selected.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkNpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory,
+- ProtocolSelectionListenerFactory listenerFactory, Iterable<String> protocols) {
+- super(NPN_WRAPPER, selectorFactory, listenerFactory, protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param selectorFactory The factory which provides classes responsible for selecting the protocol.
+- * @param listenerFactory The factory which provides to be notified of which protocol was selected.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkNpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory,
+- ProtocolSelectionListenerFactory listenerFactory, String... protocols) {
+- super(NPN_WRAPPER, selectorFactory, listenerFactory, protocols);
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkNpnSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/JdkNpnSslEngine.java
+deleted file mode 100644
+index 422727a..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/JdkNpnSslEngine.java
++++ /dev/null
+@@ -1,122 +0,0 @@
+-/*
+- * Copyright 2014 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-
+-package io.netty.handler.ssl;
+-
+-import static io.netty.util.internal.ObjectUtil.checkNotNull;
+-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectionListener;
+-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector;
+-import io.netty.util.internal.PlatformDependent;
+-
+-import java.util.LinkedHashSet;
+-import java.util.List;
+-
+-import javax.net.ssl.SSLEngine;
+-import javax.net.ssl.SSLException;
+-
+-import org.eclipse.jetty.npn.NextProtoNego;
+-import org.eclipse.jetty.npn.NextProtoNego.ClientProvider;
+-import org.eclipse.jetty.npn.NextProtoNego.ServerProvider;
+-
+-final class JdkNpnSslEngine extends JdkSslEngine {
+- private static boolean available;
+-
+- static boolean isAvailable() {
+- updateAvailability();
+- return available;
+- }
+-
+- private static void updateAvailability() {
+- if (available) {
+- return;
+- }
+- try {
+- // Always use bootstrap class loader.
+- Class.forName("sun.security.ssl.NextProtoNegoExtension", true, null);
+- available = true;
+- } catch (Exception ignore) {
+- // npn-boot was not loaded.
+- }
+- }
+-
+- JdkNpnSslEngine(SSLEngine engine, final JdkApplicationProtocolNegotiator applicationNegotiator, boolean server) {
+- super(engine);
+- checkNotNull(applicationNegotiator, "applicationNegotiator");
+-
+- if (server) {
+- final ProtocolSelectionListener protocolListener = checkNotNull(applicationNegotiator
+- .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()),
+- "protocolListener");
+- NextProtoNego.put(engine, new ServerProvider() {
+- @Override
+- public void unsupported() {
+- protocolListener.unsupported();
+- }
+-
+- @Override
+- public List<String> protocols() {
+- return applicationNegotiator.protocols();
+- }
+-
+- @Override
+- public void protocolSelected(String protocol) {
+- try {
+- protocolListener.selected(protocol);
+- } catch (Throwable t) {
+- PlatformDependent.throwException(t);
+- }
+- }
+- });
+- } else {
+- final ProtocolSelector protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory()
+- .newSelector(this, new LinkedHashSet<String>(applicationNegotiator.protocols())),
+- "protocolSelector");
+- NextProtoNego.put(engine, new ClientProvider() {
+- @Override
+- public boolean supports() {
+- return true;
+- }
+-
+- @Override
+- public void unsupported() {
+- protocolSelector.unsupported();
+- }
+-
+- @Override
+- public String selectProtocol(List<String> protocols) {
+- try {
+- return protocolSelector.select(protocols);
+- } catch (Throwable t) {
+- PlatformDependent.throwException(t);
+- return null;
+- }
+- }
+- });
+- }
+- }
+-
+- @Override
+- public void closeInbound() throws SSLException {
+- NextProtoNego.remove(getWrappedEngine());
+- super.closeInbound();
+- }
+-
+- @Override
+- public void closeOutbound() {
+- NextProtoNego.remove(getWrappedEngine());
+- super.closeOutbound();
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java b/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
+index 0a120eb..cdad232 100644
+--- a/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
++++ b/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
+@@ -270,50 +270,6 @@ public class JdkSslContext extends SslContext {
+ switch(config.protocol()) {
+ case NONE:
+ return JdkDefaultApplicationProtocolNegotiator.INSTANCE;
+- case ALPN:
+- if (isServer) {
+- switch(config.selectorFailureBehavior()) {
+- case FATAL_ALERT:
+- return new JdkAlpnApplicationProtocolNegotiator(true, config.supportedProtocols());
+- case NO_ADVERTISE:
+- return new JdkAlpnApplicationProtocolNegotiator(false, config.supportedProtocols());
+- default:
+- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
+- .append(config.selectorFailureBehavior()).append(" failure behavior").toString());
+- }
+- } else {
+- switch(config.selectedListenerFailureBehavior()) {
+- case ACCEPT:
+- return new JdkAlpnApplicationProtocolNegotiator(false, config.supportedProtocols());
+- case FATAL_ALERT:
+- return new JdkAlpnApplicationProtocolNegotiator(true, config.supportedProtocols());
+- default:
+- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
+- .append(config.selectedListenerFailureBehavior()).append(" failure behavior").toString());
+- }
+- }
+- case NPN:
+- if (isServer) {
+- switch(config.selectedListenerFailureBehavior()) {
+- case ACCEPT:
+- return new JdkNpnApplicationProtocolNegotiator(false, config.supportedProtocols());
+- case FATAL_ALERT:
+- return new JdkNpnApplicationProtocolNegotiator(true, config.supportedProtocols());
+- default:
+- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
+- .append(config.selectedListenerFailureBehavior()).append(" failure behavior").toString());
+- }
+- } else {
+- switch(config.selectorFailureBehavior()) {
+- case FATAL_ALERT:
+- return new JdkNpnApplicationProtocolNegotiator(true, config.supportedProtocols());
+- case NO_ADVERTISE:
+- return new JdkNpnApplicationProtocolNegotiator(false, config.supportedProtocols());
+- default:
+- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
+- .append(config.selectorFailureBehavior()).append(" failure behavior").toString());
+- }
+- }
+ default:
+ throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
+ .append(config.protocol()).append(" protocol").toString());
+diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
+index 9a57230..090f996 100644
+--- a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
++++ b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
+@@ -15,262 +15,15 @@
+ */
+ package io.netty.handler.ssl;
+
+-import io.netty.handler.ssl.ApplicationProtocolConfig.Protocol;
+-import io.netty.handler.ssl.ApplicationProtocolConfig.SelectedListenerFailureBehavior;
+-import io.netty.handler.ssl.ApplicationProtocolConfig.SelectorFailureBehavior;
+-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector;
+-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectorFactory;
+-import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
+-import io.netty.handler.ssl.util.SelfSignedCertificate;
+ import org.junit.Test;
+
+-import javax.net.ssl.SSLEngine;
+-import javax.net.ssl.SSLHandshakeException;
+-import java.util.List;
+-import java.util.Set;
+-import java.util.concurrent.TimeUnit;
+-
+-import static org.junit.Assert.assertNull;
+-import static org.junit.Assert.assertTrue;
+-import static org.junit.Assume.assumeNoException;
+-
+ public class JdkSslEngineTest extends SSLEngineTest {
+- private static final String PREFERRED_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http2";
+- private static final String FALLBACK_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http1_1";
+- private static final String APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE = "my-protocol-FOO";
+-
+- @Test
+- public void testNpn() throws Exception {
+- try {
+- // Typical code will not have to check this, but will get a initialization error on class load.
+- // Check in this test just in case we have multiple tests that just the class and we already ignored the
+- // initialization error.
+- if (!JdkNpnSslEngine.isAvailable()) {
+- throw tlsExtensionNotFound(Protocol.NPN);
+- }
+- ApplicationProtocolConfig apn = failingNegotiator(Protocol.NPN,
+- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
+- setupHandlers(apn);
+- runTest();
+- } catch (SkipTestException e) {
+- // NPN availability is dependent on the java version. If NPN is not available because of
+- // java version incompatibility don't fail the test, but instead just skip the test
+- assumeNoException(e);
+- }
+- }
+-
+- @Test
+- public void testNpnNoCompatibleProtocolsNoHandshakeFailure() throws Exception {
+- try {
+- // Typical code will not have to check this, but will get a initialization error on class load.
+- // Check in this test just in case we have multiple tests that just the class and we already ignored the
+- // initialization error.
+- if (!JdkNpnSslEngine.isAvailable()) {
+- throw tlsExtensionNotFound(Protocol.NPN);
+- }
+- ApplicationProtocolConfig clientApn = acceptingNegotiator(Protocol.NPN,
+- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
+- ApplicationProtocolConfig serverApn = acceptingNegotiator(Protocol.NPN,
+- APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
+- setupHandlers(serverApn, clientApn);
+- runTest(null);
+- } catch (SkipTestException e) {
+- // ALPN availability is dependent on the java version. If ALPN is not available because of
+- // java version incompatibility don't fail the test, but instead just skip the test
+- assumeNoException(e);
+- }
+- }
+-
+- @Test
+- public void testNpnNoCompatibleProtocolsClientHandshakeFailure() throws Exception {
+- try {
+- // Typical code will not have to check this, but will get a initialization error on class load.
+- // Check in this test just in case we have multiple tests that just the class and we already ignored the
+- // initialization error.
+- if (!JdkNpnSslEngine.isAvailable()) {
+- throw tlsExtensionNotFound(Protocol.NPN);
+- }
+- ApplicationProtocolConfig clientApn = failingNegotiator(Protocol.NPN,
+- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
+- ApplicationProtocolConfig serverApn = acceptingNegotiator(Protocol.NPN,
+- APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
+- setupHandlers(serverApn, clientApn);
+- assertTrue(clientLatch.await(2, TimeUnit.SECONDS));
+- assertTrue(clientException instanceof SSLHandshakeException);
+- } catch (SkipTestException e) {
+- // NPN availability is dependent on the java version. If NPN is not available because of
+- // java version incompatibility don't fail the test, but instead just skip the test
+- assumeNoException(e);
+- }
+- }
+-
+- @Test
+- public void testNpnNoCompatibleProtocolsServerHandshakeFailure() throws Exception {
+- try {
+- // Typical code will not have to check this, but will get a initialization error on class load.
+- // Check in this test just in case we have multiple tests that just the class and we already ignored the
+- // initialization error.
+- if (!JdkNpnSslEngine.isAvailable()) {
+- throw tlsExtensionNotFound(Protocol.NPN);
+- }
+- ApplicationProtocolConfig clientApn = acceptingNegotiator(Protocol.NPN,
+- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
+- ApplicationProtocolConfig serverApn = failingNegotiator(Protocol.NPN,
+- APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
+- setupHandlers(serverApn, clientApn);
+- assertTrue(serverLatch.await(2, TimeUnit.SECONDS));
+- assertTrue(serverException instanceof SSLHandshakeException);
+- } catch (SkipTestException e) {
+- // NPN availability is dependent on the java version. If NPN is not available because of
+- // java version incompatibility don't fail the test, but instead just skip the test
+- assumeNoException(e);
+- }
+- }
+-
+- @Test
+- public void testAlpn() throws Exception {
+- try {
+- // Typical code will not have to check this, but will get a initialization error on class load.
+- // Check in this test just in case we have multiple tests that just the class and we already ignored the
+- // initialization error.
+- if (!JdkAlpnSslEngine.isAvailable()) {
+- throw tlsExtensionNotFound(Protocol.ALPN);
+- }
+- ApplicationProtocolConfig apn = failingNegotiator(Protocol.ALPN,
+- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
+- setupHandlers(apn);
+- runTest();
+- } catch (SkipTestException e) {
+- // ALPN availability is dependent on the java version. If ALPN is not available because of
+- // java version incompatibility don't fail the test, but instead just skip the test
+- assumeNoException(e);
+- }
+- }
+-
+- @Test
+- public void testAlpnNoCompatibleProtocolsNoHandshakeFailure() throws Exception {
+- try {
+- // Typical code will not have to check this, but will get a initialization error on class load.
+- // Check in this test just in case we have multiple tests that just the class and we already ignored the
+- // initialization error.
+- if (!JdkAlpnSslEngine.isAvailable()) {
+- throw tlsExtensionNotFound(Protocol.ALPN);
+- }
+- ApplicationProtocolConfig clientApn = acceptingNegotiator(Protocol.ALPN,
+- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
+- ApplicationProtocolConfig serverApn = acceptingNegotiator(Protocol.ALPN,
+- APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
+- setupHandlers(serverApn, clientApn);
+- runTest(null);
+- } catch (SkipTestException e) {
+- // ALPN availability is dependent on the java version. If ALPN is not available because of
+- // java version incompatibility don't fail the test, but instead just skip the test
+- assumeNoException(e);
+- }
+- }
+-
+- @Test
+- public void testAlpnNoCompatibleProtocolsServerHandshakeFailure() throws Exception {
+- try {
+- // Typical code will not have to check this, but will get a initialization error on class load.
+- // Check in this test just in case we have multiple tests that just the class and we already ignored the
+- // initialization error.
+- if (!JdkAlpnSslEngine.isAvailable()) {
+- throw tlsExtensionNotFound(Protocol.ALPN);
+- }
+- ApplicationProtocolConfig clientApn = acceptingNegotiator(Protocol.ALPN,
+- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
+- ApplicationProtocolConfig serverApn = failingNegotiator(Protocol.ALPN,
+- APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
+- setupHandlers(serverApn, clientApn);
+- assertTrue(serverLatch.await(2, TimeUnit.SECONDS));
+- assertTrue(serverException instanceof SSLHandshakeException);
+- } catch (SkipTestException e) {
+- // ALPN availability is dependent on the java version. If ALPN is not available because of
+- // java version incompatibility don't fail the test, but instead just skip the test
+- assumeNoException(e);
+- }
+- }
+-
+- @Test
+- public void testAlpnCompatibleProtocolsDifferentClientOrder() throws Exception {
+- try {
+- // Typical code will not have to check this, but will get a initialization error on class load.
+- // Check in this test just in case we have multiple tests that just the class and we already ignored the
+- // initialization error.
+- if (!JdkAlpnSslEngine.isAvailable()) {
+- throw tlsExtensionNotFound(Protocol.ALPN);
+- }
+- // Even the preferred application protocol appears second in the client's list, it will be picked
+- // because it's the first one on server's list.
+- ApplicationProtocolConfig clientApn = acceptingNegotiator(Protocol.ALPN,
+- FALLBACK_APPLICATION_LEVEL_PROTOCOL, PREFERRED_APPLICATION_LEVEL_PROTOCOL);
+- ApplicationProtocolConfig serverApn = failingNegotiator(Protocol.ALPN,
+- PREFERRED_APPLICATION_LEVEL_PROTOCOL, FALLBACK_APPLICATION_LEVEL_PROTOCOL);
+- setupHandlers(serverApn, clientApn);
+- assertNull(serverException);
+- runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
+- } catch (SkipTestException e) {
+- // ALPN availability is dependent on the java version. If ALPN is not available because of
+- // java version incompatibility don't fail the test, but instead just skip the test
+- assumeNoException(e);
+- }
+- }
+-
+- @Test
+- public void testAlpnNoCompatibleProtocolsClientHandshakeFailure() throws Exception {
+- try {
+- // Typical code will not have to check this, but will get a initialization error on class load.
+- // Check in this test just in case we have multiple tests that just the class and we already ignored the
+- // initialization error.
+- if (!JdkAlpnSslEngine.isAvailable()) {
+- throw tlsExtensionNotFound(Protocol.ALPN);
+- }
+- SelfSignedCertificate ssc = new SelfSignedCertificate();
+- JdkApplicationProtocolNegotiator clientApn = new JdkAlpnApplicationProtocolNegotiator(true, true,
+- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
+- JdkApplicationProtocolNegotiator serverApn = new JdkAlpnApplicationProtocolNegotiator(
+- new ProtocolSelectorFactory() {
+- @Override
+- public ProtocolSelector newSelector(SSLEngine engine, Set<String> supportedProtocols) {
+- return new ProtocolSelector() {
+- @Override
+- public void unsupported() {
+- }
+-
+- @Override
+- public String select(List<String> protocols) {
+- return APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE;
+- }
+- };
+- }
+- }, JdkBaseApplicationProtocolNegotiator.FAIL_SELECTION_LISTENER_FACTORY,
+- APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
+-
+- SslContext serverSslCtx = new JdkSslServerContext(ssc.certificate(), ssc.privateKey(), null, null,
+- IdentityCipherSuiteFilter.INSTANCE, serverApn, 0, 0);
+- SslContext clientSslCtx = new JdkSslClientContext(null, InsecureTrustManagerFactory.INSTANCE, null,
+- IdentityCipherSuiteFilter.INSTANCE, clientApn, 0, 0);
+-
+- setupHandlers(serverSslCtx, clientSslCtx);
+- assertTrue(clientLatch.await(2, TimeUnit.SECONDS));
+- assertTrue(clientException instanceof SSLHandshakeException);
+- } catch (SkipTestException e) {
+- // ALPN availability is dependent on the java version. If ALPN is not available because of
+- // java version incompatibility don't fail the test, but instead just skip the test
+- assumeNoException(e);
+- }
+- }
+
+ @Test
+ public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
+ testEnablingAnAlreadyDisabledSslProtocol(new String[]{}, new String[]{PROTOCOL_TLS_V1_2});
+ }
+
+- private void runTest() throws Exception {
+- runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
+- }
+-
+ @Override
+ protected SslProvider sslClientProvider() {
+ return SslProvider.JDK;
+@@ -280,30 +33,4 @@ public class JdkSslEngineTest extends SSLEngineTest {
+ protected SslProvider sslServerProvider() {
+ return SslProvider.JDK;
+ }
+-
+- private ApplicationProtocolConfig failingNegotiator(Protocol protocol,
+- String... supportedProtocols) {
+- return new ApplicationProtocolConfig(protocol,
+- SelectorFailureBehavior.FATAL_ALERT,
+- SelectedListenerFailureBehavior.FATAL_ALERT,
+- supportedProtocols);
+- }
+-
+- private ApplicationProtocolConfig acceptingNegotiator(Protocol protocol,
+- String... supportedProtocols) {
+- return new ApplicationProtocolConfig(protocol,
+- SelectorFailureBehavior.NO_ADVERTISE,
+- SelectedListenerFailureBehavior.ACCEPT,
+- supportedProtocols);
+- }
+-
+- private SkipTestException tlsExtensionNotFound(Protocol protocol) {
+- throw new SkipTestException(protocol + " not on classpath");
+- }
+-
+- private static final class SkipTestException extends RuntimeException {
+- public SkipTestException(String message) {
+- super(message);
+- }
+- }
+ }
+--
+2.7.4
+
diff --git a/0002-Remove-NPN.patch b/0002-Remove-NPN.patch
new file mode 100644
index 0000000..77a340a
--- /dev/null
+++ b/0002-Remove-NPN.patch
@@ -0,0 +1,353 @@
+From f7b8e27b5f55c4a21cf84fb56a616b8bfd4af8da Mon Sep 17 00:00:00 2001
+From: Michael Simacek <msimacek(a)redhat.com>
+Date: Fri, 7 Jul 2017 16:07:23 +0200
+Subject: [PATCH 2/3] Remove NPN
+
+---
+ handler/pom.xml | 5 -
+ .../ssl/JdkNpnApplicationProtocolNegotiator.java | 120 --------------------
+ .../java/io/netty/handler/ssl/JdkSslContext.java | 30 -----
+ .../io/netty/handler/ssl/JettyNpnSslEngine.java | 122 ---------------------
+ .../io/netty/handler/ssl/JdkSslEngineTest.java | 2 +-
+ 5 files changed, 1 insertion(+), 278 deletions(-)
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java
+
+diff --git a/handler/pom.xml b/handler/pom.xml
+index d0ed1bc..52e63ca 100644
+--- a/handler/pom.xml
++++ b/handler/pom.xml
+@@ -55,11 +55,6 @@
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+- <groupId>org.eclipse.jetty.npn</groupId>
+- <artifactId>npn-api</artifactId>
+- <optional>true</optional>
+- </dependency>
+- <dependency>
+ <groupId>org.eclipse.jetty.alpn</groupId>
+ <artifactId>alpn-api</artifactId>
+ <optional>true</optional>
+diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java
+deleted file mode 100644
+index 06b29b7..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java
++++ /dev/null
+@@ -1,120 +0,0 @@
+-/*
+- * Copyright 2014 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import javax.net.ssl.SSLEngine;
+-
+-/**
+- * The {@link JdkApplicationProtocolNegotiator} to use if you need NPN and are using {@link SslProvider#JDK}.
+- */
+-public final class JdkNpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator {
+- private static final SslEngineWrapperFactory NPN_WRAPPER = new SslEngineWrapperFactory() {
+- {
+- if (!JettyNpnSslEngine.isAvailable()) {
+- throw new RuntimeException("NPN unsupported. Is your classpath configured correctly?"
+- + " See https://wiki.eclipse.org/Jetty/Feature/NPN");
+- }
+- }
+-
+- @Override
+- public SSLEngine wrapSslEngine(SSLEngine engine, JdkApplicationProtocolNegotiator applicationNegotiator,
+- boolean isServer) {
+- return new JettyNpnSslEngine(engine, applicationNegotiator, isServer);
+- }
+- };
+-
+- /**
+- * Create a new instance.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkNpnApplicationProtocolNegotiator(Iterable<String> protocols) {
+- this(false, protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkNpnApplicationProtocolNegotiator(String... protocols) {
+- this(false, protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkNpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, Iterable<String> protocols) {
+- this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkNpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, String... protocols) {
+- this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected.
+- * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkNpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols,
+- boolean serverFailIfNoCommonProtocols, Iterable<String> protocols) {
+- this(clientFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY,
+- serverFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY,
+- protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected.
+- * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkNpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols,
+- boolean serverFailIfNoCommonProtocols, String... protocols) {
+- this(clientFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY,
+- serverFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY,
+- protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param selectorFactory The factory which provides classes responsible for selecting the protocol.
+- * @param listenerFactory The factory which provides to be notified of which protocol was selected.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkNpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory,
+- ProtocolSelectionListenerFactory listenerFactory, Iterable<String> protocols) {
+- super(NPN_WRAPPER, selectorFactory, listenerFactory, protocols);
+- }
+-
+- /**
+- * Create a new instance.
+- * @param selectorFactory The factory which provides classes responsible for selecting the protocol.
+- * @param listenerFactory The factory which provides to be notified of which protocol was selected.
+- * @param protocols The order of iteration determines the preference of support for protocols.
+- */
+- public JdkNpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory,
+- ProtocolSelectionListenerFactory listenerFactory, String... protocols) {
+- super(NPN_WRAPPER, selectorFactory, listenerFactory, protocols);
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java b/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
+index 0ad6639..d5b86ff 100644
+--- a/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
++++ b/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
+@@ -288,47 +288,17 @@ public class JdkSslContext extends SslContext {
+ case ALPN:
+ if (isServer) {
+ switch(config.selectorFailureBehavior()) {
+- case FATAL_ALERT:
+- return new JdkAlpnApplicationProtocolNegotiator(true, config.supportedProtocols());
+- case NO_ADVERTISE:
+- return new JdkAlpnApplicationProtocolNegotiator(false, config.supportedProtocols());
+ default:
+ throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
+ .append(config.selectorFailureBehavior()).append(" failure behavior").toString());
+ }
+ } else {
+ switch(config.selectedListenerFailureBehavior()) {
+- case ACCEPT:
+- return new JdkAlpnApplicationProtocolNegotiator(false, config.supportedProtocols());
+- case FATAL_ALERT:
+- return new JdkAlpnApplicationProtocolNegotiator(true, config.supportedProtocols());
+ default:
+ throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
+ .append(config.selectedListenerFailureBehavior()).append(" failure behavior").toString());
+ }
+ }
+- case NPN:
+- if (isServer) {
+- switch(config.selectedListenerFailureBehavior()) {
+- case ACCEPT:
+- return new JdkNpnApplicationProtocolNegotiator(false, config.supportedProtocols());
+- case FATAL_ALERT:
+- return new JdkNpnApplicationProtocolNegotiator(true, config.supportedProtocols());
+- default:
+- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
+- .append(config.selectedListenerFailureBehavior()).append(" failure behavior").toString());
+- }
+- } else {
+- switch(config.selectorFailureBehavior()) {
+- case FATAL_ALERT:
+- return new JdkNpnApplicationProtocolNegotiator(true, config.supportedProtocols());
+- case NO_ADVERTISE:
+- return new JdkNpnApplicationProtocolNegotiator(false, config.supportedProtocols());
+- default:
+- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
+- .append(config.selectorFailureBehavior()).append(" failure behavior").toString());
+- }
+- }
+ default:
+ throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
+ .append(config.protocol()).append(" protocol").toString());
+diff --git a/handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java
+deleted file mode 100644
+index 77e7366..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java
++++ /dev/null
+@@ -1,122 +0,0 @@
+-/*
+- * Copyright 2014 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-
+-package io.netty.handler.ssl;
+-
+-import static io.netty.util.internal.ObjectUtil.checkNotNull;
+-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectionListener;
+-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector;
+-import io.netty.util.internal.PlatformDependent;
+-
+-import java.util.LinkedHashSet;
+-import java.util.List;
+-
+-import javax.net.ssl.SSLEngine;
+-import javax.net.ssl.SSLException;
+-
+-import org.eclipse.jetty.npn.NextProtoNego;
+-import org.eclipse.jetty.npn.NextProtoNego.ClientProvider;
+-import org.eclipse.jetty.npn.NextProtoNego.ServerProvider;
+-
+-final class JettyNpnSslEngine extends JdkSslEngine {
+- private static boolean available;
+-
+- static boolean isAvailable() {
+- updateAvailability();
+- return available;
+- }
+-
+- private static void updateAvailability() {
+- if (available) {
+- return;
+- }
+- try {
+- // Always use bootstrap class loader.
+- Class.forName("sun.security.ssl.NextProtoNegoExtension", true, null);
+- available = true;
+- } catch (Exception ignore) {
+- // npn-boot was not loaded.
+- }
+- }
+-
+- JettyNpnSslEngine(SSLEngine engine, final JdkApplicationProtocolNegotiator applicationNegotiator, boolean server) {
+- super(engine);
+- checkNotNull(applicationNegotiator, "applicationNegotiator");
+-
+- if (server) {
+- final ProtocolSelectionListener protocolListener = checkNotNull(applicationNegotiator
+- .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()),
+- "protocolListener");
+- NextProtoNego.put(engine, new ServerProvider() {
+- @Override
+- public void unsupported() {
+- protocolListener.unsupported();
+- }
+-
+- @Override
+- public List<String> protocols() {
+- return applicationNegotiator.protocols();
+- }
+-
+- @Override
+- public void protocolSelected(String protocol) {
+- try {
+- protocolListener.selected(protocol);
+- } catch (Throwable t) {
+- PlatformDependent.throwException(t);
+- }
+- }
+- });
+- } else {
+- final ProtocolSelector protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory()
+- .newSelector(this, new LinkedHashSet<String>(applicationNegotiator.protocols())),
+- "protocolSelector");
+- NextProtoNego.put(engine, new ClientProvider() {
+- @Override
+- public boolean supports() {
+- return true;
+- }
+-
+- @Override
+- public void unsupported() {
+- protocolSelector.unsupported();
+- }
+-
+- @Override
+- public String selectProtocol(List<String> protocols) {
+- try {
+- return protocolSelector.select(protocols);
+- } catch (Throwable t) {
+- PlatformDependent.throwException(t);
+- return null;
+- }
+- }
+- });
+- }
+- }
+-
+- @Override
+- public void closeInbound() throws SSLException {
+- NextProtoNego.remove(getWrappedEngine());
+- super.closeInbound();
+- }
+-
+- @Override
+- public void closeOutbound() {
+- NextProtoNego.remove(getWrappedEngine());
+- super.closeOutbound();
+- }
+-}
+diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
+index d6cd94d..4489b16 100644
+--- a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
++++ b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
+@@ -46,7 +46,7 @@ public class JdkSslEngineTest extends SSLEngineTest {
+ NPN_DEFAULT {
+ @Override
+ boolean isAvailable() {
+- return JettyNpnSslEngine.isAvailable();
++ return false;
+ }
+
+ @Override
+--
+2.9.4
+
diff --git a/0003-Remove-conscrypt-ALPN.patch b/0003-Remove-conscrypt-ALPN.patch
new file mode 100644
index 0000000..e71ba5a
--- /dev/null
+++ b/0003-Remove-conscrypt-ALPN.patch
@@ -0,0 +1,511 @@
+From 039534e20546221c3466d1ceb663625c59edb0e7 Mon Sep 17 00:00:00 2001
+From: Michael Simacek <msimacek(a)redhat.com>
+Date: Tue, 11 Jul 2017 13:37:22 +0200
+Subject: [PATCH 3/3] Remove conscrypt ALPN
+
+---
+ handler/pom.xml | 6 -
+ .../netty/handler/ssl/ConscryptAlpnSslEngine.java | 176 ---------------------
+ .../ssl/JdkAlpnApplicationProtocolNegotiator.java | 6 +-
+ .../main/java/io/netty/handler/ssl/SslHandler.java | 35 ----
+ .../ssl/ConscryptJdkSslEngineInteropTest.java | 76 ---------
+ .../io/netty/handler/ssl/Java8SslTestUtils.java | 7 -
+ .../ssl/JdkConscryptSslEngineInteropTest.java | 86 ----------
+ .../io/netty/handler/ssl/JdkSslEngineTest.java | 2 +-
+ 8 files changed, 2 insertions(+), 392 deletions(-)
+ delete mode 100644 handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java
+ delete mode 100644 handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java
+ delete mode 100644 handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java
+
+diff --git a/handler/pom.xml b/handler/pom.xml
+index 52e63ca..69af32a 100644
+--- a/handler/pom.xml
++++ b/handler/pom.xml
+@@ -60,12 +60,6 @@
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+- <groupId>${conscrypt.groupId}</groupId>
+- <artifactId>${conscrypt.artifactId}</artifactId>
+- <classifier>${conscrypt.classifier}</classifier>
+- <optional>true</optional>
+- </dependency>
+- <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ </dependency>
+diff --git a/handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java
+deleted file mode 100644
+index 8e7a544..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java
++++ /dev/null
+@@ -1,176 +0,0 @@
+-/*
+- * Copyright 2017 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import static io.netty.handler.ssl.SslUtils.toSSLHandshakeException;
+-import static io.netty.util.internal.ObjectUtil.checkNotNull;
+-import static java.lang.Math.min;
+-
+-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectionListener;
+-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector;
+-import java.lang.reflect.Method;
+-import java.nio.ByteBuffer;
+-import java.util.Collections;
+-import java.util.LinkedHashSet;
+-import java.util.List;
+-import javax.net.ssl.SSLEngine;
+-import javax.net.ssl.SSLEngineResult;
+-import javax.net.ssl.SSLException;
+-
+-import io.netty.util.internal.PlatformDependent;
+-import org.conscrypt.Conscrypt;
+-import org.conscrypt.HandshakeListener;
+-
+-/**
+- * A {@link JdkSslEngine} that uses the Conscrypt provider or SSL with ALPN.
+- */
+-abstract class ConscryptAlpnSslEngine extends JdkSslEngine {
+- private static final Class<?> ENGINES_CLASS = getEnginesClass();
+-
+- /**
+- * Indicates whether or not conscrypt is available on the current system.
+- */
+- static boolean isAvailable() {
+- return ENGINES_CLASS != null && PlatformDependent.javaVersion() >= 8;
+- }
+-
+- static boolean isEngineSupported(SSLEngine engine) {
+- return isAvailable() && isConscryptEngine(engine, ENGINES_CLASS);
+- }
+-
+- static ConscryptAlpnSslEngine newClientEngine(SSLEngine engine,
+- JdkApplicationProtocolNegotiator applicationNegotiator) {
+- return new ClientEngine(engine, applicationNegotiator);
+- }
+-
+- static ConscryptAlpnSslEngine newServerEngine(SSLEngine engine,
+- JdkApplicationProtocolNegotiator applicationNegotiator) {
+- return new ServerEngine(engine, applicationNegotiator);
+- }
+-
+- private ConscryptAlpnSslEngine(SSLEngine engine, List<String> protocols) {
+- super(engine);
+-
+- // Set the list of supported ALPN protocols on the engine.
+- Conscrypt.Engines.setAlpnProtocols(engine, protocols.toArray(new String[protocols.size()]));
+- }
+-
+- /**
+- * Calculates the maximum size of the encrypted output buffer required to wrap the given plaintext bytes. Assumes
+- * as a worst case that there is one TLS record per buffer.
+- *
+- * @param plaintextBytes the number of plaintext bytes to be wrapped.
+- * @param numBuffers the number of buffers that the plaintext bytes are spread across.
+- * @return the maximum size of the encrypted output buffer required for the wrap operation.
+- */
+- final int calculateOutNetBufSize(int plaintextBytes, int numBuffers) {
+- // Assuming a max of one frame per component in a composite buffer.
+- long maxOverhead = (long) Conscrypt.Engines.maxSealOverhead(getWrappedEngine()) * numBuffers;
+- // TODO(nmittler): update this to use MAX_ENCRYPTED_PACKET_LENGTH instead of Integer.MAX_VALUE
+- return (int) min(Integer.MAX_VALUE, plaintextBytes + maxOverhead);
+- }
+-
+- final SSLEngineResult unwrap(ByteBuffer[] srcs, ByteBuffer[] dests) throws SSLException {
+- return Conscrypt.Engines.unwrap(getWrappedEngine(), srcs, dests);
+- }
+-
+- private static final class ClientEngine extends ConscryptAlpnSslEngine {
+- private final ProtocolSelectionListener protocolListener;
+-
+- ClientEngine(SSLEngine engine,
+- JdkApplicationProtocolNegotiator applicationNegotiator) {
+- super(engine, applicationNegotiator.protocols());
+- // Register for completion of the handshake.
+- Conscrypt.Engines.setHandshakeListener(engine, new HandshakeListener() {
+- @Override
+- public void onHandshakeFinished() throws SSLException {
+- selectProtocol();
+- }
+- });
+-
+- protocolListener = checkNotNull(applicationNegotiator
+- .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()),
+- "protocolListener");
+- }
+-
+- private void selectProtocol() throws SSLException {
+- String protocol = Conscrypt.Engines.getAlpnSelectedProtocol(getWrappedEngine());
+- try {
+- protocolListener.selected(protocol);
+- } catch (Throwable e) {
+- throw toSSLHandshakeException(e);
+- }
+- }
+- }
+-
+- private static final class ServerEngine extends ConscryptAlpnSslEngine {
+- private final ProtocolSelector protocolSelector;
+-
+- ServerEngine(SSLEngine engine, JdkApplicationProtocolNegotiator applicationNegotiator) {
+- super(engine, applicationNegotiator.protocols());
+-
+- // Register for completion of the handshake.
+- Conscrypt.Engines.setHandshakeListener(engine, new HandshakeListener() {
+- @Override
+- public void onHandshakeFinished() throws SSLException {
+- selectProtocol();
+- }
+- });
+-
+- protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory()
+- .newSelector(this,
+- new LinkedHashSet<String>(applicationNegotiator.protocols())),
+- "protocolSelector");
+- }
+-
+- private void selectProtocol() throws SSLException {
+- try {
+- String protocol = Conscrypt.Engines.getAlpnSelectedProtocol(getWrappedEngine());
+- protocolSelector.select(protocol != null ? Collections.singletonList(protocol)
+- : Collections.<String>emptyList());
+- } catch (Throwable e) {
+- throw toSSLHandshakeException(e);
+- }
+- }
+- }
+-
+- private static Class<?> getEnginesClass() {
+- try {
+- // Always use bootstrap class loader.
+- Class<?> engineClass = Class.forName("org.conscrypt.Conscrypt$Engines", true,
+- ConscryptAlpnSslEngine.class.getClassLoader());
+- // Ensure that it also has the isConscrypt method.
+- getIsConscryptMethod(engineClass);
+- return engineClass;
+- } catch (Throwable ignore) {
+- // Conscrypt was not loaded.
+- return null;
+- }
+- }
+-
+- private static boolean isConscryptEngine(SSLEngine engine, Class<?> enginesClass) {
+- try {
+- Method method = getIsConscryptMethod(enginesClass);
+- return (Boolean) method.invoke(null, engine);
+- } catch (Throwable ignore) {
+- return false;
+- }
+- }
+-
+- private static Method getIsConscryptMethod(Class<?> enginesClass) throws NoSuchMethodException {
+- return enginesClass.getMethod("isConscrypt", SSLEngine.class);
+- }
+-}
+diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
+index f82c7da..9c4ab9e 100644
+--- a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
++++ b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
+@@ -21,7 +21,7 @@ import javax.net.ssl.SSLEngine;
+ * The {@link JdkApplicationProtocolNegotiator} to use if you need ALPN and are using {@link SslProvider#JDK}.
+ */
+ public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator {
+- private static final boolean AVAILABLE = ConscryptAlpnSslEngine.isAvailable() || JettyAlpnSslEngine.isAvailable();
++ private static final boolean AVAILABLE = JettyAlpnSslEngine.isAvailable();
+ private static final SslEngineWrapperFactory ALPN_WRAPPER = AVAILABLE ? new AlpnWrapper() : new FailureWrapper();
+
+ /**
+@@ -121,10 +121,6 @@ public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicati
+ @Override
+ public SSLEngine wrapSslEngine(SSLEngine engine, JdkApplicationProtocolNegotiator applicationNegotiator,
+ boolean isServer) {
+- if (ConscryptAlpnSslEngine.isEngineSupported(engine)) {
+- return isServer ? ConscryptAlpnSslEngine.newServerEngine(engine, applicationNegotiator)
+- : ConscryptAlpnSslEngine.newClientEngine(engine, applicationNegotiator);
+- }
+ if (JettyAlpnSslEngine.isAvailable()) {
+ return isServer ? JettyAlpnSslEngine.newServerEngine(engine, applicationNegotiator)
+ : JettyAlpnSslEngine.newClientEngine(engine, applicationNegotiator);
+diff --git a/handler/src/main/java/io/netty/handler/ssl/SslHandler.java b/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
+index 05c451a..8693011 100644
+--- a/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
++++ b/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
+@@ -187,38 +187,6 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
+ new ClosedChannelException(), SslHandler.class, "channelInactive(...)");
+
+ private enum SslEngineType {
+- CONSCRYPT(true, COMPOSITE_CUMULATOR) {
+- @Override
+- SSLEngineResult unwrap(SslHandler handler, ByteBuf in, int readerIndex, int len, ByteBuf out)
+- throws SSLException {
+- int nioBufferCount = in.nioBufferCount();
+- int writerIndex = out.writerIndex();
+- final SSLEngineResult result;
+- if (nioBufferCount > 1) {
+- /*
+- * Use a special unwrap method without additional memory copies.
+- */
+- try {
+- handler.singleBuffer[0] = toByteBuffer(out, writerIndex, out.writableBytes());
+- result = ((ConscryptAlpnSslEngine) handler.engine).unwrap(
+- in.nioBuffers(readerIndex, len),
+- handler.singleBuffer);
+- } finally {
+- handler.singleBuffer[0] = null;
+- }
+- } else {
+- result = handler.engine.unwrap(toByteBuffer(in, readerIndex, len),
+- toByteBuffer(out, writerIndex, out.writableBytes()));
+- }
+- out.writerIndex(writerIndex + result.bytesProduced());
+- return result;
+- }
+-
+- @Override
+- int calculateWrapBufferCapacity(SslHandler handler, int pendingBytes, int numComponents) {
+- return ((ConscryptAlpnSslEngine) handler.engine).calculateOutNetBufSize(pendingBytes, numComponents);
+- }
+- },
+ JDK(false, MERGE_CUMULATOR) {
+ @Override
+ SSLEngineResult unwrap(SslHandler handler, ByteBuf in, int readerIndex, int len, ByteBuf out)
+@@ -237,9 +205,6 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
+ };
+
+ static SslEngineType forEngine(SSLEngine engine) {
+- if (engine instanceof ConscryptAlpnSslEngine) {
+- return CONSCRYPT;
+- }
+ return JDK;
+ }
+
+diff --git a/handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java b/handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java
+deleted file mode 100644
+index e217136..0000000
+--- a/handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java
++++ /dev/null
+@@ -1,76 +0,0 @@
+-/*
+- * Copyright 2016 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import java.security.Provider;
+-import org.junit.BeforeClass;
+-import org.junit.Ignore;
+-
+-import org.junit.runner.RunWith;
+-import org.junit.runners.Parameterized;
+-
+-import java.util.ArrayList;
+-import java.util.Collection;
+-import java.util.List;
+-
+-import static org.junit.Assume.assumeTrue;
+-
+-(a)RunWith(Parameterized.class)
+-public class ConscryptJdkSslEngineInteropTest extends SSLEngineTest {
+-
+- @Parameterized.Parameters(name = "{index}: bufferType = {0}")
+- public static Collection<Object> data() {
+- List<Object> params = new ArrayList<Object>();
+- for (BufferType type: BufferType.values()) {
+- params.add(type);
+- }
+- return params;
+- }
+-
+- public ConscryptJdkSslEngineInteropTest(BufferType type) {
+- super(type);
+- }
+-
+- @BeforeClass
+- public static void checkConscrypt() {
+- assumeTrue(ConscryptAlpnSslEngine.isAvailable());
+- }
+-
+- @Override
+- protected SslProvider sslClientProvider() {
+- return SslProvider.JDK;
+- }
+-
+- @Override
+- protected SslProvider sslServerProvider() {
+- return SslProvider.JDK;
+- }
+-
+- @Override
+- protected Provider clientSslContextProvider() {
+- return Java8SslTestUtils.conscryptProvider();
+- }
+-
+- @Ignore /* Does the JDK support a "max certificate chain length"? */
+- @Override
+- public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
+- }
+-
+- @Ignore /* Does the JDK support a "max certificate chain length"? */
+- @Override
+- public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
+- }
+-}
+diff --git a/handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java b/handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java
+index cc2e6c6..f9cf771 100644
+--- a/handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java
++++ b/handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java
+@@ -16,12 +16,9 @@
+
+ package io.netty.handler.ssl;
+
+-import org.conscrypt.OpenSSLProvider;
+-
+ import javax.net.ssl.SNIMatcher;
+ import javax.net.ssl.SNIServerName;
+ import javax.net.ssl.SSLParameters;
+-import java.security.Provider;
+ import java.util.Collections;
+
+ final class Java8SslTestUtils {
+@@ -37,8 +34,4 @@ final class Java8SslTestUtils {
+ };
+ parameters.setSNIMatchers(Collections.singleton(matcher));
+ }
+-
+- static Provider conscryptProvider() {
+- return new OpenSSLProvider();
+- }
+ }
+diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java
+deleted file mode 100644
+index 0625f7a..0000000
+--- a/handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java
++++ /dev/null
+@@ -1,86 +0,0 @@
+-/*
+- * Copyright 2017 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import java.security.Provider;
+-import org.junit.BeforeClass;
+-import org.junit.Ignore;
+-import org.junit.Test;
+-import org.junit.runner.RunWith;
+-import org.junit.runners.Parameterized;
+-
+-import java.util.ArrayList;
+-import java.util.Collection;
+-import java.util.List;
+-
+-import static org.junit.Assume.assumeTrue;
+-
+-(a)RunWith(Parameterized.class)
+-public class JdkConscryptSslEngineInteropTest extends SSLEngineTest {
+-
+- @Parameterized.Parameters(name = "{index}: bufferType = {0}")
+- public static Collection<Object> data() {
+- List<Object> params = new ArrayList<Object>();
+- for (BufferType type: BufferType.values()) {
+- params.add(type);
+- }
+- return params;
+- }
+-
+- public JdkConscryptSslEngineInteropTest(BufferType type) {
+- super(type);
+- }
+-
+- @BeforeClass
+- public static void checkConscrypt() {
+- assumeTrue(ConscryptAlpnSslEngine.isAvailable());
+- }
+-
+- @Override
+- protected SslProvider sslClientProvider() {
+- return SslProvider.JDK;
+- }
+-
+- @Override
+- protected SslProvider sslServerProvider() {
+- return SslProvider.JDK;
+- }
+-
+- @Override
+- protected Provider serverSslContextProvider() {
+- return Java8SslTestUtils.conscryptProvider();
+- }
+-
+- @Override
+- @Test
+- @Ignore("TODO: Make this work with Conscrypt")
+- public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
+- super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth();
+- }
+-
+- @Override
+- @Test
+- @Ignore("TODO: Make this work with Conscrypt")
+- public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
+- super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth();
+- }
+-
+- @Override
+- protected boolean mySetupMutualAuthServerIsValidClientException(Throwable cause) {
+- // TODO(scott): work around for a JDK issue. The exception should be SSLHandshakeException.
+- return super.mySetupMutualAuthServerIsValidClientException(cause) || causedBySSLException(cause);
+- }
+-}
+diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
+index 4489b16..e32fa0d 100644
+--- a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
++++ b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
+@@ -81,7 +81,7 @@ public class JdkSslEngineTest extends SSLEngineTest {
+
+ @Override
+ boolean isAvailable() {
+- return ConscryptAlpnSslEngine.isAvailable();
++ return false;
+ }
+
+ @Override
+--
+2.9.4
+
diff --git a/0004-Remove-jetty-ALPN.patch b/0004-Remove-jetty-ALPN.patch
new file mode 100644
index 0000000..42b5415
--- /dev/null
+++ b/0004-Remove-jetty-ALPN.patch
@@ -0,0 +1,217 @@
+diff --git a/handler/pom.xml b/handler/pom.xml
+index 69af32a..b9e5596 100644
+--- a/handler/pom.xml
++++ b/handler/pom.xml
+@@ -54,11 +54,6 @@
+ <artifactId>bcpkix-jdk15on</artifactId>
+ <optional>true</optional>
+ </dependency>
+- <dependency>
+- <groupId>org.eclipse.jetty.alpn</groupId>
+- <artifactId>alpn-api</artifactId>
+- <optional>true</optional>
+- </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
+index 9c4ab9e..5cc1ab7 100644
+--- a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
++++ b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
+@@ -21,7 +21,7 @@ import javax.net.ssl.SSLEngine;
+ * The {@link JdkApplicationProtocolNegotiator} to use if you need ALPN and are using {@link SslProvider#JDK}.
+ */
+ public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator {
+- private static final boolean AVAILABLE = JettyAlpnSslEngine.isAvailable();
++ private static final boolean AVAILABLE = false;
+ private static final SslEngineWrapperFactory ALPN_WRAPPER = AVAILABLE ? new AlpnWrapper() : new FailureWrapper();
+
+ /**
+@@ -121,10 +121,6 @@ public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicati
+ @Override
+ public SSLEngine wrapSslEngine(SSLEngine engine, JdkApplicationProtocolNegotiator applicationNegotiator,
+ boolean isServer) {
+- if (JettyAlpnSslEngine.isAvailable()) {
+- return isServer ? JettyAlpnSslEngine.newServerEngine(engine, applicationNegotiator)
+- : JettyAlpnSslEngine.newClientEngine(engine, applicationNegotiator);
+- }
+ throw new RuntimeException("Unable to wrap SSLEngine of type " + engine.getClass().getName());
+ }
+ }
+diff --git a/handler/src/main/java/io/netty/handler/ssl/JettyAlpnSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/JettyAlpnSslEngine.java
+deleted file mode 100644
+index 624719a..0000000
+--- a/handler/src/main/java/io/netty/handler/ssl/JettyAlpnSslEngine.java
++++ /dev/null
+@@ -1,158 +0,0 @@
+-/*
+- * Copyright 2014 The Netty Project
+- *
+- * The Netty Project licenses this file to you under the Apache License,
+- * version 2.0 (the "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at:
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+- * License for the specific language governing permissions and limitations
+- * under the License.
+- */
+-package io.netty.handler.ssl;
+-
+-import static io.netty.handler.ssl.SslUtils.toSSLHandshakeException;
+-import static io.netty.util.internal.ObjectUtil.checkNotNull;
+-
+-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectionListener;
+-import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector;
+-
+-import java.util.LinkedHashSet;
+-import java.util.List;
+-
+-import javax.net.ssl.SSLEngine;
+-import javax.net.ssl.SSLException;
+-
+-import io.netty.util.internal.PlatformDependent;
+-import org.eclipse.jetty.alpn.ALPN;
+-
+-abstract class JettyAlpnSslEngine extends JdkSslEngine {
+- private static final boolean available = initAvailable();
+-
+- static boolean isAvailable() {
+- return available;
+- }
+-
+- private static boolean initAvailable() {
+- // TODO: Add support for ALPN when using Java9 and still be able to configure it the Netty way.
+- if (PlatformDependent.javaVersion() <= 8) {
+- try {
+- // Always use bootstrap class loader.
+- Class.forName("sun.security.ssl.ALPNExtension", true, null);
+- return true;
+- } catch (Throwable ignore) {
+- // alpn-boot was not loaded.
+- }
+- }
+- return false;
+- }
+-
+- static JettyAlpnSslEngine newClientEngine(SSLEngine engine,
+- JdkApplicationProtocolNegotiator applicationNegotiator) {
+- return new ClientEngine(engine, applicationNegotiator);
+- }
+-
+- static JettyAlpnSslEngine newServerEngine(SSLEngine engine,
+- JdkApplicationProtocolNegotiator applicationNegotiator) {
+- return new ServerEngine(engine, applicationNegotiator);
+- }
+-
+- private JettyAlpnSslEngine(SSLEngine engine) {
+- super(engine);
+- }
+-
+- private static final class ClientEngine extends JettyAlpnSslEngine {
+- ClientEngine(SSLEngine engine, final JdkApplicationProtocolNegotiator applicationNegotiator) {
+- super(engine);
+- checkNotNull(applicationNegotiator, "applicationNegotiator");
+- final ProtocolSelectionListener protocolListener = checkNotNull(applicationNegotiator
+- .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()),
+- "protocolListener");
+- ALPN.put(engine, new ALPN.ClientProvider() {
+- @Override
+- public List<String> protocols() {
+- return applicationNegotiator.protocols();
+- }
+-
+- @Override
+- public void selected(String protocol) throws SSLException {
+- try {
+- protocolListener.selected(protocol);
+- } catch (Throwable t) {
+- throw toSSLHandshakeException(t);
+- }
+- }
+-
+- @Override
+- public void unsupported() {
+- protocolListener.unsupported();
+- }
+- });
+- }
+-
+- @Override
+- public void closeInbound() throws SSLException {
+- try {
+- ALPN.remove(getWrappedEngine());
+- } finally {
+- super.closeInbound();
+- }
+- }
+-
+- @Override
+- public void closeOutbound() {
+- try {
+- ALPN.remove(getWrappedEngine());
+- } finally {
+- super.closeOutbound();
+- }
+- }
+- }
+-
+- private static final class ServerEngine extends JettyAlpnSslEngine {
+- ServerEngine(SSLEngine engine, final JdkApplicationProtocolNegotiator applicationNegotiator) {
+- super(engine);
+- checkNotNull(applicationNegotiator, "applicationNegotiator");
+- final ProtocolSelector protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory()
+- .newSelector(this, new LinkedHashSet<String>(applicationNegotiator.protocols())),
+- "protocolSelector");
+- ALPN.put(engine, new ALPN.ServerProvider() {
+- @Override
+- public String select(List<String> protocols) throws SSLException {
+- try {
+- return protocolSelector.select(protocols);
+- } catch (Throwable t) {
+- throw toSSLHandshakeException(t);
+- }
+- }
+-
+- @Override
+- public void unsupported() {
+- protocolSelector.unsupported();
+- }
+- });
+- }
+-
+- @Override
+- public void closeInbound() throws SSLException {
+- try {
+- ALPN.remove(getWrappedEngine());
+- } finally {
+- super.closeInbound();
+- }
+- }
+-
+- @Override
+- public void closeOutbound() {
+- try {
+- ALPN.remove(getWrappedEngine());
+- } finally {
+- super.closeOutbound();
+- }
+- }
+- }
+-}
+diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
+index e32fa0d..a8014e5 100644
+--- a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
++++ b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
+@@ -62,7 +62,7 @@ public class JdkSslEngineTest extends SSLEngineTest {
+ ALPN_DEFAULT {
+ @Override
+ boolean isAvailable() {
+- return JettyAlpnSslEngine.isAvailable();
++ return false;
+ }
+
+ @Override
diff --git a/codegen.bash b/codegen.bash
new file mode 100755
index 0000000..f9837e4
--- /dev/null
+++ b/codegen.bash
@@ -0,0 +1,22 @@
+#!/bin/bash
+for type in byte char short int long; do
+ case $type in
+ int) object=Integer ;;
+ char) object=Character ;;
+ *) object=${type^} ;;
+ esac
+ hash='(int) key'
+ if [ $type = long ]; then
+ hash='(int) (key ^ (key >>> 32))'
+ fi
+ mkdir -p target/generated-sources/collections/java
+ for file in `find src/main/templates -name '*.template'`; do
+ filename=$(basename $file | sed "s/K/${type^}/;s/\.template/.java/")
+ sed -e "s/@k@/${type}/g" \
+ -e "s/@K@/${type^}/g" \
+ -e "s/@O@/${object}/g" \
+ -e "s/@KEY_NUMBER_METHOD@/${type}Value/g" \
+ -e "s/@HASH_CODE@/${hash}/g" \
+ $file > target/generated-sources/collections/java/$filename
+ done
+done
diff --git a/dead.package b/dead.package
deleted file mode 100644
index 5204a84..0000000
--- a/dead.package
+++ /dev/null
@@ -1 +0,0 @@
-Orphaned for 6+ weeks
diff --git a/netty.spec b/netty.spec
new file mode 100644
index 0000000..1f29cb8
--- /dev/null
+++ b/netty.spec
@@ -0,0 +1,432 @@
+# Disable generation of debuginfo package
+%global debug_package %{nil}
+%global namedreltag .Final
+%global namedversion %{version}%{?namedreltag}
+
+%bcond_with jp_minimal
+
+Name: netty
+Version: 4.1.13
+Release: 15%{?dist}
+Summary: An asynchronous event-driven network application framework and tools for Java
+License: ASL 2.0
+URL: https://netty.io/
+Source0: https://github.com/netty/netty/archive/netty-%{namedversion}.tar.gz
+# Upsteam uses a simple template generator script written in groovy and run with gmaven
+# We don't have the plugin and want to avoid groovy dependency
+# This script is written in bash+sed and performs the same task
+Source1: codegen.bash
+Patch0: 0001-Remove-OpenSSL-parts-depending-on-tcnative.patch
+Patch1: 0002-Remove-NPN.patch
+Patch2: 0003-Remove-conscrypt-ALPN.patch
+Patch3: 0004-Remove-jetty-ALPN.patch
+
+BuildRequires: maven-local
+BuildRequires: mvn(ant-contrib:ant-contrib)
+BuildRequires: mvn(com.jcraft:jzlib)
+BuildRequires: mvn(commons-logging:commons-logging)
+BuildRequires: mvn(kr.motd.maven:os-maven-plugin)
+BuildRequires: mvn(log4j:log4j:1.2.17)
+BuildRequires: mvn(org.apache.felix:maven-bundle-plugin)
+BuildRequires: mvn(org.apache.maven.plugins:maven-antrun-plugin)
+BuildRequires: mvn(org.apache.maven.plugins:maven-dependency-plugin)
+BuildRequires: mvn(org.apache.maven.plugins:maven-remote-resources-plugin)
+BuildRequires: mvn(org.codehaus.mojo:build-helper-maven-plugin)
+BuildRequires: mvn(org.codehaus.mojo:exec-maven-plugin)
+BuildRequires: mvn(org.fusesource.hawtjni:maven-hawtjni-plugin)
+BuildRequires: mvn(org.jctools:jctools-core)
+BuildRequires: mvn(org.slf4j:slf4j-api)
+%if %{without jp_minimal}
+BuildRequires: mvn(com.fasterxml:aalto-xml)
+BuildRequires: mvn(com.github.jponge:lzma-java)
+BuildRequires: mvn(com.ning:compress-lzf)
+BuildRequires: mvn(net.jpountz.lz4:lz4)
+BuildRequires: mvn(org.apache.logging.log4j:log4j-api)
+BuildRequires: mvn(org.bouncycastle:bcpkix-jdk15on)
+BuildRequires: mvn(org.jboss.marshalling:jboss-marshalling)
+BuildRequires: mvn(org.eclipse.jetty.alpn:alpn-api)
+%endif
+
+%ifarch %{arm}
+# Speed up builds on 32bit arm
+# Disable temporarily due to https://bugzilla.redhat.com/show_bug.cgi?id=1818078
+#BuildRequires: java-1.8.0-openjdk-aarch32-devel
+%endif
+
+%description
+Netty is a NIO client server framework which enables quick and easy
+development of network applications such as protocol servers and
+clients. It greatly simplifies and streamlines network programming
+such as TCP and UDP socket server.
+
+'Quick and easy' doesn't mean that a resulting application will suffer
+from a maintainability or a performance issue. Netty has been designed
+carefully with the experiences earned from the implementation of a lot
+of protocols such as FTP, SMTP, HTTP, and various binary and
+text-based legacy protocols. As a result, Netty has succeeded to find
+a way to achieve ease of development, performance, stability, and
+flexibility without a compromise.
+
+%package javadoc
+Summary: API documentation for %{name}
+
+%description javadoc
+%{summary}.
+
+%prep
+%setup -q -n netty-netty-%{namedversion}
+
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%if %{with jp_minimal}
+%patch3 -p1
+%endif
+
+# remove unnecessary dependency on parent POM
+%pom_remove_parent . bom dev-tools
+
+# Missing Mavenized rxtx
+%pom_disable_module "transport-rxtx"
+%pom_remove_dep ":netty-transport-rxtx" all
+# Missing com.barchart.udt:barchart-udt-bundle:jar:2.3.0
+%pom_disable_module "transport-udt"
+%pom_remove_dep ":netty-transport-udt" all
+%pom_remove_dep ":netty-build" all
+# Not needed
+%pom_disable_module "example"
+%pom_remove_dep ":netty-example" all
+%pom_disable_module "testsuite"
+%pom_disable_module "testsuite-autobahn"
+%pom_disable_module "testsuite-osgi"
+%pom_disable_module "tarball"
+%pom_disable_module "microbench"
+
+%pom_xpath_inject 'pom:plugin[pom:artifactId="maven-remote-resources-plugin"]' '
+<dependencies>
+<dependency>
+<groupId>io.netty</groupId>
+<artifactId>netty-dev-tools</artifactId>
+<version>${project.version}</version>
+</dependency>
+</dependencies>'
+
+%pom_remove_plugin :maven-antrun-plugin
+%pom_remove_plugin :maven-dependency-plugin
+# style checker
+%pom_remove_plugin :xml-maven-plugin
+%pom_remove_plugin -r :maven-checkstyle-plugin
+%pom_remove_plugin -r :animal-sniffer-maven-plugin
+%pom_remove_plugin -r :maven-enforcer-plugin
+%pom_remove_plugin -r :maven-shade-plugin
+%pom_remove_plugin -r :maven-release-plugin
+%pom_remove_plugin -r :maven-clean-plugin
+%pom_remove_plugin -r :maven-source-plugin
+%pom_remove_plugin -r :maven-deploy-plugin
+%pom_remove_plugin -r :maven-jxr-plugin
+%pom_remove_plugin -r :maven-javadoc-plugin
+%pom_remove_plugin -r :forbiddenapis
+
+cp %{SOURCE1} common/codegen.bash
+%pom_add_plugin org.codehaus.mojo:exec-maven-plugin common '
+<executions>
+ <execution>
+ <id>generate-collections</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>exec</goal>
+ </goals>
+ <configuration>
+ <executable>common/codegen.bash</executable>
+ </configuration>
+ </execution>
+</executions>
+'
+%pom_remove_plugin :groovy-maven-plugin common
+
+# The protobuf-javanano API was discontinued upstream and obsoleted in Fedora
+# so disable support for protobuf in the codecs module
+%pom_remove_dep -r "com.google.protobuf:protobuf-java"
+%pom_remove_dep -r "com.google.protobuf.nano:protobuf-javanano"
+rm codec/src/main/java/io/netty/handler/codec/protobuf/*
+sed -i '/import.*protobuf/d' codec/src/main/java/io/netty/handler/codec/DatagramPacket*.java
+
+%if %{with jp_minimal}
+%pom_remove_dep -r "org.jboss.marshalling:jboss-marshalling"
+rm codec/src/main/java/io/netty/handler/codec/marshalling/*
+%pom_remove_dep -r org.bouncycastle
+rm handler/src/main/java/io/netty/handler/ssl/util/BouncyCastleSelfSignedCertGenerator.java
+sed -i '/BouncyCastleSelfSignedCertGenerator/s/.*/throw new UnsupportedOperationException();/' \
+ handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java
+%pom_remove_dep -r com.fasterxml:aalto-xml
+%pom_disable_module codec-xml
+%pom_remove_dep :netty-codec-xml all
+%pom_remove_dep -r com.github.jponge:lzma-java
+rm codec/src/*/java/io/netty/handler/codec/compression/Lzma*.java
+%pom_remove_dep -r com.ning:compress-lzf
+rm codec/src/*/java/io/netty/handler/codec/compression/Lzf*.java
+%pom_remove_dep -r net.jpountz.lz4:lz4
+rm codec/src/*/java/io/netty/handler/codec/compression/Lz4*.java
+%pom_remove_dep -r org.apache.logging.log4j:
+rm common/*/main/java/io/netty/util/internal/logging/Log4J2*.java
+
+# Disable rarely needed native artifacts
+%pom_disable_module transport-native-epoll
+%pom_disable_module transport-native-kqueue
+%pom_remove_dep :netty-transport-native-epoll all
+%pom_remove_dep :netty-transport-native-kqueue all
+%endif
+
+sed -i 's|taskdef|taskdef classpathref="maven.plugin.classpath"|' all/pom.xml
+
+%pom_xpath_inject "pom:plugins/pom:plugin[pom:artifactId = 'maven-antrun-plugin']" '<dependencies><dependency><groupId>ant-contrib</groupId><artifactId>ant-contrib</artifactId><version>1.0b3</version></dependency></dependencies>' all/pom.xml
+%pom_xpath_inject "pom:execution[pom:id = 'build-native-lib']/pom:configuration" '<verbose>true</verbose>' transport-native-epoll/pom.xml
+
+# Upstream has jctools bundled.
+%pom_xpath_remove "pom:build/pom:plugins/pom:plugin[pom:artifactId = 'maven-bundle-plugin']/pom:executions/pom:execution[pom:id = 'generate-manifest']/pom:configuration/pom:instructions/pom:Import-Package" common/pom.xml
+
+# Tell xmvn to install attached artifact, which it does not
+# do by default. In this case install all attached artifacts with
+# the linux classifier.
+%mvn_package ":::linux*:"
+
+%mvn_package ':*-tests' __noinstall
+
+%build
+# Ensure we get the jit on arm
+%ifarch %{arm}
+export JAVA_HOME=$(ls -d %{_jvmdir}/java-1.8.0-openjdk-aarch32*)
+%else
+export JAVA_HOME=%{_jvmdir}/java
+%endif
+
+# Ensure we use distro compile flags
+export CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS"
+
+%mvn_build -f
+
+%install
+%mvn_install
+
+%files -f .mfiles
+%license LICENSE.txt NOTICE.txt
+
+%files javadoc -f .mfiles-javadoc
+%license LICENSE.txt NOTICE.txt
+
+%changelog
+* Fri Mar 27 2020 Mat Booth <mat.booth(a)redhat.com> - 4.1.13-15
+- Disable JIT'd builds on arm 32 temporarily due to segfault in JDK, see bug
+ 1818078
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.1.13-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Nov 21 2019 Fabio Valentini <decathorpe(a)gmail.com> - 4.1.13-13
+- Remove unnecessary dependency on parent POM.
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.1.13-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sat Jun 08 2019 Mat Booth <mbooth(a)apache.org> - 4.1.13-11
+- Ensure we use the JIT on 32bit arm
+
+* Sun Jun 02 2019 Mat Booth <mat.booth(a)redhat.com> - 4.1.13-10
+- Speed up builds on 32bit arm
+
+* Thu Mar 07 2019 Mat Booth <mat.booth(a)redhat.com> - 4.1.13-9
+- Add more artifacts to the jp_minimal conditional
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.1.13-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Sat Dec 08 2018 Mat Booth <mat.booth(a)redhat.com> - 4.1.13-7
+- Disable support for protobuf in the codecs module due to the javanano API
+ being discontinued upstream and obsoleted in Fedora
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.1.13-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Apr 25 2018 Michael Simacek <msimacek(a)redhat.com> - 4.1.13-5
+- Remove log4j from jp_minimal build
+
+* Tue Apr 24 2018 mskalick(a)redhat.com - 4.1.13-4
+- Remove org.eclipse.jetty.alpn dependency for jp_minimal
+
+* Tue Apr 24 2018 Michael Simacek <msimacek(a)redhat.com> - 4.1.13-3
+- Don't package test artifacts
+
+* Thu Feb 08 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.1.13-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Mon Aug 14 2017 Michael Simacek <msimacek(a)redhat.com> - 4.1.13-1
+- Update to upstream version 4.1.13
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.42-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.42-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Wed Mar 29 2017 Michael Simacek <msimacek(a)redhat.com> - 4.0.42-5
+- Keep Import-Package default value
+
+* Thu Mar 16 2017 Michael Simacek <msimacek(a)redhat.com> - 4.0.42-4
+- Remove maven-javadoc-plugin from POM
+
+* Wed Mar 15 2017 Michael Simacek <msimacek(a)redhat.com> - 4.0.42-3
+- Add jp_minimal conditional
+
+* Mon Feb 06 2017 Michael Simacek <msimacek(a)redhat.com> - 4.0.42-2
+- Remove useless plugins
+
+* Thu Oct 20 2016 Severin Gehwolf <sgehwolf(a)redhat.com> - 4.0.42-1
+- Remove old netty4 provides/obsoletes.
+
+* Thu Oct 20 2016 Severin Gehwolf <sgehwolf(a)redhat.com> - 4.0.42-1
+- Update to upstream 4.0.42 release.
+- Resolves RHBZ#1380921
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.28-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 4.0.28-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Wed May 20 2015 Severin Gehwolf <sgehwolf(a)redhat.com> - 4.0.28-1
+- Update to upstream 4.0.28 release.
+- Fixes CVE-2015-2156 (HttpOnly cookie bypass).
+- Resolves RHBZ#1111502
+
+* Wed May 20 2015 Severin Gehwolf <sgehwolf(a)redhat.com> - 4.0.27-1
+- Update to upstream 4.0.27 release.
+
+* Wed Apr 01 2015 Severin Gehwolf <sgehwolf(a)redhat.com> - 4.0.19-3
+- Drop mvn(org.easymock:easymockclassextension) BR.
+ Resolves: RHBZ#1207991
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 4.0.19-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Mon Jun 9 2014 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 4.0.19-1
+- Update to upstream version 4.0.19
+- Convert to arch-specific package
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 4.0.14-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Tue Mar 04 2014 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 4.0.14-4
+- Use Requires: java-headless rebuild (#1067528)
+
+* Mon Jan 13 2014 Marek Goldmann <mgoldman(a)redhat.com> - 4.0.14-3
+- Enable netty-all.jar artifact
+
+* Mon Jan 13 2014 Marek Goldmann <mgoldman(a)redhat.com> - 4.0.14-2
+- Bump the release, so Obsoletes work properly
+
+* Mon Dec 30 2013 Marek Goldmann <mgoldman(a)redhat.com> - 4.0.14-1
+- Upstream release 4.0.14.Final
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.6.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Thu May 16 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.6.6-1
+- Update to upstream version 3.6.6
+
+* Wed Apr 10 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.6.5-1
+- Update to upstream version 3.6.5
+
+* Mon Apr 8 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.6.4-1
+- Update to upstream version 3.6.4
+
+* Wed Feb 27 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.6.3-3
+- Set scope of optional compile dependencies to 'provided'
+
+* Wed Feb 27 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.6.3-2
+- Drop dependency on OSGi
+- Resolves: rhbz#916139
+
+* Mon Feb 25 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.6.3-1
+- Update to upstream version 3.6.3
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.6.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Wed Feb 06 2013 Java SIG <java-devel(a)lists.fedoraproject.org> - 3.6.2-2
+- Update for https://fedoraproject.org/wiki/Fedora_19_Maven_Rebuild
+- Replace maven BuildRequires with maven-local
+
+* Wed Jan 16 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.6.2-1
+- Update to upstream version 3.6.2
+
+* Tue Jan 15 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.6.1-1
+- Update to upstream version 3.6.1
+
+* Thu Dec 13 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.11-2
+- Use system jzlib instead of bundled jzlib
+- Resolves: rhbz#878391
+
+* Mon Dec 3 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.11-1
+- Update to upstream version 3.5.11
+
+* Mon Nov 12 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.10-1
+- Update to upstream version 3.5.10
+
+* Thu Oct 25 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.9-1
+- Update to upstream version 3.5.9
+
+* Fri Oct 5 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.8-1
+- Update to upstream version 3.5.8
+
+* Fri Sep 7 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.7-1
+- Update to upstream version 3.5.7
+
+* Mon Sep 3 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.6-1
+- Update to upstream version 3.5.6
+
+* Thu Aug 23 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.5-1
+- Update to upstream version 3.5.5
+
+* Wed Aug 15 2012 Tomas Rohovsky <trohovsk(a)redhat.com> - 3.5.4-1
+- Update to upstream version 3.5.4
+
+* Tue Jul 24 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.3-1
+- Update to upstream version 3.5.3
+
+* Fri Jul 20 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.5.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Mon Jul 16 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.2-2
+- Add additional depmap for org.jboss.netty:netty
+- Fixes #840301
+
+* Thu Jul 12 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.2-1
+- Update to upstream version 3.5.2
+- Convert patches to POM macros
+- Enable jboss-logging
+
+* Fri May 18 2012 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 3.2.4-4
+- Add enforcer-plugin to BR
+
+* Wed Apr 18 2012 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 3.2.4-3
+- Remove eclipse plugin from BuildRequires
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.2.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Mon Dec 5 2011 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 3.2.4-1
+- Update to latest upstream version
+
+* Mon Jul 4 2011 Alexander Kurtakov <akurtako(a)redhat.com> 3.2.3-4
+- Fix FTBFS.
+- Adapt to current guidelines.
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.2.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Mon Jan 17 2011 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 3.2.3-2
+- Use maven 3 to build
+- Drop ant-contrib depmap (no longer needed)
+
+* Thu Jan 13 2011 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 3.2.3-1
+- Initial version of the package
diff --git a/sources b/sources
new file mode 100644
index 0000000..39533ac
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+SHA512 (netty-4.1.13.Final.tar.gz) = f0a269adf5b6552eb2f0f12614c2093e0ccfd5a5bb38521dcf39c3827160c8983adcfe1bbcf93a24e71506e323ae723a837621046657fec0df50c59a07aee54c
4 years, 1 month
Architecture specific change in rpms/ocaml-zip.git
by githook-noreply@fedoraproject.org
The package rpms/ocaml-zip.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/ocaml-zip.git/commit/?id=76e3505c....
Change:
+%ifarch %{ocaml_native_compiler}
Thanks.
Full change:
============
commit fa9958ccb1559909fb00d689a0f0b2aea9d20469
Merge: a1efad1 76e3505
Author: Jerry James <loganjerry(a)gmail.com>
Date: Wed Apr 1 10:25:20 2020 -0600
Merge branch 'master' into f32
diff --cc ocaml-zip.spec
index 1b945f5,df08c8f..5b08aba
--- a/ocaml-zip.spec
+++ b/ocaml-zip.spec
@@@ -92,9 -98,11 +98,14 @@@ cmp Makefile Makefile.uncompresse
%changelog
+ * Mon Mar 30 2020 Jerry James <loganjerry(a)gmail.com> - 1.10-1
+ - Version 1.10
+ - New URLs
+ - Add check script
+
+* Thu Feb 27 2020 Richard W.M. Jones <rjones(a)redhat.com> - 1.06-24.1
+- OCaml 4.10.0 final (Fedora 32).
+
* Wed Feb 26 2020 Richard W.M. Jones <rjones(a)redhat.com> - 1.06-24
- OCaml 4.10.0 final.
commit 76e3505c4bfa2269d2f7c236631fa65d3eda4241
Author: Jerry James <loganjerry(a)gmail.com>
Date: Wed Apr 1 10:02:57 2020 -0600
Version 1.10. New URLs. Add check script.
diff --git a/.gitignore b/.gitignore
index d2d5fb4..92e783d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,2 @@
-camlzip-1.04.tar.gz
-/camlzip-1.05.tar.gz
-/camlzip-1.06.tar.gz
+/camlzip-*.tar.gz
+/rel*.tar.gz
diff --git a/ocaml-zip.spec b/ocaml-zip.spec
index b3b313a..df08c8f 100644
--- a/ocaml-zip.spec
+++ b/ocaml-zip.spec
@@ -1,18 +1,18 @@
-%global opt %(test -x %{_bindir}/ocamlopt && echo 1 || echo 0)
-
Name: ocaml-zip
-Version: 1.06
-Release: 24%{?dist}
+Version: 1.10
+Release: 1%{?dist}
Summary: OCaml library for reading and writing zip, jar and gzip files
License: LGPLv2 with exceptions
-URL: http://forge.ocamlcore.org/projects/camlzip/
-Source0: https://forge.ocamlcore.org/frs/download.php/1037/camlzip-%{version}.tar.gz
+%global upver %(sed 's/\\.//' <<< %{version})
+
+URL: https://xavierleroy.org/software.html
+Source0: https://github.com/xavierleroy/camlzip/archive/rel%{upver}.tar.gz
BuildRequires: ocaml >= 3.10.0
-BuildRequires: ocaml-findlib-devel
-BuildRequires: zlib-devel >= 1.1.3
-BuildRequires: chrpath
+BuildRequires: ocaml-findlib
+BuildRequires: ocaml-ocamldoc
+BuildRequires: pkgconfig(zlib)
%description
@@ -24,7 +24,7 @@ formats.
%package devel
Summary: Development files for %{name}
-Requires: %{name} = %{version}-%{release}
+Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
@@ -33,24 +33,24 @@ developing applications that use %{name}.
%prep
-%setup -q -n camlzip-%{version}
+%autosetup -n camlzip-rel%{upver}
+
+# Do not try to overwrite the system ld.conf
+sed -i "s,ocamlfind install,& -ldconf $PWD/ld.conf," Makefile
+
+# The META file has the wrong version number
+sed -i 's/1\.09/%{version}/' META-zip
%build
make all
-%if %opt
+%ifarch %{ocaml_native_compiler}
make allopt
%endif
-chrpath --delete dll*.so
+make doc
-cat > META <<EOF
-name = "%{name}"
-version = "%{version}"
-description = "%{description}"
-requires = "unix"
-archive(byte) = "zip.cma"
-archive(native) = "zip.cmxa"
-EOF
+# Relink the stublibs with $RPM_LD_FLAGS.
+ocamlmklib -g -ldopt "$RPM_LD_FLAGS" -lz -o camlzip $(ar t libcamlzip.a)
%install
@@ -59,31 +59,37 @@ mkdir -p $RPM_BUILD_ROOT/%{_libdir}/ocaml/stublibs
export DESTDIR=$RPM_BUILD_ROOT
export OCAMLFIND_DESTDIR=$RPM_BUILD_ROOT%{_libdir}/ocaml
+export EXT_DLL=.so
-%if %opt
-ocamlfind install zip *.cma *.cmxa *.a *.cmx *.cmi *.mli dll*.so META
-%else
-ocamlfind install zip *.cma *.a *.cmi *.mli dll*.so META
-%endif
+touch ld.conf
+make install
+
+
+%check
+export LD_LIBRARY_PATH=$PWD
+make -C test
+test/testzlib Makefile Makefile.gz
+test/testzlib -d Makefile.gz Makefile.uncompressed
+cmp Makefile Makefile.uncompressed
%files
%license LICENSE
-%{_libdir}/ocaml/zip
-%if %opt
-%exclude %{_libdir}/ocaml/zip/*.a
-%exclude %{_libdir}/ocaml/zip/*.cmxa
-%exclude %{_libdir}/ocaml/zip/*.cmx
+%{_libdir}/ocaml/camlzip/
+%dir %{_libdir}/ocaml/zip/
+%{_libdir}/ocaml/zip/META
+%{_libdir}/ocaml/zip/*.cma
+%{_libdir}/ocaml/zip/*.cmi
+%ifarch %{ocaml_native_compiler}
+%{_libdir}/ocaml/zip/*.cmxs
%endif
-%exclude %{_libdir}/ocaml/zip/*.mli
-%{_libdir}/ocaml/stublibs/*.so
-%{_libdir}/ocaml/stublibs/*.so.owner
+%{_libdir}/ocaml/stublibs/dllcamlzip.so
+%{_libdir}/ocaml/stublibs/dllcamlzip.so.owner
%files devel
-%doc Changes README
-%license LICENSE
-%if %opt
+%doc Changes README doc
+%ifarch %{ocaml_native_compiler}
%{_libdir}/ocaml/zip/*.a
%{_libdir}/ocaml/zip/*.cmxa
%{_libdir}/ocaml/zip/*.cmx
@@ -92,6 +98,11 @@ ocamlfind install zip *.cma *.a *.cmi *.mli dll*.so META
%changelog
+* Mon Mar 30 2020 Jerry James <loganjerry(a)gmail.com> - 1.10-1
+- Version 1.10
+- New URLs
+- Add check script
+
* Wed Feb 26 2020 Richard W.M. Jones <rjones(a)redhat.com> - 1.06-24
- OCaml 4.10.0 final.
diff --git a/sources b/sources
index 795845b..0c5d074 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-0874be16d02a7165dfc31edc06636e4c camlzip-1.06.tar.gz
+SHA512 (rel110.tar.gz) = 5c42e0d808230e3820b2e7ef34b544ca51a7bf0a484ce4e1c8b1e4966133196bb3ff7c3ca85b9c50050aca389316eb52f0335f6e2ad60c000594a33171b9a9a9
4 years, 1 month
Architecture specific change in rpms/ocaml-zip.git
by githook-noreply@fedoraproject.org
The package rpms/ocaml-zip.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/ocaml-zip.git/commit/?id=76e3505c....
Change:
+%ifarch %{ocaml_native_compiler}
Thanks.
Full change:
============
commit 76e3505c4bfa2269d2f7c236631fa65d3eda4241
Author: Jerry James <loganjerry(a)gmail.com>
Date: Wed Apr 1 10:02:57 2020 -0600
Version 1.10. New URLs. Add check script.
diff --git a/.gitignore b/.gitignore
index d2d5fb4..92e783d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,2 @@
-camlzip-1.04.tar.gz
-/camlzip-1.05.tar.gz
-/camlzip-1.06.tar.gz
+/camlzip-*.tar.gz
+/rel*.tar.gz
diff --git a/ocaml-zip.spec b/ocaml-zip.spec
index b3b313a..df08c8f 100644
--- a/ocaml-zip.spec
+++ b/ocaml-zip.spec
@@ -1,18 +1,18 @@
-%global opt %(test -x %{_bindir}/ocamlopt && echo 1 || echo 0)
-
Name: ocaml-zip
-Version: 1.06
-Release: 24%{?dist}
+Version: 1.10
+Release: 1%{?dist}
Summary: OCaml library for reading and writing zip, jar and gzip files
License: LGPLv2 with exceptions
-URL: http://forge.ocamlcore.org/projects/camlzip/
-Source0: https://forge.ocamlcore.org/frs/download.php/1037/camlzip-%{version}.tar.gz
+%global upver %(sed 's/\\.//' <<< %{version})
+
+URL: https://xavierleroy.org/software.html
+Source0: https://github.com/xavierleroy/camlzip/archive/rel%{upver}.tar.gz
BuildRequires: ocaml >= 3.10.0
-BuildRequires: ocaml-findlib-devel
-BuildRequires: zlib-devel >= 1.1.3
-BuildRequires: chrpath
+BuildRequires: ocaml-findlib
+BuildRequires: ocaml-ocamldoc
+BuildRequires: pkgconfig(zlib)
%description
@@ -24,7 +24,7 @@ formats.
%package devel
Summary: Development files for %{name}
-Requires: %{name} = %{version}-%{release}
+Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
@@ -33,24 +33,24 @@ developing applications that use %{name}.
%prep
-%setup -q -n camlzip-%{version}
+%autosetup -n camlzip-rel%{upver}
+
+# Do not try to overwrite the system ld.conf
+sed -i "s,ocamlfind install,& -ldconf $PWD/ld.conf," Makefile
+
+# The META file has the wrong version number
+sed -i 's/1\.09/%{version}/' META-zip
%build
make all
-%if %opt
+%ifarch %{ocaml_native_compiler}
make allopt
%endif
-chrpath --delete dll*.so
+make doc
-cat > META <<EOF
-name = "%{name}"
-version = "%{version}"
-description = "%{description}"
-requires = "unix"
-archive(byte) = "zip.cma"
-archive(native) = "zip.cmxa"
-EOF
+# Relink the stublibs with $RPM_LD_FLAGS.
+ocamlmklib -g -ldopt "$RPM_LD_FLAGS" -lz -o camlzip $(ar t libcamlzip.a)
%install
@@ -59,31 +59,37 @@ mkdir -p $RPM_BUILD_ROOT/%{_libdir}/ocaml/stublibs
export DESTDIR=$RPM_BUILD_ROOT
export OCAMLFIND_DESTDIR=$RPM_BUILD_ROOT%{_libdir}/ocaml
+export EXT_DLL=.so
-%if %opt
-ocamlfind install zip *.cma *.cmxa *.a *.cmx *.cmi *.mli dll*.so META
-%else
-ocamlfind install zip *.cma *.a *.cmi *.mli dll*.so META
-%endif
+touch ld.conf
+make install
+
+
+%check
+export LD_LIBRARY_PATH=$PWD
+make -C test
+test/testzlib Makefile Makefile.gz
+test/testzlib -d Makefile.gz Makefile.uncompressed
+cmp Makefile Makefile.uncompressed
%files
%license LICENSE
-%{_libdir}/ocaml/zip
-%if %opt
-%exclude %{_libdir}/ocaml/zip/*.a
-%exclude %{_libdir}/ocaml/zip/*.cmxa
-%exclude %{_libdir}/ocaml/zip/*.cmx
+%{_libdir}/ocaml/camlzip/
+%dir %{_libdir}/ocaml/zip/
+%{_libdir}/ocaml/zip/META
+%{_libdir}/ocaml/zip/*.cma
+%{_libdir}/ocaml/zip/*.cmi
+%ifarch %{ocaml_native_compiler}
+%{_libdir}/ocaml/zip/*.cmxs
%endif
-%exclude %{_libdir}/ocaml/zip/*.mli
-%{_libdir}/ocaml/stublibs/*.so
-%{_libdir}/ocaml/stublibs/*.so.owner
+%{_libdir}/ocaml/stublibs/dllcamlzip.so
+%{_libdir}/ocaml/stublibs/dllcamlzip.so.owner
%files devel
-%doc Changes README
-%license LICENSE
-%if %opt
+%doc Changes README doc
+%ifarch %{ocaml_native_compiler}
%{_libdir}/ocaml/zip/*.a
%{_libdir}/ocaml/zip/*.cmxa
%{_libdir}/ocaml/zip/*.cmx
@@ -92,6 +98,11 @@ ocamlfind install zip *.cma *.a *.cmi *.mli dll*.so META
%changelog
+* Mon Mar 30 2020 Jerry James <loganjerry(a)gmail.com> - 1.10-1
+- Version 1.10
+- New URLs
+- Add check script
+
* Wed Feb 26 2020 Richard W.M. Jones <rjones(a)redhat.com> - 1.06-24
- OCaml 4.10.0 final.
diff --git a/sources b/sources
index 795845b..0c5d074 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-0874be16d02a7165dfc31edc06636e4c camlzip-1.06.tar.gz
+SHA512 (rel110.tar.gz) = 5c42e0d808230e3820b2e7ef34b544ca51a7bf0a484ce4e1c8b1e4966133196bb3ff7c3ca85b9c50050aca389316eb52f0335f6e2ad60c000594a33171b9a9a9
4 years, 1 month
Architecture specific change in rpms/swt-chart.git
by githook-noreply@fedoraproject.org
The package rpms/swt-chart.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/swt-chart.git/commit/?id=89e6a805...
https://src.fedoraproject.org/cgit/rpms/swt-chart.git/commit/?id=44fd534c...
https://src.fedoraproject.org/cgit/rpms/swt-chart.git/commit/?id=5c0d7dae....
Change:
-ExcludeArch: s390 %{arm} %{ix86}
+ExcludeArch: s390 %{arm} %{ix86}
+ExcludeArch: s390 %{arm} %{ix86}
Thanks.
Full change:
============
commit 359cad1697c4e85cad57ffb8263e4eadafb1822b
Merge: 44fd534 29479b1
Author: Mat Booth <mat.booth(a)redhat.com>
Date: Wed Apr 1 16:38:54 2020 +0100
Merge branch 'eclipse'
commit 29479b1fe5de5ec4d9991dc4294b50d12fb5def2
Author: Mat Booth <mat.booth(a)redhat.com>
Date: Wed Apr 1 16:38:37 2020 +0100
Include %doc section
diff --git a/swt-chart.spec b/swt-chart.spec
index 26aa6e5..4b17534 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,15 +1,17 @@
Name: swt-chart
Version: 0.12.0
-Release: 2%{?dist}
-Summary: SWTChart Feature
+Release: 3%{?dist}
+Summary: Eclipse SWTChart
License: EPL-2.0
URL: https://projects.eclipse.org/projects/science.swtchart
Source0: https://github.com/eclipse/swtchart/archive/REL-%{version}.tar.gz
# Bundle the old API too for now
+# Originally taken from the following URL, but link is now dead:
+# http://sourceforge.net/code-snapshots/svn/s/sw/swt-chart/code/swt-chart-c...
# TODO remove when linuxtools migrates fully to new API
-Source1: http://sourceforge.net/code-snapshots/svn/s/sw/swt-chart/code/swt-chart-c...
+Source1: swt-chart-code-312-tags-0.10.0.zip
BuildArch: noarch
@@ -24,7 +26,7 @@ SWTChart is a light-weight charting component for SWT.
%prep
%setup -q -n swtchart-REL-%{version}
-# Bundle the old API too for now
+# Bundle the old API too for now - it's a different namespace so there are no clashes
unzip -d old_src %{SOURCE1}
mv old_src/swt-chart-code-312-tags-0.10.0/org.swtchart/src/org/swtchart/ org.eclipse.swtchart/src/org/
rm -rf old_src
@@ -42,15 +44,16 @@ sed -i -e '/Export-Package/a\ org.swtchart,' org.eclipse.swtchart/META-INF/MANIF
# Don't build or ship test bundles
%pom_disable_module ../org.eclipse.swtchart.test org.eclipse.swtchart.cbi
%pom_disable_module ../org.eclipse.swtchart.extensions.test org.eclipse.swtchart.cbi
-%pom_disable_module ../org.eclipse.swtchart.export.test org.eclipse.swtchart.cbi
-# Drop export bundle to avoid unnecessary extra deps on batik
+# Drop export bundle not needed at runtime and shrinks the dep tree for this package
%pom_disable_module ../org.eclipse.swtchart.export org.eclipse.swtchart.cbi
+%pom_disable_module ../org.eclipse.swtchart.export.test org.eclipse.swtchart.cbi
%pom_disable_module ../org.eclipse.swtchart.feature org.eclipse.swtchart.cbi
%mvn_package "::pom::" __noinstall
%build
+# Skip tests due to not working in a headless environment
%mvn_build -j -f -- -f org.eclipse.swtchart.cbi/pom.xml
%install
@@ -58,8 +61,12 @@ sed -i -e '/Export-Package/a\ org.swtchart,' org.eclipse.swtchart/META-INF/MANIF
%files -f .mfiles
%license LICENSE
+%doc README.md CONTRIBUTING.md NEWS.md
%changelog
+* Tue Mar 31 2020 Mat Booth <mat.booth(a)redhat.com> - 0.12.0-3
+- Include %%doc section
+
* Mon Mar 23 2020 Mat Booth <mat.booth(a)redhat.com> - 0.12.0-2
- Bundle the old API too for now
commit 44fd534cabdafc1e1f9fad606f7d89c08dffb990
Author: Tomas Hrcka <thrcka(a)redhat.com>
Date: Wed Apr 1 17:12:20 2020 +0200
Revert "Orphaned for 6+ weeks"
This reverts commit 89e6a8059c77f7617050781173f8e768c49f0cfe.
Unretirement request: https://pagure.io/releng/issue/9371
Signed-off-by: Tomas Hrcka <thrcka(a)redhat.com>
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f51d031
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,7 @@
+/swt-chart-*.tar.xz
+/swt-chart-*/
+/.project
+/.build-*.log
+/*.src.rpm
+/noarch/
+/swt-chart-code-312-tags-0.10.0.zip
diff --git a/dead.package b/dead.package
deleted file mode 100644
index 5204a84..0000000
--- a/dead.package
+++ /dev/null
@@ -1 +0,0 @@
-Orphaned for 6+ weeks
diff --git a/sources b/sources
new file mode 100644
index 0000000..8617d89
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+d7605e00b59bad2f98bb968f18dc1825 swt-chart-code-312-tags-0.10.0.zip
diff --git a/swt-chart.spec b/swt-chart.spec
new file mode 100644
index 0000000..a143b8a
--- /dev/null
+++ b/swt-chart.spec
@@ -0,0 +1,115 @@
+Name: swt-chart
+Version: 0.10.0
+Release: 8%{?dist}
+Summary: SWTChart Feature
+
+License: EPL-1.0
+URL: http://www.swtchart.org/
+Source0: http://sourceforge.net/code-snapshots/svn/s/sw/swt-chart/code/swt-chart-c...
+
+BuildArch: noarch
+
+# Upstream Eclipse no longer supports non-64bit arches
+ExcludeArch: s390 %{arm} %{ix86}
+
+BuildRequires: tycho >= 0.14.0
+Requires: eclipse-platform >= 3.4.0
+
+%description
+SWTChart is a light-weight charting component for SWT.
+
+%package javadoc
+Summary: Javadoc for %{name}
+
+%description javadoc
+%{summary}.
+
+%prep
+%setup -q -n %{name}-code-312-tags-%{version}
+# Create the poms
+xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.swtchart
+%mvn_package "::pom::" __noinstall
+%mvn_package :org.swtchart.example* __noinstall
+
+%build
+%mvn_build
+
+%install
+%mvn_install
+
+%files -f .mfiles
+
+%files javadoc -f .mfiles-javadoc
+
+%changelog
+* Sat Jul 27 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Mar 14 2019 Mat Booth <mat.booth(a)redhat.com> - 0.10.0-7
+- Update license tag
+- Restrict to same architectures as Eclipse itself
+- Don't ship aggregator pom
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Tue Feb 23 2016 Alexander Kurtakov <akurtako(a)redhat.com> 0.10.0-1
+- Update to upstream 0.10 release.
+
+* Fri Feb 05 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Fri Jun 19 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.9.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Thu Jan 15 2015 Mat Booth <mat.booth(a)redhat.com> - 0.9.0-4
+- Fix failure to build from source
+- Minor spec file clean ups
+
+* Thu Aug 14 2014 Mat Booth <mat.booth(a)redhat.com> - 0.9.0-3
+- Fix unowned directory
+
+* Sun Jun 08 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.9.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Thu Feb 27 2014 Roland Grunberg <rgrunber(a)redhat.com> - 0.9.0-1
+- Update to 0.9.0 Release.
+
+* Wed Feb 26 2014 Roland Grunberg <rgrunber(a)redhat.com> - 0.8.0-9
+- Change R:java to R:java-headless (Bug 1068558).
+
+* Wed Oct 23 2013 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-8
+- Fix Bug 1022166.
+
+* Sun Aug 04 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.8.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Fri Feb 15 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.8.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Tue Aug 14 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-5
+- Remove deprecated tycho.targetPlatform due to p2 support.
+
+* Sat Jul 21 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.8.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Wed Apr 4 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-3
+- Use %%{_eclipse_base} from eclipse-platform.
+
+* Mon Apr 2 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-2
+- Explicitly require java/java-devel >= 1.5 as per manifest.
+
+* Tue Mar 6 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-1
+- Initial packaging of SWTChart.
commit 4872faf565f1a0be3e212bbd32155ed37b529041
Author: Mat Booth <mat.booth(a)redhat.com>
Date: Mon Mar 23 11:35:39 2020 +0000
Bundle the old API too for now
diff --git a/sources b/sources
index 7be8922..0c99d85 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
+SHA512 (swt-chart-code-312-tags-0.10.0.zip) = 7eeca3d96b6b332f5219f70307fc9822a97bceaf59d98022c3fc4e2fb41a857dc2f3dcf68631d5a465af49bf7dd34c10cbc712323da28e121b4e3bf12a3fcd52
SHA512 (REL-0.12.0.tar.gz) = e2ba7209a4562428a2ac6b18b31388538dcac0b8c639a7f10747ea87b4e395b359bf1e3f48af438fed7adf125ac7686cc5c64aa76cf993a893a7850cddbda264
diff --git a/swt-chart.spec b/swt-chart.spec
index 08ff0da..26aa6e5 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,12 +1,16 @@
Name: swt-chart
Version: 0.12.0
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: SWTChart Feature
License: EPL-2.0
URL: https://projects.eclipse.org/projects/science.swtchart
Source0: https://github.com/eclipse/swtchart/archive/REL-%{version}.tar.gz
+# Bundle the old API too for now
+# TODO remove when linuxtools migrates fully to new API
+Source1: http://sourceforge.net/code-snapshots/svn/s/sw/swt-chart/code/swt-chart-c...
+
BuildArch: noarch
# Upstream Eclipse no longer supports non-64bit arches
@@ -20,6 +24,12 @@ SWTChart is a light-weight charting component for SWT.
%prep
%setup -q -n swtchart-REL-%{version}
+# Bundle the old API too for now
+unzip -d old_src %{SOURCE1}
+mv old_src/swt-chart-code-312-tags-0.10.0/org.swtchart/src/org/swtchart/ org.eclipse.swtchart/src/org/
+rm -rf old_src
+sed -i -e '/Export-Package/a\ org.swtchart,' org.eclipse.swtchart/META-INF/MANIFEST.MF
+
# Target platform and update site are not relevant for RPM builds
%pom_disable_module ../org.eclipse.swtchart.targetplatform org.eclipse.swtchart.cbi
%pom_disable_module ../org.eclipse.swtchart.updatesite org.eclipse.swtchart.cbi
@@ -50,6 +60,9 @@ SWTChart is a light-weight charting component for SWT.
%license LICENSE
%changelog
+* Mon Mar 23 2020 Mat Booth <mat.booth(a)redhat.com> - 0.12.0-2
+- Bundle the old API too for now
+
* Mon Mar 23 2020 Mat Booth <mat.booth(a)redhat.com> - 0.12.0-1
- Update to latest upstream release
commit 85ace1d864cd7e57252a5ff1bea179854c07fe35
Author: Mat Booth <mat.booth(a)redhat.com>
Date: Mon Mar 23 10:33:06 2020 +0000
Update to latest upstream release
diff --git a/.gitignore b/.gitignore
index f51d031..4970809 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@
/*.src.rpm
/noarch/
/swt-chart-code-312-tags-0.10.0.zip
+/REL-0.12.0.tar.gz
diff --git a/sources b/sources
index 8617d89..7be8922 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-d7605e00b59bad2f98bb968f18dc1825 swt-chart-code-312-tags-0.10.0.zip
+SHA512 (REL-0.12.0.tar.gz) = e2ba7209a4562428a2ac6b18b31388538dcac0b8c639a7f10747ea87b4e395b359bf1e3f48af438fed7adf125ac7686cc5c64aa76cf993a893a7850cddbda264
diff --git a/swt-chart.spec b/swt-chart.spec
index f48a5b1..08ff0da 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,47 +1,58 @@
Name: swt-chart
-Version: 0.10.0
-Release: 7%{?dist}
+Version: 0.12.0
+Release: 1%{?dist}
Summary: SWTChart Feature
-License: EPL-1.0
-URL: http://www.swtchart.org/
-Source0: http://sourceforge.net/code-snapshots/svn/s/sw/swt-chart/code/swt-chart-c...
+License: EPL-2.0
+URL: https://projects.eclipse.org/projects/science.swtchart
+Source0: https://github.com/eclipse/swtchart/archive/REL-%{version}.tar.gz
BuildArch: noarch
# Upstream Eclipse no longer supports non-64bit arches
ExcludeArch: s390 %{arm} %{ix86}
-BuildRequires: tycho >= 0.14.0
-Requires: eclipse-platform >= 3.4.0
+BuildRequires: tycho
%description
SWTChart is a light-weight charting component for SWT.
-%package javadoc
-Summary: Javadoc for %{name}
+%prep
+%setup -q -n swtchart-REL-%{version}
-%description javadoc
-%{summary}.
+# Target platform and update site are not relevant for RPM builds
+%pom_disable_module ../org.eclipse.swtchart.targetplatform org.eclipse.swtchart.cbi
+%pom_disable_module ../org.eclipse.swtchart.updatesite org.eclipse.swtchart.cbi
+%pom_remove_plugin :target-platform-configuration org.eclipse.swtchart.cbi
+
+# These plugins not relevant for RPM builds
+%pom_remove_plugin :maven-pmd-plugin org.eclipse.swtchart.cbi
+%pom_remove_plugin :maven-checkstyle-plugin org.eclipse.swtchart.cbi
+
+# Don't build or ship test bundles
+%pom_disable_module ../org.eclipse.swtchart.test org.eclipse.swtchart.cbi
+%pom_disable_module ../org.eclipse.swtchart.extensions.test org.eclipse.swtchart.cbi
+%pom_disable_module ../org.eclipse.swtchart.export.test org.eclipse.swtchart.cbi
+
+# Drop export bundle to avoid unnecessary extra deps on batik
+%pom_disable_module ../org.eclipse.swtchart.export org.eclipse.swtchart.cbi
+%pom_disable_module ../org.eclipse.swtchart.feature org.eclipse.swtchart.cbi
-%prep
-%setup -q -n %{name}-code-312-tags-%{version}
-# Create the poms
-xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.swtchart
%mvn_package "::pom::" __noinstall
-%mvn_package :org.swtchart.example* __noinstall
%build
-%mvn_build
+%mvn_build -j -f -- -f org.eclipse.swtchart.cbi/pom.xml
%install
%mvn_install
%files -f .mfiles
-
-%files javadoc -f .mfiles-javadoc
+%license LICENSE
%changelog
+* Mon Mar 23 2020 Mat Booth <mat.booth(a)redhat.com> - 0.12.0-1
+- Update to latest upstream release
+
* Thu Mar 14 2019 Mat Booth <mat.booth(a)redhat.com> - 0.10.0-7
- Update license tag
- Restrict to same architectures as Eclipse itself
commit 89e6a8059c77f7617050781173f8e768c49f0cfe
Author: Miro Hronok <miro(a)hroncok.cz>
Date: Thu Dec 26 14:02:08 2019 +0100
Orphaned for 6+ weeks
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index f51d031..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,7 +0,0 @@
-/swt-chart-*.tar.xz
-/swt-chart-*/
-/.project
-/.build-*.log
-/*.src.rpm
-/noarch/
-/swt-chart-code-312-tags-0.10.0.zip
diff --git a/dead.package b/dead.package
new file mode 100644
index 0000000..5204a84
--- /dev/null
+++ b/dead.package
@@ -0,0 +1 @@
+Orphaned for 6+ weeks
diff --git a/sources b/sources
deleted file mode 100644
index 8617d89..0000000
--- a/sources
+++ /dev/null
@@ -1 +0,0 @@
-d7605e00b59bad2f98bb968f18dc1825 swt-chart-code-312-tags-0.10.0.zip
diff --git a/swt-chart.spec b/swt-chart.spec
deleted file mode 100644
index a143b8a..0000000
--- a/swt-chart.spec
+++ /dev/null
@@ -1,115 +0,0 @@
-Name: swt-chart
-Version: 0.10.0
-Release: 8%{?dist}
-Summary: SWTChart Feature
-
-License: EPL-1.0
-URL: http://www.swtchart.org/
-Source0: http://sourceforge.net/code-snapshots/svn/s/sw/swt-chart/code/swt-chart-c...
-
-BuildArch: noarch
-
-# Upstream Eclipse no longer supports non-64bit arches
-ExcludeArch: s390 %{arm} %{ix86}
-
-BuildRequires: tycho >= 0.14.0
-Requires: eclipse-platform >= 3.4.0
-
-%description
-SWTChart is a light-weight charting component for SWT.
-
-%package javadoc
-Summary: Javadoc for %{name}
-
-%description javadoc
-%{summary}.
-
-%prep
-%setup -q -n %{name}-code-312-tags-%{version}
-# Create the poms
-xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.swtchart
-%mvn_package "::pom::" __noinstall
-%mvn_package :org.swtchart.example* __noinstall
-
-%build
-%mvn_build
-
-%install
-%mvn_install
-
-%files -f .mfiles
-
-%files javadoc -f .mfiles-javadoc
-
-%changelog
-* Sat Jul 27 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Thu Mar 14 2019 Mat Booth <mat.booth(a)redhat.com> - 0.10.0-7
-- Update license tag
-- Restrict to same architectures as Eclipse itself
-- Don't ship aggregator pom
-
-* Sun Feb 03 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Fri Feb 09 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Tue Feb 23 2016 Alexander Kurtakov <akurtako(a)redhat.com> 0.10.0-1
-- Update to upstream 0.10 release.
-
-* Fri Feb 05 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.0-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Fri Jun 19 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.9.0-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Thu Jan 15 2015 Mat Booth <mat.booth(a)redhat.com> - 0.9.0-4
-- Fix failure to build from source
-- Minor spec file clean ups
-
-* Thu Aug 14 2014 Mat Booth <mat.booth(a)redhat.com> - 0.9.0-3
-- Fix unowned directory
-
-* Sun Jun 08 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.9.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
-* Thu Feb 27 2014 Roland Grunberg <rgrunber(a)redhat.com> - 0.9.0-1
-- Update to 0.9.0 Release.
-
-* Wed Feb 26 2014 Roland Grunberg <rgrunber(a)redhat.com> - 0.8.0-9
-- Change R:java to R:java-headless (Bug 1068558).
-
-* Wed Oct 23 2013 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-8
-- Fix Bug 1022166.
-
-* Sun Aug 04 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.8.0-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
-
-* Fri Feb 15 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.8.0-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
-
-* Tue Aug 14 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-5
-- Remove deprecated tycho.targetPlatform due to p2 support.
-
-* Sat Jul 21 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.8.0-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
-
-* Wed Apr 4 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-3
-- Use %%{_eclipse_base} from eclipse-platform.
-
-* Mon Apr 2 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-2
-- Explicitly require java/java-devel >= 1.5 as per manifest.
-
-* Tue Mar 6 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-1
-- Initial packaging of SWTChart.
commit 6241185c833f2b214711d87bb39551efc9655d07
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Sat Jul 27 00:45:40 2019 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng(a)fedoraproject.org>
diff --git a/swt-chart.spec b/swt-chart.spec
index f48a5b1..a143b8a 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,6 +1,6 @@
Name: swt-chart
Version: 0.10.0
-Release: 7%{?dist}
+Release: 8%{?dist}
Summary: SWTChart Feature
License: EPL-1.0
@@ -42,6 +42,9 @@ xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.
%files javadoc -f .mfiles-javadoc
%changelog
+* Sat Jul 27 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
* Thu Mar 14 2019 Mat Booth <mat.booth(a)redhat.com> - 0.10.0-7
- Update license tag
- Restrict to same architectures as Eclipse itself
commit 5c0d7dae2c085123203598b676017ae3152cad86
Author: Mat Booth <mat.booth(a)redhat.com>
Date: Thu Mar 14 10:48:55 2019 +0000
Update license tag
Restrict to same architectures as Eclipse itself
Don't ship aggregator pom
diff --git a/swt-chart.spec b/swt-chart.spec
index e61db52..f48a5b1 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,14 +1,17 @@
Name: swt-chart
Version: 0.10.0
-Release: 6%{?dist}
+Release: 7%{?dist}
Summary: SWTChart Feature
-License: EPL
+License: EPL-1.0
URL: http://www.swtchart.org/
Source0: http://sourceforge.net/code-snapshots/svn/s/sw/swt-chart/code/swt-chart-c...
BuildArch: noarch
+# Upstream Eclipse no longer supports non-64bit arches
+ExcludeArch: s390 %{arm} %{ix86}
+
BuildRequires: tycho >= 0.14.0
Requires: eclipse-platform >= 3.4.0
@@ -25,6 +28,7 @@ Summary: Javadoc for %{name}
%setup -q -n %{name}-code-312-tags-%{version}
# Create the poms
xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.swtchart
+%mvn_package "::pom::" __noinstall
%mvn_package :org.swtchart.example* __noinstall
%build
@@ -34,11 +38,15 @@ xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.
%mvn_install
%files -f .mfiles
-%dir %{_mavenpomdir}/swt-chart
%files javadoc -f .mfiles-javadoc
%changelog
+* Thu Mar 14 2019 Mat Booth <mat.booth(a)redhat.com> - 0.10.0-7
+- Update license tag
+- Restrict to same architectures as Eclipse itself
+- Don't ship aggregator pom
+
* Sun Feb 03 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
commit 4ab3f73cb050b48ad1709ae47c4e842ee739003c
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Sun Feb 3 09:10:36 2019 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng(a)fedoraproject.org>
diff --git a/swt-chart.spec b/swt-chart.spec
index 9720615..e61db52 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,6 +1,6 @@
Name: swt-chart
Version: 0.10.0
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: SWTChart Feature
License: EPL
@@ -39,6 +39,9 @@ xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.
%files javadoc -f .mfiles-javadoc
%changelog
+* Sun Feb 03 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
commit 17b8a1b73ebe57d05eab44247f0b7b8cbb0d7238
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Sat Jul 14 07:06:42 2018 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng(a)fedoraproject.org>
diff --git a/swt-chart.spec b/swt-chart.spec
index 95c0915..9720615 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,6 +1,6 @@
Name: swt-chart
Version: 0.10.0
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: SWTChart Feature
License: EPL
@@ -39,6 +39,9 @@ xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.
%files javadoc -f .mfiles-javadoc
%changelog
+* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
* Fri Feb 09 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
commit f88bf6d8a4fee9d756b320978996ef67a2260e4d
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Fri Feb 9 18:14:58 2018 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng(a)fedoraproject.org>
diff --git a/swt-chart.spec b/swt-chart.spec
index 06e48b4..95c0915 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,6 +1,6 @@
Name: swt-chart
Version: 0.10.0
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: SWTChart Feature
License: EPL
@@ -39,6 +39,9 @@ xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.
%files javadoc -f .mfiles-javadoc
%changelog
+* Fri Feb 09 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
commit c90b43bc6365140011e16ba94c1fa21d9122a352
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Thu Jul 27 19:46:09 2017 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
diff --git a/swt-chart.spec b/swt-chart.spec
index 1916bb7..06e48b4 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,6 +1,6 @@
Name: swt-chart
Version: 0.10.0
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: SWTChart Feature
License: EPL
@@ -39,6 +39,9 @@ xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.
%files javadoc -f .mfiles-javadoc
%changelog
+* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
commit 1dd87834a039ddde9b28770a0801550e9871eb82
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Sat Feb 11 14:18:55 2017 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
diff --git a/swt-chart.spec b/swt-chart.spec
index 0ad1679..1916bb7 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,6 +1,6 @@
Name: swt-chart
Version: 0.10.0
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: SWTChart Feature
License: EPL
@@ -39,6 +39,9 @@ xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.
%files javadoc -f .mfiles-javadoc
%changelog
+* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
* Tue Feb 23 2016 Alexander Kurtakov <akurtako(a)redhat.com> 0.10.0-1
- Update to upstream 0.10 release.
commit 4400b5d7de9d64c49ee7507602b3354a2451d79e
Author: Alexander Kurtakov <akurtako(a)redhat.com>
Date: Tue Feb 23 23:17:32 2016 +0200
Update to upstream 0.10 release.
diff --git a/.gitignore b/.gitignore
index d19cc39..f51d031 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@
/.build-*.log
/*.src.rpm
/noarch/
+/swt-chart-code-312-tags-0.10.0.zip
diff --git a/sources b/sources
index 3c62bdc..8617d89 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-f97eaad5953f7645a52dfa25a21e07e8 swt-chart-0.9.0.tar.xz
+d7605e00b59bad2f98bb968f18dc1825 swt-chart-code-312-tags-0.10.0.zip
diff --git a/swt-chart.spec b/swt-chart.spec
index dfbc9e6..0ad1679 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,14 +1,11 @@
Name: swt-chart
-Version: 0.9.0
-Release: 6%{?dist}
+Version: 0.10.0
+Release: 1%{?dist}
Summary: SWTChart Feature
License: EPL
URL: http://www.swtchart.org/
-# svn export https://swt-chart.svn.sourceforge.net/svnroot/swt-chart/tags/%%{version}/ %%{name}-%%{version}
-# pushd %%{name}-%%{version} && rm -rf org.swtchart.{examples{,.ext},ext} && popd
-# tar -cJf %%{name}-%%{version}.tar.xz %%{name}-%%{version}
-Source0: %{name}-%{version}.tar.xz
+Source0: http://sourceforge.net/code-snapshots/svn/s/sw/swt-chart/code/swt-chart-c...
BuildArch: noarch
@@ -25,9 +22,10 @@ Summary: Javadoc for %{name}
%{summary}.
%prep
-%setup -q
+%setup -q -n %{name}-code-312-tags-%{version}
# Create the poms
xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.swtchart
+%mvn_package :org.swtchart.example* __noinstall
%build
%mvn_build
@@ -41,6 +39,9 @@ xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.
%files javadoc -f .mfiles-javadoc
%changelog
+* Tue Feb 23 2016 Alexander Kurtakov <akurtako(a)redhat.com> 0.10.0-1
+- Update to upstream 0.10 release.
+
* Fri Feb 05 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
commit 020df7aa978d99742acf4f558b3e90f8387315ec
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Fri Feb 5 01:04:14 2016 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
diff --git a/swt-chart.spec b/swt-chart.spec
index 69821e6..dfbc9e6 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,6 +1,6 @@
Name: swt-chart
Version: 0.9.0
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: SWTChart Feature
License: EPL
@@ -41,6 +41,9 @@ xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.
%files javadoc -f .mfiles-javadoc
%changelog
+* Fri Feb 05 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.9.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
commit 810681134dc76039732d6b155eb07ffcdb42facd
Author: Dennis Gilmore <dennis(a)ausil.us>
Date: Fri Jun 19 02:15:06 2015 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
diff --git a/swt-chart.spec b/swt-chart.spec
index 6be02ba..69821e6 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,6 +1,6 @@
Name: swt-chart
Version: 0.9.0
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: SWTChart Feature
License: EPL
@@ -41,6 +41,9 @@ xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.
%files javadoc -f .mfiles-javadoc
%changelog
+* Fri Jun 19 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.9.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
* Thu Jan 15 2015 Mat Booth <mat.booth(a)redhat.com> - 0.9.0-4
- Fix failure to build from source
- Minor spec file clean ups
commit bcf5d0d30ff12ecd6cd898a320f34b30207b5708
Author: Mat Booth <mat.booth(a)redhat.com>
Date: Thu Jan 15 11:25:22 2015 +0000
Fix failure to build from source
- Minor spec file clean ups
diff --git a/swt-chart.spec b/swt-chart.spec
index cb68ff2..6be02ba 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,9 +1,8 @@
Name: swt-chart
Version: 0.9.0
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: SWTChart Feature
-Group: Development/Tools
License: EPL
URL: http://www.swtchart.org/
# svn export https://swt-chart.svn.sourceforge.net/svnroot/swt-chart/tags/%%{version}/ %%{name}-%%{version}
@@ -13,11 +12,7 @@ Source0: %{name}-%{version}.tar.xz
BuildArch: noarch
-BuildRequires: maven-local
BuildRequires: tycho >= 0.14.0
-
-Requires: java-headless >= 1.5
-Requires: jpackage-utils
Requires: eclipse-platform >= 3.4.0
%description
@@ -25,7 +20,6 @@ SWTChart is a light-weight charting component for SWT.
%package javadoc
Summary: Javadoc for %{name}
-Group: Documentation
%description javadoc
%{summary}.
@@ -35,9 +29,6 @@ Group: Documentation
# Create the poms
xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.swtchart
-# Symlink in %%{_javadir}
-%mvn_file org.swtchart:org.swtchart %{name}/org.swtchart %{name}
-
%build
%mvn_build
@@ -45,11 +36,15 @@ xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.
%mvn_install
%files -f .mfiles
-%dir %{_javadir}/%{name}
+%dir %{_mavenpomdir}/swt-chart
%files javadoc -f .mfiles-javadoc
%changelog
+* Thu Jan 15 2015 Mat Booth <mat.booth(a)redhat.com> - 0.9.0-4
+- Fix failure to build from source
+- Minor spec file clean ups
+
* Thu Aug 14 2014 Mat Booth <mat.booth(a)redhat.com> - 0.9.0-3
- Fix unowned directory
commit fa4ba565f5946b517f4d5f023a7537e6e488536a
Author: Mat Booth <mat.booth(a)redhat.com>
Date: Thu Aug 14 15:06:54 2014 +0100
Fix unowned directory
diff --git a/.gitignore b/.gitignore
index 4de69c9..d19cc39 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,6 @@
-/swt-chart-0.8.0.tar.xz
-/swt-chart-0.9.0.tar.xz
+/swt-chart-*.tar.xz
+/swt-chart-*/
+/.project
+/.build-*.log
+/*.src.rpm
+/noarch/
diff --git a/swt-chart.spec b/swt-chart.spec
index 3745da9..cb68ff2 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,6 +1,6 @@
Name: swt-chart
Version: 0.9.0
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: SWTChart Feature
Group: Development/Tools
@@ -27,8 +27,6 @@ SWTChart is a light-weight charting component for SWT.
Summary: Javadoc for %{name}
Group: Documentation
-Requires: jpackage-utils
-
%description javadoc
%{summary}.
@@ -46,12 +44,15 @@ xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.
%install
%mvn_install
-
%files -f .mfiles
+%dir %{_javadir}/%{name}
%files javadoc -f .mfiles-javadoc
%changelog
+* Thu Aug 14 2014 Mat Booth <mat.booth(a)redhat.com> - 0.9.0-3
+- Fix unowned directory
+
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.9.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
commit 054d9517a019534a5104cec46c25472623f08ad5
Author: Roland Grunberg <rgrunber(a)redhat.com>
Date: Mon Jun 9 10:13:39 2014 -0400
Fix FTBFS and update to latest packaging guidelines.
diff --git a/swt-chart.spec b/swt-chart.spec
index b1de8fc..3745da9 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -37,33 +37,19 @@ Requires: jpackage-utils
# Create the poms
xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.swtchart
+# Symlink in %%{_javadir}
+%mvn_file org.swtchart:org.swtchart %{name}/org.swtchart %{name}
+
%build
-xmvn -o install org.apache.maven.plugins:maven-javadoc-plugin:aggregate
+%mvn_build
%install
-install -d -m 755 %{buildroot}%{_javadir}
-install -d -m 755 %{buildroot}%{_mavenpomdir}
-
-# Pom
-install -p -m 644 org.swtchart/pom.xml %{buildroot}%{_mavenpomdir}/JPP-%{name}.pom
-
-# Jar
-install -p -m 644 org.swtchart/target/org.swtchart-%{version}-SNAPSHOT.jar %{buildroot}%{_javadir}/%{name}.jar
-
-%add_maven_depmap JPP-%{name}.pom %{name}.jar
-
-# Javadoc
-install -d -m 755 %{buildroot}%{_javadocdir}/%{name}
-cp -rp target/site/apidocs %{buildroot}%{_javadocdir}/%{name}
+%mvn_install
-%files
-%{_javadir}/*
-%{_mavenpomdir}/*
-%{_mavendepmapfragdir}/%{name}
+%files -f .mfiles
-%files javadoc
-%doc %{_javadocdir}/%{name}
+%files javadoc -f .mfiles-javadoc
%changelog
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.9.0-2
commit 3455014c749058d66ecd7e37d8605a744561b592
Author: Dennis Gilmore <dennis(a)ausil.us>
Date: Sun Jun 8 02:49:06 2014 -0500
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
diff --git a/swt-chart.spec b/swt-chart.spec
index 1c997c6..b1de8fc 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,6 +1,6 @@
Name: swt-chart
Version: 0.9.0
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: SWTChart Feature
Group: Development/Tools
@@ -66,6 +66,9 @@ cp -rp target/site/apidocs %{buildroot}%{_javadocdir}/%{name}
%doc %{_javadocdir}/%{name}
%changelog
+* Sun Jun 08 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.9.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
* Thu Feb 27 2014 Roland Grunberg <rgrunber(a)redhat.com> - 0.9.0-1
- Update to 0.9.0 Release.
commit 4a554a099f34044fb821b60de739b65dd7b6096a
Author: Roland Grunberg <rgrunber(a)redhat.com>
Date: Fri Feb 28 09:40:04 2014 -0500
Update to 0.9.0 Release.
diff --git a/.gitignore b/.gitignore
index feebc61..4de69c9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
/swt-chart-0.8.0.tar.xz
+/swt-chart-0.9.0.tar.xz
diff --git a/sources b/sources
index da10922..3c62bdc 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-f6c82db32fd2efbe0e73d5e84e8a31fc swt-chart-0.8.0.tar.xz
+f97eaad5953f7645a52dfa25a21e07e8 swt-chart-0.9.0.tar.xz
diff --git a/swt-chart.spec b/swt-chart.spec
index 36ef573..1c997c6 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,6 +1,6 @@
Name: swt-chart
-Version: 0.8.0
-Release: 9%{?dist}
+Version: 0.9.0
+Release: 1%{?dist}
Summary: SWTChart Feature
Group: Development/Tools
@@ -66,6 +66,9 @@ cp -rp target/site/apidocs %{buildroot}%{_javadocdir}/%{name}
%doc %{_javadocdir}/%{name}
%changelog
+* Thu Feb 27 2014 Roland Grunberg <rgrunber(a)redhat.com> - 0.9.0-1
+- Update to 0.9.0 Release.
+
* Wed Feb 26 2014 Roland Grunberg <rgrunber(a)redhat.com> - 0.8.0-9
- Change R:java to R:java-headless (Bug 1068558).
commit 39b4583e351f372ae1d569bbfba2aac9c378f304
Author: Roland Grunberg <rgrunber(a)redhat.com>
Date: Wed Feb 26 16:01:06 2014 -0500
Change R:java to R:java-headless (Bug 1068558).
diff --git a/swt-chart.spec b/swt-chart.spec
index 81f6d82..36ef573 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,6 +1,6 @@
Name: swt-chart
Version: 0.8.0
-Release: 8%{?dist}
+Release: 9%{?dist}
Summary: SWTChart Feature
Group: Development/Tools
@@ -13,12 +13,11 @@ Source0: %{name}-%{version}.tar.xz
BuildArch: noarch
-BuildRequires: jpackage-utils
-BuildRequires: java-devel >= 1.5
+BuildRequires: maven-local
BuildRequires: tycho >= 0.14.0
+Requires: java-headless >= 1.5
Requires: jpackage-utils
-Requires: java >= 1.5
Requires: eclipse-platform >= 3.4.0
%description
@@ -36,10 +35,10 @@ Requires: jpackage-utils
%prep
%setup -q
# Create the poms
-mvn-rpmbuild org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.swtchart
+xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.swtchart
%build
-mvn-rpmbuild install javadoc:aggregate
+xmvn -o install org.apache.maven.plugins:maven-javadoc-plugin:aggregate
%install
install -d -m 755 %{buildroot}%{_javadir}
@@ -67,6 +66,9 @@ cp -rp target/site/apidocs %{buildroot}%{_javadocdir}/%{name}
%doc %{_javadocdir}/%{name}
%changelog
+* Wed Feb 26 2014 Roland Grunberg <rgrunber(a)redhat.com> - 0.8.0-9
+- Change R:java to R:java-headless (Bug 1068558).
+
* Wed Oct 23 2013 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-8
- Fix Bug 1022166.
commit 0f4015eb95e15c861be512e008787f6f868d6027
Author: Roland Grunberg <rgrunber(a)redhat.com>
Date: Wed Oct 23 10:38:08 2013 -0400
Fix Bug 1022166.
diff --git a/swt-chart.spec b/swt-chart.spec
index e4bb056..81f6d82 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,6 +1,6 @@
Name: swt-chart
Version: 0.8.0
-Release: 7%{?dist}
+Release: 8%{?dist}
Summary: SWTChart Feature
Group: Development/Tools
@@ -50,7 +50,6 @@ install -p -m 644 org.swtchart/pom.xml %{buildroot}%{_mavenpomdir}/JPP-%{name}.p
# Jar
install -p -m 644 org.swtchart/target/org.swtchart-%{version}-SNAPSHOT.jar %{buildroot}%{_javadir}/%{name}.jar
-ln -sf %{_javadir}/%{name}.jar %{buildroot}%{_javadir}/org.swtchart_%{version}.jar
%add_maven_depmap JPP-%{name}.pom %{name}.jar
@@ -68,6 +67,9 @@ cp -rp target/site/apidocs %{buildroot}%{_javadocdir}/%{name}
%doc %{_javadocdir}/%{name}
%changelog
+* Wed Oct 23 2013 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-8
+- Fix Bug 1022166.
+
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.8.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
@@ -86,5 +88,5 @@ cp -rp target/site/apidocs %{buildroot}%{_javadocdir}/%{name}
* Mon Apr 2 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-2
- Explicitly require java/java-devel >= 1.5 as per manifest.
-* Sat Mar 6 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-1
+* Tue Mar 6 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-1
- Initial packaging of SWTChart.
commit df6fbe55d4839a2d2a635aecf3c3c27886e20e81
Author: Dennis Gilmore <dennis(a)ausil.us>
Date: Sun Aug 4 11:17:00 2013 -0500
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
diff --git a/swt-chart.spec b/swt-chart.spec
index 72bf667..e4bb056 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,6 +1,6 @@
Name: swt-chart
Version: 0.8.0
-Release: 6%{?dist}
+Release: 7%{?dist}
Summary: SWTChart Feature
Group: Development/Tools
@@ -68,6 +68,9 @@ cp -rp target/site/apidocs %{buildroot}%{_javadocdir}/%{name}
%doc %{_javadocdir}/%{name}
%changelog
+* Sun Aug 04 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.8.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.8.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
commit f55467570581dc98c9ce5c974d4a0e02cd076005
Author: Dennis Gilmore <dennis(a)ausil.us>
Date: Thu Feb 14 19:02:35 2013 -0600
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
diff --git a/swt-chart.spec b/swt-chart.spec
index c24ec25..72bf667 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,6 +1,6 @@
Name: swt-chart
Version: 0.8.0
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: SWTChart Feature
Group: Development/Tools
@@ -68,6 +68,9 @@ cp -rp target/site/apidocs %{buildroot}%{_javadocdir}/%{name}
%doc %{_javadocdir}/%{name}
%changelog
+* Fri Feb 15 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.8.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
* Tue Aug 14 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-5
- Remove deprecated tycho.targetPlatform due to p2 support.
commit 041659fb5cc44d259c047477b9a76e8b3a9e2db7
Author: Roland Grunberg <rgrunber(a)redhat.com>
Date: Tue Aug 14 10:00:37 2012 -0400
Remove deprecated tycho.targetPlatform due to p2 support.
Fedora Tycho creates a local p2 repository for the target platform so
there is no need to use the deprecated local target platform
functionality.
diff --git a/swt-chart.spec b/swt-chart.spec
index cf84336..c24ec25 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,6 +1,6 @@
Name: swt-chart
Version: 0.8.0
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: SWTChart Feature
Group: Development/Tools
@@ -36,10 +36,10 @@ Requires: jpackage-utils
%prep
%setup -q
# Create the poms
-mvn-rpmbuild org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.swtchart -Dtycho.targetPlatform=%{_eclipse_base}
+mvn-rpmbuild org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.swtchart
%build
-mvn-rpmbuild -Dtycho.targetPlatform=%{_eclipse_base} install javadoc:aggregate
+mvn-rpmbuild install javadoc:aggregate
%install
install -d -m 755 %{buildroot}%{_javadir}
@@ -68,6 +68,9 @@ cp -rp target/site/apidocs %{buildroot}%{_javadocdir}/%{name}
%doc %{_javadocdir}/%{name}
%changelog
+* Tue Aug 14 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-5
+- Remove deprecated tycho.targetPlatform due to p2 support.
+
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.8.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
commit 86982257644f4d0def91a6ecc008eb9184cc9b14
Author: Dennis Gilmore <dennis(a)ausil.us>
Date: Sat Jul 21 17:16:15 2012 -0500
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
diff --git a/swt-chart.spec b/swt-chart.spec
index f2db917..cf84336 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,6 +1,6 @@
Name: swt-chart
Version: 0.8.0
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: SWTChart Feature
Group: Development/Tools
@@ -68,6 +68,9 @@ cp -rp target/site/apidocs %{buildroot}%{_javadocdir}/%{name}
%doc %{_javadocdir}/%{name}
%changelog
+* Sat Jul 21 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.8.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
* Wed Apr 4 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-3
- Use %%{_eclipse_base} from eclipse-platform.
commit 2c2fe142012e598d88dd7350581653e5b5d172d3
Author: Roland Grunberg <rgrunber(a)redhat.com>
Date: Tue Apr 3 09:54:19 2012 -0400
Revert "Remove "BuildArch: noarch"."
This reverts commit 890098fe1f3ee7669fe013b62abca3e20e554525.
diff --git a/swt-chart.spec b/swt-chart.spec
index 56bfe0e..f2db917 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -1,8 +1,6 @@
-%global eclipse_base %{_libdir}/eclipse
-
Name: swt-chart
Version: 0.8.0
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: SWTChart Feature
Group: Development/Tools
@@ -13,6 +11,8 @@ URL: http://www.swtchart.org/
# tar -cJf %%{name}-%%{version}.tar.xz %%{name}-%%{version}
Source0: %{name}-%{version}.tar.xz
+BuildArch: noarch
+
BuildRequires: jpackage-utils
BuildRequires: java-devel >= 1.5
BuildRequires: tycho >= 0.14.0
@@ -36,10 +36,10 @@ Requires: jpackage-utils
%prep
%setup -q
# Create the poms
-mvn-rpmbuild org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.swtchart -Dtycho.targetPlatform=%{eclipse_base}
+mvn-rpmbuild org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.swtchart -Dtycho.targetPlatform=%{_eclipse_base}
%build
-mvn-rpmbuild -Dtycho.targetPlatform=%{eclipse_base} install javadoc:aggregate
+mvn-rpmbuild -Dtycho.targetPlatform=%{_eclipse_base} install javadoc:aggregate
%install
install -d -m 755 %{buildroot}%{_javadir}
@@ -68,9 +68,11 @@ cp -rp target/site/apidocs %{buildroot}%{_javadocdir}/%{name}
%doc %{_javadocdir}/%{name}
%changelog
+* Wed Apr 4 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-3
+- Use %%{_eclipse_base} from eclipse-platform.
+
* Mon Apr 2 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-2
- Explicitly require java/java-devel >= 1.5 as per manifest.
* Sat Mar 6 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-1
- Initial packaging of SWTChart.
-
commit 890098fe1f3ee7669fe013b62abca3e20e554525
Author: Roland Grunberg <rgrunber(a)redhat.com>
Date: Mon Apr 2 15:42:18 2012 -0400
Remove "BuildArch: noarch".
diff --git a/swt-chart.spec b/swt-chart.spec
index 00e1b4b..56bfe0e 100644
--- a/swt-chart.spec
+++ b/swt-chart.spec
@@ -13,8 +13,6 @@ URL: http://www.swtchart.org/
# tar -cJf %%{name}-%%{version}.tar.xz %%{name}-%%{version}
Source0: %{name}-%{version}.tar.xz
-BuildArch: noarch
-
BuildRequires: jpackage-utils
BuildRequires: java-devel >= 1.5
BuildRequires: tycho >= 0.14.0
commit 3c9a0e512c08cd1f5f7c517da1399e049a85e5e9
Author: Roland Grunberg <rgrunber(a)redhat.com>
Date: Mon Apr 2 12:46:45 2012 -0400
Initial commit of swt-chart package.
diff --git a/.gitignore b/.gitignore
index e69de29..feebc61 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/swt-chart-0.8.0.tar.xz
diff --git a/sources b/sources
index e69de29..da10922 100644
--- a/sources
+++ b/sources
@@ -0,0 +1 @@
+f6c82db32fd2efbe0e73d5e84e8a31fc swt-chart-0.8.0.tar.xz
diff --git a/swt-chart.spec b/swt-chart.spec
new file mode 100644
index 0000000..00e1b4b
--- /dev/null
+++ b/swt-chart.spec
@@ -0,0 +1,78 @@
+%global eclipse_base %{_libdir}/eclipse
+
+Name: swt-chart
+Version: 0.8.0
+Release: 2%{?dist}
+Summary: SWTChart Feature
+
+Group: Development/Tools
+License: EPL
+URL: http://www.swtchart.org/
+# svn export https://swt-chart.svn.sourceforge.net/svnroot/swt-chart/tags/%%{version}/ %%{name}-%%{version}
+# pushd %%{name}-%%{version} && rm -rf org.swtchart.{examples{,.ext},ext} && popd
+# tar -cJf %%{name}-%%{version}.tar.xz %%{name}-%%{version}
+Source0: %{name}-%{version}.tar.xz
+
+BuildArch: noarch
+
+BuildRequires: jpackage-utils
+BuildRequires: java-devel >= 1.5
+BuildRequires: tycho >= 0.14.0
+
+Requires: jpackage-utils
+Requires: java >= 1.5
+Requires: eclipse-platform >= 3.4.0
+
+%description
+SWTChart is a light-weight charting component for SWT.
+
+%package javadoc
+Summary: Javadoc for %{name}
+Group: Documentation
+
+Requires: jpackage-utils
+
+%description javadoc
+%{summary}.
+
+%prep
+%setup -q
+# Create the poms
+mvn-rpmbuild org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.swtchart -Dtycho.targetPlatform=%{eclipse_base}
+
+%build
+mvn-rpmbuild -Dtycho.targetPlatform=%{eclipse_base} install javadoc:aggregate
+
+%install
+install -d -m 755 %{buildroot}%{_javadir}
+install -d -m 755 %{buildroot}%{_mavenpomdir}
+
+# Pom
+install -p -m 644 org.swtchart/pom.xml %{buildroot}%{_mavenpomdir}/JPP-%{name}.pom
+
+# Jar
+install -p -m 644 org.swtchart/target/org.swtchart-%{version}-SNAPSHOT.jar %{buildroot}%{_javadir}/%{name}.jar
+ln -sf %{_javadir}/%{name}.jar %{buildroot}%{_javadir}/org.swtchart_%{version}.jar
+
+%add_maven_depmap JPP-%{name}.pom %{name}.jar
+
+# Javadoc
+install -d -m 755 %{buildroot}%{_javadocdir}/%{name}
+cp -rp target/site/apidocs %{buildroot}%{_javadocdir}/%{name}
+
+
+%files
+%{_javadir}/*
+%{_mavenpomdir}/*
+%{_mavendepmapfragdir}/%{name}
+
+%files javadoc
+%doc %{_javadocdir}/%{name}
+
+%changelog
+* Mon Apr 2 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-2
+- Explicitly require java/java-devel >= 1.5 as per manifest.
+
+* Sat Mar 6 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-1
+- Initial packaging of SWTChart.
+
4 years, 1 month
Architecture specific change in rpms/xmlrpc.git
by githook-noreply@fedoraproject.org
The package rpms/xmlrpc.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/xmlrpc.git/commit/?id=cdbb3caaf48...
https://src.fedoraproject.org/cgit/rpms/xmlrpc.git/commit/?id=b891086adac...
https://src.fedoraproject.org/cgit/rpms/xmlrpc.git/commit/?id=012bef57047....
Change:
+ExcludeArch: s390x ppc64
-ExcludeArch: s390x ppc64 s390
+ExcludeArch: s390x ppc64 s390
Thanks.
Full change:
============
commit 57ad716a389babc878aa8fffd602ce774408926e
Merge: 5319ef0 86ddcbd
Author: Mat Booth <mat.booth(a)redhat.com>
Date: Wed Apr 1 16:26:48 2020 +0100
Merge branch 'eclipse'
commit 86ddcbd5daffcd1a9b62a1c389b0188ac4b7c6e3
Author: Mat Booth <mat.booth(a)redhat.com>
Date: Wed Apr 1 16:26:30 2020 +0100
Add patch for CVE-2019-17570
diff --git a/0001-Javax-Servlet-API.patch b/0001-Javax-Servlet-API.patch
new file mode 100644
index 0000000..c6a4f93
--- /dev/null
+++ b/0001-Javax-Servlet-API.patch
@@ -0,0 +1,264 @@
+From a552fe2cd20c9804d9abcbf5f99533ed9c495fe7 Mon Sep 17 00:00:00 2001
+From: Mat Booth <mat.booth(a)redhat.com>
+Date: Tue, 31 Mar 2020 16:58:31 +0100
+Subject: [PATCH 1/6] Javax Servlet API
+
+---
+ dist/pom.xml | 2 +-
+ pom.xml | 4 +-
+ server/pom.xml | 8 ++-
+ .../webserver/HttpServletRequestImpl.java | 54 +++++++++++++++++++
+ .../webserver/HttpServletResponseImpl.java | 26 ++++++++-
+ .../webserver/ServletOutputStreamImpl.java | 5 ++
+ 6 files changed, 94 insertions(+), 5 deletions(-)
+
+diff --git a/dist/pom.xml b/dist/pom.xml
+index 67aded6..590f750 100644
+--- a/dist/pom.xml
++++ b/dist/pom.xml
+@@ -59,7 +59,7 @@
+ <dependencies>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+- <artifactId>servlet-api</artifactId>
++ <artifactId>javax.servlet-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.xmlrpc</groupId>
+diff --git a/pom.xml b/pom.xml
+index 3933da5..5e18625 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -344,8 +344,8 @@
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+- <artifactId>servlet-api</artifactId>
+- <version>2.4</version>
++ <artifactId>javax.servlet-api</artifactId>
++ <version>3.1.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+diff --git a/server/pom.xml b/server/pom.xml
+index 0d09544..6cbc6e7 100644
+--- a/server/pom.xml
++++ b/server/pom.xml
+@@ -67,6 +67,12 @@
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
++ <exclusions>
++ <exclusion>
++ <groupId>javax.servlet</groupId>
++ <artifactId>servlet-api</artifactId>
++ </exclusion>
++ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.xmlrpc</groupId>
+@@ -81,7 +87,7 @@
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+- <artifactId>servlet-api</artifactId>
++ <artifactId>javax.servlet-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+diff --git a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
+index 3dc7e43..19b14a2 100644
+--- a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
++++ b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
+@@ -31,6 +31,7 @@ import java.net.URLDecoder;
+ import java.security.Principal;
+ import java.util.ArrayList;
+ import java.util.Collections;
++import java.util.Collection;
+ import java.util.Enumeration;
+ import java.util.HashMap;
+ import java.util.Iterator;
+@@ -39,10 +40,20 @@ import java.util.Locale;
+ import java.util.Map;
+ import java.util.StringTokenizer;
+
++import javax.servlet.ReadListener;
+ import javax.servlet.RequestDispatcher;
++import javax.servlet.ServletException;
+ import javax.servlet.ServletInputStream;
++import javax.servlet.DispatcherType;
++import javax.servlet.AsyncContext;
++import javax.servlet.ServletContext;
++import javax.servlet.ServletRequest;
++import javax.servlet.ServletResponse;
+ import javax.servlet.http.Cookie;
++import javax.servlet.http.HttpUpgradeHandler;
++import javax.servlet.http.Part;
+ import javax.servlet.http.HttpServletRequest;
++import javax.servlet.http.HttpServletResponse;
+ import javax.servlet.http.HttpSession;
+
+ import org.apache.xmlrpc.common.XmlRpcStreamConfig;
+@@ -66,6 +77,7 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+ private String queryString;
+ private String httpVersion;
+ private final Map headers = new HashMap();
++ private final Map parts = new HashMap();
+ private final Map attributes = new HashMap();
+ private Map parameters;
+ private String characterEncoding;
+@@ -97,6 +109,18 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+ }
+ return c;
+ }
++
++ public boolean isFinished() {
++ return contentBytesRemaining == 0;
++ }
++
++ public boolean isReady() {
++ return true;
++ }
++
++ public void setReadListener(ReadListener arg0) {
++ throw new IllegalStateException("Not implemented.");
++ }
+ };
+ }
+
+@@ -227,6 +251,12 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+ return Collections.enumeration(list);
+ }
+
++ public Part getPart(String name) { throw new IllegalStateException("Not implemented"); }
++
++ public Collection getParts() { throw new IllegalStateException("Not implemented"); }
++
++ public boolean authenticate (HttpServletResponse response) { throw new IllegalStateException("Not implemented"); }
++
+ public int getIntHeader(String pHeader) {
+ String s = getHeader(pHeader);
+ return s == null ? -1 : Integer.parseInt(s);
+@@ -242,6 +272,10 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+
+ public String getRemoteUser() { throw new IllegalStateException("Not implemented"); }
+
++ public void login(String username, String password) { throw new IllegalStateException("Not implemented"); }
++
++ public void logout() { throw new IllegalStateException("Not implemented"); }
++
+ public String getRequestURI() { return uri; }
+
+ public StringBuffer getRequestURL() {
+@@ -280,6 +314,20 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+ return sb;
+ }
+
++ public AsyncContext getAsyncContext() { throw new IllegalStateException("Not implemented"); }
++
++ public boolean isAsyncSupported() { return false; }
++
++ public boolean isAsyncStarted() { return false; }
++
++ public ServletContext getServletContext() { throw new IllegalStateException("Not implemented"); }
++
++ public AsyncContext startAsync(ServletRequest req, ServletResponse resp) { throw new IllegalStateException("Not implemented"); }
++
++ public AsyncContext startAsync() { throw new IllegalStateException("Not implemented"); }
++
++ public DispatcherType getDispatcherType() { throw new IllegalStateException("Not implemented"); }
++
+ public String getRequestedSessionId() { throw new IllegalStateException("Not implemented"); }
+
+ public String getServletPath() { return uri; }
+@@ -544,4 +592,10 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+ }
+
+ protected String getHttpVersion() { return httpVersion; }
++
++ public long getContentLengthLong() { throw new IllegalStateException("Not implemented."); }
++
++ public String changeSessionId() { throw new IllegalStateException("Not implemented."); }
++
++ public HttpUpgradeHandler upgrade(Class arg0) { throw new IllegalStateException("Not implemented."); }
+ }
+diff --git a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
+index 6ba7018..5319dcf 100644
+--- a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
++++ b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
+@@ -29,6 +29,8 @@ import java.util.Iterator;
+ import java.util.List;
+ import java.util.Locale;
+ import java.util.Map;
++import java.util.Collection;
++import java.util.Collections;
+ import java.util.StringTokenizer;
+
+ import javax.servlet.ServletOutputStream;
+@@ -84,7 +86,7 @@ public class HttpServletResponseImpl implements HttpServletResponse {
+ }
+ }
+
+- private String getHeader(String pHeader) {
++ public String getHeader(String pHeader) {
+ String key = pHeader.toLowerCase();
+ Object o = headers.get(key);
+ if (o == null) {
+@@ -101,6 +103,26 @@ public class HttpServletResponseImpl implements HttpServletResponse {
+ }
+ }
+
++ public Collection getHeaderNames() {
++ return headers.keySet();
++ }
++
++ public Collection getHeaders(String pHeader) {
++ String key = pHeader.toLowerCase();
++ Object o = headers.get(key);
++ List list;
++ if (o instanceof List) {
++ list = (List) o;
++ } else {
++ list = Collections.singletonList(o);
++ }
++ return list;
++ }
++
++ public int getStatus() {
++ return status;
++ }
++
+ public void addIntHeader(String pHeader, int pValue) {
+ addHeader(pHeader, Integer.toString(pValue));
+ }
+@@ -465,4 +487,6 @@ public class HttpServletResponseImpl implements HttpServletResponse {
+ sb.append("\r\n");
+ return sb.toString();
+ }
++
++ public void setContentLengthLong(long arg0) { throw new IllegalStateException("Not implemented."); }
+ }
+diff --git a/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java b/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java
+index c2a53b1..86dbbb4 100644
+--- a/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java
++++ b/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java
+@@ -22,6 +22,7 @@ import java.io.IOException;
+ import java.io.OutputStream;
+
+ import javax.servlet.ServletOutputStream;
++import javax.servlet.WriteListener;
+
+
+ /** Default implementation of a servlet output stream.
+@@ -99,4 +100,8 @@ class ServletOutputStreamImpl extends ServletOutputStream {
+ boolean isCommitted() {
+ return committed;
+ }
++
++ public boolean isReady() { return true; }
++
++ public void setWriteListener(WriteListener arg0) { throw new IllegalStateException("Not implemented."); }
+ }
+--
+2.26.0.rc2
+
diff --git a/0002-Add-OSGi-metadata.patch b/0002-Add-OSGi-metadata.patch
new file mode 100644
index 0000000..b3e4c77
--- /dev/null
+++ b/0002-Add-OSGi-metadata.patch
@@ -0,0 +1,74 @@
+From 56ed627f9d69a9c065aab02e8f7d07524d4fa315 Mon Sep 17 00:00:00 2001
+From: Mat Booth <mat.booth(a)redhat.com>
+Date: Tue, 31 Mar 2020 17:00:03 +0100
+Subject: [PATCH 2/6] Add OSGi metadata
+
+---
+ client/pom.xml | 11 +++++++++++
+ common/pom.xml | 10 ++++++++++
+ server/pom.xml | 6 ++++++
+ 3 files changed, 27 insertions(+)
+
+diff --git a/client/pom.xml b/client/pom.xml
+index e588657..f31b2d2 100644
+--- a/client/pom.xml
++++ b/client/pom.xml
+@@ -48,6 +48,17 @@
+ <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
+ <Implementation-Vendor>Apache Software Foundation</Implementation-Vendor>
+ <Implementation-Version>${project.version}</Implementation-Version>
++ <Bundle-ManifestVersion>2</Bundle-ManifestVersion>
++ <Bundle-Name>%Bundle-Name</Bundle-Name>
++ <Bundle-Localization>plugin</Bundle-Localization>
++ <Bundle-SymbolicName>org.apache.xmlrpc</Bundle-SymbolicName>
++ <Bundle-Version>${project.version}</Bundle-Version>
++ <Require-Bundle>org.apache.xmlrpc.common</Require-Bundle>
++ <Export-Package>org.apache.xmlrpc, org.apache.xmlrpc.client, org.apache.xmlrpc.client.util</Export-Package>
++ <Import-Package>javax.xml.namespace, javax.xml.parsers, org.apache.commons.httpclient, org.apache.commons.httpclient.auth, org.apache.commons.httpclient.methods, org.apache.commons.httpclient.params, org.apache.commons.logging, org.apache.ws.commons.serialize, org.apache.ws.commons.util, org.w3c.dom, org.xml.sax, org.xml.sax.helpers</Import-Package>
++ <Bundle-RequiredExecutionEnvironment>J2SE-1.4, CDC-1.0/Foundation-1.0, J2SE-1.3</Bundle-RequiredExecutionEnvironment>
++ <Eclipse-BuddyPolicy>dependent</Eclipse-BuddyPolicy>
++ <Bundle-Vendor>%Bundle-Vendor.0</Bundle-Vendor>
+ </manifestEntries>
+ </archive>
+ </configuration>
+diff --git a/common/pom.xml b/common/pom.xml
+index 5058d50..7a5bf49 100644
+--- a/common/pom.xml
++++ b/common/pom.xml
+@@ -48,6 +48,16 @@
+ <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
+ <Implementation-Vendor>Apache Software Foundation</Implementation-Vendor>
+ <Implementation-Version>${project.version}</Implementation-Version>
++ <Bundle-ManifestVersion>2</Bundle-ManifestVersion>
++ <Bundle-Name>%Bundle-Name</Bundle-Name>
++ <Bundle-Localization>plugin</Bundle-Localization>
++ <Bundle-SymbolicName>org.apache.xmlrpc.common</Bundle-SymbolicName>
++ <Bundle-Version>${project.version}</Bundle-Version>
++ <Export-Package>org.apache.xmlrpc, org.apache.xmlrpc.common, org.apache.xmlrpc.jaxb, org.apache.xmlrpc.parser, org.apache.xmlrpc.serializer, org.apache.xmlrpc.util</Export-Package>
++ <Import-Package>javax.xml.namespace, javax.xml.parsers, org.apache.commons.httpclient, org.apache.commons.httpclient.auth, org.apache.commons.httpclient.methods, org.apache.commons.httpclient.params, org.apache.commons.logging, org.apache.ws.commons.serialize, org.apache.ws.commons.util, org.w3c.dom, org.xml.sax, org.xml.sax.helpers</Import-Package>
++ <Bundle-RequiredExecutionEnvironment>J2SE-1.4, CDC-1.0/Foundation-1.0, J2SE-1.3</Bundle-RequiredExecutionEnvironment>
++ <Eclipse-BuddyPolicy>dependent</Eclipse-BuddyPolicy>
++ <Bundle-Vendor>%Bundle-Vendor.0</Bundle-Vendor>
+ </manifestEntries>
+ </archive>
+ </configuration>
+diff --git a/server/pom.xml b/server/pom.xml
+index 6cbc6e7..4c90e50 100644
+--- a/server/pom.xml
++++ b/server/pom.xml
+@@ -48,6 +48,12 @@
+ <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
+ <Implementation-Vendor>Apache Software Foundation</Implementation-Vendor>
+ <Implementation-Version>${project.version}</Implementation-Version>
++ <Bundle-ManifestVersion>1</Bundle-ManifestVersion>
++ <Bundle-Name>%Bundle-Name</Bundle-Name>
++ <Bundle-SymbolicName>org.apache.xmlrpc.server</Bundle-SymbolicName>
++ <Bundle-Version>${project.version}</Bundle-Version>
++ <Require-Bundle>org.apache.xmlrpc.common</Require-Bundle>
++ <Export-Package>org.apache.xmlrpc.server,org.apache.xmlrpc.webserver</Export-Package>
+ </manifestEntries>
+ </archive>
+ </configuration>
+--
+2.26.0.rc2
+
diff --git a/0003-disallow-deserialization-of-ex-serializable-tags.patch b/0003-disallow-deserialization-of-ex-serializable-tags.patch
new file mode 100644
index 0000000..0b568c7
--- /dev/null
+++ b/0003-disallow-deserialization-of-ex-serializable-tags.patch
@@ -0,0 +1,71 @@
+From febe70f7ca78926660a7d11607a35f663165322a Mon Sep 17 00:00:00 2001
+From: Mat Booth <mat.booth(a)redhat.com>
+Date: Tue, 31 Mar 2020 17:01:29 +0100
+Subject: [PATCH 3/6] disallow deserialization of ex serializable tags
+
+---
+ .../xmlrpc/parser/SerializableParser.java | 8 ++++++
+ .../java/org/apache/xmlrpc/test/BaseTest.java | 28 -------------------
+ 2 files changed, 8 insertions(+), 28 deletions(-)
+
+diff --git a/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java b/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
+index 18f25ac..c8bb7ed 100644
+--- a/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
++++ b/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
+@@ -29,6 +29,14 @@ import org.apache.xmlrpc.XmlRpcException;
+ */
+ public class SerializableParser extends ByteArrayParser {
+ public Object getResult() throws XmlRpcException {
++ if (!"1".equals(System.getProperty("org.apache.xmlrpc.allowInsecureDeserialization"))) {
++ throw new UnsupportedOperationException(
++ "Deserialization of ex:serializable objects is vulnerable to " +
++ "remote execution attacks and is disabled by default. " +
++ "If you are sure the source data is trusted, you can enable " +
++ "it by setting org.apache.xmlrpc.allowInsecureDeserialization " +
++ "JVM property to 1");
++ }
+ try {
+ byte[] res = (byte[]) super.getResult();
+ ByteArrayInputStream bais = new ByteArrayInputStream(res);
+diff --git a/server/src/test/java/org/apache/xmlrpc/test/BaseTest.java b/server/src/test/java/org/apache/xmlrpc/test/BaseTest.java
+index 16699a6..6ad4b5e 100644
+--- a/server/src/test/java/org/apache/xmlrpc/test/BaseTest.java
++++ b/server/src/test/java/org/apache/xmlrpc/test/BaseTest.java
+@@ -805,34 +805,6 @@ public class BaseTest extends XmlRpcTestCase {
+ assertTrue(ok);
+ }
+
+- /** Test, whether we can invoke a method, passing an instance of
+- * {@link java.io.Serializable} as a parameter.
+- * @throws Exception The test failed.
+- */
+- public void testSerializableParam() throws Exception {
+- for (int i = 0; i < providers.length; i++) {
+- testSerializableParam(providers[i]);
+- }
+- }
+-
+- private void testSerializableParam(ClientProvider pProvider) throws Exception {
+- final String methodName = "Remote.serializableParam";
+- Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("GMT"));
+- cal.set(2005, 5, 23, 8, 4, 0);
+- cal.set(Calendar.MILLISECOND, 5);
+- final Object[] params = new Object[]{new Remote.CalendarWrapper(cal)};
+- final XmlRpcClient client = pProvider.getClient();
+- Object result = client.execute(getExConfig(pProvider), methodName, params);
+- assertEquals(new Long(cal.getTime().getTime()), result);
+- boolean ok = false;
+- try {
+- client.execute(getConfig(pProvider), methodName, params);
+- } catch (XmlRpcExtensionException e) {
+- ok = true;
+- }
+- assertTrue(ok);
+- }
+-
+ /** Tests, whether we can invoke a method, passing an instance of
+ * {@link Calendar} as a parameter.
+ * @throws Exception The test failed.
+--
+2.26.0.rc2
+
diff --git a/0004-disallow-loading-external-dtd.patch b/0004-disallow-loading-external-dtd.patch
new file mode 100644
index 0000000..f522b77
--- /dev/null
+++ b/0004-disallow-loading-external-dtd.patch
@@ -0,0 +1,30 @@
+From 2c16d38ab18039327b2575f61c3035683f16cd7d Mon Sep 17 00:00:00 2001
+From: Mat Booth <mat.booth(a)redhat.com>
+Date: Tue, 31 Mar 2020 17:02:12 +0100
+Subject: [PATCH 4/6] disallow loading external dtd
+
+---
+ .../src/main/java/org/apache/xmlrpc/util/SAXParsers.java | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java b/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
+index b1034e7..49ef5de 100644
+--- a/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
++++ b/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
+@@ -48,6 +48,13 @@ public class SAXParsers {
+ } catch (org.xml.sax.SAXException e) {
+ // Ignore it
+ }
++ try {
++ spf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
++ } catch (javax.xml.parsers.ParserConfigurationException e) {
++ // Ignore it
++ } catch (org.xml.sax.SAXException e) {
++ // Ignore it
++ }
+ }
+
+ /** Creates a new instance of {@link XMLReader}.
+--
+2.26.0.rc2
+
diff --git a/0005-Remove-dep-on-ancient-commons-httpclient.patch b/0005-Remove-dep-on-ancient-commons-httpclient.patch
new file mode 100644
index 0000000..1629c5a
--- /dev/null
+++ b/0005-Remove-dep-on-ancient-commons-httpclient.patch
@@ -0,0 +1,466 @@
+From 77f696a95873c6bd8cac9254579838db556044a6 Mon Sep 17 00:00:00 2001
+From: Mat Booth <mat.booth(a)redhat.com>
+Date: Tue, 31 Mar 2020 17:18:53 +0100
+Subject: [PATCH 5/6] Remove dep on ancient commons httpclient
+
+---
+ client/pom.xml | 4 -
+ .../xmlrpc/client/XmlRpcCommonsTransport.java | 262 ------------------
+ .../client/XmlRpcCommonsTransportFactory.java | 66 -----
+ pom.xml | 6 -
+ server/pom.xml | 5 -
+ .../apache/xmlrpc/test/CommonsProvider.java | 41 ---
+ .../apache/xmlrpc/test/XmlRpcTestCase.java | 1 -
+ 7 files changed, 385 deletions(-)
+ delete mode 100644 client/src/main/java/org/apache/xmlrpc/client/XmlRpcCommonsTransport.java
+ delete mode 100644 client/src/main/java/org/apache/xmlrpc/client/XmlRpcCommonsTransportFactory.java
+ delete mode 100644 server/src/test/java/org/apache/xmlrpc/test/CommonsProvider.java
+
+diff --git a/client/pom.xml b/client/pom.xml
+index f31b2d2..b78ede0 100644
+--- a/client/pom.xml
++++ b/client/pom.xml
+@@ -72,9 +72,5 @@
+ <artifactId>xmlrpc-common</artifactId>
+ <version>3.1.3</version>
+ </dependency>
+- <dependency>
+- <groupId>commons-httpclient</groupId>
+- <artifactId>commons-httpclient</artifactId>
+- </dependency>
+ </dependencies>
+ </project>
+diff --git a/client/src/main/java/org/apache/xmlrpc/client/XmlRpcCommonsTransport.java b/client/src/main/java/org/apache/xmlrpc/client/XmlRpcCommonsTransport.java
+deleted file mode 100644
+index 1e60ceb..0000000
+--- a/client/src/main/java/org/apache/xmlrpc/client/XmlRpcCommonsTransport.java
++++ /dev/null
+@@ -1,262 +0,0 @@
+-/*
+- * Licensed to the Apache Software Foundation (ASF) under one
+- * or more contributor license agreements. See the NOTICE file
+- * distributed with this work for additional information
+- * regarding copyright ownership. The ASF licenses this file
+- * to you under the Apache License, Version 2.0 (the
+- * "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing,
+- * software distributed under the License is distributed on an
+- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+- * KIND, either express or implied. See the License for the
+- * specific language governing permissions and limitations
+- * under the License.
+- */
+-package org.apache.xmlrpc.client;
+-
+-import java.io.BufferedOutputStream;
+-import java.io.FilterOutputStream;
+-import java.io.IOException;
+-import java.io.InputStream;
+-import java.io.OutputStream;
+-
+-import org.apache.commons.httpclient.Credentials;
+-import org.apache.commons.httpclient.Header;
+-import org.apache.commons.httpclient.HttpClient;
+-import org.apache.commons.httpclient.HttpException;
+-import org.apache.commons.httpclient.HttpMethod;
+-import org.apache.commons.httpclient.HttpStatus;
+-import org.apache.commons.httpclient.HttpVersion;
+-import org.apache.commons.httpclient.URI;
+-import org.apache.commons.httpclient.URIException;
+-import org.apache.commons.httpclient.UsernamePasswordCredentials;
+-import org.apache.commons.httpclient.auth.AuthScope;
+-import org.apache.commons.httpclient.methods.PostMethod;
+-import org.apache.commons.httpclient.methods.RequestEntity;
+-import org.apache.commons.httpclient.params.HttpMethodParams;
+-import org.apache.xmlrpc.XmlRpcException;
+-import org.apache.xmlrpc.XmlRpcRequest;
+-import org.apache.xmlrpc.common.XmlRpcStreamConfig;
+-import org.apache.xmlrpc.common.XmlRpcStreamRequestConfig;
+-import org.apache.xmlrpc.util.HttpUtil;
+-import org.apache.xmlrpc.util.XmlRpcIOException;
+-import org.xml.sax.SAXException;
+-
+-
+-/** An HTTP transport factory, which is based on the Jakarta Commons
+- * HTTP Client.
+- */
+-public class XmlRpcCommonsTransport extends XmlRpcHttpTransport {
+- /**
+- * Maximum number of allowed redirects.
+- */
+- private static final int MAX_REDIRECT_ATTEMPTS = 100;
+-
+- protected final HttpClient client;
+- private static final String userAgent = USER_AGENT + " (Jakarta Commons httpclient Transport)";
+- protected PostMethod method;
+- private int contentLength = -1;
+- private XmlRpcHttpClientConfig config;
+-
+- /** Creates a new instance.
+- * @param pFactory The factory, which created this transport.
+- */
+- public XmlRpcCommonsTransport(XmlRpcCommonsTransportFactory pFactory) {
+- super(pFactory.getClient(), userAgent);
+- HttpClient httpClient = pFactory.getHttpClient();
+- if (httpClient == null) {
+- httpClient = newHttpClient();
+- }
+- client = httpClient;
+- }
+-
+- protected void setContentLength(int pLength) {
+- contentLength = pLength;
+- }
+-
+- protected HttpClient newHttpClient() {
+- return new HttpClient();
+- }
+-
+- protected void initHttpHeaders(XmlRpcRequest pRequest) throws XmlRpcClientException {
+- config = (XmlRpcHttpClientConfig) pRequest.getConfig();
+- method = newPostMethod(config);
+- super.initHttpHeaders(pRequest);
+-
+- if (config.getConnectionTimeout() != 0)
+- client.getHttpConnectionManager().getParams().setConnectionTimeout(config.getConnectionTimeout());
+-
+- if (config.getReplyTimeout() != 0)
+- client.getHttpConnectionManager().getParams().setSoTimeout(config.getReplyTimeout());
+-
+- method.getParams().setVersion(HttpVersion.HTTP_1_1);
+- }
+-
+- protected PostMethod newPostMethod(XmlRpcHttpClientConfig pConfig) {
+- return new PostMethod(pConfig.getServerURL().toString());
+- }
+-
+- protected void setRequestHeader(String pHeader, String pValue) {
+- method.setRequestHeader(new Header(pHeader, pValue));
+- }
+-
+- protected boolean isResponseGzipCompressed() {
+- Header h = method.getResponseHeader( "Content-Encoding" );
+- if (h == null) {
+- return false;
+- } else {
+- return HttpUtil.isUsingGzipEncoding(h.getValue());
+- }
+- }
+-
+- protected InputStream getInputStream() throws XmlRpcException {
+- try {
+- checkStatus(method);
+- return method.getResponseBodyAsStream();
+- } catch (HttpException e) {
+- throw new XmlRpcClientException("Error in HTTP transport: " + e.getMessage(), e);
+- } catch (IOException e) {
+- throw new XmlRpcClientException("I/O error in server communication: " + e.getMessage(), e);
+- }
+- }
+-
+- protected void setCredentials(XmlRpcHttpClientConfig pConfig) throws XmlRpcClientException {
+- String userName = pConfig.getBasicUserName();
+- if (userName != null) {
+- String enc = pConfig.getBasicEncoding();
+- if (enc == null) {
+- enc = XmlRpcStreamConfig.UTF8_ENCODING;
+- }
+- client.getParams().setParameter(HttpMethodParams.CREDENTIAL_CHARSET, enc);
+- Credentials creds = new UsernamePasswordCredentials(userName, pConfig.getBasicPassword());
+- AuthScope scope = new AuthScope(null, AuthScope.ANY_PORT, null, AuthScope.ANY_SCHEME);
+- client.getState().setCredentials(scope, creds);
+- client.getParams().setAuthenticationPreemptive(true);
+- }
+- }
+-
+- protected void close() throws XmlRpcClientException {
+- method.releaseConnection();
+- }
+-
+- protected boolean isResponseGzipCompressed(XmlRpcStreamRequestConfig pConfig) {
+- Header h = method.getResponseHeader( "Content-Encoding" );
+- if (h == null) {
+- return false;
+- } else {
+- return HttpUtil.isUsingGzipEncoding(h.getValue());
+- }
+- }
+-
+- protected boolean isRedirectRequired() {
+- switch (method.getStatusCode()) {
+- case HttpStatus.SC_MOVED_TEMPORARILY:
+- case HttpStatus.SC_MOVED_PERMANENTLY:
+- case HttpStatus.SC_SEE_OTHER:
+- case HttpStatus.SC_TEMPORARY_REDIRECT:
+- return true;
+- default:
+- return false;
+- }
+- }
+-
+- protected void resetClientForRedirect()
+- throws XmlRpcException {
+- //get the location header to find out where to redirect to
+- Header locationHeader = method.getResponseHeader("location");
+- if (locationHeader == null) {
+- throw new XmlRpcException("Invalid redirect: Missing location header");
+- }
+- String location = locationHeader.getValue();
+-
+- URI redirectUri = null;
+- URI currentUri = null;
+- try {
+- currentUri = method.getURI();
+- String charset = currentUri.getProtocolCharset();
+- redirectUri = new URI(location, true, charset);
+- method.setURI(redirectUri);
+- } catch (URIException ex) {
+- throw new XmlRpcException(ex.getMessage(), ex);
+- }
+-
+- //And finally invalidate the actual authentication scheme
+- method.getHostAuthState().invalidate();
+- }
+-
+- protected void writeRequest(final ReqWriter pWriter) throws XmlRpcException {
+- method.setRequestEntity(new RequestEntity(){
+- public boolean isRepeatable() { return true; }
+- public void writeRequest(OutputStream pOut) throws IOException {
+- try {
+- /* Make sure, that the socket is not closed by replacing it with our
+- * own BufferedOutputStream.
+- */
+- OutputStream ostream;
+- if (isUsingByteArrayOutput(config)) {
+- // No need to buffer the output.
+- ostream = new FilterOutputStream(pOut){
+- public void close() throws IOException {
+- flush();
+- }
+- };
+- } else {
+- ostream = new BufferedOutputStream(pOut){
+- public void close() throws IOException {
+- flush();
+- }
+- };
+- }
+- pWriter.write(ostream);
+- } catch (XmlRpcException e) {
+- throw new XmlRpcIOException(e);
+- } catch (SAXException e) {
+- throw new XmlRpcIOException(e);
+- }
+- }
+- public long getContentLength() { return contentLength; }
+- public String getContentType() { return "text/xml"; }
+- });
+- try {
+- int redirectAttempts = 0;
+- for (;;) {
+- client.executeMethod(method);
+- if (!isRedirectRequired()) {
+- break;
+- }
+- if (redirectAttempts++ > MAX_REDIRECT_ATTEMPTS) {
+- throw new XmlRpcException("Too many redirects.");
+- }
+- resetClientForRedirect();
+- }
+- } catch (XmlRpcIOException e) {
+- Throwable t = e.getLinkedException();
+- if (t instanceof XmlRpcException) {
+- throw (XmlRpcException) t;
+- } else {
+- throw new XmlRpcException("Unexpected exception: " + t.getMessage(), t);
+- }
+- } catch (IOException e) {
+- throw new XmlRpcException("I/O error while communicating with HTTP server: " + e.getMessage(), e);
+- }
+- }
+-
+- /**
+- * Check the status of the HTTP request and throw an XmlRpcHttpTransportException if it
+- * indicates that there is an error.
+- * @param pMethod the method that has been executed
+- * @throws XmlRpcHttpTransportException if the status of the method indicates that there is an error.
+- */
+- private void checkStatus(HttpMethod pMethod) throws XmlRpcHttpTransportException {
+- final int status = pMethod.getStatusCode();
+-
+- // All status codes except SC_OK are handled as errors. Perhaps some should require special handling (e.g., SC_UNAUTHORIZED)
+- if (status < 200 || status > 299) {
+- throw new XmlRpcHttpTransportException(status, pMethod.getStatusText());
+- }
+- }
+-}
+diff --git a/client/src/main/java/org/apache/xmlrpc/client/XmlRpcCommonsTransportFactory.java b/client/src/main/java/org/apache/xmlrpc/client/XmlRpcCommonsTransportFactory.java
+deleted file mode 100644
+index 630d5b4..0000000
+--- a/client/src/main/java/org/apache/xmlrpc/client/XmlRpcCommonsTransportFactory.java
++++ /dev/null
+@@ -1,66 +0,0 @@
+-/*
+- * Licensed to the Apache Software Foundation (ASF) under one
+- * or more contributor license agreements. See the NOTICE file
+- * distributed with this work for additional information
+- * regarding copyright ownership. The ASF licenses this file
+- * to you under the Apache License, Version 2.0 (the
+- * "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing,
+- * software distributed under the License is distributed on an
+- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+- * KIND, either express or implied. See the License for the
+- * specific language governing permissions and limitations
+- * under the License.
+- */
+-package org.apache.xmlrpc.client;
+-
+-import org.apache.commons.httpclient.HttpClient;
+-
+-
+-/** An HTTP transport factory, which is based on the Jakarta Commons
+- * HTTP Client.
+- */
+-public class XmlRpcCommonsTransportFactory extends XmlRpcTransportFactoryImpl {
+- private HttpClient httpClient;
+-
+- /** Creates a new instance.
+- * @param pClient The client, which is controlling the factory.
+- */
+- public XmlRpcCommonsTransportFactory(XmlRpcClient pClient) {
+- super(pClient);
+- }
+-
+- public XmlRpcTransport getTransport() {
+- return new XmlRpcCommonsTransport(this);
+- }
+-
+- /**
+- * <p>Sets the factories {@link HttpClient}. By default, a new instance
+- * of {@link HttpClient} is created for any request.</p>
+- * <p>Reusing the {@link HttpClient} is required, if you want to preserve
+- * some state between requests. This applies, in particular, if you want
+- * to use cookies: In that case, create an instance of {@link HttpClient},
+- * give it to the factory, and use {@link HttpClient#getState()} to
+- * read or set cookies.
+- */
+- public void setHttpClient(HttpClient pHttpClient) {
+- httpClient = pHttpClient;
+- }
+-
+- /**
+- * <p>Returns the factories {@link HttpClient}. By default, a new instance
+- * of {@link HttpClient} is created for any request.</p>
+- * <p>Reusing the {@link HttpClient} is required, if you want to preserve
+- * some state between requests. This applies, in particular, if you want
+- * to use cookies: In that case, create an instance of {@link HttpClient},
+- * give it to the factory, and use {@link HttpClient#getState()} to
+- * read or set cookies.
+- */
+- public HttpClient getHttpClient() {
+- return httpClient;
+- }
+-}
+diff --git a/pom.xml b/pom.xml
+index 5e18625..55cc6a8 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -321,12 +321,6 @@
+
+ <dependencyManagement>
+ <dependencies>
+- <dependency>
+- <groupId>commons-httpclient</groupId>
+- <artifactId>commons-httpclient</artifactId>
+- <version>3.0.1</version>
+- <scope>provided</scope>
+- </dependency>
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+diff --git a/server/pom.xml b/server/pom.xml
+index 4c90e50..84234ff 100644
+--- a/server/pom.xml
++++ b/server/pom.xml
+@@ -95,10 +95,5 @@
+ <groupId>javax.servlet</groupId>
+ <artifactId>javax.servlet-api</artifactId>
+ </dependency>
+- <dependency>
+- <groupId>commons-httpclient</groupId>
+- <artifactId>commons-httpclient</artifactId>
+- <scope>test</scope>
+- </dependency>
+ </dependencies>
+ </project>
+diff --git a/server/src/test/java/org/apache/xmlrpc/test/CommonsProvider.java b/server/src/test/java/org/apache/xmlrpc/test/CommonsProvider.java
+deleted file mode 100644
+index 2551a59..0000000
+--- a/server/src/test/java/org/apache/xmlrpc/test/CommonsProvider.java
++++ /dev/null
+@@ -1,41 +0,0 @@
+-/*
+- * Licensed to the Apache Software Foundation (ASF) under one
+- * or more contributor license agreements. See the NOTICE file
+- * distributed with this work for additional information
+- * regarding copyright ownership. The ASF licenses this file
+- * to you under the Apache License, Version 2.0 (the
+- * "License"); you may not use this file except in compliance
+- * with the License. You may obtain a copy of the License at
+- *
+- * http://www.apache.org/licenses/LICENSE-2.0
+- *
+- * Unless required by applicable law or agreed to in writing,
+- * software distributed under the License is distributed on an
+- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+- * KIND, either express or implied. See the License for the
+- * specific language governing permissions and limitations
+- * under the License.
+- */
+-package org.apache.xmlrpc.test;
+-
+-import org.apache.xmlrpc.client.XmlRpcClient;
+-import org.apache.xmlrpc.client.XmlRpcCommonsTransportFactory;
+-import org.apache.xmlrpc.client.XmlRpcTransportFactory;
+-import org.apache.xmlrpc.server.XmlRpcHandlerMapping;
+-
+-
+-/** Provider for testing the
+- * {@link org.apache.xmlrpc.client.XmlRpcCommonsTransport}.
+- */
+-public class CommonsProvider extends WebServerProvider {
+- /** Creates a new instance.
+- * @param pMapping The test servers handler mapping.
+- */
+- public CommonsProvider(XmlRpcHandlerMapping pMapping) {
+- super(pMapping, true);
+- }
+-
+- protected XmlRpcTransportFactory getTransportFactory(XmlRpcClient pClient) {
+- return new XmlRpcCommonsTransportFactory(pClient);
+- }
+-}
+diff --git a/server/src/test/java/org/apache/xmlrpc/test/XmlRpcTestCase.java b/server/src/test/java/org/apache/xmlrpc/test/XmlRpcTestCase.java
+index a9d1fbf..de06406 100644
+--- a/server/src/test/java/org/apache/xmlrpc/test/XmlRpcTestCase.java
++++ b/server/src/test/java/org/apache/xmlrpc/test/XmlRpcTestCase.java
+@@ -75,7 +75,6 @@ public abstract class XmlRpcTestCase extends TestCase {
+ // new LiteTransportProvider(mapping, false), Doesn't support HTTP/1.1
+ new SunHttpTransportProvider(pMapping, true),
+ new SunHttpTransportProvider(pMapping, false),
+- new CommonsProvider(pMapping),
+ new ServletWebServerProvider(pMapping, true),
+ new ServletWebServerProvider(pMapping, false)
+ };
+--
+2.26.0.rc2
+
diff --git a/0006-Fix-for-CVE-2019-17570.patch b/0006-Fix-for-CVE-2019-17570.patch
new file mode 100644
index 0000000..8a93dc5
--- /dev/null
+++ b/0006-Fix-for-CVE-2019-17570.patch
@@ -0,0 +1,52 @@
+From 1594395df534d60133d98884c9d9f5eb92d0652e Mon Sep 17 00:00:00 2001
+From: Mat Booth <mat.booth(a)redhat.com>
+Date: Wed, 1 Apr 2020 10:21:03 +0100
+Subject: [PATCH 6/6] Fix for CVE-2019-17570
+
+Deserialization of server-side exception from faultCause in XMLRPC error response
+---
+ .../xmlrpc/parser/XmlRpcResponseParser.java | 28 ++++++++++---------
+ 1 file changed, 15 insertions(+), 13 deletions(-)
+
+diff --git a/common/src/main/java/org/apache/xmlrpc/parser/XmlRpcResponseParser.java b/common/src/main/java/org/apache/xmlrpc/parser/XmlRpcResponseParser.java
+index 087572b..f1b2427 100644
+--- a/common/src/main/java/org/apache/xmlrpc/parser/XmlRpcResponseParser.java
++++ b/common/src/main/java/org/apache/xmlrpc/parser/XmlRpcResponseParser.java
+@@ -69,19 +69,21 @@ public class XmlRpcResponseParser extends RecursiveTypeParserImpl {
+ getDocumentLocator());
+ }
+ errorMessage = (String) map.get("faultString");
+- Object exception = map.get("faultCause");
+- if (exception != null) {
+- try {
+- byte[] bytes = (byte[]) exception;
+- ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
+- ObjectInputStream ois = new ObjectInputStream(bais);
+- errorCause = (Throwable) ois.readObject();
+- ois.close();
+- bais.close();
+- } catch (Throwable t) {
+- // Ignore me
+- }
+- }
++ if (((XmlRpcStreamRequestConfig)cfg).isEnabledForExceptions()) {
++ Object exception = map.get("faultCause");
++ if (exception != null) {
++ try {
++ byte[] bytes = (byte[]) exception;
++ ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
++ ObjectInputStream ois = new ObjectInputStream(bais);
++ errorCause = (Throwable) ois.readObject();
++ ois.close();
++ bais.close();
++ } catch (Throwable t) {
++ // Ignore me
++ }
++ }
++ }
+ }
+ }
+
+--
+2.26.0.rc2
+
diff --git a/changelog-pre3.x.txt b/changelog-pre3.x.txt
deleted file mode 100644
index 9cef632..0000000
--- a/changelog-pre3.x.txt
+++ /dev/null
@@ -1,120 +0,0 @@
-* Sun Jul 22 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-13
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
-
-* Tue Jun 05 2012 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-12
-- Migrate to new tomcat-servlet-api
-
-* Sat Jan 14 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-11
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
-
-* Mon Feb 07 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
-
-* Tue Dec 21 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-9
-- Require java >= 1:1.6.0
-- Fix classpaths to ensure building of all optional features
-- Remove stale patch
-
-* Thu Dec 16 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-8
-- Migrate from old servlet api to new one
-
-* Thu Dec 9 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-7
-- Remove gcj support
-- Make jars/javadocs versionless
-- Add ws-commons-util Requires
-- Use apache-commons-codec
-- Drop unneeded patch for jsse
-
-* Thu Mar 11 2010 Peter Lemenkov <lemenkov(a)gmail.com> - 0:2.0.1-6.6
-- Added missing requires jpackage-utils
-
-* Mon Jul 27 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-6.5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
-
-* Thu Feb 26 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-5.5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
-
-* Thu Jul 10 2008 Tom "spot" Callaway <tcallawa(a)redhat.com> - 0:2.0.1-4.5
-- drop repotag
-
-* Thu May 29 2008 Tom "spot" Callaway <tcallawa(a)redhat.com> - 0:2.0.1-4jpp.4
-- fix license tag
-
-* Tue Feb 19 2008 Fedora Release Engineering <rel-eng(a)fedoraproject.org> - 0:2.0.1-4jpp.3
-- Autorebuild for GCC 4.3
-
-* Tue Mar 27 2007 Matt Wringe <mwringe(a)redhat.com> 0:2.0.1-3jpp.3
-- Spec file clean up for Fedora Extras Review
-
-* Thu Mar 08 2007 Deepak Bhole <dbhole(a)redhat.com> 2.0.1-3jpp.2
-- Add javax.net.ssl support to build org.apache.xmlrpc.secure.*
-- Minor spec file cleanup
-
-* Fri Aug 04 2006 Vivek Lakshmanan <vivekl(a)redhat.com> - 0:2.0.1-3jpp.1
-- Merge with latest from JPP.
-
-* Sat Jul 22 2006 Jakub Jelinek <jakub(a)redhat.com> - 0:2.0.1-1jpp_8.2fc
-- Rebuilt
-
-* Wed Jul 12 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_8.1fc
-- rebuild
-
-* Wed Mar 8 2006 Rafael Schloming <rafaels(a)redhat.com> - 0:2.0.1-1jpp_7fc
-- excluded s390 due to eclipse
-
-* Mon Mar 6 2006 Jeremy Katz <katzj(a)redhat.com> - 0:2.0.1-1jpp_6fc
-- stop scriptlet spew
-
-* Fri Feb 24 2006 Igor Foox <ifoox(a)redhat.com> - 0:2.0.1-1jpp_5fc
-- Added post/postun dependency on coreutils.
-
-* Fri Feb 10 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_4fc
-- bump again for double-long bug on ppc(64)
-
-* Tue Feb 07 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_3fc
-- rebuilt for new gcc4.1 snapshot and glibc changes
-
-* Wed Jan 25 2006 Igor Foox <ifoox(a)redhat.com> 0:2.0.1-1jpp_2fc
-- ExcludeArch s390x and ppc64
-
-* Wed Jan 18 2006 Andrew Overholt <overholt(a)redhat.com> 0:2.0.1-1jpp_2fc
-- Comment out JPackage Distribution and Vendor tags
-
-* Wed Jan 18 2006 Jesse Keating <jkeating(a)redhat.com> 0:2.0.1-1jpp_2fc
-- bump for test
-
-* Wed Jan 18 2006 Igor Foox <ifoox(a)redhat.com> 0:2.0.1-1jpp_1fc
-- Update to version 2.0.1
-- Natively compile
-
-* Thu Aug 26 2004 Ralph Apel <r.apel at r-apel.de> 0:1.2-0.b1.3jpp
-- Build with ant-1.6.2
-
-* Thu Apr 29 2004 David Walluck <david(a)jpackage.org> 0:1.2-0.b1.2jpp
-- add jar symlinks
-- remove %%buildroot in %%install
-
-* Tue May 06 2003 David Walluck <david(a)anti-microsoft.org> 0:1.2-0.b1.1jpp
-- 1.2-b1
-- update for JPackage 1.5
-
-* Mon Mar 18 2002 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.1-1jpp
-- 1.1
-- generic servlet support
-- used source release
-- dropped patch
-- added applet jar
-
-* Mon Jan 21 2002 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-3jpp
-- versioned dir for javadoc
-- no dependencies for javadoc package
-- dropped jsse package
-- adaptation to new servlet3 package
-- adaptation to new jsse package
-- section macro
-
-* Fri Dec 7 2001 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-2jpp
-- javadoc into javadoc package
-
-* Sat Nov 3 2001 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-1jpp
-- first JPackage release
diff --git a/xmlrpc-client-addosgimanifest.patch b/xmlrpc-client-addosgimanifest.patch
deleted file mode 100644
index 437d78f..0000000
--- a/xmlrpc-client-addosgimanifest.patch
+++ /dev/null
@@ -1,20 +0,0 @@
---- pom.xml.sav 2010-02-06 17:44:57.000000000 +0200
-+++ pom.xml 2010-09-29 09:27:06.194857352 +0300
-@@ -48,6 +48,17 @@
- <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
- <Implementation-Vendor>Apache Software Foundation</Implementation-Vendor>
- <Implementation-Version>${project.version}</Implementation-Version>
-+ <Bundle-ManifestVersion>2</Bundle-ManifestVersion>
-+ <Bundle-Name>%Bundle-Name</Bundle-Name>
-+ <Bundle-Localization>plugin</Bundle-Localization>
-+ <Bundle-SymbolicName>org.apache.xmlrpc</Bundle-SymbolicName>
-+ <Bundle-Version>${project.version}</Bundle-Version>
-+ <Require-Bundle>org.apache.xmlrpc.common</Require-Bundle>
-+ <Export-Package>org.apache.xmlrpc, org.apache.xmlrpc.client, org.apache.xmlrpc.client.util</Export-Package>
-+ <Import-Package>javax.xml.namespace, javax.xml.parsers, org.apache.commons.httpclient, org.apache.commons.httpclient.auth, org.apache.commons.httpclient.methods, org.apache.commons.httpclient.params, org.apache.commons.logging, org.apache.ws.commons.serialize, org.apache.ws.commons.util, org.w3c.dom, org.xml.sax, org.xml.sax.helpers</Import-Package>
-+ <Bundle-RequiredExecutionEnvironment>J2SE-1.4, CDC-1.0/Foundation-1.0, J2SE-1.3</Bundle-RequiredExecutionEnvironment>
-+ <Eclipse-BuddyPolicy>dependent</Eclipse-BuddyPolicy>
-+ <Bundle-Vendor>%Bundle-Vendor.0</Bundle-Vendor>
- </manifestEntries>
- </archive>
- </configuration>
diff --git a/xmlrpc-common-addosgimanifest.patch b/xmlrpc-common-addosgimanifest.patch
deleted file mode 100644
index 4d4aeca..0000000
--- a/xmlrpc-common-addosgimanifest.patch
+++ /dev/null
@@ -1,19 +0,0 @@
---- pom.xml.sav 2010-02-06 17:44:50.000000000 +0200
-+++ pom.xml 2010-09-29 09:30:38.857857644 +0300
-@@ -48,6 +48,16 @@
- <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
- <Implementation-Vendor>Apache Software Foundation</Implementation-Vendor>
- <Implementation-Version>${project.version}</Implementation-Version>
-+ <Bundle-ManifestVersion>2</Bundle-ManifestVersion>
-+ <Bundle-Name>%Bundle-Name</Bundle-Name>
-+ <Bundle-Localization>plugin</Bundle-Localization>
-+ <Bundle-SymbolicName>org.apache.xmlrpc.common</Bundle-SymbolicName>
-+ <Bundle-Version>${project.version}</Bundle-Version>
-+ <Export-Package>org.apache.xmlrpc, org.apache.xmlrpc.common, org.apache.xmlrpc.jaxb, org.apache.xmlrpc.parser, org.apache.xmlrpc.serializer, org.apache.xmlrpc.util</Export-Package>
-+ <Import-Package>javax.xml.namespace, javax.xml.parsers, org.apache.commons.httpclient, org.apache.commons.httpclient.auth, org.apache.commons.httpclient.methods, org.apache.commons.httpclient.params, org.apache.commons.logging, org.apache.ws.commons.serialize, org.apache.ws.commons.util, org.w3c.dom, org.xml.sax, org.xml.sax.helpers</Import-Package>
-+ <Bundle-RequiredExecutionEnvironment>J2SE-1.4, CDC-1.0/Foundation-1.0, J2SE-1.3</Bundle-RequiredExecutionEnvironment>
-+ <Eclipse-BuddyPolicy>dependent</Eclipse-BuddyPolicy>
-+ <Bundle-Vendor>%Bundle-Vendor.0</Bundle-Vendor>
- </manifestEntries>
- </archive>
- </configuration>
diff --git a/xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch b/xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch
deleted file mode 100644
index 53a0a98..0000000
--- a/xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 495d6136d9de5c0bbddadffe11b0841c6aafcb34 Mon Sep 17 00:00:00 2001
-From: Michael Simacek <msimacek(a)redhat.com>
-Date: Fri, 18 May 2018 15:22:49 +0200
-Subject: [PATCH 1/2] Disallow deserialization of <ex:serializable> tags
-
-Can be reenabled by setting JVM property
-org.apache.xmlrpc.allowInsecureDeserialization to 1.
-
-- Resolves CVE-2016-5003
----
- .../java/org/apache/xmlrpc/parser/SerializableParser.java | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java b/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
-index 18f25ac..c8bb7ed 100644
---- a/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
-+++ b/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
-@@ -29,6 +29,14 @@ import org.apache.xmlrpc.XmlRpcException;
- */
- public class SerializableParser extends ByteArrayParser {
- public Object getResult() throws XmlRpcException {
-+ if (!"1".equals(System.getProperty("org.apache.xmlrpc.allowInsecureDeserialization"))) {
-+ throw new UnsupportedOperationException(
-+ "Deserialization of ex:serializable objects is vulnerable to " +
-+ "remote execution attacks and is disabled by default. " +
-+ "If you are sure the source data is trusted, you can enable " +
-+ "it by setting org.apache.xmlrpc.allowInsecureDeserialization " +
-+ "JVM property to 1");
-+ }
- try {
- byte[] res = (byte[]) super.getResult();
- ByteArrayInputStream bais = new ByteArrayInputStream(res);
---
-2.17.0
-
diff --git a/xmlrpc-disallow-loading-external-dtd.patch b/xmlrpc-disallow-loading-external-dtd.patch
deleted file mode 100644
index f59b9c0..0000000
--- a/xmlrpc-disallow-loading-external-dtd.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 338ab231b228bd36afda4ab31db724c6669579b2 Mon Sep 17 00:00:00 2001
-From: Michael Simacek <msimacek(a)redhat.com>
-Date: Tue, 22 May 2018 10:53:28 +0200
-Subject: [PATCH 2/2] Disallow loading external DTD
-
----
- .../src/main/java/org/apache/xmlrpc/util/SAXParsers.java | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java b/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
-index b1034e7..49ef5de 100644
---- a/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
-+++ b/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
-@@ -48,6 +48,13 @@ public class SAXParsers {
- } catch (org.xml.sax.SAXException e) {
- // Ignore it
- }
-+ try {
-+ spf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
-+ } catch (javax.xml.parsers.ParserConfigurationException e) {
-+ // Ignore it
-+ } catch (org.xml.sax.SAXException e) {
-+ // Ignore it
-+ }
- }
-
- /** Creates a new instance of {@link XMLReader}.
---
-2.17.0
-
diff --git a/xmlrpc-javax-methods.patch b/xmlrpc-javax-methods.patch
deleted file mode 100644
index 0c66b6c..0000000
--- a/xmlrpc-javax-methods.patch
+++ /dev/null
@@ -1,264 +0,0 @@
-From d6834da0b1556bb133a534d31bb94d08f38fa195 Mon Sep 17 00:00:00 2001
-From: Mikolaj Izdebski <mizdebsk(a)redhat.com>
-Date: Mon, 16 Jun 2014 10:03:35 +0200
-Subject: [PATCH] Use servlet 3.1.0 API
-
----
- dist/pom.xml | 2 +-
- pom.xml | 4 +-
- server/pom.xml | 8 +++-
- .../xmlrpc/webserver/HttpServletRequestImpl.java | 54 ++++++++++++++++++++++
- .../xmlrpc/webserver/HttpServletResponseImpl.java | 26 ++++++++++-
- .../xmlrpc/webserver/ServletOutputStreamImpl.java | 5 ++
- 6 files changed, 94 insertions(+), 5 deletions(-)
-
-diff --git a/dist/pom.xml b/dist/pom.xml
-index 67aded6..c18c2eb 100644
---- a/dist/pom.xml
-+++ b/dist/pom.xml
-@@ -59,7 +59,7 @@
- <dependencies>
- <dependency>
- <groupId>javax.servlet</groupId>
-- <artifactId>servlet-api</artifactId>
-+ <artifactId>javax.servlet-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.xmlrpc</groupId>
-diff --git a/pom.xml b/pom.xml
-index 3933da5..70c508e 100644
---- a/pom.xml
-+++ b/pom.xml
-@@ -344,8 +344,8 @@
- </dependency>
- <dependency>
- <groupId>javax.servlet</groupId>
-- <artifactId>servlet-api</artifactId>
-- <version>2.4</version>
-+ <artifactId>javax.servlet-api</artifactId>
-+ <version>3.1.0</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
-diff --git a/server/pom.xml b/server/pom.xml
-index 0d09544..01288c8 100644
---- a/server/pom.xml
-+++ b/server/pom.xml
-@@ -67,6 +67,12 @@
- <dependency>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
-+ <exclusions>
-+ <exclusion>
-+ <groupId>javax.servlet</groupId>
-+ <artifactId>servlet-api</artifactId>
-+ </exclusion>
-+ </exclusions>
- </dependency>
- <dependency>
- <groupId>org.apache.xmlrpc</groupId>
-@@ -81,7 +87,7 @@
- </dependency>
- <dependency>
- <groupId>javax.servlet</groupId>
-- <artifactId>servlet-api</artifactId>
-+ <artifactId>javax.servlet-api</artifactId>
- </dependency>
- <dependency>
- <groupId>commons-httpclient</groupId>
-diff --git a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
-index 3dc7e43..19b14a2 100644
---- a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
-+++ b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
-@@ -31,6 +31,7 @@ import java.net.URLDecoder;
- import java.security.Principal;
- import java.util.ArrayList;
- import java.util.Collections;
-+import java.util.Collection;
- import java.util.Enumeration;
- import java.util.HashMap;
- import java.util.Iterator;
-@@ -39,10 +40,20 @@ import java.util.Locale;
- import java.util.Map;
- import java.util.StringTokenizer;
-
-+import javax.servlet.ReadListener;
- import javax.servlet.RequestDispatcher;
-+import javax.servlet.ServletException;
- import javax.servlet.ServletInputStream;
-+import javax.servlet.DispatcherType;
-+import javax.servlet.AsyncContext;
-+import javax.servlet.ServletContext;
-+import javax.servlet.ServletRequest;
-+import javax.servlet.ServletResponse;
- import javax.servlet.http.Cookie;
-+import javax.servlet.http.HttpUpgradeHandler;
-+import javax.servlet.http.Part;
- import javax.servlet.http.HttpServletRequest;
-+import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
-
- import org.apache.xmlrpc.common.XmlRpcStreamConfig;
-@@ -66,6 +77,7 @@ public class HttpServletRequestImpl implements HttpServletRequest {
- private String queryString;
- private String httpVersion;
- private final Map headers = new HashMap();
-+ private final Map parts = new HashMap();
- private final Map attributes = new HashMap();
- private Map parameters;
- private String characterEncoding;
-@@ -97,6 +109,18 @@ public class HttpServletRequestImpl implements HttpServletRequest {
- }
- return c;
- }
-+
-+ public boolean isFinished() {
-+ return contentBytesRemaining == 0;
-+ }
-+
-+ public boolean isReady() {
-+ return true;
-+ }
-+
-+ public void setReadListener(ReadListener arg0) {
-+ throw new IllegalStateException("Not implemented.");
-+ }
- };
- }
-
-@@ -227,6 +251,12 @@ public class HttpServletRequestImpl implements HttpServletRequest {
- return Collections.enumeration(list);
- }
-
-+ public Part getPart(String name) { throw new IllegalStateException("Not implemented"); }
-+
-+ public Collection getParts() { throw new IllegalStateException("Not implemented"); }
-+
-+ public boolean authenticate (HttpServletResponse response) { throw new IllegalStateException("Not implemented"); }
-+
- public int getIntHeader(String pHeader) {
- String s = getHeader(pHeader);
- return s == null ? -1 : Integer.parseInt(s);
-@@ -242,6 +272,10 @@ public class HttpServletRequestImpl implements HttpServletRequest {
-
- public String getRemoteUser() { throw new IllegalStateException("Not implemented"); }
-
-+ public void login(String username, String password) { throw new IllegalStateException("Not implemented"); }
-+
-+ public void logout() { throw new IllegalStateException("Not implemented"); }
-+
- public String getRequestURI() { return uri; }
-
- public StringBuffer getRequestURL() {
-@@ -280,6 +314,20 @@ public class HttpServletRequestImpl implements HttpServletRequest {
- return sb;
- }
-
-+ public AsyncContext getAsyncContext() { throw new IllegalStateException("Not implemented"); }
-+
-+ public boolean isAsyncSupported() { return false; }
-+
-+ public boolean isAsyncStarted() { return false; }
-+
-+ public ServletContext getServletContext() { throw new IllegalStateException("Not implemented"); }
-+
-+ public AsyncContext startAsync(ServletRequest req, ServletResponse resp) { throw new IllegalStateException("Not implemented"); }
-+
-+ public AsyncContext startAsync() { throw new IllegalStateException("Not implemented"); }
-+
-+ public DispatcherType getDispatcherType() { throw new IllegalStateException("Not implemented"); }
-+
- public String getRequestedSessionId() { throw new IllegalStateException("Not implemented"); }
-
- public String getServletPath() { return uri; }
-@@ -544,4 +592,10 @@ public class HttpServletRequestImpl implements HttpServletRequest {
- }
-
- protected String getHttpVersion() { return httpVersion; }
-+
-+ public long getContentLengthLong() { throw new IllegalStateException("Not implemented."); }
-+
-+ public String changeSessionId() { throw new IllegalStateException("Not implemented."); }
-+
-+ public HttpUpgradeHandler upgrade(Class arg0) { throw new IllegalStateException("Not implemented."); }
- }
-diff --git a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
-index 6ba7018..5319dcf 100644
---- a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
-+++ b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
-@@ -29,6 +29,8 @@ import java.util.Iterator;
- import java.util.List;
- import java.util.Locale;
- import java.util.Map;
-+import java.util.Collection;
-+import java.util.Collections;
- import java.util.StringTokenizer;
-
- import javax.servlet.ServletOutputStream;
-@@ -84,7 +86,7 @@ public class HttpServletResponseImpl implements HttpServletResponse {
- }
- }
-
-- private String getHeader(String pHeader) {
-+ public String getHeader(String pHeader) {
- String key = pHeader.toLowerCase();
- Object o = headers.get(key);
- if (o == null) {
-@@ -101,6 +103,26 @@ public class HttpServletResponseImpl implements HttpServletResponse {
- }
- }
-
-+ public Collection getHeaderNames() {
-+ return headers.keySet();
-+ }
-+
-+ public Collection getHeaders(String pHeader) {
-+ String key = pHeader.toLowerCase();
-+ Object o = headers.get(key);
-+ List list;
-+ if (o instanceof List) {
-+ list = (List) o;
-+ } else {
-+ list = Collections.singletonList(o);
-+ }
-+ return list;
-+ }
-+
-+ public int getStatus() {
-+ return status;
-+ }
-+
- public void addIntHeader(String pHeader, int pValue) {
- addHeader(pHeader, Integer.toString(pValue));
- }
-@@ -465,4 +487,6 @@ public class HttpServletResponseImpl implements HttpServletResponse {
- sb.append("\r\n");
- return sb.toString();
- }
-+
-+ public void setContentLengthLong(long arg0) { throw new IllegalStateException("Not implemented."); }
- }
-diff --git a/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java b/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java
-index c2a53b1..86dbbb4 100644
---- a/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java
-+++ b/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java
-@@ -22,6 +22,7 @@ import java.io.IOException;
- import java.io.OutputStream;
-
- import javax.servlet.ServletOutputStream;
-+import javax.servlet.WriteListener;
-
-
- /** Default implementation of a servlet output stream.
-@@ -99,4 +100,8 @@ class ServletOutputStreamImpl extends ServletOutputStream {
- boolean isCommitted() {
- return committed;
- }
-+
-+ public boolean isReady() { return true; }
-+
-+ public void setWriteListener(WriteListener arg0) { throw new IllegalStateException("Not implemented."); }
- }
---
-1.9.3
-
diff --git a/xmlrpc-server-addosgimanifest.patch b/xmlrpc-server-addosgimanifest.patch
deleted file mode 100644
index af54e20..0000000
--- a/xmlrpc-server-addosgimanifest.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- pom.xml 2014-07-07 11:24:52.668887604 -0400
-+++ pom.xml.sav 2014-07-07 11:25:06.174916380 -0400
-@@ -48,6 +48,12 @@
- <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
- <Implementation-Vendor>Apache Software Foundation</Implementation-Vendor>
- <Implementation-Version>${project.version}</Implementation-Version>
-+ <Bundle-ManifestVersion>1</Bundle-ManifestVersion>
-+ <Bundle-Name>%Bundle-Name</Bundle-Name>
-+ <Bundle-SymbolicName>org.apache.xmlrpc.server</Bundle-SymbolicName>
-+ <Bundle-Version>${project.version}</Bundle-Version>
-+ <Require-Bundle>org.apache.xmlrpc.common</Require-Bundle>
-+ <Export-Package>org.apache.xmlrpc.server,org.apache.xmlrpc.webserver</Export-Package>
- </manifestEntries>
- </archive>
- </configuration>
diff --git a/xmlrpc.spec b/xmlrpc.spec
index c430286..a2cb5e6 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,79 +1,71 @@
Name: xmlrpc
Version: 3.1.3
-Release: 22%{?dist}
+Release: 24%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
-URL: http://ws.apache.org/xmlrpc/
+URL: https://ws.apache.org/xmlrpc/
BuildArch: noarch
-Source0: http://www.apache.org/dist/ws/xmlrpc/sources/apache-xmlrpc-%{version}-src...
-Patch0: %{name}-client-addosgimanifest.patch
-Patch1: %{name}-common-addosgimanifest.patch
-Patch2: %{name}-javax-methods.patch
-Patch3: %{name}-server-addosgimanifest.patch
-Patch4: %{name}-disallow-deserialization-of-ex-serializable-tags.patch
-Patch5: %{name}-disallow-loading-external-dtd.patch
+Source0: https://archive.apache.org/dist/ws/xmlrpc/sources/apache-xmlrpc-%{version...
+
+# Fix build against modern servlet API by implementing missing interfaces
+Patch0: 0001-Javax-Servlet-API.patch
+# Add OSGi metadata so that xmlrpc can be used in OSGi runtimes
+Patch1: 0002-Add-OSGi-metadata.patch
+# CVE-2016-5003 - Disallow deserialization of <ex:serializable> tags by default
+Patch2: 0003-disallow-deserialization-of-ex-serializable-tags.patch
+# CVE-2016-5002 - isallow loading of external DTD
+Patch3: 0004-disallow-loading-external-dtd.patch
+# Jakarta Commons HttpClient is obsolete and should not be used, one of the other
+# provider implementations should by used instead by clients of xmlrpc
+Patch4: 0005-Remove-dep-on-ancient-commons-httpclient.patch
+# CVE-2019-17570 - Deserialization of server-side exception from faultCause in XMLRPC error response
+Patch5: 0006-Fix-for-CVE-2019-17570.patch
BuildRequires: maven-local
-BuildRequires: mvn(org.apache:apache:pom:)
-BuildRequires: mvn(commons-httpclient:commons-httpclient)
BuildRequires: mvn(commons-logging:commons-logging)
-BuildRequires: mvn(javax.servlet:servlet-api)
+BuildRequires: mvn(javax.servlet:javax.servlet-api)
+BuildRequires: mvn(junit:junit)
+BuildRequires: mvn(org.apache:apache:pom:)
BuildRequires: mvn(org.apache.ws.commons.util:ws-commons-util)
%description
Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol
that uses XML over HTTP to implement remote procedure calls.
-Apache XML-RPC was previously known as Helma XML-RPC. If you have code
-using the Helma library, all you should have to do is change the import
-statements in your code from helma.xmlrpc.* to org.apache.xmlrpc.*.
%package javadoc
-Summary: Javadoc for %{name}
+Summary: Javadoc for %{name}
%description javadoc
Javadoc for %{name}.
%package common
-Summary: Common classes for XML-RPC client and server implementations
-# Provide xmlrpc is not here because it would be useless due to different jar names
-Obsoletes: %{name} < 3.1.3
-Obsoletes: %{name}3-common < 3.1.3-13
-Provides: %{name}3-common = 3.1.3-13
+Summary: Common classes for XML-RPC client and server implementations
%description common
%{summary}.
%package client
-Summary: XML-RPC client implementation
-Obsoletes: %{name}3-client < 3.1.3-13
-Provides: %{name}3-client = 3.1.3-13
+Summary: XML-RPC client implementation
%description client
%{summary}.
%package server
-Summary: XML-RPC server implementation
-Obsoletes: %{name}3-server < 3.1.3-13
-Provides: %{name}3-server = 3.1.3-13
+Summary: XML-RPC server implementation
%description server
%{summary}.
%prep
%setup -q -n apache-%{name}-%{version}-src
+
+%patch0 -p1
+%patch1 -p1
%patch2 -p1
-pushd client
-%patch0 -b .sav
-popd
-pushd common
-%patch1 -b .sav
-popd
-pushd server
-%patch3 -b .sav
-popd
+%patch3 -p1
%patch4 -p1
%patch5 -p1
@@ -81,14 +73,13 @@ sed -i 's/\r//' LICENSE.txt
%pom_disable_module dist
%pom_remove_dep jaxme:jaxmeapi common
-# This dep is no longer supplied by ws-commons-util
%pom_add_dep junit:junit:3.8.1:test
%mvn_file :{*} @1
%mvn_package :*-common %{name}
%build
-# FIXME: ignore test failure because server part needs network
+# ignore test failure because server part needs network
%mvn_build -s -- -Dmaven.test.failure.ignore=true
%install
@@ -105,6 +96,12 @@ sed -i 's/\r//' LICENSE.txt
%license LICENSE.txt NOTICE.txt
%changelog
+* Wed Apr 01 2020 Mat Booth <mat.booth(a)redhat.com> - 1:3.1.3-24
+- Add patch for CVE-2019-17570
+
+* Tue Mar 31 2020 Mat Booth <mat.booth(a)redhat.com> - 1:3.1.3-23
+- Modernise spec file and remove dep on ancient Jakarta Commons httpclient implementation
+
* Sun Feb 03 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
commit 5319ef0e20975cafe228ae3a8abb4e02363baafc
Author: Tomas Hrcka <thrcka(a)redhat.com>
Date: Wed Apr 1 17:05:22 2020 +0200
Revert "Orphaned for 6+ weeks"
This reverts commit 0a09e0d088b4815e8190a0eec1a93324750807da.
Unretirement request: https://pagure.io/releng/issue/9370
Signed-off-by: Tomas Hrcka <thrcka(a)redhat.com>
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..6de88cd
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+xmlrpc-2.0.1-src.tar.gz
+/apache-xmlrpc-3.1.3-src.tar.bz2
diff --git a/.project b/.project
new file mode 100644
index 0000000..d3cdf74
--- /dev/null
+++ b/.project
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>xmlrpc</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.linuxtools.rpm.rpmlint.rpmlintBuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.linuxtools.rpm.rpmlint.rpmlintNature</nature>
+ </natures>
+</projectDescription>
diff --git a/changelog-pre3.x.txt b/changelog-pre3.x.txt
new file mode 100644
index 0000000..9cef632
--- /dev/null
+++ b/changelog-pre3.x.txt
@@ -0,0 +1,120 @@
+* Sun Jul 22 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Tue Jun 05 2012 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-12
+- Migrate to new tomcat-servlet-api
+
+* Sat Jan 14 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Mon Feb 07 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Tue Dec 21 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-9
+- Require java >= 1:1.6.0
+- Fix classpaths to ensure building of all optional features
+- Remove stale patch
+
+* Thu Dec 16 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-8
+- Migrate from old servlet api to new one
+
+* Thu Dec 9 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-7
+- Remove gcj support
+- Make jars/javadocs versionless
+- Add ws-commons-util Requires
+- Use apache-commons-codec
+- Drop unneeded patch for jsse
+
+* Thu Mar 11 2010 Peter Lemenkov <lemenkov(a)gmail.com> - 0:2.0.1-6.6
+- Added missing requires jpackage-utils
+
+* Mon Jul 27 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-6.5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Thu Feb 26 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-5.5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Thu Jul 10 2008 Tom "spot" Callaway <tcallawa(a)redhat.com> - 0:2.0.1-4.5
+- drop repotag
+
+* Thu May 29 2008 Tom "spot" Callaway <tcallawa(a)redhat.com> - 0:2.0.1-4jpp.4
+- fix license tag
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng(a)fedoraproject.org> - 0:2.0.1-4jpp.3
+- Autorebuild for GCC 4.3
+
+* Tue Mar 27 2007 Matt Wringe <mwringe(a)redhat.com> 0:2.0.1-3jpp.3
+- Spec file clean up for Fedora Extras Review
+
+* Thu Mar 08 2007 Deepak Bhole <dbhole(a)redhat.com> 2.0.1-3jpp.2
+- Add javax.net.ssl support to build org.apache.xmlrpc.secure.*
+- Minor spec file cleanup
+
+* Fri Aug 04 2006 Vivek Lakshmanan <vivekl(a)redhat.com> - 0:2.0.1-3jpp.1
+- Merge with latest from JPP.
+
+* Sat Jul 22 2006 Jakub Jelinek <jakub(a)redhat.com> - 0:2.0.1-1jpp_8.2fc
+- Rebuilt
+
+* Wed Jul 12 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_8.1fc
+- rebuild
+
+* Wed Mar 8 2006 Rafael Schloming <rafaels(a)redhat.com> - 0:2.0.1-1jpp_7fc
+- excluded s390 due to eclipse
+
+* Mon Mar 6 2006 Jeremy Katz <katzj(a)redhat.com> - 0:2.0.1-1jpp_6fc
+- stop scriptlet spew
+
+* Fri Feb 24 2006 Igor Foox <ifoox(a)redhat.com> - 0:2.0.1-1jpp_5fc
+- Added post/postun dependency on coreutils.
+
+* Fri Feb 10 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_4fc
+- bump again for double-long bug on ppc(64)
+
+* Tue Feb 07 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_3fc
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Wed Jan 25 2006 Igor Foox <ifoox(a)redhat.com> 0:2.0.1-1jpp_2fc
+- ExcludeArch s390x and ppc64
+
+* Wed Jan 18 2006 Andrew Overholt <overholt(a)redhat.com> 0:2.0.1-1jpp_2fc
+- Comment out JPackage Distribution and Vendor tags
+
+* Wed Jan 18 2006 Jesse Keating <jkeating(a)redhat.com> 0:2.0.1-1jpp_2fc
+- bump for test
+
+* Wed Jan 18 2006 Igor Foox <ifoox(a)redhat.com> 0:2.0.1-1jpp_1fc
+- Update to version 2.0.1
+- Natively compile
+
+* Thu Aug 26 2004 Ralph Apel <r.apel at r-apel.de> 0:1.2-0.b1.3jpp
+- Build with ant-1.6.2
+
+* Thu Apr 29 2004 David Walluck <david(a)jpackage.org> 0:1.2-0.b1.2jpp
+- add jar symlinks
+- remove %%buildroot in %%install
+
+* Tue May 06 2003 David Walluck <david(a)anti-microsoft.org> 0:1.2-0.b1.1jpp
+- 1.2-b1
+- update for JPackage 1.5
+
+* Mon Mar 18 2002 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.1-1jpp
+- 1.1
+- generic servlet support
+- used source release
+- dropped patch
+- added applet jar
+
+* Mon Jan 21 2002 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-3jpp
+- versioned dir for javadoc
+- no dependencies for javadoc package
+- dropped jsse package
+- adaptation to new servlet3 package
+- adaptation to new jsse package
+- section macro
+
+* Fri Dec 7 2001 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-2jpp
+- javadoc into javadoc package
+
+* Sat Nov 3 2001 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-1jpp
+- first JPackage release
diff --git a/dead.package b/dead.package
deleted file mode 100644
index 5204a84..0000000
--- a/dead.package
+++ /dev/null
@@ -1 +0,0 @@
-Orphaned for 6+ weeks
diff --git a/sources b/sources
new file mode 100644
index 0000000..f4bbd2c
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+f7817485fa6a6a500c49ec9515d1f3b9 apache-xmlrpc-3.1.3-src.tar.bz2
diff --git a/xmlrpc-client-addosgimanifest.patch b/xmlrpc-client-addosgimanifest.patch
new file mode 100644
index 0000000..437d78f
--- /dev/null
+++ b/xmlrpc-client-addosgimanifest.patch
@@ -0,0 +1,20 @@
+--- pom.xml.sav 2010-02-06 17:44:57.000000000 +0200
++++ pom.xml 2010-09-29 09:27:06.194857352 +0300
+@@ -48,6 +48,17 @@
+ <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
+ <Implementation-Vendor>Apache Software Foundation</Implementation-Vendor>
+ <Implementation-Version>${project.version}</Implementation-Version>
++ <Bundle-ManifestVersion>2</Bundle-ManifestVersion>
++ <Bundle-Name>%Bundle-Name</Bundle-Name>
++ <Bundle-Localization>plugin</Bundle-Localization>
++ <Bundle-SymbolicName>org.apache.xmlrpc</Bundle-SymbolicName>
++ <Bundle-Version>${project.version}</Bundle-Version>
++ <Require-Bundle>org.apache.xmlrpc.common</Require-Bundle>
++ <Export-Package>org.apache.xmlrpc, org.apache.xmlrpc.client, org.apache.xmlrpc.client.util</Export-Package>
++ <Import-Package>javax.xml.namespace, javax.xml.parsers, org.apache.commons.httpclient, org.apache.commons.httpclient.auth, org.apache.commons.httpclient.methods, org.apache.commons.httpclient.params, org.apache.commons.logging, org.apache.ws.commons.serialize, org.apache.ws.commons.util, org.w3c.dom, org.xml.sax, org.xml.sax.helpers</Import-Package>
++ <Bundle-RequiredExecutionEnvironment>J2SE-1.4, CDC-1.0/Foundation-1.0, J2SE-1.3</Bundle-RequiredExecutionEnvironment>
++ <Eclipse-BuddyPolicy>dependent</Eclipse-BuddyPolicy>
++ <Bundle-Vendor>%Bundle-Vendor.0</Bundle-Vendor>
+ </manifestEntries>
+ </archive>
+ </configuration>
diff --git a/xmlrpc-common-addosgimanifest.patch b/xmlrpc-common-addosgimanifest.patch
new file mode 100644
index 0000000..4d4aeca
--- /dev/null
+++ b/xmlrpc-common-addosgimanifest.patch
@@ -0,0 +1,19 @@
+--- pom.xml.sav 2010-02-06 17:44:50.000000000 +0200
++++ pom.xml 2010-09-29 09:30:38.857857644 +0300
+@@ -48,6 +48,16 @@
+ <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
+ <Implementation-Vendor>Apache Software Foundation</Implementation-Vendor>
+ <Implementation-Version>${project.version}</Implementation-Version>
++ <Bundle-ManifestVersion>2</Bundle-ManifestVersion>
++ <Bundle-Name>%Bundle-Name</Bundle-Name>
++ <Bundle-Localization>plugin</Bundle-Localization>
++ <Bundle-SymbolicName>org.apache.xmlrpc.common</Bundle-SymbolicName>
++ <Bundle-Version>${project.version}</Bundle-Version>
++ <Export-Package>org.apache.xmlrpc, org.apache.xmlrpc.common, org.apache.xmlrpc.jaxb, org.apache.xmlrpc.parser, org.apache.xmlrpc.serializer, org.apache.xmlrpc.util</Export-Package>
++ <Import-Package>javax.xml.namespace, javax.xml.parsers, org.apache.commons.httpclient, org.apache.commons.httpclient.auth, org.apache.commons.httpclient.methods, org.apache.commons.httpclient.params, org.apache.commons.logging, org.apache.ws.commons.serialize, org.apache.ws.commons.util, org.w3c.dom, org.xml.sax, org.xml.sax.helpers</Import-Package>
++ <Bundle-RequiredExecutionEnvironment>J2SE-1.4, CDC-1.0/Foundation-1.0, J2SE-1.3</Bundle-RequiredExecutionEnvironment>
++ <Eclipse-BuddyPolicy>dependent</Eclipse-BuddyPolicy>
++ <Bundle-Vendor>%Bundle-Vendor.0</Bundle-Vendor>
+ </manifestEntries>
+ </archive>
+ </configuration>
diff --git a/xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch b/xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch
new file mode 100644
index 0000000..53a0a98
--- /dev/null
+++ b/xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch
@@ -0,0 +1,35 @@
+From 495d6136d9de5c0bbddadffe11b0841c6aafcb34 Mon Sep 17 00:00:00 2001
+From: Michael Simacek <msimacek(a)redhat.com>
+Date: Fri, 18 May 2018 15:22:49 +0200
+Subject: [PATCH 1/2] Disallow deserialization of <ex:serializable> tags
+
+Can be reenabled by setting JVM property
+org.apache.xmlrpc.allowInsecureDeserialization to 1.
+
+- Resolves CVE-2016-5003
+---
+ .../java/org/apache/xmlrpc/parser/SerializableParser.java | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java b/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
+index 18f25ac..c8bb7ed 100644
+--- a/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
++++ b/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
+@@ -29,6 +29,14 @@ import org.apache.xmlrpc.XmlRpcException;
+ */
+ public class SerializableParser extends ByteArrayParser {
+ public Object getResult() throws XmlRpcException {
++ if (!"1".equals(System.getProperty("org.apache.xmlrpc.allowInsecureDeserialization"))) {
++ throw new UnsupportedOperationException(
++ "Deserialization of ex:serializable objects is vulnerable to " +
++ "remote execution attacks and is disabled by default. " +
++ "If you are sure the source data is trusted, you can enable " +
++ "it by setting org.apache.xmlrpc.allowInsecureDeserialization " +
++ "JVM property to 1");
++ }
+ try {
+ byte[] res = (byte[]) super.getResult();
+ ByteArrayInputStream bais = new ByteArrayInputStream(res);
+--
+2.17.0
+
diff --git a/xmlrpc-disallow-loading-external-dtd.patch b/xmlrpc-disallow-loading-external-dtd.patch
new file mode 100644
index 0000000..f59b9c0
--- /dev/null
+++ b/xmlrpc-disallow-loading-external-dtd.patch
@@ -0,0 +1,30 @@
+From 338ab231b228bd36afda4ab31db724c6669579b2 Mon Sep 17 00:00:00 2001
+From: Michael Simacek <msimacek(a)redhat.com>
+Date: Tue, 22 May 2018 10:53:28 +0200
+Subject: [PATCH 2/2] Disallow loading external DTD
+
+---
+ .../src/main/java/org/apache/xmlrpc/util/SAXParsers.java | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java b/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
+index b1034e7..49ef5de 100644
+--- a/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
++++ b/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
+@@ -48,6 +48,13 @@ public class SAXParsers {
+ } catch (org.xml.sax.SAXException e) {
+ // Ignore it
+ }
++ try {
++ spf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
++ } catch (javax.xml.parsers.ParserConfigurationException e) {
++ // Ignore it
++ } catch (org.xml.sax.SAXException e) {
++ // Ignore it
++ }
+ }
+
+ /** Creates a new instance of {@link XMLReader}.
+--
+2.17.0
+
diff --git a/xmlrpc-javax-methods.patch b/xmlrpc-javax-methods.patch
new file mode 100644
index 0000000..0c66b6c
--- /dev/null
+++ b/xmlrpc-javax-methods.patch
@@ -0,0 +1,264 @@
+From d6834da0b1556bb133a534d31bb94d08f38fa195 Mon Sep 17 00:00:00 2001
+From: Mikolaj Izdebski <mizdebsk(a)redhat.com>
+Date: Mon, 16 Jun 2014 10:03:35 +0200
+Subject: [PATCH] Use servlet 3.1.0 API
+
+---
+ dist/pom.xml | 2 +-
+ pom.xml | 4 +-
+ server/pom.xml | 8 +++-
+ .../xmlrpc/webserver/HttpServletRequestImpl.java | 54 ++++++++++++++++++++++
+ .../xmlrpc/webserver/HttpServletResponseImpl.java | 26 ++++++++++-
+ .../xmlrpc/webserver/ServletOutputStreamImpl.java | 5 ++
+ 6 files changed, 94 insertions(+), 5 deletions(-)
+
+diff --git a/dist/pom.xml b/dist/pom.xml
+index 67aded6..c18c2eb 100644
+--- a/dist/pom.xml
++++ b/dist/pom.xml
+@@ -59,7 +59,7 @@
+ <dependencies>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+- <artifactId>servlet-api</artifactId>
++ <artifactId>javax.servlet-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.xmlrpc</groupId>
+diff --git a/pom.xml b/pom.xml
+index 3933da5..70c508e 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -344,8 +344,8 @@
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+- <artifactId>servlet-api</artifactId>
+- <version>2.4</version>
++ <artifactId>javax.servlet-api</artifactId>
++ <version>3.1.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+diff --git a/server/pom.xml b/server/pom.xml
+index 0d09544..01288c8 100644
+--- a/server/pom.xml
++++ b/server/pom.xml
+@@ -67,6 +67,12 @@
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
++ <exclusions>
++ <exclusion>
++ <groupId>javax.servlet</groupId>
++ <artifactId>servlet-api</artifactId>
++ </exclusion>
++ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.xmlrpc</groupId>
+@@ -81,7 +87,7 @@
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+- <artifactId>servlet-api</artifactId>
++ <artifactId>javax.servlet-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+diff --git a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
+index 3dc7e43..19b14a2 100644
+--- a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
++++ b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
+@@ -31,6 +31,7 @@ import java.net.URLDecoder;
+ import java.security.Principal;
+ import java.util.ArrayList;
+ import java.util.Collections;
++import java.util.Collection;
+ import java.util.Enumeration;
+ import java.util.HashMap;
+ import java.util.Iterator;
+@@ -39,10 +40,20 @@ import java.util.Locale;
+ import java.util.Map;
+ import java.util.StringTokenizer;
+
++import javax.servlet.ReadListener;
+ import javax.servlet.RequestDispatcher;
++import javax.servlet.ServletException;
+ import javax.servlet.ServletInputStream;
++import javax.servlet.DispatcherType;
++import javax.servlet.AsyncContext;
++import javax.servlet.ServletContext;
++import javax.servlet.ServletRequest;
++import javax.servlet.ServletResponse;
+ import javax.servlet.http.Cookie;
++import javax.servlet.http.HttpUpgradeHandler;
++import javax.servlet.http.Part;
+ import javax.servlet.http.HttpServletRequest;
++import javax.servlet.http.HttpServletResponse;
+ import javax.servlet.http.HttpSession;
+
+ import org.apache.xmlrpc.common.XmlRpcStreamConfig;
+@@ -66,6 +77,7 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+ private String queryString;
+ private String httpVersion;
+ private final Map headers = new HashMap();
++ private final Map parts = new HashMap();
+ private final Map attributes = new HashMap();
+ private Map parameters;
+ private String characterEncoding;
+@@ -97,6 +109,18 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+ }
+ return c;
+ }
++
++ public boolean isFinished() {
++ return contentBytesRemaining == 0;
++ }
++
++ public boolean isReady() {
++ return true;
++ }
++
++ public void setReadListener(ReadListener arg0) {
++ throw new IllegalStateException("Not implemented.");
++ }
+ };
+ }
+
+@@ -227,6 +251,12 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+ return Collections.enumeration(list);
+ }
+
++ public Part getPart(String name) { throw new IllegalStateException("Not implemented"); }
++
++ public Collection getParts() { throw new IllegalStateException("Not implemented"); }
++
++ public boolean authenticate (HttpServletResponse response) { throw new IllegalStateException("Not implemented"); }
++
+ public int getIntHeader(String pHeader) {
+ String s = getHeader(pHeader);
+ return s == null ? -1 : Integer.parseInt(s);
+@@ -242,6 +272,10 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+
+ public String getRemoteUser() { throw new IllegalStateException("Not implemented"); }
+
++ public void login(String username, String password) { throw new IllegalStateException("Not implemented"); }
++
++ public void logout() { throw new IllegalStateException("Not implemented"); }
++
+ public String getRequestURI() { return uri; }
+
+ public StringBuffer getRequestURL() {
+@@ -280,6 +314,20 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+ return sb;
+ }
+
++ public AsyncContext getAsyncContext() { throw new IllegalStateException("Not implemented"); }
++
++ public boolean isAsyncSupported() { return false; }
++
++ public boolean isAsyncStarted() { return false; }
++
++ public ServletContext getServletContext() { throw new IllegalStateException("Not implemented"); }
++
++ public AsyncContext startAsync(ServletRequest req, ServletResponse resp) { throw new IllegalStateException("Not implemented"); }
++
++ public AsyncContext startAsync() { throw new IllegalStateException("Not implemented"); }
++
++ public DispatcherType getDispatcherType() { throw new IllegalStateException("Not implemented"); }
++
+ public String getRequestedSessionId() { throw new IllegalStateException("Not implemented"); }
+
+ public String getServletPath() { return uri; }
+@@ -544,4 +592,10 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+ }
+
+ protected String getHttpVersion() { return httpVersion; }
++
++ public long getContentLengthLong() { throw new IllegalStateException("Not implemented."); }
++
++ public String changeSessionId() { throw new IllegalStateException("Not implemented."); }
++
++ public HttpUpgradeHandler upgrade(Class arg0) { throw new IllegalStateException("Not implemented."); }
+ }
+diff --git a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
+index 6ba7018..5319dcf 100644
+--- a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
++++ b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
+@@ -29,6 +29,8 @@ import java.util.Iterator;
+ import java.util.List;
+ import java.util.Locale;
+ import java.util.Map;
++import java.util.Collection;
++import java.util.Collections;
+ import java.util.StringTokenizer;
+
+ import javax.servlet.ServletOutputStream;
+@@ -84,7 +86,7 @@ public class HttpServletResponseImpl implements HttpServletResponse {
+ }
+ }
+
+- private String getHeader(String pHeader) {
++ public String getHeader(String pHeader) {
+ String key = pHeader.toLowerCase();
+ Object o = headers.get(key);
+ if (o == null) {
+@@ -101,6 +103,26 @@ public class HttpServletResponseImpl implements HttpServletResponse {
+ }
+ }
+
++ public Collection getHeaderNames() {
++ return headers.keySet();
++ }
++
++ public Collection getHeaders(String pHeader) {
++ String key = pHeader.toLowerCase();
++ Object o = headers.get(key);
++ List list;
++ if (o instanceof List) {
++ list = (List) o;
++ } else {
++ list = Collections.singletonList(o);
++ }
++ return list;
++ }
++
++ public int getStatus() {
++ return status;
++ }
++
+ public void addIntHeader(String pHeader, int pValue) {
+ addHeader(pHeader, Integer.toString(pValue));
+ }
+@@ -465,4 +487,6 @@ public class HttpServletResponseImpl implements HttpServletResponse {
+ sb.append("\r\n");
+ return sb.toString();
+ }
++
++ public void setContentLengthLong(long arg0) { throw new IllegalStateException("Not implemented."); }
+ }
+diff --git a/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java b/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java
+index c2a53b1..86dbbb4 100644
+--- a/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java
++++ b/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java
+@@ -22,6 +22,7 @@ import java.io.IOException;
+ import java.io.OutputStream;
+
+ import javax.servlet.ServletOutputStream;
++import javax.servlet.WriteListener;
+
+
+ /** Default implementation of a servlet output stream.
+@@ -99,4 +100,8 @@ class ServletOutputStreamImpl extends ServletOutputStream {
+ boolean isCommitted() {
+ return committed;
+ }
++
++ public boolean isReady() { return true; }
++
++ public void setWriteListener(WriteListener arg0) { throw new IllegalStateException("Not implemented."); }
+ }
+--
+1.9.3
+
diff --git a/xmlrpc-server-addosgimanifest.patch b/xmlrpc-server-addosgimanifest.patch
new file mode 100644
index 0000000..af54e20
--- /dev/null
+++ b/xmlrpc-server-addosgimanifest.patch
@@ -0,0 +1,15 @@
+--- pom.xml 2014-07-07 11:24:52.668887604 -0400
++++ pom.xml.sav 2014-07-07 11:25:06.174916380 -0400
+@@ -48,6 +48,12 @@
+ <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
+ <Implementation-Vendor>Apache Software Foundation</Implementation-Vendor>
+ <Implementation-Version>${project.version}</Implementation-Version>
++ <Bundle-ManifestVersion>1</Bundle-ManifestVersion>
++ <Bundle-Name>%Bundle-Name</Bundle-Name>
++ <Bundle-SymbolicName>org.apache.xmlrpc.server</Bundle-SymbolicName>
++ <Bundle-Version>${project.version}</Bundle-Version>
++ <Require-Bundle>org.apache.xmlrpc.common</Require-Bundle>
++ <Export-Package>org.apache.xmlrpc.server,org.apache.xmlrpc.webserver</Export-Package>
+ </manifestEntries>
+ </archive>
+ </configuration>
diff --git a/xmlrpc.spec b/xmlrpc.spec
new file mode 100644
index 0000000..2979844
--- /dev/null
+++ b/xmlrpc.spec
@@ -0,0 +1,181 @@
+Name: xmlrpc
+Version: 3.1.3
+Release: 23%{?dist}
+Epoch: 1
+Summary: Java XML-RPC implementation
+License: ASL 2.0
+URL: http://ws.apache.org/xmlrpc/
+BuildArch: noarch
+
+Source0: http://www.apache.org/dist/ws/xmlrpc/sources/apache-xmlrpc-%{version}-src...
+Patch0: %{name}-client-addosgimanifest.patch
+Patch1: %{name}-common-addosgimanifest.patch
+Patch2: %{name}-javax-methods.patch
+Patch3: %{name}-server-addosgimanifest.patch
+Patch4: %{name}-disallow-deserialization-of-ex-serializable-tags.patch
+Patch5: %{name}-disallow-loading-external-dtd.patch
+
+BuildRequires: maven-local
+BuildRequires: mvn(org.apache:apache:pom:)
+BuildRequires: mvn(commons-httpclient:commons-httpclient)
+BuildRequires: mvn(commons-logging:commons-logging)
+BuildRequires: mvn(javax.servlet:servlet-api)
+BuildRequires: mvn(org.apache.ws.commons.util:ws-commons-util)
+
+
+%description
+Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol
+that uses XML over HTTP to implement remote procedure calls.
+Apache XML-RPC was previously known as Helma XML-RPC. If you have code
+using the Helma library, all you should have to do is change the import
+statements in your code from helma.xmlrpc.* to org.apache.xmlrpc.*.
+
+%package javadoc
+Summary: Javadoc for %{name}
+
+%description javadoc
+Javadoc for %{name}.
+
+%package common
+Summary: Common classes for XML-RPC client and server implementations
+# Provide xmlrpc is not here because it would be useless due to different jar names
+Obsoletes: %{name} < 3.1.3
+Obsoletes: %{name}3-common < 3.1.3-13
+Provides: %{name}3-common = 3.1.3-13
+
+%description common
+%{summary}.
+
+%package client
+Summary: XML-RPC client implementation
+Obsoletes: %{name}3-client < 3.1.3-13
+Provides: %{name}3-client = 3.1.3-13
+
+%description client
+%{summary}.
+
+%package server
+Summary: XML-RPC server implementation
+Obsoletes: %{name}3-server < 3.1.3-13
+Provides: %{name}3-server = 3.1.3-13
+
+%description server
+%{summary}.
+
+%prep
+%setup -q -n apache-%{name}-%{version}-src
+%patch2 -p1
+pushd client
+%patch0 -b .sav
+popd
+pushd common
+%patch1 -b .sav
+popd
+pushd server
+%patch3 -b .sav
+popd
+%patch4 -p1
+%patch5 -p1
+
+sed -i 's/\r//' LICENSE.txt
+
+%pom_disable_module dist
+%pom_remove_dep jaxme:jaxmeapi common
+# This dep is no longer supplied by ws-commons-util
+%pom_add_dep junit:junit:3.8.1:test
+
+%mvn_file :{*} @1
+%mvn_package :*-common %{name}
+
+%build
+# FIXME: ignore test failure because server part needs network
+%mvn_build -s -- -Dmaven.test.failure.ignore=true
+
+%install
+%mvn_install
+
+%files common -f .mfiles-%{name}
+%license LICENSE.txt NOTICE.txt
+
+%files client -f .mfiles-%{name}-client
+
+%files server -f .mfiles-%{name}-server
+
+%files javadoc -f .mfiles-javadoc
+%license LICENSE.txt NOTICE.txt
+
+%changelog
+* Sat Jul 27 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-23
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-22
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-21
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Fri May 18 2018 Michael Simacek <msimacek(a)redhat.com> - 1:3.1.3-20
+- Disallow deserialization of <ex:serializable> tags by default
+- Resolves CVE-2016-5003
+- Disallow loading of external DTD
+- Resolves CVE-2016-5002
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-18
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Mon Jun 12 2017 Troy Dawson <tdawson(a)redhat.com> - 1:3.1.3-17
+- Add junit to pom deps. Was originally supplied by ws-commons-util (#1460767)
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-16
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Thu Jan 12 2017 Igor Gnatenko <ignatenko(a)redhat.com> - 1:3.1.3-15
+- Rebuild for readline 7.x
+
+* Fri Feb 05 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Fri Jun 19 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1:3.1.3-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Fri Feb 13 2015 gil cattaneo <puntogil(a)libero.it> 1:3.1.3-12
+- introduce license macro
+
+* Thu Jul 10 2014 Sami Wagiaalla <swagiaal(a)redhat.com> - 1:3.1.3-11
+- Add OSGi info for xmlrpc-server jar.
+- export o.a.xmlrpc from xmlrpc-client jar.
+
+* Mon Jun 16 2014 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 1:3.1.3-10
+- Use servlet 3.1.0 API
+
+* Sun Jun 08 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1:3.1.3-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Tue Mar 04 2014 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 1:3.1.3-8
+- Use Requires: java-headless rebuild (#1067528)
+
+* Sun Aug 04 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1:3.1.3-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Fri Jun 14 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 1:3.1.3-6
+- Update to current packaging guidelines
+
+* Fri May 17 2013 Alexander Kurtakov <akurtako(a)redhat.com> 1:3.1.3-5
+- Remove javax.xml.bind from osgi imports - it's part of the JVM now.
+- Drop the ws-jaxme dependency for the same reason.
+
+* Fri Feb 15 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1:3.1.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Wed Feb 06 2013 Java SIG <java-devel(a)lists.fedoraproject.org> - 1:3.1.3-3
+- Update for https://fedoraproject.org/wiki/Fedora_19_Maven_Rebuild
+- Replace maven BuildRequires with maven-local
+
+* Sat Oct 20 2012 Peter Robinson <pbrobinson(a)fedoraproject.org> 3.1.3-2
+- xmlrpc v2 had an Epoch so we need one here. Add it back
+
+* Fri Sep 14 2012 Alexander Kurtakov <akurtako(a)redhat.com> 3.1.3-1
+- First release of version 3.x package
commit 0a09e0d088b4815e8190a0eec1a93324750807da
Author: Miro Hronok <miro(a)hroncok.cz>
Date: Sun Oct 13 21:58:47 2019 +0200
Orphaned for 6+ weeks
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 6de88cd..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-xmlrpc-2.0.1-src.tar.gz
-/apache-xmlrpc-3.1.3-src.tar.bz2
diff --git a/.project b/.project
deleted file mode 100644
index d3cdf74..0000000
--- a/.project
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<projectDescription>
- <name>xmlrpc</name>
- <comment></comment>
- <projects>
- </projects>
- <buildSpec>
- <buildCommand>
- <name>org.eclipse.linuxtools.rpm.rpmlint.rpmlintBuilder</name>
- <arguments>
- </arguments>
- </buildCommand>
- </buildSpec>
- <natures>
- <nature>org.eclipse.linuxtools.rpm.rpmlint.rpmlintNature</nature>
- </natures>
-</projectDescription>
diff --git a/changelog-pre3.x.txt b/changelog-pre3.x.txt
deleted file mode 100644
index 9cef632..0000000
--- a/changelog-pre3.x.txt
+++ /dev/null
@@ -1,120 +0,0 @@
-* Sun Jul 22 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-13
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
-
-* Tue Jun 05 2012 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-12
-- Migrate to new tomcat-servlet-api
-
-* Sat Jan 14 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-11
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
-
-* Mon Feb 07 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
-
-* Tue Dec 21 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-9
-- Require java >= 1:1.6.0
-- Fix classpaths to ensure building of all optional features
-- Remove stale patch
-
-* Thu Dec 16 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-8
-- Migrate from old servlet api to new one
-
-* Thu Dec 9 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-7
-- Remove gcj support
-- Make jars/javadocs versionless
-- Add ws-commons-util Requires
-- Use apache-commons-codec
-- Drop unneeded patch for jsse
-
-* Thu Mar 11 2010 Peter Lemenkov <lemenkov(a)gmail.com> - 0:2.0.1-6.6
-- Added missing requires jpackage-utils
-
-* Mon Jul 27 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-6.5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
-
-* Thu Feb 26 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-5.5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
-
-* Thu Jul 10 2008 Tom "spot" Callaway <tcallawa(a)redhat.com> - 0:2.0.1-4.5
-- drop repotag
-
-* Thu May 29 2008 Tom "spot" Callaway <tcallawa(a)redhat.com> - 0:2.0.1-4jpp.4
-- fix license tag
-
-* Tue Feb 19 2008 Fedora Release Engineering <rel-eng(a)fedoraproject.org> - 0:2.0.1-4jpp.3
-- Autorebuild for GCC 4.3
-
-* Tue Mar 27 2007 Matt Wringe <mwringe(a)redhat.com> 0:2.0.1-3jpp.3
-- Spec file clean up for Fedora Extras Review
-
-* Thu Mar 08 2007 Deepak Bhole <dbhole(a)redhat.com> 2.0.1-3jpp.2
-- Add javax.net.ssl support to build org.apache.xmlrpc.secure.*
-- Minor spec file cleanup
-
-* Fri Aug 04 2006 Vivek Lakshmanan <vivekl(a)redhat.com> - 0:2.0.1-3jpp.1
-- Merge with latest from JPP.
-
-* Sat Jul 22 2006 Jakub Jelinek <jakub(a)redhat.com> - 0:2.0.1-1jpp_8.2fc
-- Rebuilt
-
-* Wed Jul 12 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_8.1fc
-- rebuild
-
-* Wed Mar 8 2006 Rafael Schloming <rafaels(a)redhat.com> - 0:2.0.1-1jpp_7fc
-- excluded s390 due to eclipse
-
-* Mon Mar 6 2006 Jeremy Katz <katzj(a)redhat.com> - 0:2.0.1-1jpp_6fc
-- stop scriptlet spew
-
-* Fri Feb 24 2006 Igor Foox <ifoox(a)redhat.com> - 0:2.0.1-1jpp_5fc
-- Added post/postun dependency on coreutils.
-
-* Fri Feb 10 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_4fc
-- bump again for double-long bug on ppc(64)
-
-* Tue Feb 07 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_3fc
-- rebuilt for new gcc4.1 snapshot and glibc changes
-
-* Wed Jan 25 2006 Igor Foox <ifoox(a)redhat.com> 0:2.0.1-1jpp_2fc
-- ExcludeArch s390x and ppc64
-
-* Wed Jan 18 2006 Andrew Overholt <overholt(a)redhat.com> 0:2.0.1-1jpp_2fc
-- Comment out JPackage Distribution and Vendor tags
-
-* Wed Jan 18 2006 Jesse Keating <jkeating(a)redhat.com> 0:2.0.1-1jpp_2fc
-- bump for test
-
-* Wed Jan 18 2006 Igor Foox <ifoox(a)redhat.com> 0:2.0.1-1jpp_1fc
-- Update to version 2.0.1
-- Natively compile
-
-* Thu Aug 26 2004 Ralph Apel <r.apel at r-apel.de> 0:1.2-0.b1.3jpp
-- Build with ant-1.6.2
-
-* Thu Apr 29 2004 David Walluck <david(a)jpackage.org> 0:1.2-0.b1.2jpp
-- add jar symlinks
-- remove %%buildroot in %%install
-
-* Tue May 06 2003 David Walluck <david(a)anti-microsoft.org> 0:1.2-0.b1.1jpp
-- 1.2-b1
-- update for JPackage 1.5
-
-* Mon Mar 18 2002 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.1-1jpp
-- 1.1
-- generic servlet support
-- used source release
-- dropped patch
-- added applet jar
-
-* Mon Jan 21 2002 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-3jpp
-- versioned dir for javadoc
-- no dependencies for javadoc package
-- dropped jsse package
-- adaptation to new servlet3 package
-- adaptation to new jsse package
-- section macro
-
-* Fri Dec 7 2001 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-2jpp
-- javadoc into javadoc package
-
-* Sat Nov 3 2001 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-1jpp
-- first JPackage release
diff --git a/dead.package b/dead.package
new file mode 100644
index 0000000..5204a84
--- /dev/null
+++ b/dead.package
@@ -0,0 +1 @@
+Orphaned for 6+ weeks
diff --git a/sources b/sources
deleted file mode 100644
index f4bbd2c..0000000
--- a/sources
+++ /dev/null
@@ -1 +0,0 @@
-f7817485fa6a6a500c49ec9515d1f3b9 apache-xmlrpc-3.1.3-src.tar.bz2
diff --git a/xmlrpc-client-addosgimanifest.patch b/xmlrpc-client-addosgimanifest.patch
deleted file mode 100644
index 437d78f..0000000
--- a/xmlrpc-client-addosgimanifest.patch
+++ /dev/null
@@ -1,20 +0,0 @@
---- pom.xml.sav 2010-02-06 17:44:57.000000000 +0200
-+++ pom.xml 2010-09-29 09:27:06.194857352 +0300
-@@ -48,6 +48,17 @@
- <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
- <Implementation-Vendor>Apache Software Foundation</Implementation-Vendor>
- <Implementation-Version>${project.version}</Implementation-Version>
-+ <Bundle-ManifestVersion>2</Bundle-ManifestVersion>
-+ <Bundle-Name>%Bundle-Name</Bundle-Name>
-+ <Bundle-Localization>plugin</Bundle-Localization>
-+ <Bundle-SymbolicName>org.apache.xmlrpc</Bundle-SymbolicName>
-+ <Bundle-Version>${project.version}</Bundle-Version>
-+ <Require-Bundle>org.apache.xmlrpc.common</Require-Bundle>
-+ <Export-Package>org.apache.xmlrpc, org.apache.xmlrpc.client, org.apache.xmlrpc.client.util</Export-Package>
-+ <Import-Package>javax.xml.namespace, javax.xml.parsers, org.apache.commons.httpclient, org.apache.commons.httpclient.auth, org.apache.commons.httpclient.methods, org.apache.commons.httpclient.params, org.apache.commons.logging, org.apache.ws.commons.serialize, org.apache.ws.commons.util, org.w3c.dom, org.xml.sax, org.xml.sax.helpers</Import-Package>
-+ <Bundle-RequiredExecutionEnvironment>J2SE-1.4, CDC-1.0/Foundation-1.0, J2SE-1.3</Bundle-RequiredExecutionEnvironment>
-+ <Eclipse-BuddyPolicy>dependent</Eclipse-BuddyPolicy>
-+ <Bundle-Vendor>%Bundle-Vendor.0</Bundle-Vendor>
- </manifestEntries>
- </archive>
- </configuration>
diff --git a/xmlrpc-common-addosgimanifest.patch b/xmlrpc-common-addosgimanifest.patch
deleted file mode 100644
index 4d4aeca..0000000
--- a/xmlrpc-common-addosgimanifest.patch
+++ /dev/null
@@ -1,19 +0,0 @@
---- pom.xml.sav 2010-02-06 17:44:50.000000000 +0200
-+++ pom.xml 2010-09-29 09:30:38.857857644 +0300
-@@ -48,6 +48,16 @@
- <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
- <Implementation-Vendor>Apache Software Foundation</Implementation-Vendor>
- <Implementation-Version>${project.version}</Implementation-Version>
-+ <Bundle-ManifestVersion>2</Bundle-ManifestVersion>
-+ <Bundle-Name>%Bundle-Name</Bundle-Name>
-+ <Bundle-Localization>plugin</Bundle-Localization>
-+ <Bundle-SymbolicName>org.apache.xmlrpc.common</Bundle-SymbolicName>
-+ <Bundle-Version>${project.version}</Bundle-Version>
-+ <Export-Package>org.apache.xmlrpc, org.apache.xmlrpc.common, org.apache.xmlrpc.jaxb, org.apache.xmlrpc.parser, org.apache.xmlrpc.serializer, org.apache.xmlrpc.util</Export-Package>
-+ <Import-Package>javax.xml.namespace, javax.xml.parsers, org.apache.commons.httpclient, org.apache.commons.httpclient.auth, org.apache.commons.httpclient.methods, org.apache.commons.httpclient.params, org.apache.commons.logging, org.apache.ws.commons.serialize, org.apache.ws.commons.util, org.w3c.dom, org.xml.sax, org.xml.sax.helpers</Import-Package>
-+ <Bundle-RequiredExecutionEnvironment>J2SE-1.4, CDC-1.0/Foundation-1.0, J2SE-1.3</Bundle-RequiredExecutionEnvironment>
-+ <Eclipse-BuddyPolicy>dependent</Eclipse-BuddyPolicy>
-+ <Bundle-Vendor>%Bundle-Vendor.0</Bundle-Vendor>
- </manifestEntries>
- </archive>
- </configuration>
diff --git a/xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch b/xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch
deleted file mode 100644
index 53a0a98..0000000
--- a/xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 495d6136d9de5c0bbddadffe11b0841c6aafcb34 Mon Sep 17 00:00:00 2001
-From: Michael Simacek <msimacek(a)redhat.com>
-Date: Fri, 18 May 2018 15:22:49 +0200
-Subject: [PATCH 1/2] Disallow deserialization of <ex:serializable> tags
-
-Can be reenabled by setting JVM property
-org.apache.xmlrpc.allowInsecureDeserialization to 1.
-
-- Resolves CVE-2016-5003
----
- .../java/org/apache/xmlrpc/parser/SerializableParser.java | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java b/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
-index 18f25ac..c8bb7ed 100644
---- a/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
-+++ b/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
-@@ -29,6 +29,14 @@ import org.apache.xmlrpc.XmlRpcException;
- */
- public class SerializableParser extends ByteArrayParser {
- public Object getResult() throws XmlRpcException {
-+ if (!"1".equals(System.getProperty("org.apache.xmlrpc.allowInsecureDeserialization"))) {
-+ throw new UnsupportedOperationException(
-+ "Deserialization of ex:serializable objects is vulnerable to " +
-+ "remote execution attacks and is disabled by default. " +
-+ "If you are sure the source data is trusted, you can enable " +
-+ "it by setting org.apache.xmlrpc.allowInsecureDeserialization " +
-+ "JVM property to 1");
-+ }
- try {
- byte[] res = (byte[]) super.getResult();
- ByteArrayInputStream bais = new ByteArrayInputStream(res);
---
-2.17.0
-
diff --git a/xmlrpc-disallow-loading-external-dtd.patch b/xmlrpc-disallow-loading-external-dtd.patch
deleted file mode 100644
index f59b9c0..0000000
--- a/xmlrpc-disallow-loading-external-dtd.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 338ab231b228bd36afda4ab31db724c6669579b2 Mon Sep 17 00:00:00 2001
-From: Michael Simacek <msimacek(a)redhat.com>
-Date: Tue, 22 May 2018 10:53:28 +0200
-Subject: [PATCH 2/2] Disallow loading external DTD
-
----
- .../src/main/java/org/apache/xmlrpc/util/SAXParsers.java | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java b/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
-index b1034e7..49ef5de 100644
---- a/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
-+++ b/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
-@@ -48,6 +48,13 @@ public class SAXParsers {
- } catch (org.xml.sax.SAXException e) {
- // Ignore it
- }
-+ try {
-+ spf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
-+ } catch (javax.xml.parsers.ParserConfigurationException e) {
-+ // Ignore it
-+ } catch (org.xml.sax.SAXException e) {
-+ // Ignore it
-+ }
- }
-
- /** Creates a new instance of {@link XMLReader}.
---
-2.17.0
-
diff --git a/xmlrpc-javax-methods.patch b/xmlrpc-javax-methods.patch
deleted file mode 100644
index 0c66b6c..0000000
--- a/xmlrpc-javax-methods.patch
+++ /dev/null
@@ -1,264 +0,0 @@
-From d6834da0b1556bb133a534d31bb94d08f38fa195 Mon Sep 17 00:00:00 2001
-From: Mikolaj Izdebski <mizdebsk(a)redhat.com>
-Date: Mon, 16 Jun 2014 10:03:35 +0200
-Subject: [PATCH] Use servlet 3.1.0 API
-
----
- dist/pom.xml | 2 +-
- pom.xml | 4 +-
- server/pom.xml | 8 +++-
- .../xmlrpc/webserver/HttpServletRequestImpl.java | 54 ++++++++++++++++++++++
- .../xmlrpc/webserver/HttpServletResponseImpl.java | 26 ++++++++++-
- .../xmlrpc/webserver/ServletOutputStreamImpl.java | 5 ++
- 6 files changed, 94 insertions(+), 5 deletions(-)
-
-diff --git a/dist/pom.xml b/dist/pom.xml
-index 67aded6..c18c2eb 100644
---- a/dist/pom.xml
-+++ b/dist/pom.xml
-@@ -59,7 +59,7 @@
- <dependencies>
- <dependency>
- <groupId>javax.servlet</groupId>
-- <artifactId>servlet-api</artifactId>
-+ <artifactId>javax.servlet-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.xmlrpc</groupId>
-diff --git a/pom.xml b/pom.xml
-index 3933da5..70c508e 100644
---- a/pom.xml
-+++ b/pom.xml
-@@ -344,8 +344,8 @@
- </dependency>
- <dependency>
- <groupId>javax.servlet</groupId>
-- <artifactId>servlet-api</artifactId>
-- <version>2.4</version>
-+ <artifactId>javax.servlet-api</artifactId>
-+ <version>3.1.0</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
-diff --git a/server/pom.xml b/server/pom.xml
-index 0d09544..01288c8 100644
---- a/server/pom.xml
-+++ b/server/pom.xml
-@@ -67,6 +67,12 @@
- <dependency>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
-+ <exclusions>
-+ <exclusion>
-+ <groupId>javax.servlet</groupId>
-+ <artifactId>servlet-api</artifactId>
-+ </exclusion>
-+ </exclusions>
- </dependency>
- <dependency>
- <groupId>org.apache.xmlrpc</groupId>
-@@ -81,7 +87,7 @@
- </dependency>
- <dependency>
- <groupId>javax.servlet</groupId>
-- <artifactId>servlet-api</artifactId>
-+ <artifactId>javax.servlet-api</artifactId>
- </dependency>
- <dependency>
- <groupId>commons-httpclient</groupId>
-diff --git a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
-index 3dc7e43..19b14a2 100644
---- a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
-+++ b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
-@@ -31,6 +31,7 @@ import java.net.URLDecoder;
- import java.security.Principal;
- import java.util.ArrayList;
- import java.util.Collections;
-+import java.util.Collection;
- import java.util.Enumeration;
- import java.util.HashMap;
- import java.util.Iterator;
-@@ -39,10 +40,20 @@ import java.util.Locale;
- import java.util.Map;
- import java.util.StringTokenizer;
-
-+import javax.servlet.ReadListener;
- import javax.servlet.RequestDispatcher;
-+import javax.servlet.ServletException;
- import javax.servlet.ServletInputStream;
-+import javax.servlet.DispatcherType;
-+import javax.servlet.AsyncContext;
-+import javax.servlet.ServletContext;
-+import javax.servlet.ServletRequest;
-+import javax.servlet.ServletResponse;
- import javax.servlet.http.Cookie;
-+import javax.servlet.http.HttpUpgradeHandler;
-+import javax.servlet.http.Part;
- import javax.servlet.http.HttpServletRequest;
-+import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
-
- import org.apache.xmlrpc.common.XmlRpcStreamConfig;
-@@ -66,6 +77,7 @@ public class HttpServletRequestImpl implements HttpServletRequest {
- private String queryString;
- private String httpVersion;
- private final Map headers = new HashMap();
-+ private final Map parts = new HashMap();
- private final Map attributes = new HashMap();
- private Map parameters;
- private String characterEncoding;
-@@ -97,6 +109,18 @@ public class HttpServletRequestImpl implements HttpServletRequest {
- }
- return c;
- }
-+
-+ public boolean isFinished() {
-+ return contentBytesRemaining == 0;
-+ }
-+
-+ public boolean isReady() {
-+ return true;
-+ }
-+
-+ public void setReadListener(ReadListener arg0) {
-+ throw new IllegalStateException("Not implemented.");
-+ }
- };
- }
-
-@@ -227,6 +251,12 @@ public class HttpServletRequestImpl implements HttpServletRequest {
- return Collections.enumeration(list);
- }
-
-+ public Part getPart(String name) { throw new IllegalStateException("Not implemented"); }
-+
-+ public Collection getParts() { throw new IllegalStateException("Not implemented"); }
-+
-+ public boolean authenticate (HttpServletResponse response) { throw new IllegalStateException("Not implemented"); }
-+
- public int getIntHeader(String pHeader) {
- String s = getHeader(pHeader);
- return s == null ? -1 : Integer.parseInt(s);
-@@ -242,6 +272,10 @@ public class HttpServletRequestImpl implements HttpServletRequest {
-
- public String getRemoteUser() { throw new IllegalStateException("Not implemented"); }
-
-+ public void login(String username, String password) { throw new IllegalStateException("Not implemented"); }
-+
-+ public void logout() { throw new IllegalStateException("Not implemented"); }
-+
- public String getRequestURI() { return uri; }
-
- public StringBuffer getRequestURL() {
-@@ -280,6 +314,20 @@ public class HttpServletRequestImpl implements HttpServletRequest {
- return sb;
- }
-
-+ public AsyncContext getAsyncContext() { throw new IllegalStateException("Not implemented"); }
-+
-+ public boolean isAsyncSupported() { return false; }
-+
-+ public boolean isAsyncStarted() { return false; }
-+
-+ public ServletContext getServletContext() { throw new IllegalStateException("Not implemented"); }
-+
-+ public AsyncContext startAsync(ServletRequest req, ServletResponse resp) { throw new IllegalStateException("Not implemented"); }
-+
-+ public AsyncContext startAsync() { throw new IllegalStateException("Not implemented"); }
-+
-+ public DispatcherType getDispatcherType() { throw new IllegalStateException("Not implemented"); }
-+
- public String getRequestedSessionId() { throw new IllegalStateException("Not implemented"); }
-
- public String getServletPath() { return uri; }
-@@ -544,4 +592,10 @@ public class HttpServletRequestImpl implements HttpServletRequest {
- }
-
- protected String getHttpVersion() { return httpVersion; }
-+
-+ public long getContentLengthLong() { throw new IllegalStateException("Not implemented."); }
-+
-+ public String changeSessionId() { throw new IllegalStateException("Not implemented."); }
-+
-+ public HttpUpgradeHandler upgrade(Class arg0) { throw new IllegalStateException("Not implemented."); }
- }
-diff --git a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
-index 6ba7018..5319dcf 100644
---- a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
-+++ b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
-@@ -29,6 +29,8 @@ import java.util.Iterator;
- import java.util.List;
- import java.util.Locale;
- import java.util.Map;
-+import java.util.Collection;
-+import java.util.Collections;
- import java.util.StringTokenizer;
-
- import javax.servlet.ServletOutputStream;
-@@ -84,7 +86,7 @@ public class HttpServletResponseImpl implements HttpServletResponse {
- }
- }
-
-- private String getHeader(String pHeader) {
-+ public String getHeader(String pHeader) {
- String key = pHeader.toLowerCase();
- Object o = headers.get(key);
- if (o == null) {
-@@ -101,6 +103,26 @@ public class HttpServletResponseImpl implements HttpServletResponse {
- }
- }
-
-+ public Collection getHeaderNames() {
-+ return headers.keySet();
-+ }
-+
-+ public Collection getHeaders(String pHeader) {
-+ String key = pHeader.toLowerCase();
-+ Object o = headers.get(key);
-+ List list;
-+ if (o instanceof List) {
-+ list = (List) o;
-+ } else {
-+ list = Collections.singletonList(o);
-+ }
-+ return list;
-+ }
-+
-+ public int getStatus() {
-+ return status;
-+ }
-+
- public void addIntHeader(String pHeader, int pValue) {
- addHeader(pHeader, Integer.toString(pValue));
- }
-@@ -465,4 +487,6 @@ public class HttpServletResponseImpl implements HttpServletResponse {
- sb.append("\r\n");
- return sb.toString();
- }
-+
-+ public void setContentLengthLong(long arg0) { throw new IllegalStateException("Not implemented."); }
- }
-diff --git a/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java b/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java
-index c2a53b1..86dbbb4 100644
---- a/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java
-+++ b/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java
-@@ -22,6 +22,7 @@ import java.io.IOException;
- import java.io.OutputStream;
-
- import javax.servlet.ServletOutputStream;
-+import javax.servlet.WriteListener;
-
-
- /** Default implementation of a servlet output stream.
-@@ -99,4 +100,8 @@ class ServletOutputStreamImpl extends ServletOutputStream {
- boolean isCommitted() {
- return committed;
- }
-+
-+ public boolean isReady() { return true; }
-+
-+ public void setWriteListener(WriteListener arg0) { throw new IllegalStateException("Not implemented."); }
- }
---
-1.9.3
-
diff --git a/xmlrpc-server-addosgimanifest.patch b/xmlrpc-server-addosgimanifest.patch
deleted file mode 100644
index af54e20..0000000
--- a/xmlrpc-server-addosgimanifest.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- pom.xml 2014-07-07 11:24:52.668887604 -0400
-+++ pom.xml.sav 2014-07-07 11:25:06.174916380 -0400
-@@ -48,6 +48,12 @@
- <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
- <Implementation-Vendor>Apache Software Foundation</Implementation-Vendor>
- <Implementation-Version>${project.version}</Implementation-Version>
-+ <Bundle-ManifestVersion>1</Bundle-ManifestVersion>
-+ <Bundle-Name>%Bundle-Name</Bundle-Name>
-+ <Bundle-SymbolicName>org.apache.xmlrpc.server</Bundle-SymbolicName>
-+ <Bundle-Version>${project.version}</Bundle-Version>
-+ <Require-Bundle>org.apache.xmlrpc.common</Require-Bundle>
-+ <Export-Package>org.apache.xmlrpc.server,org.apache.xmlrpc.webserver</Export-Package>
- </manifestEntries>
- </archive>
- </configuration>
diff --git a/xmlrpc.spec b/xmlrpc.spec
deleted file mode 100644
index 2979844..0000000
--- a/xmlrpc.spec
+++ /dev/null
@@ -1,181 +0,0 @@
-Name: xmlrpc
-Version: 3.1.3
-Release: 23%{?dist}
-Epoch: 1
-Summary: Java XML-RPC implementation
-License: ASL 2.0
-URL: http://ws.apache.org/xmlrpc/
-BuildArch: noarch
-
-Source0: http://www.apache.org/dist/ws/xmlrpc/sources/apache-xmlrpc-%{version}-src...
-Patch0: %{name}-client-addosgimanifest.patch
-Patch1: %{name}-common-addosgimanifest.patch
-Patch2: %{name}-javax-methods.patch
-Patch3: %{name}-server-addosgimanifest.patch
-Patch4: %{name}-disallow-deserialization-of-ex-serializable-tags.patch
-Patch5: %{name}-disallow-loading-external-dtd.patch
-
-BuildRequires: maven-local
-BuildRequires: mvn(org.apache:apache:pom:)
-BuildRequires: mvn(commons-httpclient:commons-httpclient)
-BuildRequires: mvn(commons-logging:commons-logging)
-BuildRequires: mvn(javax.servlet:servlet-api)
-BuildRequires: mvn(org.apache.ws.commons.util:ws-commons-util)
-
-
-%description
-Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol
-that uses XML over HTTP to implement remote procedure calls.
-Apache XML-RPC was previously known as Helma XML-RPC. If you have code
-using the Helma library, all you should have to do is change the import
-statements in your code from helma.xmlrpc.* to org.apache.xmlrpc.*.
-
-%package javadoc
-Summary: Javadoc for %{name}
-
-%description javadoc
-Javadoc for %{name}.
-
-%package common
-Summary: Common classes for XML-RPC client and server implementations
-# Provide xmlrpc is not here because it would be useless due to different jar names
-Obsoletes: %{name} < 3.1.3
-Obsoletes: %{name}3-common < 3.1.3-13
-Provides: %{name}3-common = 3.1.3-13
-
-%description common
-%{summary}.
-
-%package client
-Summary: XML-RPC client implementation
-Obsoletes: %{name}3-client < 3.1.3-13
-Provides: %{name}3-client = 3.1.3-13
-
-%description client
-%{summary}.
-
-%package server
-Summary: XML-RPC server implementation
-Obsoletes: %{name}3-server < 3.1.3-13
-Provides: %{name}3-server = 3.1.3-13
-
-%description server
-%{summary}.
-
-%prep
-%setup -q -n apache-%{name}-%{version}-src
-%patch2 -p1
-pushd client
-%patch0 -b .sav
-popd
-pushd common
-%patch1 -b .sav
-popd
-pushd server
-%patch3 -b .sav
-popd
-%patch4 -p1
-%patch5 -p1
-
-sed -i 's/\r//' LICENSE.txt
-
-%pom_disable_module dist
-%pom_remove_dep jaxme:jaxmeapi common
-# This dep is no longer supplied by ws-commons-util
-%pom_add_dep junit:junit:3.8.1:test
-
-%mvn_file :{*} @1
-%mvn_package :*-common %{name}
-
-%build
-# FIXME: ignore test failure because server part needs network
-%mvn_build -s -- -Dmaven.test.failure.ignore=true
-
-%install
-%mvn_install
-
-%files common -f .mfiles-%{name}
-%license LICENSE.txt NOTICE.txt
-
-%files client -f .mfiles-%{name}-client
-
-%files server -f .mfiles-%{name}-server
-
-%files javadoc -f .mfiles-javadoc
-%license LICENSE.txt NOTICE.txt
-
-%changelog
-* Sat Jul 27 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-23
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Sun Feb 03 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-22
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-21
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Fri May 18 2018 Michael Simacek <msimacek(a)redhat.com> - 1:3.1.3-20
-- Disallow deserialization of <ex:serializable> tags by default
-- Resolves CVE-2016-5003
-- Disallow loading of external DTD
-- Resolves CVE-2016-5002
-
-* Fri Feb 09 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-19
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-18
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Mon Jun 12 2017 Troy Dawson <tdawson(a)redhat.com> - 1:3.1.3-17
-- Add junit to pom deps. Was originally supplied by ws-commons-util (#1460767)
-
-* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-16
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Thu Jan 12 2017 Igor Gnatenko <ignatenko(a)redhat.com> - 1:3.1.3-15
-- Rebuild for readline 7.x
-
-* Fri Feb 05 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-14
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Fri Jun 19 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1:3.1.3-13
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Fri Feb 13 2015 gil cattaneo <puntogil(a)libero.it> 1:3.1.3-12
-- introduce license macro
-
-* Thu Jul 10 2014 Sami Wagiaalla <swagiaal(a)redhat.com> - 1:3.1.3-11
-- Add OSGi info for xmlrpc-server jar.
-- export o.a.xmlrpc from xmlrpc-client jar.
-
-* Mon Jun 16 2014 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 1:3.1.3-10
-- Use servlet 3.1.0 API
-
-* Sun Jun 08 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1:3.1.3-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
-* Tue Mar 04 2014 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 1:3.1.3-8
-- Use Requires: java-headless rebuild (#1067528)
-
-* Sun Aug 04 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1:3.1.3-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
-
-* Fri Jun 14 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 1:3.1.3-6
-- Update to current packaging guidelines
-
-* Fri May 17 2013 Alexander Kurtakov <akurtako(a)redhat.com> 1:3.1.3-5
-- Remove javax.xml.bind from osgi imports - it's part of the JVM now.
-- Drop the ws-jaxme dependency for the same reason.
-
-* Fri Feb 15 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1:3.1.3-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
-
-* Wed Feb 06 2013 Java SIG <java-devel(a)lists.fedoraproject.org> - 1:3.1.3-3
-- Update for https://fedoraproject.org/wiki/Fedora_19_Maven_Rebuild
-- Replace maven BuildRequires with maven-local
-
-* Sat Oct 20 2012 Peter Robinson <pbrobinson(a)fedoraproject.org> 3.1.3-2
-- xmlrpc v2 had an Epoch so we need one here. Add it back
-
-* Fri Sep 14 2012 Alexander Kurtakov <akurtako(a)redhat.com> 3.1.3-1
-- First release of version 3.x package
commit 1fd6b41bcd33afd8523279dc303ea23fd16a5036
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Sat Jul 27 04:21:15 2019 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng(a)fedoraproject.org>
diff --git a/xmlrpc.spec b/xmlrpc.spec
index c430286..2979844 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
Name: xmlrpc
Version: 3.1.3
-Release: 22%{?dist}
+Release: 23%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -105,6 +105,9 @@ sed -i 's/\r//' LICENSE.txt
%license LICENSE.txt NOTICE.txt
%changelog
+* Sat Jul 27 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-23
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
* Sun Feb 03 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
commit 087a3b1d4b506b4408e73ca997b4bf36ce6ff0b0
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Sun Feb 3 12:33:34 2019 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng(a)fedoraproject.org>
diff --git a/xmlrpc.spec b/xmlrpc.spec
index c2f876a..c430286 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
Name: xmlrpc
Version: 3.1.3
-Release: 21%{?dist}
+Release: 22%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -105,6 +105,9 @@ sed -i 's/\r//' LICENSE.txt
%license LICENSE.txt NOTICE.txt
%changelog
+* Sun Feb 03 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-22
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
commit 383187a645035d4d1ad39a1eaa8631ed15ea9277
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Sat Jul 14 09:23:48 2018 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng(a)fedoraproject.org>
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 7b3b456..c2f876a 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
Name: xmlrpc
Version: 3.1.3
-Release: 20%{?dist}
+Release: 21%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -105,6 +105,9 @@ sed -i 's/\r//' LICENSE.txt
%license LICENSE.txt NOTICE.txt
%changelog
+* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-21
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
* Fri May 18 2018 Michael Simacek <msimacek(a)redhat.com> - 1:3.1.3-20
- Disallow deserialization of <ex:serializable> tags by default
- Resolves CVE-2016-5003
commit 2db59ec8a8b4d358802e98ce0151af84d7b93752
Author: Michael Simacek <msimacek(a)redhat.com>
Date: Wed May 23 08:43:48 2018 +0200
Disallow loading of external DTD
Resolves CVE-2016-5002
diff --git a/xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch b/xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch
index 5018eb6..53a0a98 100644
--- a/xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch
+++ b/xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch
@@ -1,7 +1,7 @@
From 495d6136d9de5c0bbddadffe11b0841c6aafcb34 Mon Sep 17 00:00:00 2001
From: Michael Simacek <msimacek(a)redhat.com>
Date: Fri, 18 May 2018 15:22:49 +0200
-Subject: [PATCH] Disallow deserialization of <ex:serializable> tags
+Subject: [PATCH 1/2] Disallow deserialization of <ex:serializable> tags
Can be reenabled by setting JVM property
org.apache.xmlrpc.allowInsecureDeserialization to 1.
diff --git a/xmlrpc-disallow-loading-external-dtd.patch b/xmlrpc-disallow-loading-external-dtd.patch
new file mode 100644
index 0000000..f59b9c0
--- /dev/null
+++ b/xmlrpc-disallow-loading-external-dtd.patch
@@ -0,0 +1,30 @@
+From 338ab231b228bd36afda4ab31db724c6669579b2 Mon Sep 17 00:00:00 2001
+From: Michael Simacek <msimacek(a)redhat.com>
+Date: Tue, 22 May 2018 10:53:28 +0200
+Subject: [PATCH 2/2] Disallow loading external DTD
+
+---
+ .../src/main/java/org/apache/xmlrpc/util/SAXParsers.java | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java b/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
+index b1034e7..49ef5de 100644
+--- a/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
++++ b/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
+@@ -48,6 +48,13 @@ public class SAXParsers {
+ } catch (org.xml.sax.SAXException e) {
+ // Ignore it
+ }
++ try {
++ spf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
++ } catch (javax.xml.parsers.ParserConfigurationException e) {
++ // Ignore it
++ } catch (org.xml.sax.SAXException e) {
++ // Ignore it
++ }
+ }
+
+ /** Creates a new instance of {@link XMLReader}.
+--
+2.17.0
+
diff --git a/xmlrpc.spec b/xmlrpc.spec
index ccad587..7b3b456 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -13,6 +13,7 @@ Patch1: %{name}-common-addosgimanifest.patch
Patch2: %{name}-javax-methods.patch
Patch3: %{name}-server-addosgimanifest.patch
Patch4: %{name}-disallow-deserialization-of-ex-serializable-tags.patch
+Patch5: %{name}-disallow-loading-external-dtd.patch
BuildRequires: maven-local
BuildRequires: mvn(org.apache:apache:pom:)
@@ -74,6 +75,7 @@ pushd server
%patch3 -b .sav
popd
%patch4 -p1
+%patch5 -p1
sed -i 's/\r//' LICENSE.txt
@@ -106,6 +108,8 @@ sed -i 's/\r//' LICENSE.txt
* Fri May 18 2018 Michael Simacek <msimacek(a)redhat.com> - 1:3.1.3-20
- Disallow deserialization of <ex:serializable> tags by default
- Resolves CVE-2016-5003
+- Disallow loading of external DTD
+- Resolves CVE-2016-5002
* Fri Feb 09 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
commit ef4efbf91d241070f6f41950f7536049688a3a67
Author: Michael Simacek <msimacek(a)redhat.com>
Date: Fri May 18 15:39:56 2018 +0200
Disallow deserialization of <ex:serializable> tags by default
- Resolves CVE-2016-5003
diff --git a/xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch b/xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch
new file mode 100644
index 0000000..5018eb6
--- /dev/null
+++ b/xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch
@@ -0,0 +1,35 @@
+From 495d6136d9de5c0bbddadffe11b0841c6aafcb34 Mon Sep 17 00:00:00 2001
+From: Michael Simacek <msimacek(a)redhat.com>
+Date: Fri, 18 May 2018 15:22:49 +0200
+Subject: [PATCH] Disallow deserialization of <ex:serializable> tags
+
+Can be reenabled by setting JVM property
+org.apache.xmlrpc.allowInsecureDeserialization to 1.
+
+- Resolves CVE-2016-5003
+---
+ .../java/org/apache/xmlrpc/parser/SerializableParser.java | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java b/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
+index 18f25ac..c8bb7ed 100644
+--- a/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
++++ b/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
+@@ -29,6 +29,14 @@ import org.apache.xmlrpc.XmlRpcException;
+ */
+ public class SerializableParser extends ByteArrayParser {
+ public Object getResult() throws XmlRpcException {
++ if (!"1".equals(System.getProperty("org.apache.xmlrpc.allowInsecureDeserialization"))) {
++ throw new UnsupportedOperationException(
++ "Deserialization of ex:serializable objects is vulnerable to " +
++ "remote execution attacks and is disabled by default. " +
++ "If you are sure the source data is trusted, you can enable " +
++ "it by setting org.apache.xmlrpc.allowInsecureDeserialization " +
++ "JVM property to 1");
++ }
+ try {
+ byte[] res = (byte[]) super.getResult();
+ ByteArrayInputStream bais = new ByteArrayInputStream(res);
+--
+2.17.0
+
diff --git a/xmlrpc.spec b/xmlrpc.spec
index e617061..ccad587 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
Name: xmlrpc
Version: 3.1.3
-Release: 19%{?dist}
+Release: 20%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -12,6 +12,7 @@ Patch0: %{name}-client-addosgimanifest.patch
Patch1: %{name}-common-addosgimanifest.patch
Patch2: %{name}-javax-methods.patch
Patch3: %{name}-server-addosgimanifest.patch
+Patch4: %{name}-disallow-deserialization-of-ex-serializable-tags.patch
BuildRequires: maven-local
BuildRequires: mvn(org.apache:apache:pom:)
@@ -72,6 +73,7 @@ popd
pushd server
%patch3 -b .sav
popd
+%patch4 -p1
sed -i 's/\r//' LICENSE.txt
@@ -101,6 +103,10 @@ sed -i 's/\r//' LICENSE.txt
%license LICENSE.txt NOTICE.txt
%changelog
+* Fri May 18 2018 Michael Simacek <msimacek(a)redhat.com> - 1:3.1.3-20
+- Disallow deserialization of <ex:serializable> tags by default
+- Resolves CVE-2016-5003
+
* Fri Feb 09 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
commit 5b7a60c7fe55fbb24f6c1cdf35f6ba63237586c9
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Fri Feb 9 21:47:27 2018 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng(a)fedoraproject.org>
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 3fcce3f..e617061 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
Name: xmlrpc
Version: 3.1.3
-Release: 18%{?dist}
+Release: 19%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -101,6 +101,9 @@ sed -i 's/\r//' LICENSE.txt
%license LICENSE.txt NOTICE.txt
%changelog
+* Fri Feb 09 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
commit d5ec53e08d8e44e93970c95362b801913f5da16c
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Thu Jul 27 22:13:55 2017 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 74c09de..3fcce3f 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
Name: xmlrpc
Version: 3.1.3
-Release: 17%{?dist}
+Release: 18%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -101,6 +101,9 @@ sed -i 's/\r//' LICENSE.txt
%license LICENSE.txt NOTICE.txt
%changelog
+* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-18
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
* Mon Jun 12 2017 Troy Dawson <tdawson(a)redhat.com> - 1:3.1.3-17
- Add junit to pom deps. Was originally supplied by ws-commons-util (#1460767)
commit 6b0ae9a5c0b28054507a2e6c899e740161d06df1
Author: Troy Dawson <tdawson(a)redhat.com>
Date: Mon Jun 12 09:42:59 2017 -0700
Add junit to pom deps
Signed-off-by: Mikolaj Izdebski <mizdebsk(a)redhat.com>
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 98a267f..74c09de 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
Name: xmlrpc
Version: 3.1.3
-Release: 16%{?dist}
+Release: 17%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -77,6 +77,9 @@ sed -i 's/\r//' LICENSE.txt
%pom_disable_module dist
%pom_remove_dep jaxme:jaxmeapi common
+# This dep is no longer supplied by ws-commons-util
+%pom_add_dep junit:junit:3.8.1:test
+
%mvn_file :{*} @1
%mvn_package :*-common %{name}
@@ -98,6 +101,9 @@ sed -i 's/\r//' LICENSE.txt
%license LICENSE.txt NOTICE.txt
%changelog
+* Mon Jun 12 2017 Troy Dawson <tdawson(a)redhat.com> - 1:3.1.3-17
+- Add junit to pom deps. Was originally supplied by ws-commons-util (#1460767)
+
* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
commit 308daf7a186d5e72148ecedea763298f675f2d59
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Sat Feb 11 17:57:46 2017 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
diff --git a/xmlrpc.spec b/xmlrpc.spec
index eb4a037..98a267f 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
Name: xmlrpc
Version: 3.1.3
-Release: 15%{?dist}
+Release: 16%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -98,6 +98,9 @@ sed -i 's/\r//' LICENSE.txt
%license LICENSE.txt NOTICE.txt
%changelog
+* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-16
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
* Thu Jan 12 2017 Igor Gnatenko <ignatenko(a)redhat.com> - 1:3.1.3-15
- Rebuild for readline 7.x
commit a8a7a1d8eae17746c95e4f538e3214894fc61a7c
Author: Igor Gnatenko <ignatenko(a)redhat.com>
Date: Thu Jan 12 17:30:44 2017 +0100
Rebuild for readline 7.x
Signed-off-by: Igor Gnatenko <ignatenko(a)redhat.com>
diff --git a/xmlrpc.spec b/xmlrpc.spec
index e1a5079..eb4a037 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
Name: xmlrpc
Version: 3.1.3
-Release: 14%{?dist}
+Release: 15%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -98,6 +98,9 @@ sed -i 's/\r//' LICENSE.txt
%license LICENSE.txt NOTICE.txt
%changelog
+* Thu Jan 12 2017 Igor Gnatenko <ignatenko(a)redhat.com> - 1:3.1.3-15
+- Rebuild for readline 7.x
+
* Fri Feb 05 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
commit 7df5e8828a1b1426c06794f9624058fb5d1b814b
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Fri Feb 5 03:36:26 2016 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 0bff54f..e1a5079 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
Name: xmlrpc
Version: 3.1.3
-Release: 13%{?dist}
+Release: 14%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -98,6 +98,9 @@ sed -i 's/\r//' LICENSE.txt
%license LICENSE.txt NOTICE.txt
%changelog
+* Fri Feb 05 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.1.3-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1:3.1.3-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
commit ea8c222187c06f149c193625c1bcffbbcd131968
Author: Dennis Gilmore <dennis(a)ausil.us>
Date: Fri Jun 19 04:09:22 2015 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
diff --git a/xmlrpc.spec b/xmlrpc.spec
index f701769..0bff54f 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
Name: xmlrpc
Version: 3.1.3
-Release: 12%{?dist}
+Release: 13%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -98,6 +98,9 @@ sed -i 's/\r//' LICENSE.txt
%license LICENSE.txt NOTICE.txt
%changelog
+* Fri Jun 19 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1:3.1.3-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
* Fri Feb 13 2015 gil cattaneo <puntogil(a)libero.it> 1:3.1.3-12
- introduce license macro
commit dc08731b2c0019e2dce9c809e34df7120d7dc32c
Author: gil <puntogil(a)libero.it>
Date: Sat Feb 14 00:20:28 2015 +0100
introduce license macro
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 372a680..f701769 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
Name: xmlrpc
Version: 3.1.3
-Release: 11%{?dist}
+Release: 12%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -88,17 +88,20 @@ sed -i 's/\r//' LICENSE.txt
%mvn_install
%files common -f .mfiles-%{name}
-%doc LICENSE.txt NOTICE.txt
+%license LICENSE.txt NOTICE.txt
%files client -f .mfiles-%{name}-client
%files server -f .mfiles-%{name}-server
%files javadoc -f .mfiles-javadoc
-%doc LICENSE.txt NOTICE.txt
+%license LICENSE.txt NOTICE.txt
%changelog
-* Thu Jul 10 2014 Sami Wagiaalla <swagiaal(a)redhat.com> - 1:3.1.3-10
+* Fri Feb 13 2015 gil cattaneo <puntogil(a)libero.it> 1:3.1.3-12
+- introduce license macro
+
+* Thu Jul 10 2014 Sami Wagiaalla <swagiaal(a)redhat.com> - 1:3.1.3-11
- Add OSGi info for xmlrpc-server jar.
- export o.a.xmlrpc from xmlrpc-client jar.
commit db647bf94a16172f76eb6157c2f5dd968dd5beba
Author: Sami Wagiaalla <swagiaal(a)redhat.com>
Date: Thu Jul 10 09:46:22 2014 -0400
Add OSGi info for xmlrpc-server jar.
- export o.a.xmlrpc from xmlrpc-client jar.
diff --git a/xmlrpc-client-addosgimanifest.patch b/xmlrpc-client-addosgimanifest.patch
index 1b39a19..437d78f 100644
--- a/xmlrpc-client-addosgimanifest.patch
+++ b/xmlrpc-client-addosgimanifest.patch
@@ -10,7 +10,7 @@
+ <Bundle-SymbolicName>org.apache.xmlrpc</Bundle-SymbolicName>
+ <Bundle-Version>${project.version}</Bundle-Version>
+ <Require-Bundle>org.apache.xmlrpc.common</Require-Bundle>
-+ <Export-Package>org.apache.xmlrpc.client, org.apache.xmlrpc.client.util</Export-Package>
++ <Export-Package>org.apache.xmlrpc, org.apache.xmlrpc.client, org.apache.xmlrpc.client.util</Export-Package>
+ <Import-Package>javax.xml.namespace, javax.xml.parsers, org.apache.commons.httpclient, org.apache.commons.httpclient.auth, org.apache.commons.httpclient.methods, org.apache.commons.httpclient.params, org.apache.commons.logging, org.apache.ws.commons.serialize, org.apache.ws.commons.util, org.w3c.dom, org.xml.sax, org.xml.sax.helpers</Import-Package>
+ <Bundle-RequiredExecutionEnvironment>J2SE-1.4, CDC-1.0/Foundation-1.0, J2SE-1.3</Bundle-RequiredExecutionEnvironment>
+ <Eclipse-BuddyPolicy>dependent</Eclipse-BuddyPolicy>
diff --git a/xmlrpc-server-addosgimanifest.patch b/xmlrpc-server-addosgimanifest.patch
new file mode 100644
index 0000000..af54e20
--- /dev/null
+++ b/xmlrpc-server-addosgimanifest.patch
@@ -0,0 +1,15 @@
+--- pom.xml 2014-07-07 11:24:52.668887604 -0400
++++ pom.xml.sav 2014-07-07 11:25:06.174916380 -0400
+@@ -48,6 +48,12 @@
+ <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
+ <Implementation-Vendor>Apache Software Foundation</Implementation-Vendor>
+ <Implementation-Version>${project.version}</Implementation-Version>
++ <Bundle-ManifestVersion>1</Bundle-ManifestVersion>
++ <Bundle-Name>%Bundle-Name</Bundle-Name>
++ <Bundle-SymbolicName>org.apache.xmlrpc.server</Bundle-SymbolicName>
++ <Bundle-Version>${project.version}</Bundle-Version>
++ <Require-Bundle>org.apache.xmlrpc.common</Require-Bundle>
++ <Export-Package>org.apache.xmlrpc.server,org.apache.xmlrpc.webserver</Export-Package>
+ </manifestEntries>
+ </archive>
+ </configuration>
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 258df85..372a680 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
Name: xmlrpc
Version: 3.1.3
-Release: 10%{?dist}
+Release: 11%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -11,6 +11,7 @@ Source0: http://www.apache.org/dist/ws/xmlrpc/sources/apache-xmlrpc-%{ver
Patch0: %{name}-client-addosgimanifest.patch
Patch1: %{name}-common-addosgimanifest.patch
Patch2: %{name}-javax-methods.patch
+Patch3: %{name}-server-addosgimanifest.patch
BuildRequires: maven-local
BuildRequires: mvn(org.apache:apache:pom:)
@@ -68,6 +69,9 @@ popd
pushd common
%patch1 -b .sav
popd
+pushd server
+%patch3 -b .sav
+popd
sed -i 's/\r//' LICENSE.txt
@@ -94,6 +98,10 @@ sed -i 's/\r//' LICENSE.txt
%doc LICENSE.txt NOTICE.txt
%changelog
+* Thu Jul 10 2014 Sami Wagiaalla <swagiaal(a)redhat.com> - 1:3.1.3-10
+- Add OSGi info for xmlrpc-server jar.
+- export o.a.xmlrpc from xmlrpc-client jar.
+
* Mon Jun 16 2014 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 1:3.1.3-10
- Use servlet 3.1.0 API
commit 778e72b35bcf0300a6cd14f1dceaa052fc5b133e
Author: Mikolaj Izdebski <mizdebsk(a)redhat.com>
Date: Mon Jun 16 10:27:03 2014 +0200
Use servlet 3.1.0 API
diff --git a/xmlrpc-javax-methods.patch b/xmlrpc-javax-methods.patch
index 2a99d9f..0c66b6c 100644
--- a/xmlrpc-javax-methods.patch
+++ b/xmlrpc-javax-methods.patch
@@ -1,6 +1,75 @@
-diff -up ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java.fix ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
---- ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java.fix 2012-07-24 14:49:54.000000000 -0400
-+++ ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java 2012-07-24 18:20:17.000000000 -0400
+From d6834da0b1556bb133a534d31bb94d08f38fa195 Mon Sep 17 00:00:00 2001
+From: Mikolaj Izdebski <mizdebsk(a)redhat.com>
+Date: Mon, 16 Jun 2014 10:03:35 +0200
+Subject: [PATCH] Use servlet 3.1.0 API
+
+---
+ dist/pom.xml | 2 +-
+ pom.xml | 4 +-
+ server/pom.xml | 8 +++-
+ .../xmlrpc/webserver/HttpServletRequestImpl.java | 54 ++++++++++++++++++++++
+ .../xmlrpc/webserver/HttpServletResponseImpl.java | 26 ++++++++++-
+ .../xmlrpc/webserver/ServletOutputStreamImpl.java | 5 ++
+ 6 files changed, 94 insertions(+), 5 deletions(-)
+
+diff --git a/dist/pom.xml b/dist/pom.xml
+index 67aded6..c18c2eb 100644
+--- a/dist/pom.xml
++++ b/dist/pom.xml
+@@ -59,7 +59,7 @@
+ <dependencies>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+- <artifactId>servlet-api</artifactId>
++ <artifactId>javax.servlet-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.xmlrpc</groupId>
+diff --git a/pom.xml b/pom.xml
+index 3933da5..70c508e 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -344,8 +344,8 @@
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+- <artifactId>servlet-api</artifactId>
+- <version>2.4</version>
++ <artifactId>javax.servlet-api</artifactId>
++ <version>3.1.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+diff --git a/server/pom.xml b/server/pom.xml
+index 0d09544..01288c8 100644
+--- a/server/pom.xml
++++ b/server/pom.xml
+@@ -67,6 +67,12 @@
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
++ <exclusions>
++ <exclusion>
++ <groupId>javax.servlet</groupId>
++ <artifactId>servlet-api</artifactId>
++ </exclusion>
++ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.xmlrpc</groupId>
+@@ -81,7 +87,7 @@
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+- <artifactId>servlet-api</artifactId>
++ <artifactId>javax.servlet-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+diff --git a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
+index 3dc7e43..19b14a2 100644
+--- a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
++++ b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
@@ -31,6 +31,7 @@ import java.net.URLDecoder;
import java.security.Principal;
import java.util.ArrayList;
@@ -9,9 +78,13 @@ diff -up ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestIm
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
-@@ -41,8 +42,15 @@ import java.util.StringTokenizer;
+@@ -39,10 +40,20 @@ import java.util.Locale;
+ import java.util.Map;
+ import java.util.StringTokenizer;
++import javax.servlet.ReadListener;
import javax.servlet.RequestDispatcher;
++import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
+import javax.servlet.DispatcherType;
+import javax.servlet.AsyncContext;
@@ -19,13 +92,14 @@ diff -up ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestIm
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
++import javax.servlet.http.HttpUpgradeHandler;
+import javax.servlet.http.Part;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.xmlrpc.common.XmlRpcStreamConfig;
-@@ -66,6 +74,7 @@ public class HttpServletRequestImpl impl
+@@ -66,6 +77,7 @@ public class HttpServletRequestImpl implements HttpServletRequest {
private String queryString;
private String httpVersion;
private final Map headers = new HashMap();
@@ -33,7 +107,26 @@ diff -up ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestIm
private final Map attributes = new HashMap();
private Map parameters;
private String characterEncoding;
-@@ -227,6 +236,12 @@ public class HttpServletRequestImpl impl
+@@ -97,6 +109,18 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+ }
+ return c;
+ }
++
++ public boolean isFinished() {
++ return contentBytesRemaining == 0;
++ }
++
++ public boolean isReady() {
++ return true;
++ }
++
++ public void setReadListener(ReadListener arg0) {
++ throw new IllegalStateException("Not implemented.");
++ }
+ };
+ }
+
+@@ -227,6 +251,12 @@ public class HttpServletRequestImpl implements HttpServletRequest {
return Collections.enumeration(list);
}
@@ -46,7 +139,7 @@ diff -up ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestIm
public int getIntHeader(String pHeader) {
String s = getHeader(pHeader);
return s == null ? -1 : Integer.parseInt(s);
-@@ -242,6 +257,10 @@ public class HttpServletRequestImpl impl
+@@ -242,6 +272,10 @@ public class HttpServletRequestImpl implements HttpServletRequest {
public String getRemoteUser() { throw new IllegalStateException("Not implemented"); }
@@ -57,7 +150,7 @@ diff -up ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestIm
public String getRequestURI() { return uri; }
public StringBuffer getRequestURL() {
-@@ -280,6 +299,20 @@ public class HttpServletRequestImpl impl
+@@ -280,6 +314,20 @@ public class HttpServletRequestImpl implements HttpServletRequest {
return sb;
}
@@ -78,9 +171,21 @@ diff -up ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestIm
public String getRequestedSessionId() { throw new IllegalStateException("Not implemented"); }
public String getServletPath() { return uri; }
-diff -up ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java.fix ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
---- ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java.fix 2012-07-24 14:49:46.000000000 -0400
-+++ ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java 2012-07-24 15:22:31.000000000 -0400
+@@ -544,4 +592,10 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+ }
+
+ protected String getHttpVersion() { return httpVersion; }
++
++ public long getContentLengthLong() { throw new IllegalStateException("Not implemented."); }
++
++ public String changeSessionId() { throw new IllegalStateException("Not implemented."); }
++
++ public HttpUpgradeHandler upgrade(Class arg0) { throw new IllegalStateException("Not implemented."); }
+ }
+diff --git a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
+index 6ba7018..5319dcf 100644
+--- a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
++++ b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
@@ -29,6 +29,8 @@ import java.util.Iterator;
import java.util.List;
import java.util.Locale;
@@ -90,7 +195,7 @@ diff -up ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseI
import java.util.StringTokenizer;
import javax.servlet.ServletOutputStream;
-@@ -84,7 +86,7 @@ public class HttpServletResponseImpl imp
+@@ -84,7 +86,7 @@ public class HttpServletResponseImpl implements HttpServletResponse {
}
}
@@ -99,7 +204,7 @@ diff -up ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseI
String key = pHeader.toLowerCase();
Object o = headers.get(key);
if (o == null) {
-@@ -101,6 +103,26 @@ public class HttpServletResponseImpl imp
+@@ -101,6 +103,26 @@ public class HttpServletResponseImpl implements HttpServletResponse {
}
}
@@ -126,3 +231,34 @@ diff -up ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseI
public void addIntHeader(String pHeader, int pValue) {
addHeader(pHeader, Integer.toString(pValue));
}
+@@ -465,4 +487,6 @@ public class HttpServletResponseImpl implements HttpServletResponse {
+ sb.append("\r\n");
+ return sb.toString();
+ }
++
++ public void setContentLengthLong(long arg0) { throw new IllegalStateException("Not implemented."); }
+ }
+diff --git a/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java b/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java
+index c2a53b1..86dbbb4 100644
+--- a/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java
++++ b/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java
+@@ -22,6 +22,7 @@ import java.io.IOException;
+ import java.io.OutputStream;
+
+ import javax.servlet.ServletOutputStream;
++import javax.servlet.WriteListener;
+
+
+ /** Default implementation of a servlet output stream.
+@@ -99,4 +100,8 @@ class ServletOutputStreamImpl extends ServletOutputStream {
+ boolean isCommitted() {
+ return committed;
+ }
++
++ public boolean isReady() { return true; }
++
++ public void setWriteListener(WriteListener arg0) { throw new IllegalStateException("Not implemented."); }
+ }
+--
+1.9.3
+
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 1c027f9..258df85 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
Name: xmlrpc
Version: 3.1.3
-Release: 9%{?dist}
+Release: 10%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -13,7 +13,7 @@ Patch1: %{name}-common-addosgimanifest.patch
Patch2: %{name}-javax-methods.patch
BuildRequires: maven-local
-BuildRequires: mvn(org.apache:apache)
+BuildRequires: mvn(org.apache:apache:pom:)
BuildRequires: mvn(commons-httpclient:commons-httpclient)
BuildRequires: mvn(commons-logging:commons-logging)
BuildRequires: mvn(javax.servlet:servlet-api)
@@ -61,7 +61,7 @@ Provides: %{name}3-server = 3.1.3-13
%prep
%setup -q -n apache-%{name}-%{version}-src
-%patch2 -b .sav
+%patch2 -p1
pushd client
%patch0 -b .sav
popd
@@ -94,6 +94,9 @@ sed -i 's/\r//' LICENSE.txt
%doc LICENSE.txt NOTICE.txt
%changelog
+* Mon Jun 16 2014 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 1:3.1.3-10
+- Use servlet 3.1.0 API
+
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1:3.1.3-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
commit f35522f3b983ab39ffe8c3e63796692199f9282e
Author: Dennis Gilmore <dennis(a)ausil.us>
Date: Sun Jun 8 01:07:46 2014 -0500
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 9b16359..1c027f9 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
Name: xmlrpc
Version: 3.1.3
-Release: 8%{?dist}
+Release: 9%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -94,6 +94,9 @@ sed -i 's/\r//' LICENSE.txt
%doc LICENSE.txt NOTICE.txt
%changelog
+* Sun Jun 08 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1:3.1.3-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
* Tue Mar 04 2014 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 1:3.1.3-8
- Use Requires: java-headless rebuild (#1067528)
commit 16e9536e35b3742aa46d4c7c3027229b41bc5146
Author: Stanislav Ochotnicky <sochotnicky(a)redhat.com>
Date: Tue Mar 4 09:06:04 2014 +0100
Use Requires: java-headless rebuild (#1067528)
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 54eca03..9b16359 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
Name: xmlrpc
Version: 3.1.3
-Release: 7%{?dist}
+Release: 8%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -94,6 +94,9 @@ sed -i 's/\r//' LICENSE.txt
%doc LICENSE.txt NOTICE.txt
%changelog
+* Tue Mar 04 2014 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 1:3.1.3-8
+- Use Requires: java-headless rebuild (#1067528)
+
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1:3.1.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
commit 0bd71fc4efa85ff5262efb99ef3f2c23d01a41a2
Author: Dennis Gilmore <dennis(a)ausil.us>
Date: Sun Aug 4 03:31:11 2013 -0500
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
diff --git a/xmlrpc.spec b/xmlrpc.spec
index ee29b35..54eca03 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
Name: xmlrpc
Version: 3.1.3
-Release: 6%{?dist}
+Release: 7%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -94,6 +94,9 @@ sed -i 's/\r//' LICENSE.txt
%doc LICENSE.txt NOTICE.txt
%changelog
+* Sun Aug 04 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1:3.1.3-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
* Fri Jun 14 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 1:3.1.3-6
- Update to current packaging guidelines
commit 2449421c8611008868c589d59623bdc762680353
Author: Mikolaj Izdebski <mizdebsk(a)redhat.com>
Date: Fri Jun 14 20:33:01 2013 +0200
Update to current packaging guidelines
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 5c1a899..ee29b35 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,35 +1,24 @@
-Name: xmlrpc
-Version: 3.1.3
-Release: 5%{?dist}
-Epoch: 1
-Summary: Java XML-RPC implementation
-License: ASL 2.0
-Group: Development/Libraries
-URL: http://ws.apache.org/xmlrpc/
-Source0: http://www.apache.org/dist/ws/xmlrpc/sources/apache-xmlrpc-%{version}-src...
-# Add OSGi MANIFEST information
-Patch0: %{name}-client-addosgimanifest.patch
-Patch1: %{name}-common-addosgimanifest.patch
-Patch2: %{name}-javax-methods.patch
+Name: xmlrpc
+Version: 3.1.3
+Release: 6%{?dist}
+Epoch: 1
+Summary: Java XML-RPC implementation
+License: ASL 2.0
+URL: http://ws.apache.org/xmlrpc/
+BuildArch: noarch
+
+Source0: http://www.apache.org/dist/ws/xmlrpc/sources/apache-xmlrpc-%{version}-src...
+Patch0: %{name}-client-addosgimanifest.patch
+Patch1: %{name}-common-addosgimanifest.patch
+Patch2: %{name}-javax-methods.patch
BuildRequires: maven-local
-BuildRequires: maven-resources-plugin
-BuildRequires: maven-compiler-plugin
-BuildRequires: maven-surefire-plugin
-BuildRequires: maven-jar-plugin
-BuildRequires: maven-install-plugin
-BuildRequires: maven-javadoc-plugin
-BuildRequires: maven-assembly-plugin
-BuildRequires: maven-source-plugin
-BuildRequires: maven-site-plugin
-BuildRequires: ws-commons-util
-BuildRequires: jpackage-utils >= 0:1.6
-BuildRequires: tomcat-servlet-3.0-api
-BuildRequires: junit
-BuildRequires: jakarta-commons-httpclient
-BuildRequires: apache-commons-logging
-
-BuildArch: noarch
+BuildRequires: mvn(org.apache:apache)
+BuildRequires: mvn(commons-httpclient:commons-httpclient)
+BuildRequires: mvn(commons-logging:commons-logging)
+BuildRequires: mvn(javax.servlet:servlet-api)
+BuildRequires: mvn(org.apache.ws.commons.util:ws-commons-util)
+
%description
Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol
@@ -40,44 +29,32 @@ statements in your code from helma.xmlrpc.* to org.apache.xmlrpc.*.
%package javadoc
Summary: Javadoc for %{name}
-Group: Documentation
%description javadoc
Javadoc for %{name}.
%package common
Summary: Common classes for XML-RPC client and server implementations
-Group: Development/Libraries
# Provide xmlrpc is not here because it would be useless due to different jar names
Obsoletes: %{name} < 3.1.3
Obsoletes: %{name}3-common < 3.1.3-13
Provides: %{name}3-common = 3.1.3-13
-Requires: ws-commons-util
-Requires: jpackage-utils >= 0:1.6
-Requires: apache-commons-logging
%description common
%{summary}.
%package client
Summary: XML-RPC client implementation
-Group: Development/Libraries
-Requires: %{name}-common
-Requires: jakarta-commons-httpclient
Obsoletes: %{name}3-client < 3.1.3-13
-Provides: %{name}3-client = 3.1.3-13
+Provides: %{name}3-client = 3.1.3-13
%description client
%{summary}.
%package server
Summary: XML-RPC server implementation
-Group: Development/Libraries
-Requires: %{name}-client
-Requires: junit
-Requires: tomcat-servlet-3.0-api
Obsoletes: %{name}3-server < 3.1.3-13
-Provides: %{name}3-server = 3.1.3-13
+Provides: %{name}3-server = 3.1.3-13
%description server
%{summary}.
@@ -94,71 +71,32 @@ popd
sed -i 's/\r//' LICENSE.txt
-%pom_remove_dep jaxme:jaxmeapi
+%pom_disable_module dist
+%pom_remove_dep jaxme:jaxmeapi common
+%mvn_file :{*} @1
+%mvn_package :*-common %{name}
%build
-# ignore test failure because server part needs network
-mvn-rpmbuild \
- -e \
- -Dmaven.test.failure.ignore=true \
- install javadoc:aggregate
+# FIXME: ignore test failure because server part needs network
+%mvn_build -s -- -Dmaven.test.failure.ignore=true
%install
-# jars
-install -d -m 755 $RPM_BUILD_ROOT%{_javadir}
-install -m 644 client/target/%{name}-client-%{version}.jar \
- $RPM_BUILD_ROOT%{_javadir}/%{name}-client.jar
-install -m 644 server/target/%{name}-server-%{version}.jar \
- $RPM_BUILD_ROOT%{_javadir}/%{name}-server.jar
-install -m 644 common/target/%{name}-common-%{version}.jar \
- $RPM_BUILD_ROOT%{_javadir}/%{name}-common.jar
-
-#compat symlinks remove in F-20
-pushd $RPM_BUILD_ROOT%{_javadir}
-ln -s %{name}-client.jar %{name}3-client.jar
-ln -s %{name}-server.jar %{name}3-server.jar
-ln -s %{name}-common.jar %{name}3-common.jar
-popd
-
-# install maven pom files
-install -Dm 644 pom.xml $RPM_BUILD_ROOT%{_mavenpomdir}/JPP-%{name}.pom
-install -Dm 644 common/pom.xml $RPM_BUILD_ROOT%{_mavenpomdir}/JPP-%{name}-common.pom
-install -Dm 644 client/pom.xml $RPM_BUILD_ROOT%{_mavenpomdir}/JPP-%{name}-client.pom
-install -Dm 644 server/pom.xml $RPM_BUILD_ROOT%{_mavenpomdir}/JPP-%{name}-server.pom
+%mvn_install
-# ... and maven depmaps
-%add_maven_depmap JPP-%{name}.pom
-%add_maven_depmap JPP-%{name}-common.pom %{name}-common.jar
-%add_maven_depmap JPP-%{name}-client.pom %{name}-client.jar
-%add_maven_depmap JPP-%{name}-server.pom %{name}-server.jar
+%files common -f .mfiles-%{name}
+%doc LICENSE.txt NOTICE.txt
-# javadoc
-install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}/%{name}
-cp -pr target/site/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
+%files client -f .mfiles-%{name}-client
-%files javadoc
-%doc LICENSE.txt NOTICE.txt
-%{_javadocdir}/*
+%files server -f .mfiles-%{name}-server
-%files common
+%files javadoc -f .mfiles-javadoc
%doc LICENSE.txt NOTICE.txt
-%{_mavenpomdir}/JPP-%{name}.pom
-%{_mavenpomdir}/JPP-%{name}-common.pom
-%{_mavendepmapfragdir}/%{name}
-%{_javadir}/%{name}-common.jar
-%{_javadir}/%{name}3-common.jar
-
-%files client
-%{_mavenpomdir}/JPP-%{name}-client.pom
-%{_javadir}/%{name}-client.jar
-%{_javadir}/%{name}3-client.jar
-
-%files server
-%{_mavenpomdir}/JPP-%{name}-server.pom
-%{_javadir}/%{name}-server.jar
-%{_javadir}/%{name}3-server.jar
%changelog
+* Fri Jun 14 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 1:3.1.3-6
+- Update to current packaging guidelines
+
* Fri May 17 2013 Alexander Kurtakov <akurtako(a)redhat.com> 1:3.1.3-5
- Remove javax.xml.bind from osgi imports - it's part of the JVM now.
- Drop the ws-jaxme dependency for the same reason.
@@ -170,7 +108,7 @@ cp -pr target/site/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
- Update for https://fedoraproject.org/wiki/Fedora_19_Maven_Rebuild
- Replace maven BuildRequires with maven-local
-* Sat Oct 20 2012 Peter Robinson <pbrobinson(a)fedoraproject.org> 3.1.3-2
+* Sat Oct 20 2012 Peter Robinson <pbrobinson(a)fedoraproject.org> 3.1.3-2
- xmlrpc v2 had an Epoch so we need one here. Add it back
* Fri Sep 14 2012 Alexander Kurtakov <akurtako(a)redhat.com> 3.1.3-1
commit ba5aa4a374902f0bda90c825e9ed8f2b87a3825e
Author: Alexander Kurtakov <akurtako(a)redhat.com>
Date: Fri May 17 14:33:33 2013 +0300
Remove javax.xml.bind from osgi imports - it's part of the JVM now.
- Drop the ws-jaxme dependency for the same reason.
diff --git a/xmlrpc-client-addosgimanifest.patch b/xmlrpc-client-addosgimanifest.patch
index 2ef2636..1b39a19 100644
--- a/xmlrpc-client-addosgimanifest.patch
+++ b/xmlrpc-client-addosgimanifest.patch
@@ -11,7 +11,7 @@
+ <Bundle-Version>${project.version}</Bundle-Version>
+ <Require-Bundle>org.apache.xmlrpc.common</Require-Bundle>
+ <Export-Package>org.apache.xmlrpc.client, org.apache.xmlrpc.client.util</Export-Package>
-+ <Import-Package>javax.xml.bind, javax.xml.namespace, javax.xml.parsers, org.apache.commons.httpclient, org.apache.commons.httpclient.auth, org.apache.commons.httpclient.methods, org.apache.commons.httpclient.params, org.apache.commons.logging, org.apache.ws.commons.serialize, org.apache.ws.commons.util, org.w3c.dom, org.xml.sax, org.xml.sax.helpers</Import-Package>
++ <Import-Package>javax.xml.namespace, javax.xml.parsers, org.apache.commons.httpclient, org.apache.commons.httpclient.auth, org.apache.commons.httpclient.methods, org.apache.commons.httpclient.params, org.apache.commons.logging, org.apache.ws.commons.serialize, org.apache.ws.commons.util, org.w3c.dom, org.xml.sax, org.xml.sax.helpers</Import-Package>
+ <Bundle-RequiredExecutionEnvironment>J2SE-1.4, CDC-1.0/Foundation-1.0, J2SE-1.3</Bundle-RequiredExecutionEnvironment>
+ <Eclipse-BuddyPolicy>dependent</Eclipse-BuddyPolicy>
+ <Bundle-Vendor>%Bundle-Vendor.0</Bundle-Vendor>
diff --git a/xmlrpc-common-addosgimanifest.patch b/xmlrpc-common-addosgimanifest.patch
index b136bbf..4d4aeca 100644
--- a/xmlrpc-common-addosgimanifest.patch
+++ b/xmlrpc-common-addosgimanifest.patch
@@ -10,7 +10,7 @@
+ <Bundle-SymbolicName>org.apache.xmlrpc.common</Bundle-SymbolicName>
+ <Bundle-Version>${project.version}</Bundle-Version>
+ <Export-Package>org.apache.xmlrpc, org.apache.xmlrpc.common, org.apache.xmlrpc.jaxb, org.apache.xmlrpc.parser, org.apache.xmlrpc.serializer, org.apache.xmlrpc.util</Export-Package>
-+ <Import-Package>javax.xml.bind, javax.xml.namespace, javax.xml.parsers, org.apache.commons.httpclient, org.apache.commons.httpclient.auth, org.apache.commons.httpclient.methods, org.apache.commons.httpclient.params, org.apache.commons.logging, org.apache.ws.commons.serialize, org.apache.ws.commons.util, org.w3c.dom, org.xml.sax, org.xml.sax.helpers</Import-Package>
++ <Import-Package>javax.xml.namespace, javax.xml.parsers, org.apache.commons.httpclient, org.apache.commons.httpclient.auth, org.apache.commons.httpclient.methods, org.apache.commons.httpclient.params, org.apache.commons.logging, org.apache.ws.commons.serialize, org.apache.ws.commons.util, org.w3c.dom, org.xml.sax, org.xml.sax.helpers</Import-Package>
+ <Bundle-RequiredExecutionEnvironment>J2SE-1.4, CDC-1.0/Foundation-1.0, J2SE-1.3</Bundle-RequiredExecutionEnvironment>
+ <Eclipse-BuddyPolicy>dependent</Eclipse-BuddyPolicy>
+ <Bundle-Vendor>%Bundle-Vendor.0</Bundle-Vendor>
diff --git a/xmlrpc-jpp-depmap.xml b/xmlrpc-jpp-depmap.xml
deleted file mode 100644
index d622c4b..0000000
--- a/xmlrpc-jpp-depmap.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<dependencies>
- <dependency>
- <maven>
- <groupId>jaxme</groupId>
- <artifactId>jaxmeapi</artifactId>
- <version>0.5.1</version>
- </maven>
- <jpp>
- <groupId>JPP</groupId>
- <artifactId>jaxme/jaxmeapi</artifactId>
- <version>0.5.1</version>
- </jpp>
- </dependency>
-</dependencies>
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 9963bf9..5c1a899 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,13 +1,12 @@
Name: xmlrpc
Version: 3.1.3
-Release: 4%{?dist}
+Release: 5%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
Group: Development/Libraries
URL: http://ws.apache.org/xmlrpc/
Source0: http://www.apache.org/dist/ws/xmlrpc/sources/apache-xmlrpc-%{version}-src...
-Source1: %{name}-jpp-depmap.xml
# Add OSGi MANIFEST information
Patch0: %{name}-client-addosgimanifest.patch
Patch1: %{name}-common-addosgimanifest.patch
@@ -23,7 +22,6 @@ BuildRequires: maven-javadoc-plugin
BuildRequires: maven-assembly-plugin
BuildRequires: maven-source-plugin
BuildRequires: maven-site-plugin
-BuildRequires: ws-jaxme
BuildRequires: ws-commons-util
BuildRequires: jpackage-utils >= 0:1.6
BuildRequires: tomcat-servlet-3.0-api
@@ -54,7 +52,6 @@ Group: Development/Libraries
Obsoletes: %{name} < 3.1.3
Obsoletes: %{name}3-common < 3.1.3-13
Provides: %{name}3-common = 3.1.3-13
-Requires: ws-jaxme
Requires: ws-commons-util
Requires: jpackage-utils >= 0:1.6
Requires: apache-commons-logging
@@ -97,11 +94,12 @@ popd
sed -i 's/\r//' LICENSE.txt
+%pom_remove_dep jaxme:jaxmeapi
+
%build
# ignore test failure because server part needs network
mvn-rpmbuild \
-e \
- -Dmaven.local.depmap.file=%{SOURCE1} \
-Dmaven.test.failure.ignore=true \
install javadoc:aggregate
@@ -161,6 +159,10 @@ cp -pr target/site/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
%{_javadir}/%{name}3-server.jar
%changelog
+* Fri May 17 2013 Alexander Kurtakov <akurtako(a)redhat.com> 1:3.1.3-5
+- Remove javax.xml.bind from osgi imports - it's part of the JVM now.
+- Drop the ws-jaxme dependency for the same reason.
+
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1:3.1.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
commit e038c2166d92b68078f466cccadf9d0f7dab0981
Author: Dennis Gilmore <dennis(a)ausil.us>
Date: Thu Feb 14 21:50:38 2013 -0600
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
diff --git a/xmlrpc.spec b/xmlrpc.spec
index cb02d38..9963bf9 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
Name: xmlrpc
Version: 3.1.3
-Release: 3%{?dist}
+Release: 4%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -161,6 +161,9 @@ cp -pr target/site/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
%{_javadir}/%{name}3-server.jar
%changelog
+* Fri Feb 15 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1:3.1.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
* Wed Feb 06 2013 Java SIG <java-devel(a)lists.fedoraproject.org> - 1:3.1.3-3
- Update for https://fedoraproject.org/wiki/Fedora_19_Maven_Rebuild
- Replace maven BuildRequires with maven-local
commit 7c520a0c47dcbf44f7e5428cbfd9457cc98573e0
Author: Stanislav Ochotnicky <sochotnicky(a)redhat.com>
Date: Wed Feb 6 20:49:51 2013 +0100
- Update for https://fedoraproject.org/wiki/Fedora_19_Maven_Rebuild
- Replace maven BuildRequires with maven-local
diff --git a/xmlrpc.spec b/xmlrpc.spec
index e572d8e..cb02d38 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
Name: xmlrpc
Version: 3.1.3
-Release: 2%{?dist}
+Release: 3%{?dist}
Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -13,7 +13,7 @@ Patch0: %{name}-client-addosgimanifest.patch
Patch1: %{name}-common-addosgimanifest.patch
Patch2: %{name}-javax-methods.patch
-BuildRequires: maven
+BuildRequires: maven-local
BuildRequires: maven-resources-plugin
BuildRequires: maven-compiler-plugin
BuildRequires: maven-surefire-plugin
@@ -161,6 +161,10 @@ cp -pr target/site/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
%{_javadir}/%{name}3-server.jar
%changelog
+* Wed Feb 06 2013 Java SIG <java-devel(a)lists.fedoraproject.org> - 1:3.1.3-3
+- Update for https://fedoraproject.org/wiki/Fedora_19_Maven_Rebuild
+- Replace maven BuildRequires with maven-local
+
* Sat Oct 20 2012 Peter Robinson <pbrobinson(a)fedoraproject.org> 3.1.3-2
- xmlrpc v2 had an Epoch so we need one here. Add it back
commit f4b12f09650d60e755253462f4e38ddc4bc248bb
Author: Peter Robinson <pbrobinson(a)gmail.com>
Date: Sat Oct 20 12:53:04 2012 +0100
xmlrpc v2 had an Epoch so we need one here. Add it back
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 568dcc0..e572d8e 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,7 @@
Name: xmlrpc
Version: 3.1.3
-Release: 1%{?dist}
+Release: 2%{?dist}
+Epoch: 1
Summary: Java XML-RPC implementation
License: ASL 2.0
Group: Development/Libraries
@@ -160,5 +161,8 @@ cp -pr target/site/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
%{_javadir}/%{name}3-server.jar
%changelog
+* Sat Oct 20 2012 Peter Robinson <pbrobinson(a)fedoraproject.org> 3.1.3-2
+- xmlrpc v2 had an Epoch so we need one here. Add it back
+
* Fri Sep 14 2012 Alexander Kurtakov <akurtako(a)redhat.com> 3.1.3-1
- First release of version 3.x package
commit 1fc74296971bda3ebf856eeb17ddbab47890513e
Author: Alexander Kurtakov <akurtako(a)redhat.com>
Date: Fri Sep 14 11:27:53 2012 +0300
Move to xmlrpc version 3.x.
diff --git a/.gitignore b/.gitignore
index a8f88ef..6de88cd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
xmlrpc-2.0.1-src.tar.gz
+/apache-xmlrpc-3.1.3-src.tar.bz2
diff --git a/.project b/.project
new file mode 100644
index 0000000..d3cdf74
--- /dev/null
+++ b/.project
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>xmlrpc</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.linuxtools.rpm.rpmlint.rpmlintBuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.linuxtools.rpm.rpmlint.rpmlintNature</nature>
+ </natures>
+</projectDescription>
diff --git a/changelog-pre3.x.txt b/changelog-pre3.x.txt
new file mode 100644
index 0000000..9cef632
--- /dev/null
+++ b/changelog-pre3.x.txt
@@ -0,0 +1,120 @@
+* Sun Jul 22 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Tue Jun 05 2012 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-12
+- Migrate to new tomcat-servlet-api
+
+* Sat Jan 14 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Mon Feb 07 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Tue Dec 21 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-9
+- Require java >= 1:1.6.0
+- Fix classpaths to ensure building of all optional features
+- Remove stale patch
+
+* Thu Dec 16 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-8
+- Migrate from old servlet api to new one
+
+* Thu Dec 9 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-7
+- Remove gcj support
+- Make jars/javadocs versionless
+- Add ws-commons-util Requires
+- Use apache-commons-codec
+- Drop unneeded patch for jsse
+
+* Thu Mar 11 2010 Peter Lemenkov <lemenkov(a)gmail.com> - 0:2.0.1-6.6
+- Added missing requires jpackage-utils
+
+* Mon Jul 27 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-6.5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Thu Feb 26 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-5.5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Thu Jul 10 2008 Tom "spot" Callaway <tcallawa(a)redhat.com> - 0:2.0.1-4.5
+- drop repotag
+
+* Thu May 29 2008 Tom "spot" Callaway <tcallawa(a)redhat.com> - 0:2.0.1-4jpp.4
+- fix license tag
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng(a)fedoraproject.org> - 0:2.0.1-4jpp.3
+- Autorebuild for GCC 4.3
+
+* Tue Mar 27 2007 Matt Wringe <mwringe(a)redhat.com> 0:2.0.1-3jpp.3
+- Spec file clean up for Fedora Extras Review
+
+* Thu Mar 08 2007 Deepak Bhole <dbhole(a)redhat.com> 2.0.1-3jpp.2
+- Add javax.net.ssl support to build org.apache.xmlrpc.secure.*
+- Minor spec file cleanup
+
+* Fri Aug 04 2006 Vivek Lakshmanan <vivekl(a)redhat.com> - 0:2.0.1-3jpp.1
+- Merge with latest from JPP.
+
+* Sat Jul 22 2006 Jakub Jelinek <jakub(a)redhat.com> - 0:2.0.1-1jpp_8.2fc
+- Rebuilt
+
+* Wed Jul 12 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_8.1fc
+- rebuild
+
+* Wed Mar 8 2006 Rafael Schloming <rafaels(a)redhat.com> - 0:2.0.1-1jpp_7fc
+- excluded s390 due to eclipse
+
+* Mon Mar 6 2006 Jeremy Katz <katzj(a)redhat.com> - 0:2.0.1-1jpp_6fc
+- stop scriptlet spew
+
+* Fri Feb 24 2006 Igor Foox <ifoox(a)redhat.com> - 0:2.0.1-1jpp_5fc
+- Added post/postun dependency on coreutils.
+
+* Fri Feb 10 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_4fc
+- bump again for double-long bug on ppc(64)
+
+* Tue Feb 07 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_3fc
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Wed Jan 25 2006 Igor Foox <ifoox(a)redhat.com> 0:2.0.1-1jpp_2fc
+- ExcludeArch s390x and ppc64
+
+* Wed Jan 18 2006 Andrew Overholt <overholt(a)redhat.com> 0:2.0.1-1jpp_2fc
+- Comment out JPackage Distribution and Vendor tags
+
+* Wed Jan 18 2006 Jesse Keating <jkeating(a)redhat.com> 0:2.0.1-1jpp_2fc
+- bump for test
+
+* Wed Jan 18 2006 Igor Foox <ifoox(a)redhat.com> 0:2.0.1-1jpp_1fc
+- Update to version 2.0.1
+- Natively compile
+
+* Thu Aug 26 2004 Ralph Apel <r.apel at r-apel.de> 0:1.2-0.b1.3jpp
+- Build with ant-1.6.2
+
+* Thu Apr 29 2004 David Walluck <david(a)jpackage.org> 0:1.2-0.b1.2jpp
+- add jar symlinks
+- remove %%buildroot in %%install
+
+* Tue May 06 2003 David Walluck <david(a)anti-microsoft.org> 0:1.2-0.b1.1jpp
+- 1.2-b1
+- update for JPackage 1.5
+
+* Mon Mar 18 2002 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.1-1jpp
+- 1.1
+- generic servlet support
+- used source release
+- dropped patch
+- added applet jar
+
+* Mon Jan 21 2002 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-3jpp
+- versioned dir for javadoc
+- no dependencies for javadoc package
+- dropped jsse package
+- adaptation to new servlet3 package
+- adaptation to new jsse package
+- section macro
+
+* Fri Dec 7 2001 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-2jpp
+- javadoc into javadoc package
+
+* Sat Nov 3 2001 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-1jpp
+- first JPackage release
diff --git a/sources b/sources
index 281ba07..f4bbd2c 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-b88cc15b25d9bd688b1889d2ad234125 xmlrpc-2.0.1-src.tar.gz
+f7817485fa6a6a500c49ec9515d1f3b9 apache-xmlrpc-3.1.3-src.tar.bz2
diff --git a/xmlrpc-client-addosgimanifest.patch b/xmlrpc-client-addosgimanifest.patch
new file mode 100644
index 0000000..2ef2636
--- /dev/null
+++ b/xmlrpc-client-addosgimanifest.patch
@@ -0,0 +1,20 @@
+--- pom.xml.sav 2010-02-06 17:44:57.000000000 +0200
++++ pom.xml 2010-09-29 09:27:06.194857352 +0300
+@@ -48,6 +48,17 @@
+ <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
+ <Implementation-Vendor>Apache Software Foundation</Implementation-Vendor>
+ <Implementation-Version>${project.version}</Implementation-Version>
++ <Bundle-ManifestVersion>2</Bundle-ManifestVersion>
++ <Bundle-Name>%Bundle-Name</Bundle-Name>
++ <Bundle-Localization>plugin</Bundle-Localization>
++ <Bundle-SymbolicName>org.apache.xmlrpc</Bundle-SymbolicName>
++ <Bundle-Version>${project.version}</Bundle-Version>
++ <Require-Bundle>org.apache.xmlrpc.common</Require-Bundle>
++ <Export-Package>org.apache.xmlrpc.client, org.apache.xmlrpc.client.util</Export-Package>
++ <Import-Package>javax.xml.bind, javax.xml.namespace, javax.xml.parsers, org.apache.commons.httpclient, org.apache.commons.httpclient.auth, org.apache.commons.httpclient.methods, org.apache.commons.httpclient.params, org.apache.commons.logging, org.apache.ws.commons.serialize, org.apache.ws.commons.util, org.w3c.dom, org.xml.sax, org.xml.sax.helpers</Import-Package>
++ <Bundle-RequiredExecutionEnvironment>J2SE-1.4, CDC-1.0/Foundation-1.0, J2SE-1.3</Bundle-RequiredExecutionEnvironment>
++ <Eclipse-BuddyPolicy>dependent</Eclipse-BuddyPolicy>
++ <Bundle-Vendor>%Bundle-Vendor.0</Bundle-Vendor>
+ </manifestEntries>
+ </archive>
+ </configuration>
diff --git a/xmlrpc-common-addosgimanifest.patch b/xmlrpc-common-addosgimanifest.patch
new file mode 100644
index 0000000..b136bbf
--- /dev/null
+++ b/xmlrpc-common-addosgimanifest.patch
@@ -0,0 +1,19 @@
+--- pom.xml.sav 2010-02-06 17:44:50.000000000 +0200
++++ pom.xml 2010-09-29 09:30:38.857857644 +0300
+@@ -48,6 +48,16 @@
+ <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
+ <Implementation-Vendor>Apache Software Foundation</Implementation-Vendor>
+ <Implementation-Version>${project.version}</Implementation-Version>
++ <Bundle-ManifestVersion>2</Bundle-ManifestVersion>
++ <Bundle-Name>%Bundle-Name</Bundle-Name>
++ <Bundle-Localization>plugin</Bundle-Localization>
++ <Bundle-SymbolicName>org.apache.xmlrpc.common</Bundle-SymbolicName>
++ <Bundle-Version>${project.version}</Bundle-Version>
++ <Export-Package>org.apache.xmlrpc, org.apache.xmlrpc.common, org.apache.xmlrpc.jaxb, org.apache.xmlrpc.parser, org.apache.xmlrpc.serializer, org.apache.xmlrpc.util</Export-Package>
++ <Import-Package>javax.xml.bind, javax.xml.namespace, javax.xml.parsers, org.apache.commons.httpclient, org.apache.commons.httpclient.auth, org.apache.commons.httpclient.methods, org.apache.commons.httpclient.params, org.apache.commons.logging, org.apache.ws.commons.serialize, org.apache.ws.commons.util, org.w3c.dom, org.xml.sax, org.xml.sax.helpers</Import-Package>
++ <Bundle-RequiredExecutionEnvironment>J2SE-1.4, CDC-1.0/Foundation-1.0, J2SE-1.3</Bundle-RequiredExecutionEnvironment>
++ <Eclipse-BuddyPolicy>dependent</Eclipse-BuddyPolicy>
++ <Bundle-Vendor>%Bundle-Vendor.0</Bundle-Vendor>
+ </manifestEntries>
+ </archive>
+ </configuration>
diff --git a/xmlrpc-javax-methods.patch b/xmlrpc-javax-methods.patch
new file mode 100644
index 0000000..2a99d9f
--- /dev/null
+++ b/xmlrpc-javax-methods.patch
@@ -0,0 +1,128 @@
+diff -up ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java.fix ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
+--- ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java.fix 2012-07-24 14:49:54.000000000 -0400
++++ ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java 2012-07-24 18:20:17.000000000 -0400
+@@ -31,6 +31,7 @@ import java.net.URLDecoder;
+ import java.security.Principal;
+ import java.util.ArrayList;
+ import java.util.Collections;
++import java.util.Collection;
+ import java.util.Enumeration;
+ import java.util.HashMap;
+ import java.util.Iterator;
+@@ -41,8 +42,15 @@ import java.util.StringTokenizer;
+
+ import javax.servlet.RequestDispatcher;
+ import javax.servlet.ServletInputStream;
++import javax.servlet.DispatcherType;
++import javax.servlet.AsyncContext;
++import javax.servlet.ServletContext;
++import javax.servlet.ServletRequest;
++import javax.servlet.ServletResponse;
+ import javax.servlet.http.Cookie;
++import javax.servlet.http.Part;
+ import javax.servlet.http.HttpServletRequest;
++import javax.servlet.http.HttpServletResponse;
+ import javax.servlet.http.HttpSession;
+
+ import org.apache.xmlrpc.common.XmlRpcStreamConfig;
+@@ -66,6 +74,7 @@ public class HttpServletRequestImpl impl
+ private String queryString;
+ private String httpVersion;
+ private final Map headers = new HashMap();
++ private final Map parts = new HashMap();
+ private final Map attributes = new HashMap();
+ private Map parameters;
+ private String characterEncoding;
+@@ -227,6 +236,12 @@ public class HttpServletRequestImpl impl
+ return Collections.enumeration(list);
+ }
+
++ public Part getPart(String name) { throw new IllegalStateException("Not implemented"); }
++
++ public Collection getParts() { throw new IllegalStateException("Not implemented"); }
++
++ public boolean authenticate (HttpServletResponse response) { throw new IllegalStateException("Not implemented"); }
++
+ public int getIntHeader(String pHeader) {
+ String s = getHeader(pHeader);
+ return s == null ? -1 : Integer.parseInt(s);
+@@ -242,6 +257,10 @@ public class HttpServletRequestImpl impl
+
+ public String getRemoteUser() { throw new IllegalStateException("Not implemented"); }
+
++ public void login(String username, String password) { throw new IllegalStateException("Not implemented"); }
++
++ public void logout() { throw new IllegalStateException("Not implemented"); }
++
+ public String getRequestURI() { return uri; }
+
+ public StringBuffer getRequestURL() {
+@@ -280,6 +299,20 @@ public class HttpServletRequestImpl impl
+ return sb;
+ }
+
++ public AsyncContext getAsyncContext() { throw new IllegalStateException("Not implemented"); }
++
++ public boolean isAsyncSupported() { return false; }
++
++ public boolean isAsyncStarted() { return false; }
++
++ public ServletContext getServletContext() { throw new IllegalStateException("Not implemented"); }
++
++ public AsyncContext startAsync(ServletRequest req, ServletResponse resp) { throw new IllegalStateException("Not implemented"); }
++
++ public AsyncContext startAsync() { throw new IllegalStateException("Not implemented"); }
++
++ public DispatcherType getDispatcherType() { throw new IllegalStateException("Not implemented"); }
++
+ public String getRequestedSessionId() { throw new IllegalStateException("Not implemented"); }
+
+ public String getServletPath() { return uri; }
+diff -up ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java.fix ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
+--- ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java.fix 2012-07-24 14:49:46.000000000 -0400
++++ ./server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java 2012-07-24 15:22:31.000000000 -0400
+@@ -29,6 +29,8 @@ import java.util.Iterator;
+ import java.util.List;
+ import java.util.Locale;
+ import java.util.Map;
++import java.util.Collection;
++import java.util.Collections;
+ import java.util.StringTokenizer;
+
+ import javax.servlet.ServletOutputStream;
+@@ -84,7 +86,7 @@ public class HttpServletResponseImpl imp
+ }
+ }
+
+- private String getHeader(String pHeader) {
++ public String getHeader(String pHeader) {
+ String key = pHeader.toLowerCase();
+ Object o = headers.get(key);
+ if (o == null) {
+@@ -101,6 +103,26 @@ public class HttpServletResponseImpl imp
+ }
+ }
+
++ public Collection getHeaderNames() {
++ return headers.keySet();
++ }
++
++ public Collection getHeaders(String pHeader) {
++ String key = pHeader.toLowerCase();
++ Object o = headers.get(key);
++ List list;
++ if (o instanceof List) {
++ list = (List) o;
++ } else {
++ list = Collections.singletonList(o);
++ }
++ return list;
++ }
++
++ public int getStatus() {
++ return status;
++ }
++
+ public void addIntHeader(String pHeader, int pValue) {
+ addHeader(pHeader, Integer.toString(pValue));
+ }
diff --git a/xmlrpc-jpp-depmap.xml b/xmlrpc-jpp-depmap.xml
new file mode 100644
index 0000000..d622c4b
--- /dev/null
+++ b/xmlrpc-jpp-depmap.xml
@@ -0,0 +1,14 @@
+<dependencies>
+ <dependency>
+ <maven>
+ <groupId>jaxme</groupId>
+ <artifactId>jaxmeapi</artifactId>
+ <version>0.5.1</version>
+ </maven>
+ <jpp>
+ <groupId>JPP</groupId>
+ <artifactId>jaxme/jaxmeapi</artifactId>
+ <version>0.5.1</version>
+ </jpp>
+ </dependency>
+</dependencies>
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 7e9e325..568dcc0 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,62 +1,36 @@
-# Copyright (c) 2000-2005, JPackage Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the
-# distribution.
-# 3. Neither the name of the JPackage Project nor the names of its
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
Name: xmlrpc
-Version: 2.0.1
-Release: 13%{?dist}
-Epoch: 0
+Version: 3.1.3
+Release: 1%{?dist}
Summary: Java XML-RPC implementation
License: ASL 2.0
-Group: Development/Java
-Url: http://xml.apache.org/%{name}/
-Source0: http://www.apache.org/dist/ws/xmlrpc/sources/xmlrpc-2.0.1-src.tar.gz
-
-BuildRequires: java >= 1:1.6.0
-BuildRequires: ant
+Group: Development/Libraries
+URL: http://ws.apache.org/xmlrpc/
+Source0: http://www.apache.org/dist/ws/xmlrpc/sources/apache-xmlrpc-%{version}-src...
+Source1: %{name}-jpp-depmap.xml
+# Add OSGi MANIFEST information
+Patch0: %{name}-client-addosgimanifest.patch
+Patch1: %{name}-common-addosgimanifest.patch
+Patch2: %{name}-javax-methods.patch
+
+BuildRequires: maven
+BuildRequires: maven-resources-plugin
+BuildRequires: maven-compiler-plugin
+BuildRequires: maven-surefire-plugin
+BuildRequires: maven-jar-plugin
+BuildRequires: maven-install-plugin
+BuildRequires: maven-javadoc-plugin
+BuildRequires: maven-assembly-plugin
+BuildRequires: maven-source-plugin
+BuildRequires: maven-site-plugin
+BuildRequires: ws-jaxme
+BuildRequires: ws-commons-util
BuildRequires: jpackage-utils >= 0:1.6
-BuildRequires: servlet3
+BuildRequires: tomcat-servlet-3.0-api
BuildRequires: junit
BuildRequires: jakarta-commons-httpclient
-BuildRequires: apache-commons-codec
-
-Requires: java >= 1:1.6.0
-Requires: jpackage-utils >= 0:1.6
-Requires: servlet3
-Requires: junit
-Requires: jakarta-commons-httpclient
-Requires: apache-commons-codec
-Requires: jpackage-utils
-Requires: ws-commons-util
-
-Buildarch: noarch
+BuildRequires: apache-commons-logging
+BuildArch: noarch
%description
Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol
@@ -67,162 +41,124 @@ statements in your code from helma.xmlrpc.* to org.apache.xmlrpc.*.
%package javadoc
Summary: Javadoc for %{name}
-Group: Development/Java
-Requires: jpackage-utils
+Group: Documentation
%description javadoc
Javadoc for %{name}.
+%package common
+Summary: Common classes for XML-RPC client and server implementations
+Group: Development/Libraries
+# Provide xmlrpc is not here because it would be useless due to different jar names
+Obsoletes: %{name} < 3.1.3
+Obsoletes: %{name}3-common < 3.1.3-13
+Provides: %{name}3-common = 3.1.3-13
+Requires: ws-jaxme
+Requires: ws-commons-util
+Requires: jpackage-utils >= 0:1.6
+Requires: apache-commons-logging
+
+%description common
+%{summary}.
+
+%package client
+Summary: XML-RPC client implementation
+Group: Development/Libraries
+Requires: %{name}-common
+Requires: jakarta-commons-httpclient
+Obsoletes: %{name}3-client < 3.1.3-13
+Provides: %{name}3-client = 3.1.3-13
+
+%description client
+%{summary}.
+
+%package server
+Summary: XML-RPC server implementation
+Group: Development/Libraries
+Requires: %{name}-client
+Requires: junit
+Requires: tomcat-servlet-3.0-api
+Obsoletes: %{name}3-server < 3.1.3-13
+Provides: %{name}3-server = 3.1.3-13
+
+%description server
+%{summary}.
+
%prep
-%setup -q -n %{name}-%{version}
-# remove all binary libs
-find . -name "*.jar" -exec rm -f {} \;
+%setup -q -n apache-%{name}-%{version}-src
+%patch2 -b .sav
+pushd client
+%patch0 -b .sav
+popd
+pushd common
+%patch1 -b .sav
+popd
+sed -i 's/\r//' LICENSE.txt
%build
-export CLASSPATH=%(build-classpath commons-httpclient apache-commons-codec tomcat-servlet-api junit 2>/dev/null)
-ant -Dbuild.dir=./bin -Dbuild.dest=./bin -Dsrc.dir=./src -Dfinal.name=%{name}-%{version} -Djavadoc.destdir=./docs/apidocs -Dhave.deps=true jar
-ant -Dbuild.dir=./bin -Dbuild.dest=./bin -Dsrc.dir=./src -Dfinal.name=%{name}-%{version} -Djavadoc.destdir=./docs/apidocs -Dhave.deps=true javadocs
+# ignore test failure because server part needs network
+mvn-rpmbuild \
+ -e \
+ -Dmaven.local.depmap.file=%{SOURCE1} \
+ -Dmaven.test.failure.ignore=true \
+ install javadoc:aggregate
%install
-rm -rf $RPM_BUILD_ROOT
-
# jars
install -d -m 755 $RPM_BUILD_ROOT%{_javadir}
-install -m 644 bin/%{name}-%{version}.jar $RPM_BUILD_ROOT%{_javadir}/%{name}.jar
-install -m 644 bin/%{name}-%{version}-applet.jar $RPM_BUILD_ROOT%{_javadir}/%{name}-applet.jar
+install -m 644 client/target/%{name}-client-%{version}.jar \
+ $RPM_BUILD_ROOT%{_javadir}/%{name}-client.jar
+install -m 644 server/target/%{name}-server-%{version}.jar \
+ $RPM_BUILD_ROOT%{_javadir}/%{name}-server.jar
+install -m 644 common/target/%{name}-common-%{version}.jar \
+ $RPM_BUILD_ROOT%{_javadir}/%{name}-common.jar
+
+#compat symlinks remove in F-20
+pushd $RPM_BUILD_ROOT%{_javadir}
+ln -s %{name}-client.jar %{name}3-client.jar
+ln -s %{name}-server.jar %{name}3-server.jar
+ln -s %{name}-common.jar %{name}3-common.jar
+popd
+
+# install maven pom files
+install -Dm 644 pom.xml $RPM_BUILD_ROOT%{_mavenpomdir}/JPP-%{name}.pom
+install -Dm 644 common/pom.xml $RPM_BUILD_ROOT%{_mavenpomdir}/JPP-%{name}-common.pom
+install -Dm 644 client/pom.xml $RPM_BUILD_ROOT%{_mavenpomdir}/JPP-%{name}-client.pom
+install -Dm 644 server/pom.xml $RPM_BUILD_ROOT%{_mavenpomdir}/JPP-%{name}-server.pom
+
+# ... and maven depmaps
+%add_maven_depmap JPP-%{name}.pom
+%add_maven_depmap JPP-%{name}-common.pom %{name}-common.jar
+%add_maven_depmap JPP-%{name}-client.pom %{name}-client.jar
+%add_maven_depmap JPP-%{name}-server.pom %{name}-server.jar
# javadoc
install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}/%{name}
-cp -pr docs/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
-
-
-%files
-%doc LICENSE.txt README.txt
-%{_javadir}/*
-
+cp -pr target/site/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
%files javadoc
-%{_javadocdir}/%{name}
+%doc LICENSE.txt NOTICE.txt
+%{_javadocdir}/*
+
+%files common
+%doc LICENSE.txt NOTICE.txt
+%{_mavenpomdir}/JPP-%{name}.pom
+%{_mavenpomdir}/JPP-%{name}-common.pom
+%{_mavendepmapfragdir}/%{name}
+%{_javadir}/%{name}-common.jar
+%{_javadir}/%{name}3-common.jar
+
+%files client
+%{_mavenpomdir}/JPP-%{name}-client.pom
+%{_javadir}/%{name}-client.jar
+%{_javadir}/%{name}3-client.jar
+
+%files server
+%{_mavenpomdir}/JPP-%{name}-server.pom
+%{_javadir}/%{name}-server.jar
+%{_javadir}/%{name}3-server.jar
%changelog
-* Sun Jul 22 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-13
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
-
-* Tue Jun 05 2012 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-12
-- Migrate to new tomcat-servlet-api
-
-* Sat Jan 14 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-11
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
-
-* Mon Feb 07 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
-
-* Tue Dec 21 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-9
-- Require java >= 1:1.6.0
-- Fix classpaths to ensure building of all optional features
-- Remove stale patch
-
-* Thu Dec 16 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-8
-- Migrate from old servlet api to new one
-
-* Thu Dec 9 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-7
-- Remove gcj support
-- Make jars/javadocs versionless
-- Add ws-commons-util Requires
-- Use apache-commons-codec
-- Drop unneeded patch for jsse
-
-* Thu Mar 11 2010 Peter Lemenkov <lemenkov(a)gmail.com> - 0:2.0.1-6.6
-- Added missing requires jpackage-utils
-
-* Mon Jul 27 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-6.5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
-
-* Thu Feb 26 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-5.5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
-
-* Thu Jul 10 2008 Tom "spot" Callaway <tcallawa(a)redhat.com> - 0:2.0.1-4.5
-- drop repotag
-
-* Thu May 29 2008 Tom "spot" Callaway <tcallawa(a)redhat.com> - 0:2.0.1-4jpp.4
-- fix license tag
-
-* Tue Feb 19 2008 Fedora Release Engineering <rel-eng(a)fedoraproject.org> - 0:2.0.1-4jpp.3
-- Autorebuild for GCC 4.3
-
-* Tue Mar 27 2007 Matt Wringe <mwringe(a)redhat.com> 0:2.0.1-3jpp.3
-- Spec file clean up for Fedora Extras Review
-
-* Thu Mar 08 2007 Deepak Bhole <dbhole(a)redhat.com> 2.0.1-3jpp.2
-- Add javax.net.ssl support to build org.apache.xmlrpc.secure.*
-- Minor spec file cleanup
-
-* Fri Aug 04 2006 Vivek Lakshmanan <vivekl(a)redhat.com> - 0:2.0.1-3jpp.1
-- Merge with latest from JPP.
-
-* Sat Jul 22 2006 Jakub Jelinek <jakub(a)redhat.com> - 0:2.0.1-1jpp_8.2fc
-- Rebuilt
-
-* Wed Jul 12 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_8.1fc
-- rebuild
-
-* Wed Mar 8 2006 Rafael Schloming <rafaels(a)redhat.com> - 0:2.0.1-1jpp_7fc
-- excluded s390 due to eclipse
-
-* Mon Mar 6 2006 Jeremy Katz <katzj(a)redhat.com> - 0:2.0.1-1jpp_6fc
-- stop scriptlet spew
-
-* Fri Feb 24 2006 Igor Foox <ifoox(a)redhat.com> - 0:2.0.1-1jpp_5fc
-- Added post/postun dependency on coreutils.
-
-* Fri Feb 10 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_4fc
-- bump again for double-long bug on ppc(64)
-
-* Tue Feb 07 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_3fc
-- rebuilt for new gcc4.1 snapshot and glibc changes
-
-* Wed Jan 25 2006 Igor Foox <ifoox(a)redhat.com> 0:2.0.1-1jpp_2fc
-- ExcludeArch s390x and ppc64
-
-* Wed Jan 18 2006 Andrew Overholt <overholt(a)redhat.com> 0:2.0.1-1jpp_2fc
-- Comment out JPackage Distribution and Vendor tags
-
-* Wed Jan 18 2006 Jesse Keating <jkeating(a)redhat.com> 0:2.0.1-1jpp_2fc
-- bump for test
-
-* Wed Jan 18 2006 Igor Foox <ifoox(a)redhat.com> 0:2.0.1-1jpp_1fc
-- Update to version 2.0.1
-- Natively compile
-
-* Thu Aug 26 2004 Ralph Apel <r.apel at r-apel.de> 0:1.2-0.b1.3jpp
-- Build with ant-1.6.2
-
-* Thu Apr 29 2004 David Walluck <david(a)jpackage.org> 0:1.2-0.b1.2jpp
-- add jar symlinks
-- remove %%buildroot in %%install
-
-* Tue May 06 2003 David Walluck <david(a)anti-microsoft.org> 0:1.2-0.b1.1jpp
-- 1.2-b1
-- update for JPackage 1.5
-
-* Mon Mar 18 2002 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.1-1jpp
-- 1.1
-- generic servlet support
-- used source release
-- dropped patch
-- added applet jar
-
-* Mon Jan 21 2002 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-3jpp
-- versioned dir for javadoc
-- no dependencies for javadoc package
-- dropped jsse package
-- adaptation to new servlet3 package
-- adaptation to new jsse package
-- section macro
-
-* Fri Dec 7 2001 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-2jpp
-- javadoc into javadoc package
-
-* Sat Nov 3 2001 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-1jpp
-- first JPackage release
+* Fri Sep 14 2012 Alexander Kurtakov <akurtako(a)redhat.com> 3.1.3-1
+- First release of version 3.x package
commit 0d20769d77313b80bf541c510fe3738dd1e0dd23
Author: Dennis Gilmore <dennis(a)ausil.us>
Date: Sun Jul 22 00:52:50 2012 -0500
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 5517d11..7e9e325 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -30,7 +30,7 @@
Name: xmlrpc
Version: 2.0.1
-Release: 12%{?dist}
+Release: 13%{?dist}
Epoch: 0
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -106,6 +106,9 @@ cp -pr docs/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
%{_javadocdir}/%{name}
%changelog
+* Sun Jul 22 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
* Tue Jun 05 2012 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-12
- Migrate to new tomcat-servlet-api
commit 680ad0ff80ba7dea59079e5a6061b7950185c0e3
Author: Stanislav Ochotnicky <sochotnicky(a)redhat.com>
Date: Tue Jun 5 15:54:09 2012 +0200
Migrate to new tomcat-servlet-api
diff --git a/xmlrpc.spec b/xmlrpc.spec
index c7c3bde..5517d11 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -30,7 +30,7 @@
Name: xmlrpc
Version: 2.0.1
-Release: 11%{?dist}
+Release: 12%{?dist}
Epoch: 0
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -41,14 +41,14 @@ Source0: http://www.apache.org/dist/ws/xmlrpc/sources/xmlrpc-2.0.1-src.tar.gz
BuildRequires: java >= 1:1.6.0
BuildRequires: ant
BuildRequires: jpackage-utils >= 0:1.6
-BuildRequires: servlet25
+BuildRequires: servlet3
BuildRequires: junit
BuildRequires: jakarta-commons-httpclient
BuildRequires: apache-commons-codec
Requires: java >= 1:1.6.0
Requires: jpackage-utils >= 0:1.6
-Requires: servlet25
+Requires: servlet3
Requires: junit
Requires: jakarta-commons-httpclient
Requires: apache-commons-codec
@@ -80,7 +80,7 @@ find . -name "*.jar" -exec rm -f {} \;
%build
-export CLASSPATH=%(build-classpath commons-httpclient apache-commons-codec tomcat6-servlet-2.5-api junit 2>/dev/null)
+export CLASSPATH=%(build-classpath commons-httpclient apache-commons-codec tomcat-servlet-api junit 2>/dev/null)
ant -Dbuild.dir=./bin -Dbuild.dest=./bin -Dsrc.dir=./src -Dfinal.name=%{name}-%{version} -Djavadoc.destdir=./docs/apidocs -Dhave.deps=true jar
ant -Dbuild.dir=./bin -Dbuild.dest=./bin -Dsrc.dir=./src -Dfinal.name=%{name}-%{version} -Djavadoc.destdir=./docs/apidocs -Dhave.deps=true javadocs
@@ -98,16 +98,17 @@ cp -pr docs/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
%files
-%defattr(-,root,root,-)
%doc LICENSE.txt README.txt
%{_javadir}/*
%files javadoc
-%defattr(-,root,root,-)
%{_javadocdir}/%{name}
%changelog
+* Tue Jun 05 2012 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-12
+- Migrate to new tomcat-servlet-api
+
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
commit ff3ced29b994cb31305538aae65d1a3ca4bd3d96
Author: Dennis Gilmore <dennis(a)ausil.us>
Date: Sat Jan 14 03:04:16 2012 -0600
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
diff --git a/xmlrpc.spec b/xmlrpc.spec
index d3168ae..c7c3bde 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -30,7 +30,7 @@
Name: xmlrpc
Version: 2.0.1
-Release: 10%{?dist}
+Release: 11%{?dist}
Epoch: 0
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -108,6 +108,9 @@ cp -pr docs/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
%{_javadocdir}/%{name}
%changelog
+* Sat Jan 14 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
commit cef66157dcbd03c7b28af71a9c12b449379e45c8
Author: Dennis Gilmore <dennis(a)ausil.us>
Date: Mon Feb 7 23:32:29 2011 -0600
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 0605dc2..d3168ae 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -30,7 +30,7 @@
Name: xmlrpc
Version: 2.0.1
-Release: 9%{?dist}
+Release: 10%{?dist}
Epoch: 0
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -108,6 +108,9 @@ cp -pr docs/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
%{_javadocdir}/%{name}
%changelog
+* Mon Feb 07 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
* Tue Dec 21 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-9
- Require java >= 1:1.6.0
- Fix classpaths to ensure building of all optional features
commit 0db29d8a87dc24b3a07f5e5e3974c3387c4c7758
Author: Stanislav Ochotnicky <sochotnicky(a)redhat.com>
Date: Tue Dec 21 15:04:30 2010 +0100
Require java >= 1:1.6.0
- Fix classpaths to ensure building of all optional features
- Remove stale patch
diff --git a/xmlrpc-2.0.1-jessie.patch b/xmlrpc-2.0.1-jessie.patch
deleted file mode 100644
index dd6d12d..0000000
--- a/xmlrpc-2.0.1-jessie.patch
+++ /dev/null
@@ -1,119 +0,0 @@
---- ./src/java/org/apache/xmlrpc/secure/SecurityConstants.java.sav 2005-08-24 15:49:40.000000000 -0400
-+++ ./src/java/org/apache/xmlrpc/secure/SecurityConstants.java 2007-03-08 17:43:27.000000000 -0500
-@@ -26,7 +26,7 @@
- * default with setSecurityProviderClass().
- */
- public final static String DEFAULT_SECURITY_PROVIDER_CLASS =
-- "com.sun.net.ssl.internal.ssl.Provider";
-+ "gnu.javax.net.ssl.provider.Jessie";
-
- public final static String SECURITY_PROVIDER_CLASS =
- "security.provider";
-@@ -97,7 +97,7 @@
- * Default key manager type. You probably don't need to
- * override this default.
- */
-- public final static String DEFAULT_KEY_MANAGER_TYPE = "SunX509";
-+ public final static String DEFAULT_KEY_MANAGER_TYPE = "JessieX509";
-
- public final static String KEY_MANAGER_TYPE =
- "sun.ssl.keymanager.type";
-@@ -110,7 +110,7 @@
- * are using something other than the Sun JSSE.
- */
- public final static String DEFAULT_PROTOCOL_HANDLER_PACKAGES =
-- "com.sun.net.ssl.internal.www.protocol";
-+ "gnu.java.net.protocol";
-
- public final static String PROTOCOL_HANDLER_PACKAGES =
- "java.protocol.handler.pkgs";
---- ./src/java/org/apache/xmlrpc/secure/SecureWebServer.java.sav 2005-08-24 15:49:40.000000000 -0400
-+++ ./src/java/org/apache/xmlrpc/secure/SecureWebServer.java 2007-03-08 17:23:25.000000000 -0500
-@@ -30,8 +30,8 @@
- import org.apache.xmlrpc.XmlRpc;
- import org.apache.xmlrpc.XmlRpcServer;
-
--import com.sun.net.ssl.KeyManagerFactory;
--import com.sun.net.ssl.SSLContext;
-+import javax.net.ssl.KeyManagerFactory;
-+import javax.net.ssl.SSLContext;
-
- /**
- * A minimal web server that exclusively handles XML-RPC requests
---- ./src/java/org/apache/xmlrpc/secure/sunssl/SunSSLTransportFactory.java.sav 2005-08-24 15:49:40.000000000 -0400
-+++ ./src/java/org/apache/xmlrpc/secure/sunssl/SunSSLTransportFactory.java 2007-03-08 17:35:54.000000000 -0500
-@@ -29,10 +29,11 @@
- import org.apache.xmlrpc.XmlRpcTransportFactory;
- import org.apache.xmlrpc.secure.SecurityTool;
-
--import com.sun.net.ssl.HostnameVerifier;
--import com.sun.net.ssl.HttpsURLConnection;
--import com.sun.net.ssl.SSLContext;
--import com.sun.net.ssl.X509TrustManager;
-+import javax.net.ssl.HostnameVerifier;
-+import javax.net.ssl.HttpsURLConnection;
-+import javax.net.ssl.SSLContext;
-+import javax.net.ssl.SSLSession;
-+import javax.net.ssl.X509TrustManager;
-
- /**
- * Interface from XML-RPC to the HTTPS transport based on the
-@@ -55,14 +56,14 @@
- // The openTrustManager trusts all certificates
- private static X509TrustManager openTrustManager = new X509TrustManager()
- {
-- public boolean isClientTrusted(X509Certificate[] chain)
-+ public void checkClientTrusted(X509Certificate[] chain, String authType)
- {
-- return true;
-+ //return true;
- }
-
-- public boolean isServerTrusted(X509Certificate[] chain)
-+ public void checkServerTrusted(X509Certificate[] chain, String authType)
- {
-- return true;
-+ //return true;
- }
-
- public X509Certificate[] getAcceptedIssuers()
-@@ -74,7 +75,7 @@
- // The openHostnameVerifier trusts all hostnames
- private static HostnameVerifier openHostnameVerifier = new HostnameVerifier()
- {
-- public boolean verify(String hostname, String session)
-+ public boolean verify(String hostname, SSLSession session)
- {
- return true;
- }
-@@ -86,8 +87,8 @@
-
- properties.setProperty(XmlRpcTransportFactory.TRANSPORT_URL, "(java.net.URL) - URL to connect to");
- properties.setProperty(XmlRpcTransportFactory.TRANSPORT_AUTH, "(java.lang.String) - HTTP Basic Authentication string (encoded).");
-- properties.setProperty(TRANSPORT_TRUSTMANAGER, "(com.sun.net.ssl.X509TrustManager) - X.509 Trust Manager to use");
-- properties.setProperty(TRANSPORT_HOSTNAMEVERIFIER, "(com.sun.net.ssl.HostnameVerifier) - Hostname verifier to use");
-+ properties.setProperty(TRANSPORT_TRUSTMANAGER, "(javax.net.ssl.X509TrustManager) - X.509 Trust Manager to use");
-+ properties.setProperty(TRANSPORT_HOSTNAMEVERIFIER, "(javax.net.ssl.HostnameVerifier) - Hostname verifier to use");
-
- return properties;
- }
-@@ -99,7 +100,7 @@
- HostnameVerifier hostnameVerifier;
- SSLContext sslContext;
-
-- Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
-+ Security.addProvider(new gnu.javax.net.ssl.provider.Jessie());
-
- url = (URL) properties.get(XmlRpcTransportFactory.TRANSPORT_URL);
- auth = properties.getProperty(XmlRpcTransportFactory.TRANSPORT_AUTH);
---- ./build.xml.sav 2005-12-21 04:09:45.000000000 -0500
-+++ ./build.xml 2007-03-08 17:23:25.000000000 -0500
-@@ -94,7 +94,7 @@
-
- <target name="init" depends="env,copy-deps">
- <available
-- classname="com.sun.net.ssl.SSLContext"
-+ classname="javax.net.ssl.SSLContext"
- property="jsse.present"
- classpathref="classpath"
- />
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 3463b44..0605dc2 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -30,7 +30,7 @@
Name: xmlrpc
Version: 2.0.1
-Release: 8%{?dist}
+Release: 9%{?dist}
Epoch: 0
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -38,12 +38,15 @@ Group: Development/Java
Url: http://xml.apache.org/%{name}/
Source0: http://www.apache.org/dist/ws/xmlrpc/sources/xmlrpc-2.0.1-src.tar.gz
+BuildRequires: java >= 1:1.6.0
BuildRequires: ant
BuildRequires: jpackage-utils >= 0:1.6
BuildRequires: servlet25
BuildRequires: junit
BuildRequires: jakarta-commons-httpclient
BuildRequires: apache-commons-codec
+
+Requires: java >= 1:1.6.0
Requires: jpackage-utils >= 0:1.6
Requires: servlet25
Requires: junit
@@ -77,7 +80,7 @@ find . -name "*.jar" -exec rm -f {} \;
%build
-export CLASSPATH=%(build-classpath jsse commons-httpclient commons-codec servletapi5 junit 2>/dev/null)
+export CLASSPATH=%(build-classpath commons-httpclient apache-commons-codec tomcat6-servlet-2.5-api junit 2>/dev/null)
ant -Dbuild.dir=./bin -Dbuild.dest=./bin -Dsrc.dir=./src -Dfinal.name=%{name}-%{version} -Djavadoc.destdir=./docs/apidocs -Dhave.deps=true jar
ant -Dbuild.dir=./bin -Dbuild.dest=./bin -Dsrc.dir=./src -Dfinal.name=%{name}-%{version} -Djavadoc.destdir=./docs/apidocs -Dhave.deps=true javadocs
@@ -105,6 +108,11 @@ cp -pr docs/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
%{_javadocdir}/%{name}
%changelog
+* Tue Dec 21 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-9
+- Require java >= 1:1.6.0
+- Fix classpaths to ensure building of all optional features
+- Remove stale patch
+
* Thu Dec 16 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-8
- Migrate from old servlet api to new one
commit 9967e2e72689ec646bc2320be6a8981375f1d8e4
Author: Stanislav Ochotnicky <sochotnicky(a)redhat.com>
Date: Thu Dec 16 16:06:27 2010 +0100
Migrate from old servlet api to new one
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 80bb582..3463b44 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -30,7 +30,7 @@
Name: xmlrpc
Version: 2.0.1
-Release: 7%{?dist}
+Release: 8%{?dist}
Epoch: 0
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -40,12 +40,12 @@ Source0: http://www.apache.org/dist/ws/xmlrpc/sources/xmlrpc-2.0.1-src.tar.gz
BuildRequires: ant
BuildRequires: jpackage-utils >= 0:1.6
-BuildRequires: servletapi5
+BuildRequires: servlet25
BuildRequires: junit
BuildRequires: jakarta-commons-httpclient
BuildRequires: apache-commons-codec
Requires: jpackage-utils >= 0:1.6
-Requires: servletapi5
+Requires: servlet25
Requires: junit
Requires: jakarta-commons-httpclient
Requires: apache-commons-codec
@@ -105,6 +105,9 @@ cp -pr docs/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
%{_javadocdir}/%{name}
%changelog
+* Thu Dec 16 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-8
+- Migrate from old servlet api to new one
+
* Thu Dec 9 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-7
- Remove gcj support
- Make jars/javadocs versionless
commit 823e4a2a5d1a7de4bf2a553f653a832348d6d6dd
Author: Stanislav Ochotnicky <sochotnicky(a)redhat.com>
Date: Thu Dec 9 15:48:35 2010 +0100
Various spec cleanups and fixes
- Remove gcj support
- Make jars/javadocs versionless
- Add ws-commons-util Requires
- Use apache-commons-codec
- Drop unneeded patch for jsse
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 57d7a36..80bb582 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -28,46 +28,32 @@
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
-%define _with_gcj_support 1
-
-%define gcj_support %{?_with_gcj_support:1}%{!?_with_gcj_support:%{?_without_gcj_support:0}%{!?_without_gcj_support:%{?_gcj_support:%{_gcj_support}}%{!?_gcj_support:0}}}
-
Name: xmlrpc
Version: 2.0.1
-Release: 6.6%{?dist}
+Release: 7%{?dist}
Epoch: 0
Summary: Java XML-RPC implementation
License: ASL 2.0
Group: Development/Java
Url: http://xml.apache.org/%{name}/
Source0: http://www.apache.org/dist/ws/xmlrpc/sources/xmlrpc-2.0.1-src.tar.gz
-Patch0: %{name}-%{version}-jessie.patch
BuildRequires: ant
BuildRequires: jpackage-utils >= 0:1.6
BuildRequires: servletapi5
BuildRequires: junit
BuildRequires: jakarta-commons-httpclient
-BuildRequires: jakarta-commons-codec >= 1.3
-BuildRequires: jsse
+BuildRequires: apache-commons-codec
Requires: jpackage-utils >= 0:1.6
Requires: servletapi5
Requires: junit
Requires: jakarta-commons-httpclient
-Requires: jakarta-commons-codec >= 1.3
-Requires: jsse
+Requires: apache-commons-codec
Requires: jpackage-utils
+Requires: ws-commons-util
-%if ! %{gcj_support}
Buildarch: noarch
-%endif
-Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-%if %{gcj_support}
-BuildRequires: java-gcj-compat-devel
-Requires(post): java-gcj-compat
-Requires(postun): java-gcj-compat
-%endif
%description
Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol
@@ -89,7 +75,6 @@ Javadoc for %{name}.
# remove all binary libs
find . -name "*.jar" -exec rm -f {} \;
-%patch0 -b .sav
%build
export CLASSPATH=%(build-classpath jsse commons-httpclient commons-codec servletapi5 junit 2>/dev/null)
@@ -101,53 +86,32 @@ rm -rf $RPM_BUILD_ROOT
# jars
install -d -m 755 $RPM_BUILD_ROOT%{_javadir}
-install -m 644 bin/%{name}-%{version}.jar $RPM_BUILD_ROOT%{_javadir}/%{name}-%{version}.jar
-install -m 644 bin/%{name}-%{version}-applet.jar $RPM_BUILD_ROOT%{_javadir}/%{name}-applet-%{version}.jar
-(cd $RPM_BUILD_ROOT%{_javadir} && for jar in *-%{version}*; do \
-ln -sf ${jar} ${jar/-%{version}/}; done)
+install -m 644 bin/%{name}-%{version}.jar $RPM_BUILD_ROOT%{_javadir}/%{name}.jar
+install -m 644 bin/%{name}-%{version}-applet.jar $RPM_BUILD_ROOT%{_javadir}/%{name}-applet.jar
# javadoc
-install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
-cp -pr docs/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
-
-%if %{gcj_support}
-%{_bindir}/aot-compile-rpm
-%endif
+install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}/%{name}
+cp -pr docs/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%if %{gcj_support}
-%post
-if [ -x %{_bindir}/rebuild-gcj-db ]
-then
- %{_bindir}/rebuild-gcj-db
-fi
-%endif
-
-%if %{gcj_support}
-%postun
-if [ -x %{_bindir}/rebuild-gcj-db ]
-then
- %{_bindir}/rebuild-gcj-db
-fi
-%endif
%files
-%defattr(0644,root,root,0755)
+%defattr(-,root,root,-)
%doc LICENSE.txt README.txt
%{_javadir}/*
-%if %{gcj_support}
-%attr(-,root,root) %{_libdir}/gcj/%{name}
-%attr(-,root,root) %{_libdir}/gcj/%{name}/xmlrpc-applet-2.0.1.jar.*
-%endif
%files javadoc
-%defattr(0644,root,root,0755)
-%{_javadocdir}/%{name}-%{version}
+%defattr(-,root,root,-)
+%{_javadocdir}/%{name}
%changelog
+* Thu Dec 9 2010 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 0:2.0.1-7
+- Remove gcj support
+- Make jars/javadocs versionless
+- Add ws-commons-util Requires
+- Use apache-commons-codec
+- Drop unneeded patch for jsse
+
* Thu Mar 11 2010 Peter Lemenkov <lemenkov(a)gmail.com> - 0:2.0.1-6.6
- Added missing requires jpackage-utils
@@ -221,14 +185,14 @@ fi
- 1.2-b1
- update for JPackage 1.5
-* Mon Mar 18 2002 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.1-1jpp
+* Mon Mar 18 2002 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.1-1jpp
- 1.1
- generic servlet support
- used source release
- dropped patch
- added applet jar
-* Mon Jan 21 2002 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-3jpp
+* Mon Jan 21 2002 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-3jpp
- versioned dir for javadoc
- no dependencies for javadoc package
- dropped jsse package
commit 4857a6264d12279d5238fcfba4d17c6adcb2a6c3
Author: Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org>
Date: Thu Jul 29 18:09:57 2010 +0000
dist-git conversion
diff --git a/.cvsignore b/.cvsignore
deleted file mode 100644
index a8f88ef..0000000
--- a/.cvsignore
+++ /dev/null
@@ -1 +0,0 @@
-xmlrpc-2.0.1-src.tar.gz
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..a8f88ef
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+xmlrpc-2.0.1-src.tar.gz
diff --git a/Makefile b/Makefile
deleted file mode 100644
index 494614f..0000000
--- a/Makefile
+++ /dev/null
@@ -1,21 +0,0 @@
-# Makefile for source rpm: xmlrpc
-# $Id: Makefile,v 1.2 2007/10/15 19:32:20 notting Exp $
-NAME := xmlrpc
-SPECFILE = $(firstword $(wildcard *.spec))
-
-define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
-endef
-
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
-
-ifeq ($(MAKEFILE_COMMON),)
-# attempt a checkout
-define checkout-makefile-common
-test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
-endef
-
-MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
-endif
-
-include $(MAKEFILE_COMMON)
commit 8f22f314590ca2e5fde8ff92b53581bb42fef452
Author: Peter Lemenkov <peter(a)fedoraproject.org>
Date: Thu Mar 11 12:46:00 2010 +0000
Missing requires jpackage-utils added
diff --git a/xmlrpc.spec b/xmlrpc.spec
index f2e2cd3..57d7a36 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -34,7 +34,7 @@
Name: xmlrpc
Version: 2.0.1
-Release: 6.5%{?dist}
+Release: 6.6%{?dist}
Epoch: 0
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -56,6 +56,7 @@ Requires: junit
Requires: jakarta-commons-httpclient
Requires: jakarta-commons-codec >= 1.3
Requires: jsse
+Requires: jpackage-utils
%if ! %{gcj_support}
Buildarch: noarch
@@ -78,6 +79,7 @@ statements in your code from helma.xmlrpc.* to org.apache.xmlrpc.*.
%package javadoc
Summary: Javadoc for %{name}
Group: Development/Java
+Requires: jpackage-utils
%description javadoc
Javadoc for %{name}.
@@ -146,6 +148,9 @@ fi
%{_javadocdir}/%{name}-%{version}
%changelog
+* Thu Mar 11 2010 Peter Lemenkov <lemenkov(a)gmail.com> - 0:2.0.1-6.6
+- Added missing requires jpackage-utils
+
* Mon Jul 27 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-6.5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
commit ae4e4fa46313cf3b5a2ab577741457576b424d07
Author: Bill Nottingham <notting(a)fedoraproject.org>
Date: Wed Nov 25 22:41:00 2009 +0000
Fix typo that causes a failure to update the common directory. (releng
#2781)
diff --git a/Makefile b/Makefile
index b6f6716..494614f 100644
--- a/Makefile
+++ b/Makefile
@@ -1,10 +1,10 @@
# Makefile for source rpm: xmlrpc
-# $Id: Makefile,v 1.1 2006/01/06 00:20:17 fnasser Exp $
+# $Id: Makefile,v 1.2 2007/10/15 19:32:20 notting Exp $
NAME := xmlrpc
SPECFILE = $(firstword $(wildcard *.spec))
define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
+for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
endef
MAKEFILE_COMMON := $(shell $(find-makefile-common))
commit 7aede639f3362b30099ba2d31412241931789ea6
Author: Jesse Keating <jkeating(a)fedoraproject.org>
Date: Mon Jul 27 08:12:02 2009 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
diff --git a/xmlrpc.spec b/xmlrpc.spec
index a9e9c1b..f2e2cd3 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -34,7 +34,7 @@
Name: xmlrpc
Version: 2.0.1
-Release: 5.5%{?dist}
+Release: 6.5%{?dist}
Epoch: 0
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -146,6 +146,9 @@ fi
%{_javadocdir}/%{name}-%{version}
%changelog
+* Mon Jul 27 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-6.5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-5.5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
commit 2466029ade3ae09c47d549cc6440ea57f0f5a30b
Author: Jesse Keating <jkeating(a)fedoraproject.org>
Date: Thu Feb 26 10:02:37 2009 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
diff --git a/xmlrpc.spec b/xmlrpc.spec
index bc0b504..a9e9c1b 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -34,7 +34,7 @@
Name: xmlrpc
Version: 2.0.1
-Release: 4.5%{?dist}
+Release: 5.5%{?dist}
Epoch: 0
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -146,6 +146,9 @@ fi
%{_javadocdir}/%{name}-%{version}
%changelog
+* Thu Feb 26 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0:2.0.1-5.5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
* Thu Jul 10 2008 Tom "spot" Callaway <tcallawa(a)redhat.com> - 0:2.0.1-4.5
- drop repotag
commit cf7c9efff7278adcd84521aca33222bf0f860c3d
Author: Tom Callaway <spot(a)fedoraproject.org>
Date: Thu Jul 10 20:46:30 2008 +0000
fix repotag
diff --git a/xmlrpc.spec b/xmlrpc.spec
index ad042d5..bc0b504 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -34,7 +34,7 @@
Name: xmlrpc
Version: 2.0.1
-Release: 4jpp.4%{?dist}
+Release: 4.5%{?dist}
Epoch: 0
Summary: Java XML-RPC implementation
License: ASL 2.0
@@ -146,6 +146,9 @@ fi
%{_javadocdir}/%{name}-%{version}
%changelog
+* Thu Jul 10 2008 Tom "spot" Callaway <tcallawa(a)redhat.com> - 0:2.0.1-4.5
+- drop repotag
+
* Thu May 29 2008 Tom "spot" Callaway <tcallawa(a)redhat.com> - 0:2.0.1-4jpp.4
- fix license tag
commit 70e2356196c42baec19bdf282bc9e77d645a8f78
Author: Tom Callaway <spot(a)fedoraproject.org>
Date: Thu May 29 15:53:17 2008 +0000
fix license tag
diff --git a/xmlrpc.spec b/xmlrpc.spec
index b80b7f3..ad042d5 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -34,10 +34,10 @@
Name: xmlrpc
Version: 2.0.1
-Release: 4jpp.3%{?dist}
+Release: 4jpp.4%{?dist}
Epoch: 0
Summary: Java XML-RPC implementation
-License: Apache Software License
+License: ASL 2.0
Group: Development/Java
Url: http://xml.apache.org/%{name}/
Source0: http://www.apache.org/dist/ws/xmlrpc/sources/xmlrpc-2.0.1-src.tar.gz
@@ -146,6 +146,9 @@ fi
%{_javadocdir}/%{name}-%{version}
%changelog
+* Thu May 29 2008 Tom "spot" Callaway <tcallawa(a)redhat.com> - 0:2.0.1-4jpp.4
+- fix license tag
+
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng(a)fedoraproject.org> - 0:2.0.1-4jpp.3
- Autorebuild for GCC 4.3
commit eb78b79bfeef50418090cbd0c7bb4393eed60a4d
Author: Jesse Keating <jkeating(a)fedoraproject.org>
Date: Tue Feb 19 17:27:25 2008 +0000
- Autorebuild for GCC 4.3
diff --git a/xmlrpc.spec b/xmlrpc.spec
index bfddfcf..b80b7f3 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -34,7 +34,7 @@
Name: xmlrpc
Version: 2.0.1
-Release: 3jpp.3%{?dist}
+Release: 4jpp.3%{?dist}
Epoch: 0
Summary: Java XML-RPC implementation
License: Apache Software License
@@ -146,6 +146,9 @@ fi
%{_javadocdir}/%{name}-%{version}
%changelog
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng(a)fedoraproject.org> - 0:2.0.1-4jpp.3
+- Autorebuild for GCC 4.3
+
* Tue Mar 27 2007 Matt Wringe <mwringe(a)redhat.com> 0:2.0.1-3jpp.3
- Spec file clean up for Fedora Extras Review
commit 1cba9c1c7d3f3ba1bb03a12b6864d83b9de7447c
Author: Bill Nottingham <notting(a)fedoraproject.org>
Date: Mon Oct 15 19:32:20 2007 +0000
makefile update to properly grab makefile.common
diff --git a/Makefile b/Makefile
index 119144b..b6f6716 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,21 @@
# Makefile for source rpm: xmlrpc
-# $Id$
+# $Id: Makefile,v 1.1 2006/01/06 00:20:17 fnasser Exp $
NAME := xmlrpc
SPECFILE = $(firstword $(wildcard *.spec))
-include ../common/Makefile.common
+define find-makefile-common
+for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
+endef
+
+MAKEFILE_COMMON := $(shell $(find-makefile-common))
+
+ifeq ($(MAKEFILE_COMMON),)
+# attempt a checkout
+define checkout-makefile-common
+test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
+endef
+
+MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
+endif
+
+include $(MAKEFILE_COMMON)
commit 08ecfac8993e1a8c5b177122fe55279e45ef2eba
Author: Matt Wringe <mwringe(a)fedoraproject.org>
Date: Thu Apr 26 18:40:51 2007 +0000
Spec file clean up for Fedora Extras Review
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 5ca273f..bfddfcf 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -34,13 +34,13 @@
Name: xmlrpc
Version: 2.0.1
-Release: 3jpp.2
+Release: 3jpp.3%{?dist}
Epoch: 0
Summary: Java XML-RPC implementation
License: Apache Software License
Group: Development/Java
Url: http://xml.apache.org/%{name}/
-Source0: http://www.apache.org/dist/ws/xmlrpc/source/xmlrpc-%{version}-src.tar.gz
+Source0: http://www.apache.org/dist/ws/xmlrpc/sources/xmlrpc-2.0.1-src.tar.gz
Patch0: %{name}-%{version}-jessie.patch
BuildRequires: ant
@@ -60,7 +60,7 @@ Requires: jsse
%if ! %{gcj_support}
Buildarch: noarch
%endif
-Buildroot: %{_tmppath}/%{name}-%{version}-buildroot
+Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%if %{gcj_support}
BuildRequires: java-gcj-compat-devel
@@ -78,9 +78,6 @@ statements in your code from helma.xmlrpc.* to org.apache.xmlrpc.*.
%package javadoc
Summary: Javadoc for %{name}
Group: Development/Java
-Requires(post): %{__rm}
-Requires(postun): %{__rm}
-Requires(post): /bin/ln
%description javadoc
Javadoc for %{name}.
@@ -118,15 +115,6 @@ cp -pr docs/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
%clean
rm -rf $RPM_BUILD_ROOT
-%post javadoc
-rm -f %{_javadocdir}/%{name}
-ln -s %{name}-%{version} %{_javadocdir}/%{name}
-
-%postun javadoc
-if [ "$1" = "0" ]; then
- rm -f %{_javadocdir}/%{name}
-fi
-
%if %{gcj_support}
%post
if [ -x %{_bindir}/rebuild-gcj-db ]
@@ -158,6 +146,9 @@ fi
%{_javadocdir}/%{name}-%{version}
%changelog
+* Tue Mar 27 2007 Matt Wringe <mwringe(a)redhat.com> 0:2.0.1-3jpp.3
+- Spec file clean up for Fedora Extras Review
+
* Thu Mar 08 2007 Deepak Bhole <dbhole(a)redhat.com> 2.0.1-3jpp.2
- Add javax.net.ssl support to build org.apache.xmlrpc.secure.*
- Minor spec file cleanup
commit 301ad74bcd96dcdb73d1ffec97716296f78f894a
Author: Deepak Bhole <dbhole(a)fedoraproject.org>
Date: Thu Mar 8 23:23:20 2007 +0000
Minor spec file cleanup
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 25ed4bb..5ca273f 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -32,38 +32,40 @@
%define gcj_support %{?_with_gcj_support:1}%{!?_with_gcj_support:%{?_without_gcj_support:0}%{!?_without_gcj_support:%{?_gcj_support:%{_gcj_support}}%{!?_gcj_support:0}}}
-%define section free
-
-Name: xmlrpc
-Version: 2.0.1
-Release: 3jpp.2
-Epoch: 0
-Summary: Java XML-RPC implementation
-License: Apache Software License
-Group: Development/Java
-Url: http://xml.apache.org/%{name}/
-Source0: http://www.apache.org/dist/ws/xmlrpc/source/xmlrpc-%{version}-src.tar.gz
+Name: xmlrpc
+Version: 2.0.1
+Release: 3jpp.2
+Epoch: 0
+Summary: Java XML-RPC implementation
+License: Apache Software License
+Group: Development/Java
+Url: http://xml.apache.org/%{name}/
+Source0: http://www.apache.org/dist/ws/xmlrpc/source/xmlrpc-%{version}-src.tar.gz
Patch0: %{name}-%{version}-jessie.patch
-Requires: servletapi5
-Requires: jakarta-commons-httpclient
-Requires: jakarta-commons-codec >= 1.3
-Requires: junit
-BuildRequires: ant
-BuildRequires: jpackage-utils >= 0:1.6
-BuildRequires: servletapi5
-BuildRequires: junit
-BuildRequires: jakarta-commons-httpclient
-BuildRequires: jakarta-commons-codec >= 1.3
+
+BuildRequires: ant
+BuildRequires: jpackage-utils >= 0:1.6
+BuildRequires: servletapi5
+BuildRequires: junit
+BuildRequires: jakarta-commons-httpclient
+BuildRequires: jakarta-commons-codec >= 1.3
BuildRequires: jsse
+Requires: jpackage-utils >= 0:1.6
+Requires: servletapi5
+Requires: junit
+Requires: jakarta-commons-httpclient
+Requires: jakarta-commons-codec >= 1.3
+Requires: jsse
+
%if ! %{gcj_support}
-Buildarch: noarch
+Buildarch: noarch
%endif
-Buildroot: %{_tmppath}/%{name}-%{version}-buildroot
+Buildroot: %{_tmppath}/%{name}-%{version}-buildroot
%if %{gcj_support}
-BuildRequires: java-gcj-compat-devel
-Requires(post): java-gcj-compat
-Requires(postun): java-gcj-compat
+BuildRequires: java-gcj-compat-devel
+Requires(post): java-gcj-compat
+Requires(postun): java-gcj-compat
%endif
%description
@@ -74,8 +76,8 @@ using the Helma library, all you should have to do is change the import
statements in your code from helma.xmlrpc.* to org.apache.xmlrpc.*.
%package javadoc
-Summary: Javadoc for %{name}
-Group: Development/Java
+Summary: Javadoc for %{name}
+Group: Development/Java
Requires(post): %{__rm}
Requires(postun): %{__rm}
Requires(post): /bin/ln
@@ -158,6 +160,7 @@ fi
%changelog
* Thu Mar 08 2007 Deepak Bhole <dbhole(a)redhat.com> 2.0.1-3jpp.2
- Add javax.net.ssl support to build org.apache.xmlrpc.secure.*
+- Minor spec file cleanup
* Fri Aug 04 2006 Vivek Lakshmanan <vivekl(a)redhat.com> - 0:2.0.1-3jpp.1
- Merge with latest from JPP.
commit aaabb1257b8f2d6fc18b49778c42eea1e81487ba
Author: Deepak Bhole <dbhole(a)fedoraproject.org>
Date: Thu Mar 8 23:16:17 2007 +0000
Add javax.net.ssl support to build org.apache.xmlrpc.secure.*
diff --git a/xmlrpc-2.0.1-jessie.patch b/xmlrpc-2.0.1-jessie.patch
new file mode 100644
index 0000000..dd6d12d
--- /dev/null
+++ b/xmlrpc-2.0.1-jessie.patch
@@ -0,0 +1,119 @@
+--- ./src/java/org/apache/xmlrpc/secure/SecurityConstants.java.sav 2005-08-24 15:49:40.000000000 -0400
++++ ./src/java/org/apache/xmlrpc/secure/SecurityConstants.java 2007-03-08 17:43:27.000000000 -0500
+@@ -26,7 +26,7 @@
+ * default with setSecurityProviderClass().
+ */
+ public final static String DEFAULT_SECURITY_PROVIDER_CLASS =
+- "com.sun.net.ssl.internal.ssl.Provider";
++ "gnu.javax.net.ssl.provider.Jessie";
+
+ public final static String SECURITY_PROVIDER_CLASS =
+ "security.provider";
+@@ -97,7 +97,7 @@
+ * Default key manager type. You probably don't need to
+ * override this default.
+ */
+- public final static String DEFAULT_KEY_MANAGER_TYPE = "SunX509";
++ public final static String DEFAULT_KEY_MANAGER_TYPE = "JessieX509";
+
+ public final static String KEY_MANAGER_TYPE =
+ "sun.ssl.keymanager.type";
+@@ -110,7 +110,7 @@
+ * are using something other than the Sun JSSE.
+ */
+ public final static String DEFAULT_PROTOCOL_HANDLER_PACKAGES =
+- "com.sun.net.ssl.internal.www.protocol";
++ "gnu.java.net.protocol";
+
+ public final static String PROTOCOL_HANDLER_PACKAGES =
+ "java.protocol.handler.pkgs";
+--- ./src/java/org/apache/xmlrpc/secure/SecureWebServer.java.sav 2005-08-24 15:49:40.000000000 -0400
++++ ./src/java/org/apache/xmlrpc/secure/SecureWebServer.java 2007-03-08 17:23:25.000000000 -0500
+@@ -30,8 +30,8 @@
+ import org.apache.xmlrpc.XmlRpc;
+ import org.apache.xmlrpc.XmlRpcServer;
+
+-import com.sun.net.ssl.KeyManagerFactory;
+-import com.sun.net.ssl.SSLContext;
++import javax.net.ssl.KeyManagerFactory;
++import javax.net.ssl.SSLContext;
+
+ /**
+ * A minimal web server that exclusively handles XML-RPC requests
+--- ./src/java/org/apache/xmlrpc/secure/sunssl/SunSSLTransportFactory.java.sav 2005-08-24 15:49:40.000000000 -0400
++++ ./src/java/org/apache/xmlrpc/secure/sunssl/SunSSLTransportFactory.java 2007-03-08 17:35:54.000000000 -0500
+@@ -29,10 +29,11 @@
+ import org.apache.xmlrpc.XmlRpcTransportFactory;
+ import org.apache.xmlrpc.secure.SecurityTool;
+
+-import com.sun.net.ssl.HostnameVerifier;
+-import com.sun.net.ssl.HttpsURLConnection;
+-import com.sun.net.ssl.SSLContext;
+-import com.sun.net.ssl.X509TrustManager;
++import javax.net.ssl.HostnameVerifier;
++import javax.net.ssl.HttpsURLConnection;
++import javax.net.ssl.SSLContext;
++import javax.net.ssl.SSLSession;
++import javax.net.ssl.X509TrustManager;
+
+ /**
+ * Interface from XML-RPC to the HTTPS transport based on the
+@@ -55,14 +56,14 @@
+ // The openTrustManager trusts all certificates
+ private static X509TrustManager openTrustManager = new X509TrustManager()
+ {
+- public boolean isClientTrusted(X509Certificate[] chain)
++ public void checkClientTrusted(X509Certificate[] chain, String authType)
+ {
+- return true;
++ //return true;
+ }
+
+- public boolean isServerTrusted(X509Certificate[] chain)
++ public void checkServerTrusted(X509Certificate[] chain, String authType)
+ {
+- return true;
++ //return true;
+ }
+
+ public X509Certificate[] getAcceptedIssuers()
+@@ -74,7 +75,7 @@
+ // The openHostnameVerifier trusts all hostnames
+ private static HostnameVerifier openHostnameVerifier = new HostnameVerifier()
+ {
+- public boolean verify(String hostname, String session)
++ public boolean verify(String hostname, SSLSession session)
+ {
+ return true;
+ }
+@@ -86,8 +87,8 @@
+
+ properties.setProperty(XmlRpcTransportFactory.TRANSPORT_URL, "(java.net.URL) - URL to connect to");
+ properties.setProperty(XmlRpcTransportFactory.TRANSPORT_AUTH, "(java.lang.String) - HTTP Basic Authentication string (encoded).");
+- properties.setProperty(TRANSPORT_TRUSTMANAGER, "(com.sun.net.ssl.X509TrustManager) - X.509 Trust Manager to use");
+- properties.setProperty(TRANSPORT_HOSTNAMEVERIFIER, "(com.sun.net.ssl.HostnameVerifier) - Hostname verifier to use");
++ properties.setProperty(TRANSPORT_TRUSTMANAGER, "(javax.net.ssl.X509TrustManager) - X.509 Trust Manager to use");
++ properties.setProperty(TRANSPORT_HOSTNAMEVERIFIER, "(javax.net.ssl.HostnameVerifier) - Hostname verifier to use");
+
+ return properties;
+ }
+@@ -99,7 +100,7 @@
+ HostnameVerifier hostnameVerifier;
+ SSLContext sslContext;
+
+- Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
++ Security.addProvider(new gnu.javax.net.ssl.provider.Jessie());
+
+ url = (URL) properties.get(XmlRpcTransportFactory.TRANSPORT_URL);
+ auth = properties.getProperty(XmlRpcTransportFactory.TRANSPORT_AUTH);
+--- ./build.xml.sav 2005-12-21 04:09:45.000000000 -0500
++++ ./build.xml 2007-03-08 17:23:25.000000000 -0500
+@@ -94,7 +94,7 @@
+
+ <target name="init" depends="env,copy-deps">
+ <available
+- classname="com.sun.net.ssl.SSLContext"
++ classname="javax.net.ssl.SSLContext"
+ property="jsse.present"
+ classpathref="classpath"
+ />
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 16e2b1d..25ed4bb 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -36,13 +36,14 @@
Name: xmlrpc
Version: 2.0.1
-Release: 3jpp.1
+Release: 3jpp.2
Epoch: 0
Summary: Java XML-RPC implementation
License: Apache Software License
Group: Development/Java
Url: http://xml.apache.org/%{name}/
Source0: http://www.apache.org/dist/ws/xmlrpc/source/xmlrpc-%{version}-src.tar.gz
+Patch0: %{name}-%{version}-jessie.patch
Requires: servletapi5
Requires: jakarta-commons-httpclient
Requires: jakarta-commons-codec >= 1.3
@@ -53,6 +54,7 @@ BuildRequires: servletapi5
BuildRequires: junit
BuildRequires: jakarta-commons-httpclient
BuildRequires: jakarta-commons-codec >= 1.3
+BuildRequires: jsse
%if ! %{gcj_support}
Buildarch: noarch
%endif
@@ -86,6 +88,8 @@ Javadoc for %{name}.
# remove all binary libs
find . -name "*.jar" -exec rm -f {} \;
+%patch0 -b .sav
+
%build
export CLASSPATH=%(build-classpath jsse commons-httpclient commons-codec servletapi5 junit 2>/dev/null)
ant -Dbuild.dir=./bin -Dbuild.dest=./bin -Dsrc.dir=./src -Dfinal.name=%{name}-%{version} -Djavadoc.destdir=./docs/apidocs -Dhave.deps=true jar
@@ -152,6 +156,9 @@ fi
%{_javadocdir}/%{name}-%{version}
%changelog
+* Thu Mar 08 2007 Deepak Bhole <dbhole(a)redhat.com> 2.0.1-3jpp.2
+- Add javax.net.ssl support to build org.apache.xmlrpc.secure.*
+
* Fri Aug 04 2006 Vivek Lakshmanan <vivekl(a)redhat.com> - 0:2.0.1-3jpp.1
- Merge with latest from JPP.
commit 05b757788d1f246446c6202729a61aaa5c49c357
Author: Vivek Lakshmanan <vivekl(a)fedoraproject.org>
Date: Sat Aug 5 00:18:54 2006 +0000
- Add _with_gcj_support to ensure native compilation.
diff --git a/xmlrpc.spec b/xmlrpc.spec
index b6e9594..16e2b1d 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -28,6 +28,8 @@
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
+%define _with_gcj_support 1
+
%define gcj_support %{?_with_gcj_support:1}%{!?_with_gcj_support:%{?_without_gcj_support:0}%{!?_without_gcj_support:%{?_gcj_support:%{_gcj_support}}%{!?_gcj_support:0}}}
%define section free
commit b891086adacccbe41f71a8bf5da3828a0e502ff4
Author: Vivek Lakshmanan <vivekl(a)fedoraproject.org>
Date: Sat Aug 5 00:17:20 2006 +0000
- Merge with latest from JPP.
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 41f8519..b6e9594 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,12 +1,40 @@
-%define name xmlrpc
-%define version 2.0.1
-%define release 1jpp_8.2fc
+# Copyright (c) 2000-2005, JPackage Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the
+# distribution.
+# 3. Neither the name of the JPackage Project nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+%define gcj_support %{?_with_gcj_support:1}%{!?_with_gcj_support:%{?_without_gcj_support:0}%{!?_without_gcj_support:%{?_gcj_support:%{_gcj_support}}%{!?_gcj_support:0}}}
+
%define section free
-%define gcj_support 1
-Name: %{name}
-Version: %{version}
-Release: %{release}
+Name: xmlrpc
+Version: 2.0.1
+Release: 3jpp.1
Epoch: 0
Summary: Java XML-RPC implementation
License: Apache Software License
@@ -14,28 +42,25 @@ Group: Development/Java
Url: http://xml.apache.org/%{name}/
Source0: http://www.apache.org/dist/ws/xmlrpc/source/xmlrpc-%{version}-src.tar.gz
Requires: servletapi5
-Requires: commons-httpclient >= 2.0.2
-Requires: commons-codec >= 1.3
-Requires: junit >= 3.8.1
-%if %{gcj_support}
-Requires(post): java-gcj-compat >= 1.0.33
-Requires(post): java-gcj-compat >= 1.0.33
-Requires(postun): coreutils
-Requires(postun): coreutils
-BuildRequires: java-gcj-compat-devel >= 1.0.33
-%endif
+Requires: jakarta-commons-httpclient
+Requires: jakarta-commons-codec >= 1.3
+Requires: junit
BuildRequires: ant
-BuildRequires: jpackage-utils >= 0:1.5
+BuildRequires: jpackage-utils >= 0:1.6
BuildRequires: servletapi5
-BuildRequires: junit >= 3.8.1
-BuildRequires: commons-httpclient >= 2.0.2
-BuildRequires: commons-codec >= 1.3
+BuildRequires: junit
+BuildRequires: jakarta-commons-httpclient
+BuildRequires: jakarta-commons-codec >= 1.3
+%if ! %{gcj_support}
+Buildarch: noarch
+%endif
Buildroot: %{_tmppath}/%{name}-%{version}-buildroot
-#Distribution: JPackage
-#Vendor: JPackage Project
-# s390 excluded due to eclipse
-ExcludeArch: s390x ppc64 s390
+%if %{gcj_support}
+BuildRequires: java-gcj-compat-devel
+Requires(post): java-gcj-compat
+Requires(postun): java-gcj-compat
+%endif
%description
Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol
@@ -47,12 +72,9 @@ statements in your code from helma.xmlrpc.* to org.apache.xmlrpc.*.
%package javadoc
Summary: Javadoc for %{name}
Group: Development/Java
-%if %{gcj_support}
-Requires(post): java-gcj-compat >= 1.0.33
-Requires(post): java-gcj-compat >= 1.0.33
-%endif
-Requires(postun): coreutils
-Requires(postun): coreutils
+Requires(post): %{__rm}
+Requires(postun): %{__rm}
+Requires(post): /bin/ln
%description javadoc
Javadoc for %{name}.
@@ -82,7 +104,7 @@ install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
cp -pr docs/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
%if %{gcj_support}
-aot-compile-rpm
+%{_bindir}/aot-compile-rpm
%endif
%clean
@@ -91,29 +113,46 @@ rm -rf $RPM_BUILD_ROOT
%post javadoc
rm -f %{_javadocdir}/%{name}
ln -s %{name}-%{version} %{_javadocdir}/%{name}
-%if %{gcj_support}
-%{_bindir}/rebuild-gcj-db
-%endif
%postun javadoc
if [ "$1" = "0" ]; then
rm -f %{_javadocdir}/%{name}
fi
+
+%if %{gcj_support}
+%post
+if [ -x %{_bindir}/rebuild-gcj-db ]
+then
+ %{_bindir}/rebuild-gcj-db
+fi
+%endif
+
%if %{gcj_support}
-%{_bindir}/rebuild-gcj-db
+%postun
+if [ -x %{_bindir}/rebuild-gcj-db ]
+then
+ %{_bindir}/rebuild-gcj-db
+fi
%endif
%files
%defattr(0644,root,root,0755)
%doc LICENSE.txt README.txt
%{_javadir}/*
+
+%if %{gcj_support}
%attr(-,root,root) %{_libdir}/gcj/%{name}
+%attr(-,root,root) %{_libdir}/gcj/%{name}/xmlrpc-applet-2.0.1.jar.*
+%endif
%files javadoc
%defattr(0644,root,root,0755)
%{_javadocdir}/%{name}-%{version}
%changelog
+* Fri Aug 04 2006 Vivek Lakshmanan <vivekl(a)redhat.com> - 0:2.0.1-3jpp.1
+- Merge with latest from JPP.
+
* Sat Jul 22 2006 Jakub Jelinek <jakub(a)redhat.com> - 0:2.0.1-1jpp_8.2fc
- Rebuilt
commit 109e08346c38103b4509417d6a14ad85f034c0b7
Author: Jakub Jelinek <jakub(a)fedoraproject.org>
Date: Sat Jul 22 08:46:58 2006 +0000
Rebuilt
diff --git a/xmlrpc.spec b/xmlrpc.spec
index e46d437..41f8519 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
%define name xmlrpc
%define version 2.0.1
-%define release 1jpp_8.1fc
+%define release 1jpp_8.2fc
%define section free
%define gcj_support 1
@@ -114,6 +114,9 @@ fi
%{_javadocdir}/%{name}-%{version}
%changelog
+* Sat Jul 22 2006 Jakub Jelinek <jakub(a)redhat.com> - 0:2.0.1-1jpp_8.2fc
+- Rebuilt
+
* Wed Jul 12 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_8.1fc
- rebuild
commit 8634d05560c19ddc72443462d083791179b87454
Author: Jesse Keating <jkeating(a)fedoraproject.org>
Date: Wed Jul 12 17:10:47 2006 +0000
bump
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 58b2d89..e46d437 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
%define name xmlrpc
%define version 2.0.1
-%define release 1jpp_8fc
+%define release 1jpp_8.1fc
%define section free
%define gcj_support 1
@@ -114,7 +114,7 @@ fi
%{_javadocdir}/%{name}-%{version}
%changelog
-* Wed Jul 12 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_8fc
+* Wed Jul 12 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_8.1fc
- rebuild
* Wed Mar 8 2006 Rafael Schloming <rafaels(a)redhat.com> - 0:2.0.1-1jpp_7fc
commit ee13ebfcc0209d9353907aadf475d1de4236f7df
Author: Jesse Keating <jkeating(a)fedoraproject.org>
Date: Wed Jul 12 08:54:42 2006 +0000
bumped for rebuild
diff --git a/xmlrpc.spec b/xmlrpc.spec
index d369731..58b2d89 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
%define name xmlrpc
%define version 2.0.1
-%define release 1jpp_7fc
+%define release 1jpp_8fc
%define section free
%define gcj_support 1
@@ -114,6 +114,9 @@ fi
%{_javadocdir}/%{name}-%{version}
%changelog
+* Wed Jul 12 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_8fc
+- rebuild
+
* Wed Mar 8 2006 Rafael Schloming <rafaels(a)redhat.com> - 0:2.0.1-1jpp_7fc
- excluded s390 due to eclipse
commit 012bef5704752cc75e9853a56e3001a453b3827d
Author: rafaels <rafaels(a)fedoraproject.org>
Date: Wed Mar 8 20:55:18 2006 +0000
excluded s390 due to eclipse
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 4b93098..d369731 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
%define name xmlrpc
%define version 2.0.1
-%define release 1jpp_6fc
+%define release 1jpp_7fc
%define section free
%define gcj_support 1
@@ -34,7 +34,8 @@ Buildroot: %{_tmppath}/%{name}-%{version}-buildroot
#Distribution: JPackage
#Vendor: JPackage Project
-ExcludeArch: s390x ppc64
+# s390 excluded due to eclipse
+ExcludeArch: s390x ppc64 s390
%description
Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol
@@ -113,6 +114,9 @@ fi
%{_javadocdir}/%{name}-%{version}
%changelog
+* Wed Mar 8 2006 Rafael Schloming <rafaels(a)redhat.com> - 0:2.0.1-1jpp_7fc
+- excluded s390 due to eclipse
+
* Mon Mar 6 2006 Jeremy Katz <katzj(a)redhat.com> - 0:2.0.1-1jpp_6fc
- stop scriptlet spew
commit a3507ac3d9935b12c6d652f1c9b4dacc5913efdc
Author: Jeremy Katz <katzj(a)fedoraproject.org>
Date: Mon Mar 6 22:47:54 2006 +0000
- stop scriptlet spew
diff --git a/xmlrpc.spec b/xmlrpc.spec
index c699df6..4b93098 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
%define name xmlrpc
%define version 2.0.1
-%define release 1jpp_5fc
+%define release 1jpp_6fc
%define section free
%define gcj_support 1
@@ -46,6 +46,12 @@ statements in your code from helma.xmlrpc.* to org.apache.xmlrpc.*.
%package javadoc
Summary: Javadoc for %{name}
Group: Development/Java
+%if %{gcj_support}
+Requires(post): java-gcj-compat >= 1.0.33
+Requires(post): java-gcj-compat >= 1.0.33
+%endif
+Requires(postun): coreutils
+Requires(postun): coreutils
%description javadoc
Javadoc for %{name}.
@@ -107,6 +113,9 @@ fi
%{_javadocdir}/%{name}-%{version}
%changelog
+* Mon Mar 6 2006 Jeremy Katz <katzj(a)redhat.com> - 0:2.0.1-1jpp_6fc
+- stop scriptlet spew
+
* Fri Feb 24 2006 Igor Foox <ifoox(a)redhat.com> - 0:2.0.1-1jpp_5fc
- Added post/postun dependency on coreutils.
commit 84ed0759dbc2318277d94f556b74d268ab918ccc
Author: Igor Foox <ifoox(a)fedoraproject.org>
Date: Fri Feb 24 16:36:18 2006 +0000
- Added post/postun dependency on coreutils.
diff --git a/xmlrpc.spec b/xmlrpc.spec
index e7fe338..c699df6 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
%define name xmlrpc
%define version 2.0.1
-%define release 1jpp_4fc
+%define release 1jpp_5fc
%define section free
%define gcj_support 1
@@ -19,7 +19,9 @@ Requires: commons-codec >= 1.3
Requires: junit >= 3.8.1
%if %{gcj_support}
Requires(post): java-gcj-compat >= 1.0.33
-Requires(postun): java-gcj-compat >= 1.0.33
+Requires(post): java-gcj-compat >= 1.0.33
+Requires(postun): coreutils
+Requires(postun): coreutils
BuildRequires: java-gcj-compat-devel >= 1.0.33
%endif
BuildRequires: ant
@@ -105,6 +107,9 @@ fi
%{_javadocdir}/%{name}-%{version}
%changelog
+* Fri Feb 24 2006 Igor Foox <ifoox(a)redhat.com> - 0:2.0.1-1jpp_5fc
+- Added post/postun dependency on coreutils.
+
* Fri Feb 10 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_4fc
- bump again for double-long bug on ppc(64)
commit ac3a98bd584c075e1d5dfc5b424875afabd43168
Author: Jesse Keating <jkeating(a)fedoraproject.org>
Date: Sat Feb 11 06:12:48 2006 +0000
bump for bug in double-long on ppc(64)
diff --git a/xmlrpc.spec b/xmlrpc.spec
index c2d2152..e7fe338 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
%define name xmlrpc
%define version 2.0.1
-%define release 1jpp_3fc
+%define release 1jpp_4fc
%define section free
%define gcj_support 1
@@ -105,6 +105,9 @@ fi
%{_javadocdir}/%{name}-%{version}
%changelog
+* Fri Feb 10 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_4fc
+- bump again for double-long bug on ppc(64)
+
* Tue Feb 07 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_3fc
- rebuilt for new gcc4.1 snapshot and glibc changes
commit a176908ca6ac4d2457f46f730df18470c0955639
Author: Jesse Keating <jkeating(a)fedoraproject.org>
Date: Tue Feb 7 14:19:58 2006 +0000
bump for new gcc/glibc
diff --git a/xmlrpc.spec b/xmlrpc.spec
index a994e54..c2d2152 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
%define name xmlrpc
%define version 2.0.1
-%define release 1jpp_2fc
+%define release 1jpp_3fc
%define section free
%define gcj_support 1
@@ -105,6 +105,9 @@ fi
%{_javadocdir}/%{name}-%{version}
%changelog
+* Tue Feb 07 2006 Jesse Keating <jkeating(a)redhat.com> - 0:2.0.1-1jpp_3fc
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
* Wed Jan 25 2006 Igor Foox <ifoox(a)redhat.com> 0:2.0.1-1jpp_2fc
- ExcludeArch s390x and ppc64
commit cdbb3caaf489b3cbd37775bd777ba84e2664047f
Author: Igor Foox <ifoox(a)fedoraproject.org>
Date: Wed Jan 25 21:17:27 2006 +0000
Excluding s390x and ppc64
diff --git a/xmlrpc.spec b/xmlrpc.spec
index f53bd14..a994e54 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -32,6 +32,8 @@ Buildroot: %{_tmppath}/%{name}-%{version}-buildroot
#Distribution: JPackage
#Vendor: JPackage Project
+ExcludeArch: s390x ppc64
+
%description
Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol
that uses XML over HTTP to implement remote procedure calls.
@@ -103,6 +105,9 @@ fi
%{_javadocdir}/%{name}-%{version}
%changelog
+* Wed Jan 25 2006 Igor Foox <ifoox(a)redhat.com> 0:2.0.1-1jpp_2fc
+- ExcludeArch s390x and ppc64
+
* Wed Jan 18 2006 Andrew Overholt <overholt(a)redhat.com> 0:2.0.1-1jpp_2fc
- Comment out JPackage Distribution and Vendor tags
commit 79882fede03b210f52670f38c83564a745abac06
Author: Andrew Overholt <overholt(a)fedoraproject.org>
Date: Thu Jan 19 19:19:52 2006 +0000
- Comment out JPackage Distribution and Vendor tags
diff --git a/xmlrpc.spec b/xmlrpc.spec
index f3c08fd..f53bd14 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -29,8 +29,8 @@ BuildRequires: junit >= 3.8.1
BuildRequires: commons-httpclient >= 2.0.2
BuildRequires: commons-codec >= 1.3
Buildroot: %{_tmppath}/%{name}-%{version}-buildroot
-Distribution: JPackage
-Vendor: JPackage Project
+#Distribution: JPackage
+#Vendor: JPackage Project
%description
Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol
@@ -103,10 +103,13 @@ fi
%{_javadocdir}/%{name}-%{version}
%changelog
-* Wed Jan 18 2006 Jesse Keating <jkeating(a)rehdat.com> 0:2.0.1-1jpp_2fc
+* Wed Jan 18 2006 Andrew Overholt <overholt(a)redhat.com> 0:2.0.1-1jpp_2fc
+- Comment out JPackage Distribution and Vendor tags
+
+* Wed Jan 18 2006 Jesse Keating <jkeating(a)redhat.com> 0:2.0.1-1jpp_2fc
- bump for test
-* Wed Jan 18 2006 Igor Foox <ifoox(a)rehdat.com> 0:2.0.1-1jpp_1fc
+* Wed Jan 18 2006 Igor Foox <ifoox(a)redhat.com> 0:2.0.1-1jpp_1fc
- Update to version 2.0.1
- Natively compile
commit fbcc30f7fa2d1c32975f99c76d8feb0bc44efa84
Author: Jesse Keating <jkeating(a)fedoraproject.org>
Date: Thu Jan 19 18:55:50 2006 +0000
bump for test
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 329b07f..f3c08fd 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
%define name xmlrpc
%define version 2.0.1
-%define release 1jpp_1fc
+%define release 1jpp_2fc
%define section free
%define gcj_support 1
@@ -103,6 +103,9 @@ fi
%{_javadocdir}/%{name}-%{version}
%changelog
+* Wed Jan 18 2006 Jesse Keating <jkeating(a)rehdat.com> 0:2.0.1-1jpp_2fc
+- bump for test
+
* Wed Jan 18 2006 Igor Foox <ifoox(a)rehdat.com> 0:2.0.1-1jpp_1fc
- Update to version 2.0.1
- Natively compile
commit 2bc89c3916f995dcbd94c96693e9b8f665406229
Author: Igor Foox <ifoox(a)fedoraproject.org>
Date: Thu Jan 19 17:54:56 2006 +0000
Fix release
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 1b1b052..329b07f 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,6 +1,6 @@
%define name xmlrpc
%define version 2.0.1
-%define release 1jpp
+%define release 1jpp_1fc
%define section free
%define gcj_support 1
commit c3eba7afbcb30381d32bde0cfcf7d7c83ce51bd3
Author: Igor Foox <ifoox(a)fedoraproject.org>
Date: Thu Jan 19 17:54:14 2006 +0000
Fixed source url
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 15bae26..1b1b052 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -12,7 +12,7 @@ Summary: Java XML-RPC implementation
License: Apache Software License
Group: Development/Java
Url: http://xml.apache.org/%{name}/
-Source0: http://mirrors.isc.org/pub/apache/ws/xmlrpc/source/xmlrpc-%{version}-src....
+Source0: http://www.apache.org/dist/ws/xmlrpc/source/xmlrpc-%{version}-src.tar.gz
Requires: servletapi5
Requires: commons-httpclient >= 2.0.2
Requires: commons-codec >= 1.3
commit 5d68323020bc4a384f04c5439ebd9f933ed3892f
Author: Igor Foox <ifoox(a)fedoraproject.org>
Date: Thu Jan 19 17:51:20 2006 +0000
auto-import xmlrpc-2.0.1-1jpp on branch devel from
xmlrpc-2.0.1-1jpp.src.rpm
diff --git a/.cvsignore b/.cvsignore
index a55f8c0..a8f88ef 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1 @@
-xmlrpc-1.2-b1-src.tar.gz
+xmlrpc-2.0.1-src.tar.gz
diff --git a/sources b/sources
index 2f2c8c7..281ba07 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-23432f342902b13db26b03b0784b8831 xmlrpc-1.2-b1-src.tar.gz
+b88cc15b25d9bd688b1889d2ad234125 xmlrpc-2.0.1-src.tar.gz
diff --git a/xmlrpc.spec b/xmlrpc.spec
index 3b0a665..15bae26 100644
--- a/xmlrpc.spec
+++ b/xmlrpc.spec
@@ -1,37 +1,8 @@
-# Copyright (c) 2000-2005, JPackage Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the
-# distribution.
-# 3. Neither the name of the JPackage Project nor the names of its
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
%define name xmlrpc
-%define version 1.2
-%define release 0.b1.4jpp
+%define version 2.0.1
+%define release 1jpp
%define section free
+%define gcj_support 1
Name: %{name}
Version: %{version}
@@ -41,14 +12,22 @@ Summary: Java XML-RPC implementation
License: Apache Software License
Group: Development/Java
Url: http://xml.apache.org/%{name}/
-Source0: http://xml.apache.org/dist/xmlrpc/release/v1.2-b1/xmlrpc-1.2-b1-src.tar.gz
-Requires: servletapi4
-Requires: xerces-j2
+Source0: http://mirrors.isc.org/pub/apache/ws/xmlrpc/source/xmlrpc-%{version}-src....
+Requires: servletapi5
+Requires: commons-httpclient >= 2.0.2
+Requires: commons-codec >= 1.3
+Requires: junit >= 3.8.1
+%if %{gcj_support}
+Requires(post): java-gcj-compat >= 1.0.33
+Requires(postun): java-gcj-compat >= 1.0.33
+BuildRequires: java-gcj-compat-devel >= 1.0.33
+%endif
BuildRequires: ant
BuildRequires: jpackage-utils >= 0:1.5
-BuildRequires: servletapi4
-BuildRequires: xerces-j2
-Buildarch: noarch
+BuildRequires: servletapi5
+BuildRequires: junit >= 3.8.1
+BuildRequires: commons-httpclient >= 2.0.2
+BuildRequires: commons-codec >= 1.3
Buildroot: %{_tmppath}/%{name}-%{version}-buildroot
Distribution: JPackage
Vendor: JPackage Project
@@ -68,14 +47,14 @@ Group: Development/Java
Javadoc for %{name}.
%prep
-%setup -q -n %{name}-%{version}-b1
+%setup -q -n %{name}-%{version}
# remove all binary libs
find . -name "*.jar" -exec rm -f {} \;
%build
-export CLASSPATH=%(build-classpath jsse servletapi4 xerces-j2 2>/dev/null)
-ant -Dbuild.dir=./bin -Dbuild.dest=./bin -Dsrc.dir=./src -Dfinal.name=%{name}-%{version} -Djavadoc.destdir=./docs/apidocs jar
-ant -Dbuild.dir=./bin -Dbuild.dest=./bin -Dsrc.dir=./src -Dfinal.name=%{name}-%{version} -Djavadoc.destdir=./docs/apidocs javadocs
+export CLASSPATH=%(build-classpath jsse commons-httpclient commons-codec servletapi5 junit 2>/dev/null)
+ant -Dbuild.dir=./bin -Dbuild.dest=./bin -Dsrc.dir=./src -Dfinal.name=%{name}-%{version} -Djavadoc.destdir=./docs/apidocs -Dhave.deps=true jar
+ant -Dbuild.dir=./bin -Dbuild.dest=./bin -Dsrc.dir=./src -Dfinal.name=%{name}-%{version} -Djavadoc.destdir=./docs/apidocs -Dhave.deps=true javadocs
%install
rm -rf $RPM_BUILD_ROOT
@@ -91,30 +70,42 @@ ln -sf ${jar} ${jar/-%{version}/}; done)
install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
cp -pr docs/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
+%if %{gcj_support}
+aot-compile-rpm
+%endif
+
%clean
rm -rf $RPM_BUILD_ROOT
%post javadoc
rm -f %{_javadocdir}/%{name}
ln -s %{name}-%{version} %{_javadocdir}/%{name}
+%if %{gcj_support}
+%{_bindir}/rebuild-gcj-db
+%endif
%postun javadoc
if [ "$1" = "0" ]; then
rm -f %{_javadocdir}/%{name}
fi
+%if %{gcj_support}
+%{_bindir}/rebuild-gcj-db
+%endif
%files
%defattr(0644,root,root,0755)
%doc LICENSE.txt README.txt
%{_javadir}/*
+%attr(-,root,root) %{_libdir}/gcj/%{name}
%files javadoc
%defattr(0644,root,root,0755)
%{_javadocdir}/%{name}-%{version}
%changelog
-* Thu Jan 05 2006 Fernando Nasser <fnasser(a)redhat.com> 0:1.2-0.b1.4jpp
-- First JPP 1.7 build
+* Wed Jan 18 2006 Igor Foox <ifoox(a)rehdat.com> 0:2.0.1-1jpp_1fc
+- Update to version 2.0.1
+- Natively compile
* Thu Aug 26 2004 Ralph Apel <r.apel at r-apel.de> 0:1.2-0.b1.3jpp
- Build with ant-1.6.2
commit 647a50feb57d40b6713533d2fe3405882774d04f
Author: Fernando Nasser <fnasser(a)fedoraproject.org>
Date: Fri Jan 6 00:20:27 2006 +0000
auto-import xmlrpc-1.2-0.b1.4jpp on branch devel from
xmlrpc-1.2-0.b1.4jpp.src.rpm
diff --git a/.cvsignore b/.cvsignore
index e69de29..a55f8c0 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -0,0 +1 @@
+xmlrpc-1.2-b1-src.tar.gz
diff --git a/sources b/sources
index e69de29..2f2c8c7 100644
--- a/sources
+++ b/sources
@@ -0,0 +1 @@
+23432f342902b13db26b03b0784b8831 xmlrpc-1.2-b1-src.tar.gz
diff --git a/xmlrpc.spec b/xmlrpc.spec
new file mode 100644
index 0000000..3b0a665
--- /dev/null
+++ b/xmlrpc.spec
@@ -0,0 +1,149 @@
+# Copyright (c) 2000-2005, JPackage Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the
+# distribution.
+# 3. Neither the name of the JPackage Project nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+%define name xmlrpc
+%define version 1.2
+%define release 0.b1.4jpp
+%define section free
+
+Name: %{name}
+Version: %{version}
+Release: %{release}
+Epoch: 0
+Summary: Java XML-RPC implementation
+License: Apache Software License
+Group: Development/Java
+Url: http://xml.apache.org/%{name}/
+Source0: http://xml.apache.org/dist/xmlrpc/release/v1.2-b1/xmlrpc-1.2-b1-src.tar.gz
+Requires: servletapi4
+Requires: xerces-j2
+BuildRequires: ant
+BuildRequires: jpackage-utils >= 0:1.5
+BuildRequires: servletapi4
+BuildRequires: xerces-j2
+Buildarch: noarch
+Buildroot: %{_tmppath}/%{name}-%{version}-buildroot
+Distribution: JPackage
+Vendor: JPackage Project
+
+%description
+Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol
+that uses XML over HTTP to implement remote procedure calls.
+Apache XML-RPC was previously known as Helma XML-RPC. If you have code
+using the Helma library, all you should have to do is change the import
+statements in your code from helma.xmlrpc.* to org.apache.xmlrpc.*.
+
+%package javadoc
+Summary: Javadoc for %{name}
+Group: Development/Java
+
+%description javadoc
+Javadoc for %{name}.
+
+%prep
+%setup -q -n %{name}-%{version}-b1
+# remove all binary libs
+find . -name "*.jar" -exec rm -f {} \;
+
+%build
+export CLASSPATH=%(build-classpath jsse servletapi4 xerces-j2 2>/dev/null)
+ant -Dbuild.dir=./bin -Dbuild.dest=./bin -Dsrc.dir=./src -Dfinal.name=%{name}-%{version} -Djavadoc.destdir=./docs/apidocs jar
+ant -Dbuild.dir=./bin -Dbuild.dest=./bin -Dsrc.dir=./src -Dfinal.name=%{name}-%{version} -Djavadoc.destdir=./docs/apidocs javadocs
+
+%install
+rm -rf $RPM_BUILD_ROOT
+
+# jars
+install -d -m 755 $RPM_BUILD_ROOT%{_javadir}
+install -m 644 bin/%{name}-%{version}.jar $RPM_BUILD_ROOT%{_javadir}/%{name}-%{version}.jar
+install -m 644 bin/%{name}-%{version}-applet.jar $RPM_BUILD_ROOT%{_javadir}/%{name}-applet-%{version}.jar
+(cd $RPM_BUILD_ROOT%{_javadir} && for jar in *-%{version}*; do \
+ln -sf ${jar} ${jar/-%{version}/}; done)
+
+# javadoc
+install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
+cp -pr docs/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post javadoc
+rm -f %{_javadocdir}/%{name}
+ln -s %{name}-%{version} %{_javadocdir}/%{name}
+
+%postun javadoc
+if [ "$1" = "0" ]; then
+ rm -f %{_javadocdir}/%{name}
+fi
+
+%files
+%defattr(0644,root,root,0755)
+%doc LICENSE.txt README.txt
+%{_javadir}/*
+
+%files javadoc
+%defattr(0644,root,root,0755)
+%{_javadocdir}/%{name}-%{version}
+
+%changelog
+* Thu Jan 05 2006 Fernando Nasser <fnasser(a)redhat.com> 0:1.2-0.b1.4jpp
+- First JPP 1.7 build
+
+* Thu Aug 26 2004 Ralph Apel <r.apel at r-apel.de> 0:1.2-0.b1.3jpp
+- Build with ant-1.6.2
+
+* Thu Apr 29 2004 David Walluck <david(a)jpackage.org> 0:1.2-0.b1.2jpp
+- add jar symlinks
+- remove %%buildroot in %%install
+
+* Tue May 06 2003 David Walluck <david(a)anti-microsoft.org> 0:1.2-0.b1.1jpp
+- 1.2-b1
+- update for JPackage 1.5
+
+* Mon Mar 18 2002 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.1-1jpp
+- 1.1
+- generic servlet support
+- used source release
+- dropped patch
+- added applet jar
+
+* Mon Jan 21 2002 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-3jpp
+- versioned dir for javadoc
+- no dependencies for javadoc package
+- dropped jsse package
+- adaptation to new servlet3 package
+- adaptation to new jsse package
+- section macro
+
+* Fri Dec 7 2001 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-2jpp
+- javadoc into javadoc package
+
+* Sat Nov 3 2001 Guillaume Rousse <guillomovitch(a)users.sourceforge.net> 1.0-1jpp
+- first JPackage release
4 years, 1 month
Architecture specific change in rpms/netty.git
by githook-noreply@fedoraproject.org
The package rpms/netty.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/netty.git/commit/?id=2be698f2ec0a....
Change:
-%ifarch %{arm}
Thanks.
Full change:
============
commit 2be698f2ec0aa74a1c301c897ec262fc8663249c
Author: Miro Hronok <miro(a)hroncok.cz>
Date: Wed Apr 1 17:30:08 2020 +0200
Orphaned for 6+ weeks
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 859e799..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-/netty-4.0.42.Final.tar.gz
-/netty-4.1.13.Final.tar.gz
diff --git a/0001-Remove-OpenSSL-parts-depending-on-tcnative.patch b/0001-Remove-OpenSSL-parts-depending-on-tcnative.patch
deleted file mode 100644
index aee0650..0000000
--- a/0001-Remove-OpenSSL-parts-depending-on-tcnative.patch
+++ /dev/null
@@ -1,8985 +0,0 @@
-From 39b320920d3473d8cbc94d4a35dad37fa236e278 Mon Sep 17 00:00:00 2001
-From: Severin Gehwolf <sgehwolf(a)redhat.com>
-Date: Thu, 20 Oct 2016 15:54:52 +0200
-Subject: [PATCH 1/3] Remove OpenSSL parts depending on tcnative.
-
----
- handler/pom.xml | 6 -
- .../main/java/io/netty/handler/ssl/OpenSsl.java | 503 -----
- .../handler/ssl/OpenSslCertificateException.java | 79 -
- .../io/netty/handler/ssl/OpenSslClientContext.java | 211 --
- .../java/io/netty/handler/ssl/OpenSslContext.java | 58 -
- .../java/io/netty/handler/ssl/OpenSslEngine.java | 40 -
- .../io/netty/handler/ssl/OpenSslEngineMap.java | 35 -
- .../ssl/OpenSslExtendedKeyMaterialManager.java | 40 -
- .../handler/ssl/OpenSslKeyMaterialManager.java | 179 --
- .../io/netty/handler/ssl/OpenSslServerContext.java | 373 ----
- .../handler/ssl/OpenSslServerSessionContext.java | 124 --
- .../netty/handler/ssl/OpenSslSessionContext.java | 137 --
- .../io/netty/handler/ssl/OpenSslSessionStats.java | 253 ---
- .../netty/handler/ssl/OpenSslSessionTicketKey.java | 78 -
- .../ssl/ReferenceCountedOpenSslClientContext.java | 298 ---
- .../ssl/ReferenceCountedOpenSslContext.java | 867 ---------
- .../handler/ssl/ReferenceCountedOpenSslEngine.java | 2037 --------------------
- .../ssl/ReferenceCountedOpenSslServerContext.java | 239 ---
- .../main/java/io/netty/handler/ssl/SslContext.java | 30 +-
- .../main/java/io/netty/handler/ssl/SslHandler.java | 47 +-
- .../netty/handler/ssl/ocsp/OcspClientHandler.java | 65 -
- .../io/netty/handler/ssl/ocsp/package-info.java | 23 -
- .../handler/ssl/JdkOpenSslEngineInteroptTest.java | 108 --
- .../ssl/OpenSslCertificateExceptionTest.java | 49 -
- .../handler/ssl/OpenSslClientContextTest.java | 38 -
- .../io/netty/handler/ssl/OpenSslEngineTest.java | 661 -------
- .../ssl/OpenSslJdkSslEngineInteroptTest.java | 114 --
- .../ssl/OpenSslRenegotiateSmallBIOTest.java | 23 -
- .../netty/handler/ssl/OpenSslRenegotiateTest.java | 36 -
- .../handler/ssl/OpenSslServerContextTest.java | 39 -
- .../io/netty/handler/ssl/OpenSslTestUtils.java | 27 -
- .../java/io/netty/handler/ssl/PemEncodedTest.java | 95 -
- .../ssl/ReferenceCountedOpenSslEngineTest.java | 57 -
- .../java/io/netty/handler/ssl/SniClientTest.java | 161 --
- .../java/io/netty/handler/ssl/SniHandlerTest.java | 496 -----
- .../netty/handler/ssl/SslContextBuilderTest.java | 132 --
- .../java/io/netty/handler/ssl/SslErrorTest.java | 255 ---
- .../java/io/netty/handler/ssl/SslHandlerTest.java | 58 +-
- .../java/io/netty/handler/ssl/ocsp/OcspTest.java | 501 -----
- 39 files changed, 10 insertions(+), 8562 deletions(-)
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSsl.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslCertificateException.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslContext.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslEngine.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslEngineMap.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslExtendedKeyMaterialManager.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslKeyMaterialManager.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslServerSessionContext.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslSessionContext.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslSessionStats.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslSessionTicketKey.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslContext.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslServerContext.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/ocsp/OcspClientHandler.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/ocsp/package-info.java
- delete mode 100644 handler/src/test/java/io/netty/handler/ssl/JdkOpenSslEngineInteroptTest.java
- delete mode 100644 handler/src/test/java/io/netty/handler/ssl/OpenSslCertificateExceptionTest.java
- delete mode 100644 handler/src/test/java/io/netty/handler/ssl/OpenSslClientContextTest.java
- delete mode 100644 handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java
- delete mode 100644 handler/src/test/java/io/netty/handler/ssl/OpenSslJdkSslEngineInteroptTest.java
- delete mode 100644 handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateSmallBIOTest.java
- delete mode 100644 handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateTest.java
- delete mode 100644 handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java
- delete mode 100644 handler/src/test/java/io/netty/handler/ssl/OpenSslTestUtils.java
- delete mode 100644 handler/src/test/java/io/netty/handler/ssl/PemEncodedTest.java
- delete mode 100644 handler/src/test/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngineTest.java
- delete mode 100644 handler/src/test/java/io/netty/handler/ssl/SniClientTest.java
- delete mode 100644 handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java
- delete mode 100644 handler/src/test/java/io/netty/handler/ssl/SslContextBuilderTest.java
- delete mode 100644 handler/src/test/java/io/netty/handler/ssl/SslErrorTest.java
- delete mode 100644 handler/src/test/java/io/netty/handler/ssl/ocsp/OcspTest.java
-
-diff --git a/handler/pom.xml b/handler/pom.xml
-index 7535c45..d0ed1bc 100644
---- a/handler/pom.xml
-+++ b/handler/pom.xml
-@@ -50,12 +50,6 @@
- <version>${project.version}</version>
- </dependency>
- <dependency>
-- <groupId>${project.groupId}</groupId>
-- <artifactId>${tcnative.artifactId}</artifactId>
-- <classifier>${tcnative.classifier}</classifier>
-- <optional>true</optional>
-- </dependency>
-- <dependency>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
- <optional>true</optional>
-diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSsl.java b/handler/src/main/java/io/netty/handler/ssl/OpenSsl.java
-deleted file mode 100644
-index d2f091a..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/OpenSsl.java
-+++ /dev/null
-@@ -1,503 +0,0 @@
--/*
-- * Copyright 2014 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--
--package io.netty.handler.ssl;
--
--import io.netty.buffer.ByteBuf;
--import io.netty.handler.ssl.util.SelfSignedCertificate;
--import io.netty.util.ReferenceCountUtil;
--import io.netty.util.ReferenceCounted;
--import io.netty.util.internal.NativeLibraryLoader;
--import io.netty.util.internal.SystemPropertyUtil;
--import io.netty.util.internal.logging.InternalLogger;
--import io.netty.util.internal.logging.InternalLoggerFactory;
--import io.netty.internal.tcnative.Buffer;
--import io.netty.internal.tcnative.Library;
--import io.netty.internal.tcnative.SSL;
--import io.netty.internal.tcnative.SSLContext;
--
--import java.security.AccessController;
--import java.security.PrivilegedAction;
--import java.util.Collections;
--import java.util.LinkedHashSet;
--import java.util.Locale;
--import java.util.Set;
--
--/**
-- * Tells if <a href="http://netty.io/wiki/forked-tomcat-native.html">{@code netty-tcnative}</a> and its OpenSSL support
-- * are available.
-- */
--public final class OpenSsl {
--
-- private static final InternalLogger logger = InternalLoggerFactory.getInstance(OpenSsl.class);
-- private static final String LINUX = "linux";
-- private static final String UNKNOWN = "unknown";
-- private static final Throwable UNAVAILABILITY_CAUSE;
--
-- static final Set<String> AVAILABLE_CIPHER_SUITES;
-- private static final Set<String> AVAILABLE_OPENSSL_CIPHER_SUITES;
-- private static final Set<String> AVAILABLE_JAVA_CIPHER_SUITES;
-- private static final boolean SUPPORTS_KEYMANAGER_FACTORY;
-- private static final boolean SUPPORTS_HOSTNAME_VALIDATION;
-- private static final boolean USE_KEYMANAGER_FACTORY;
-- private static final boolean SUPPORTS_OCSP;
--
-- // Protocols
-- static final String PROTOCOL_SSL_V2_HELLO = "SSLv2Hello";
-- static final String PROTOCOL_SSL_V2 = "SSLv2";
-- static final String PROTOCOL_SSL_V3 = "SSLv3";
-- static final String PROTOCOL_TLS_V1 = "TLSv1";
-- static final String PROTOCOL_TLS_V1_1 = "TLSv1.1";
-- static final String PROTOCOL_TLS_V1_2 = "TLSv1.2";
--
-- static final Set<String> SUPPORTED_PROTOCOLS_SET;
--
-- static {
-- Throwable cause = null;
--
-- // Test if netty-tcnative is in the classpath first.
-- try {
-- Class.forName("io.netty.internal.tcnative.SSL", false, OpenSsl.class.getClassLoader());
-- } catch (ClassNotFoundException t) {
-- cause = t;
-- logger.debug(
-- "netty-tcnative not in the classpath; " +
-- OpenSslEngine.class.getSimpleName() + " will be unavailable.");
-- }
--
-- // If in the classpath, try to load the native library and initialize netty-tcnative.
-- if (cause == null) {
-- try {
-- // The JNI library was not already loaded. Load it now.
-- loadTcNative();
-- } catch (Throwable t) {
-- cause = t;
-- logger.debug(
-- "Failed to load netty-tcnative; " +
-- OpenSslEngine.class.getSimpleName() + " will be unavailable, unless the " +
-- "application has already loaded the symbols by some other means. " +
-- "See http://netty.io/wiki/forked-tomcat-native.html for more information.", t);
-- }
--
-- try {
-- initializeTcNative();
--
-- // The library was initialized successfully. If loading the library failed above,
-- // reset the cause now since it appears that the library was loaded by some other
-- // means.
-- cause = null;
-- } catch (Throwable t) {
-- if (cause == null) {
-- cause = t;
-- }
-- logger.debug(
-- "Failed to initialize netty-tcnative; " +
-- OpenSslEngine.class.getSimpleName() + " will be unavailable. " +
-- "See http://netty.io/wiki/forked-tomcat-native.html for more information.", t);
-- }
-- }
--
-- UNAVAILABILITY_CAUSE = cause;
--
-- if (cause == null) {
-- logger.debug("netty-tcnative using native library: {}", SSL.versionString());
--
-- final Set<String> availableOpenSslCipherSuites = new LinkedHashSet<String>(128);
-- boolean supportsKeyManagerFactory = false;
-- boolean useKeyManagerFactory = false;
-- boolean supportsHostNameValidation = false;
-- try {
-- final long sslCtx = SSLContext.make(SSL.SSL_PROTOCOL_ALL, SSL.SSL_MODE_SERVER);
-- long certBio = 0;
-- SelfSignedCertificate cert = null;
-- try {
-- SSLContext.setCipherSuite(sslCtx, "ALL");
-- final long ssl = SSL.newSSL(sslCtx, true);
-- try {
-- for (String c: SSL.getCiphers(ssl)) {
-- // Filter out bad input.
-- if (c == null || c.isEmpty() || availableOpenSslCipherSuites.contains(c)) {
-- continue;
-- }
-- availableOpenSslCipherSuites.add(c);
-- }
-- try {
-- SSL.setHostNameValidation(ssl, 0, "netty.io");
-- supportsHostNameValidation = true;
-- } catch (Throwable ignore) {
-- logger.debug("Hostname Verification not supported.");
-- }
-- try {
-- cert = new SelfSignedCertificate();
-- certBio = ReferenceCountedOpenSslContext.toBIO(cert.cert());
-- SSL.setCertificateChainBio(ssl, certBio, false);
-- supportsKeyManagerFactory = true;
-- try {
-- useKeyManagerFactory = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
-- @Override
-- public Boolean run() {
-- return SystemPropertyUtil.getBoolean(
-- "io.netty.handler.ssl.openssl.useKeyManagerFactory", true);
-- }
-- });
-- } catch (Throwable ignore) {
-- logger.debug("Failed to get useKeyManagerFactory system property.");
-- }
-- } catch (Throwable ignore) {
-- logger.debug("KeyManagerFactory not supported.");
-- }
-- } finally {
-- SSL.freeSSL(ssl);
-- if (certBio != 0) {
-- SSL.freeBIO(certBio);
-- }
-- if (cert != null) {
-- cert.delete();
-- }
-- }
-- } finally {
-- SSLContext.free(sslCtx);
-- }
-- } catch (Exception e) {
-- logger.warn("Failed to get the list of available OpenSSL cipher suites.", e);
-- }
-- AVAILABLE_OPENSSL_CIPHER_SUITES = Collections.unmodifiableSet(availableOpenSslCipherSuites);
--
-- final Set<String> availableJavaCipherSuites = new LinkedHashSet<String>(
-- AVAILABLE_OPENSSL_CIPHER_SUITES.size() * 2);
-- for (String cipher: AVAILABLE_OPENSSL_CIPHER_SUITES) {
-- // Included converted but also openssl cipher name
-- availableJavaCipherSuites.add(CipherSuiteConverter.toJava(cipher, "TLS"));
-- availableJavaCipherSuites.add(CipherSuiteConverter.toJava(cipher, "SSL"));
-- }
-- AVAILABLE_JAVA_CIPHER_SUITES = Collections.unmodifiableSet(availableJavaCipherSuites);
--
-- final Set<String> availableCipherSuites = new LinkedHashSet<String>(
-- AVAILABLE_OPENSSL_CIPHER_SUITES.size() + AVAILABLE_JAVA_CIPHER_SUITES.size());
-- availableCipherSuites.addAll(AVAILABLE_OPENSSL_CIPHER_SUITES);
-- availableCipherSuites.addAll(AVAILABLE_JAVA_CIPHER_SUITES);
--
-- AVAILABLE_CIPHER_SUITES = availableCipherSuites;
-- SUPPORTS_KEYMANAGER_FACTORY = supportsKeyManagerFactory;
-- SUPPORTS_HOSTNAME_VALIDATION = supportsHostNameValidation;
-- USE_KEYMANAGER_FACTORY = useKeyManagerFactory;
--
-- Set<String> protocols = new LinkedHashSet<String>(6);
-- // Seems like there is no way to explicitly disable SSLv2Hello in openssl so it is always enabled
-- protocols.add(PROTOCOL_SSL_V2_HELLO);
-- if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV2)) {
-- protocols.add(PROTOCOL_SSL_V2);
-- }
-- if (doesSupportProtocol(SSL.SSL_PROTOCOL_SSLV3)) {
-- protocols.add(PROTOCOL_SSL_V3);
-- }
-- if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1)) {
-- protocols.add(PROTOCOL_TLS_V1);
-- }
-- if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_1)) {
-- protocols.add(PROTOCOL_TLS_V1_1);
-- }
-- if (doesSupportProtocol(SSL.SSL_PROTOCOL_TLSV1_2)) {
-- protocols.add(PROTOCOL_TLS_V1_2);
-- }
--
-- SUPPORTED_PROTOCOLS_SET = Collections.unmodifiableSet(protocols);
-- SUPPORTS_OCSP = doesSupportOcsp();
-- } else {
-- AVAILABLE_OPENSSL_CIPHER_SUITES = Collections.emptySet();
-- AVAILABLE_JAVA_CIPHER_SUITES = Collections.emptySet();
-- AVAILABLE_CIPHER_SUITES = Collections.emptySet();
-- SUPPORTS_KEYMANAGER_FACTORY = false;
-- SUPPORTS_HOSTNAME_VALIDATION = false;
-- USE_KEYMANAGER_FACTORY = false;
-- SUPPORTED_PROTOCOLS_SET = Collections.emptySet();
-- SUPPORTS_OCSP = false;
-- }
-- }
--
-- private static boolean doesSupportOcsp() {
-- boolean supportsOcsp = false;
-- if (version() >= 0x10002000L) {
-- long sslCtx = -1;
-- try {
-- sslCtx = SSLContext.make(SSL.SSL_PROTOCOL_TLSV1_2, SSL.SSL_MODE_SERVER);
-- SSLContext.enableOcsp(sslCtx, false);
-- supportsOcsp = true;
-- } catch (Exception ignore) {
-- // ignore
-- } finally {
-- if (sslCtx != -1) {
-- SSLContext.free(sslCtx);
-- }
-- }
-- }
-- return supportsOcsp;
-- }
-- private static boolean doesSupportProtocol(int protocol) {
-- long sslCtx = -1;
-- try {
-- sslCtx = SSLContext.make(protocol, SSL.SSL_MODE_COMBINED);
-- return true;
-- } catch (Exception ignore) {
-- return false;
-- } finally {
-- if (sslCtx != -1) {
-- SSLContext.free(sslCtx);
-- }
-- }
-- }
--
-- /**
-- * Returns {@code true} if and only if
-- * <a href="http://netty.io/wiki/forked-tomcat-native.html">{@code netty-tcnative}</a> and its OpenSSL support
-- * are available.
-- */
-- public static boolean isAvailable() {
-- return UNAVAILABILITY_CAUSE == null;
-- }
--
-- /**
-- * Returns {@code true} if the used version of openssl supports
-- * <a href="https://tools.ietf.org/html/rfc7301">ALPN</a>.
-- */
-- public static boolean isAlpnSupported() {
-- return version() >= 0x10002000L;
-- }
--
-- /**
-- * Returns {@code true} if the used version of OpenSSL supports OCSP stapling.
-- */
-- public static boolean isOcspSupported() {
-- return SUPPORTS_OCSP;
-- }
--
-- /**
-- * Returns the version of the used available OpenSSL library or {@code -1} if {@link #isAvailable()}
-- * returns {@code false}.
-- */
-- public static int version() {
-- return isAvailable() ? SSL.version() : -1;
-- }
--
-- /**
-- * Returns the version string of the used available OpenSSL library or {@code null} if {@link #isAvailable()}
-- * returns {@code false}.
-- */
-- public static String versionString() {
-- return isAvailable() ? SSL.versionString() : null;
-- }
--
-- /**
-- * Ensure that <a href="http://netty.io/wiki/forked-tomcat-native.html">{@code netty-tcnative}</a> and
-- * its OpenSSL support are available.
-- *
-- * @throws UnsatisfiedLinkError if unavailable
-- */
-- public static void ensureAvailability() {
-- if (UNAVAILABILITY_CAUSE != null) {
-- throw (Error) new UnsatisfiedLinkError(
-- "failed to load the required native library").initCause(UNAVAILABILITY_CAUSE);
-- }
-- }
--
-- /**
-- * Returns the cause of unavailability of
-- * <a href="http://netty.io/wiki/forked-tomcat-native.html">{@code netty-tcnative}</a> and its OpenSSL support.
-- *
-- * @return the cause if unavailable. {@code null} if available.
-- */
-- public static Throwable unavailabilityCause() {
-- return UNAVAILABILITY_CAUSE;
-- }
--
-- /**
-- * @deprecated use {@link #availableOpenSslCipherSuites()}
-- */
-- @Deprecated
-- public static Set<String> availableCipherSuites() {
-- return availableOpenSslCipherSuites();
-- }
--
-- /**
-- * Returns all the available OpenSSL cipher suites.
-- * Please note that the returned array may include the cipher suites that are insecure or non-functional.
-- */
-- public static Set<String> availableOpenSslCipherSuites() {
-- return AVAILABLE_OPENSSL_CIPHER_SUITES;
-- }
--
-- /**
-- * Returns all the available cipher suites (Java-style).
-- * Please note that the returned array may include the cipher suites that are insecure or non-functional.
-- */
-- public static Set<String> availableJavaCipherSuites() {
-- return AVAILABLE_JAVA_CIPHER_SUITES;
-- }
--
-- /**
-- * Returns {@code true} if and only if the specified cipher suite is available in OpenSSL.
-- * Both Java-style cipher suite and OpenSSL-style cipher suite are accepted.
-- */
-- public static boolean isCipherSuiteAvailable(String cipherSuite) {
-- String converted = CipherSuiteConverter.toOpenSsl(cipherSuite);
-- if (converted != null) {
-- cipherSuite = converted;
-- }
-- return AVAILABLE_OPENSSL_CIPHER_SUITES.contains(cipherSuite);
-- }
--
-- /**
-- * Returns {@code true} if {@link javax.net.ssl.KeyManagerFactory} is supported when using OpenSSL.
-- */
-- public static boolean supportsKeyManagerFactory() {
-- return SUPPORTS_KEYMANAGER_FACTORY;
-- }
--
-- /**
-- * Returns {@code true} if <a href="https://wiki.openssl.org/index.php/Hostname_validation">Hostname Validation</a>
-- * is supported when using OpenSSL.
-- */
-- public static boolean supportsHostnameValidation() {
-- return SUPPORTS_HOSTNAME_VALIDATION;
-- }
--
-- static boolean useKeyManagerFactory() {
-- return USE_KEYMANAGER_FACTORY;
-- }
--
-- static long memoryAddress(ByteBuf buf) {
-- assert buf.isDirect();
-- return buf.hasMemoryAddress() ? buf.memoryAddress() : Buffer.address(buf.nioBuffer());
-- }
--
-- private OpenSsl() { }
--
-- private static void loadTcNative() throws Exception {
-- String os = normalizeOs(SystemPropertyUtil.get("os.name", ""));
-- String arch = normalizeArch(SystemPropertyUtil.get("os.arch", ""));
--
-- Set<String> libNames = new LinkedHashSet<String>(4);
-- // First, try loading the platform-specific library. Platform-specific
-- // libraries will be available if using a tcnative uber jar.
-- libNames.add("netty-tcnative-" + os + '-' + arch);
-- if (LINUX.equalsIgnoreCase(os)) {
-- // Fedora SSL lib so naming (libssl.so.10 vs libssl.so.1.0.0)..
-- libNames.add("netty-tcnative-" + os + '-' + arch + "-fedora");
-- }
-- // finally the default library.
-- libNames.add("netty-tcnative");
-- // in Java 8, statically compiled JNI code is namespaced
-- libNames.add("netty_tcnative");
--
-- NativeLibraryLoader.loadFirstAvailable(SSL.class.getClassLoader(),
-- libNames.toArray(new String[libNames.size()]));
-- }
--
-- private static boolean initializeTcNative() throws Exception {
-- return Library.initialize();
-- }
--
-- private static String normalizeOs(String value) {
-- value = normalize(value);
-- if (value.startsWith("aix")) {
-- return "aix";
-- }
-- if (value.startsWith("hpux")) {
-- return "hpux";
-- }
-- if (value.startsWith("os400")) {
-- // Avoid the names such as os4000
-- if (value.length() <= 5 || !Character.isDigit(value.charAt(5))) {
-- return "os400";
-- }
-- }
-- if (value.startsWith(LINUX)) {
-- return LINUX;
-- }
-- if (value.startsWith("macosx") || value.startsWith("osx")) {
-- return "osx";
-- }
-- if (value.startsWith("freebsd")) {
-- return "freebsd";
-- }
-- if (value.startsWith("openbsd")) {
-- return "openbsd";
-- }
-- if (value.startsWith("netbsd")) {
-- return "netbsd";
-- }
-- if (value.startsWith("solaris") || value.startsWith("sunos")) {
-- return "sunos";
-- }
-- if (value.startsWith("windows")) {
-- return "windows";
-- }
--
-- return UNKNOWN;
-- }
--
-- private static String normalizeArch(String value) {
-- value = normalize(value);
-- if (value.matches("^(x8664|amd64|ia32e|em64t|x64)$")) {
-- return "x86_64";
-- }
-- if (value.matches("^(x8632|x86|i[3-6]86|ia32|x32)$")) {
-- return "x86_32";
-- }
-- if (value.matches("^(ia64|itanium64)$")) {
-- return "itanium_64";
-- }
-- if (value.matches("^(sparc|sparc32)$")) {
-- return "sparc_32";
-- }
-- if (value.matches("^(sparcv9|sparc64)$")) {
-- return "sparc_64";
-- }
-- if (value.matches("^(arm|arm32)$")) {
-- return "arm_32";
-- }
-- if ("aarch64".equals(value)) {
-- return "aarch_64";
-- }
-- if (value.matches("^(ppc|ppc32)$")) {
-- return "ppc_32";
-- }
-- if ("ppc64".equals(value)) {
-- return "ppc_64";
-- }
-- if ("ppc64le".equals(value)) {
-- return "ppcle_64";
-- }
-- if ("s390".equals(value)) {
-- return "s390_32";
-- }
-- if ("s390x".equals(value)) {
-- return "s390_64";
-- }
--
-- return UNKNOWN;
-- }
--
-- private static String normalize(String value) {
-- return value.toLowerCase(Locale.US).replaceAll("[^a-z0-9]+", "");
-- }
--
-- static void releaseIfNeeded(ReferenceCounted counted) {
-- if (counted.refCnt() > 0) {
-- ReferenceCountUtil.safeRelease(counted);
-- }
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslCertificateException.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslCertificateException.java
-deleted file mode 100644
-index 4672d00..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/OpenSslCertificateException.java
-+++ /dev/null
-@@ -1,79 +0,0 @@
--/*
-- * Copyright 2016 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import io.netty.internal.tcnative.CertificateVerifier;
--
--import java.security.cert.CertificateException;
--
--/**
-- * A special {@link CertificateException} which allows to specify which error code is included in the
-- * SSL Record. This only work when {@link SslProvider#OPENSSL} or {@link SslProvider#OPENSSL_REFCNT} is used.
-- */
--public final class OpenSslCertificateException extends CertificateException {
-- private static final long serialVersionUID = 5542675253797129798L;
--
-- private final int errorCode;
--
-- /**
-- * Construct a new exception with the
-- * <a href="https://www.openssl.org/docs/manmaster/apps/verify.html">error code</a>.
-- */
-- public OpenSslCertificateException(int errorCode) {
-- this((String) null, errorCode);
-- }
--
-- /**
-- * Construct a new exception with the msg and
-- * <a href="https://www.openssl.org/docs/manmaster/apps/verify.html">error code</a> .
-- */
-- public OpenSslCertificateException(String msg, int errorCode) {
-- super(msg);
-- this.errorCode = checkErrorCode(errorCode);
-- }
--
-- /**
-- * Construct a new exception with the msg, cause and
-- * <a href="https://www.openssl.org/docs/manmaster/apps/verify.html">error code</a> .
-- */
-- public OpenSslCertificateException(String message, Throwable cause, int errorCode) {
-- super(message, cause);
-- this.errorCode = checkErrorCode(errorCode);
-- }
--
-- /**
-- * Construct a new exception with the cause and
-- * <a href="https://www.openssl.org/docs/manmaster/apps/verify.html">error code</a> .
-- */
-- public OpenSslCertificateException(Throwable cause, int errorCode) {
-- this(null, cause, errorCode);
-- }
--
-- /**
-- * Return the <a href="https://www.openssl.org/docs/man1.0.2/apps/verify.html">error code</a> to use.
-- */
-- public int errorCode() {
-- return errorCode;
-- }
--
-- private static int checkErrorCode(int errorCode) {
-- if (!CertificateVerifier.isValid(errorCode)) {
-- throw new IllegalArgumentException("errorCode '" + errorCode +
-- "' invalid, see https://www.openssl.org/docs/man1.0.2/apps/verify.html.");
-- }
-- return errorCode;
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java
-deleted file mode 100644
-index 46412e9..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java
-+++ /dev/null
-@@ -1,211 +0,0 @@
--/*
-- * Copyright 2014 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import io.netty.internal.tcnative.SSL;
--
--import java.io.File;
--import java.security.PrivateKey;
--import java.security.cert.X509Certificate;
--
--import javax.net.ssl.KeyManagerFactory;
--import javax.net.ssl.SSLException;
--import javax.net.ssl.TrustManager;
--import javax.net.ssl.TrustManagerFactory;
--
--import static io.netty.handler.ssl.ReferenceCountedOpenSslClientContext.newSessionContext;
--
--/**
-- * A client-side {@link SslContext} which uses OpenSSL's SSL/TLS implementation.
-- * <p>This class will use a finalizer to ensure native resources are automatically cleaned up. To avoid finalizers
-- * and manually release the native memory see {@link ReferenceCountedOpenSslClientContext}.
-- */
--public final class OpenSslClientContext extends OpenSslContext {
-- private final OpenSslSessionContext sessionContext;
--
-- /**
-- * Creates a new instance.
-- * @deprecated use {@link SslContextBuilder}
-- */
-- @Deprecated
-- public OpenSslClientContext() throws SSLException {
-- this((File) null, null, null, null, null, null, null, IdentityCipherSuiteFilter.INSTANCE, null, 0, 0);
-- }
--
-- /**
-- * Creates a new instance.
-- *
-- * @param certChainFile an X.509 certificate chain file in PEM format.
-- * {@code null} to use the system default
-- * @deprecated use {@link SslContextBuilder}
-- */
-- @Deprecated
-- public OpenSslClientContext(File certChainFile) throws SSLException {
-- this(certChainFile, null);
-- }
--
-- /**
-- * Creates a new instance.
-- *
-- * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
-- * that verifies the certificates sent from servers.
-- * {@code null} to use the default.
-- * @deprecated use {@link SslContextBuilder}
-- */
-- @Deprecated
-- public OpenSslClientContext(TrustManagerFactory trustManagerFactory) throws SSLException {
-- this(null, trustManagerFactory);
-- }
--
-- /**
-- * Creates a new instance.
-- *
-- * @param certChainFile an X.509 certificate chain file in PEM format.
-- * {@code null} to use the system default
-- * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
-- * that verifies the certificates sent from servers.
-- * {@code null} to use the default.
-- * @deprecated use {@link SslContextBuilder}
-- */
-- @Deprecated
-- public OpenSslClientContext(File certChainFile, TrustManagerFactory trustManagerFactory) throws SSLException {
-- this(certChainFile, trustManagerFactory, null, null, null, null, null,
-- IdentityCipherSuiteFilter.INSTANCE, null, 0, 0);
-- }
--
-- /**
-- * Creates a new instance.
-- *
-- * @param certChainFile an X.509 certificate chain file in PEM format
-- * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
-- * that verifies the certificates sent from servers.
-- * {@code null} to use the default..
-- * @param ciphers the cipher suites to enable, in the order of preference.
-- * {@code null} to use the default cipher suites.
-- * @param apn Provides a means to configure parameters related to application protocol negotiation.
-- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
-- * {@code 0} to use the default value.
-- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
-- * {@code 0} to use the default value.
-- * @deprecated use {@link SslContextBuilder}
-- */
-- @Deprecated
-- public OpenSslClientContext(File certChainFile, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers,
-- ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout)
-- throws SSLException {
-- this(certChainFile, trustManagerFactory, null, null, null, null, ciphers, IdentityCipherSuiteFilter.INSTANCE,
-- apn, sessionCacheSize, sessionTimeout);
-- }
--
-- /**
-- * Creates a new instance.
-- *
-- * @param certChainFile an X.509 certificate chain file in PEM format
-- * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
-- * that verifies the certificates sent from servers.
-- * {@code null} to use the default..
-- * @param ciphers the cipher suites to enable, in the order of preference.
-- * {@code null} to use the default cipher suites.
-- * @param cipherFilter a filter to apply over the supplied list of ciphers
-- * @param apn Provides a means to configure parameters related to application protocol negotiation.
-- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
-- * {@code 0} to use the default value.
-- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
-- * {@code 0} to use the default value.
-- * @deprecated use {@link SslContextBuilder}
-- */
-- @Deprecated
-- public OpenSslClientContext(File certChainFile, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers,
-- CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
-- long sessionCacheSize, long sessionTimeout) throws SSLException {
-- this(certChainFile, trustManagerFactory, null, null, null, null,
-- ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout);
-- }
--
-- /**
-- * Creates a new instance.
-- * @param trustCertCollectionFile an X.509 certificate collection file in PEM format.
-- * {@code null} to use the system default
-- * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
-- * that verifies the certificates sent from servers.
-- * {@code null} to use the default or the results of parsing
-- * {@code trustCertCollectionFile}
-- * @param keyCertChainFile an X.509 certificate chain file in PEM format.
-- * This provides the public key for mutual authentication.
-- * {@code null} to use the system default
-- * @param keyFile a PKCS#8 private key file in PEM format.
-- * This provides the private key for mutual authentication.
-- * {@code null} for no mutual authentication.
-- * @param keyPassword the password of the {@code keyFile}.
-- * {@code null} if it's not password-protected.
-- * Ignored if {@code keyFile} is {@code null}.
-- * @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link javax.net.ssl.KeyManager}s
-- * that is used to encrypt data being sent to servers.
-- * {@code null} to use the default or the results of parsing
-- * {@code keyCertChainFile} and {@code keyFile}.
-- * @param ciphers the cipher suites to enable, in the order of preference.
-- * {@code null} to use the default cipher suites.
-- * @param cipherFilter a filter to apply over the supplied list of ciphers
-- * @param apn Application Protocol Negotiator object.
-- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
-- * {@code 0} to use the default value.
-- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
-- * {@code 0} to use the default value.
-- * @deprecated use {@link SslContextBuilder}
-- */
-- @Deprecated
-- public OpenSslClientContext(File trustCertCollectionFile, TrustManagerFactory trustManagerFactory,
-- File keyCertChainFile, File keyFile, String keyPassword,
-- KeyManagerFactory keyManagerFactory, Iterable<String> ciphers,
-- CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
-- long sessionCacheSize, long sessionTimeout)
-- throws SSLException {
-- this(toX509CertificatesInternal(trustCertCollectionFile), trustManagerFactory,
-- toX509CertificatesInternal(keyCertChainFile), toPrivateKeyInternal(keyFile, keyPassword),
-- keyPassword, keyManagerFactory, ciphers, cipherFilter, apn, null, sessionCacheSize,
-- sessionTimeout, false);
-- }
--
-- OpenSslClientContext(X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
-- X509Certificate[] keyCertChain, PrivateKey key, String keyPassword,
-- KeyManagerFactory keyManagerFactory, Iterable<String> ciphers,
-- CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, String[] protocols,
-- long sessionCacheSize, long sessionTimeout, boolean enableOcsp)
-- throws SSLException {
-- super(ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout, SSL.SSL_MODE_CLIENT, keyCertChain,
-- ClientAuth.NONE, protocols, false, enableOcsp);
-- boolean success = false;
-- try {
-- sessionContext = newSessionContext(this, ctx, engineMap, trustCertCollection, trustManagerFactory,
-- keyCertChain, key, keyPassword, keyManagerFactory);
-- success = true;
-- } finally {
-- if (!success) {
-- release();
-- }
-- }
-- }
--
-- @Override
-- public OpenSslSessionContext sessionContext() {
-- return sessionContext;
-- }
--
-- @Override
-- OpenSslKeyMaterialManager keyMaterialManager() {
-- return null;
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslContext.java
-deleted file mode 100644
-index c4ca6b5..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/OpenSslContext.java
-+++ /dev/null
-@@ -1,58 +0,0 @@
--/*
-- * Copyright 2014 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import io.netty.buffer.ByteBufAllocator;
--
--import java.security.cert.Certificate;
--
--import javax.net.ssl.SSLEngine;
--import javax.net.ssl.SSLException;
--
--/**
-- * This class will use a finalizer to ensure native resources are automatically cleaned up. To avoid finalizers
-- * and manually release the native memory see {@link ReferenceCountedOpenSslContext}.
-- */
--public abstract class OpenSslContext extends ReferenceCountedOpenSslContext {
-- OpenSslContext(Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apnCfg,
-- long sessionCacheSize, long sessionTimeout, int mode, Certificate[] keyCertChain,
-- ClientAuth clientAuth, String[] protocols, boolean startTls, boolean enableOcsp)
-- throws SSLException {
-- super(ciphers, cipherFilter, apnCfg, sessionCacheSize, sessionTimeout, mode, keyCertChain,
-- clientAuth, protocols, startTls, enableOcsp, false);
-- }
--
-- OpenSslContext(Iterable<String> ciphers, CipherSuiteFilter cipherFilter,
-- OpenSslApplicationProtocolNegotiator apn, long sessionCacheSize,
-- long sessionTimeout, int mode, Certificate[] keyCertChain,
-- ClientAuth clientAuth, String[] protocols, boolean startTls,
-- boolean enableOcsp) throws SSLException {
-- super(ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout, mode, keyCertChain, clientAuth, protocols,
-- startTls, enableOcsp, false);
-- }
--
-- @Override
-- final SSLEngine newEngine0(ByteBufAllocator alloc, String peerHost, int peerPort) {
-- return new OpenSslEngine(this, alloc, peerHost, peerPort);
-- }
--
-- @Override
-- @SuppressWarnings("FinalizeDeclaration")
-- protected final void finalize() throws Throwable {
-- super.finalize();
-- OpenSsl.releaseIfNeeded(this);
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslEngine.java
-deleted file mode 100644
-index cbc7ee4..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/OpenSslEngine.java
-+++ /dev/null
-@@ -1,40 +0,0 @@
--/*
-- * Copyright 2014 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import io.netty.buffer.ByteBufAllocator;
--
--import javax.net.ssl.SSLEngine;
--
--/**
-- * Implements a {@link SSLEngine} using
-- * <a href="https://www.openssl.org/docs/crypto/BIO_s_bio.html#EXAMPLE">OpenSSL BIO abstractions</a>.
-- * <p>
-- * This class will use a finalizer to ensure native resources are automatically cleaned up. To avoid finalizers
-- * and manually release the native memory see {@link ReferenceCountedOpenSslEngine}.
-- */
--public final class OpenSslEngine extends ReferenceCountedOpenSslEngine {
-- OpenSslEngine(OpenSslContext context, ByteBufAllocator alloc, String peerHost, int peerPort) {
-- super(context, alloc, peerHost, peerPort, false);
-- }
--
-- @Override
-- @SuppressWarnings("FinalizeDeclaration")
-- protected void finalize() throws Throwable {
-- super.finalize();
-- OpenSsl.releaseIfNeeded(this);
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslEngineMap.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslEngineMap.java
-deleted file mode 100644
-index 02131b4..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/OpenSslEngineMap.java
-+++ /dev/null
-@@ -1,35 +0,0 @@
--/*
-- * Copyright 2014 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--interface OpenSslEngineMap {
--
-- /**
-- * Remove the {@link OpenSslEngine} with the given {@code ssl} address and
-- * return it.
-- */
-- ReferenceCountedOpenSslEngine remove(long ssl);
--
-- /**
-- * Add a {@link OpenSslEngine} to this {@link OpenSslEngineMap}.
-- */
-- void add(ReferenceCountedOpenSslEngine engine);
--
-- /**
-- * Get the {@link OpenSslEngine} for the given {@code ssl} address.
-- */
-- ReferenceCountedOpenSslEngine get(long ssl);
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslExtendedKeyMaterialManager.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslExtendedKeyMaterialManager.java
-deleted file mode 100644
-index 38f6a7f..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/OpenSslExtendedKeyMaterialManager.java
-+++ /dev/null
-@@ -1,40 +0,0 @@
--/*
-- * Copyright 2016 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import javax.net.ssl.X509ExtendedKeyManager;
--import javax.security.auth.x500.X500Principal;
--
--final class OpenSslExtendedKeyMaterialManager extends OpenSslKeyMaterialManager {
--
-- private final X509ExtendedKeyManager keyManager;
--
-- OpenSslExtendedKeyMaterialManager(X509ExtendedKeyManager keyManager, String password) {
-- super(keyManager, password);
-- this.keyManager = keyManager;
-- }
--
-- @Override
-- protected String chooseClientAlias(ReferenceCountedOpenSslEngine engine, String[] keyTypes,
-- X500Principal[] issuer) {
-- return keyManager.chooseEngineClientAlias(keyTypes, issuer, engine);
-- }
--
-- @Override
-- protected String chooseServerAlias(ReferenceCountedOpenSslEngine engine, String type) {
-- return keyManager.chooseEngineServerAlias(type, null, engine);
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslKeyMaterialManager.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslKeyMaterialManager.java
-deleted file mode 100644
-index 2e48e8b..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/OpenSslKeyMaterialManager.java
-+++ /dev/null
-@@ -1,179 +0,0 @@
--/*
-- * Copyright 2016 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import io.netty.buffer.ByteBufAllocator;
--import io.netty.internal.tcnative.CertificateRequestedCallback;
--import io.netty.internal.tcnative.SSL;
--
--import javax.net.ssl.SSLException;
--import javax.net.ssl.X509KeyManager;
--import javax.security.auth.x500.X500Principal;
--import java.security.PrivateKey;
--import java.security.cert.X509Certificate;
--import java.util.HashMap;
--import java.util.HashSet;
--import java.util.Map;
--import java.util.Set;
--
--import static io.netty.handler.ssl.ReferenceCountedOpenSslContext.freeBio;
--import static io.netty.handler.ssl.ReferenceCountedOpenSslContext.toBIO;
--
--/**
-- * Manages key material for {@link OpenSslEngine}s and so set the right {@link PrivateKey}s and
-- * {@link X509Certificate}s.
-- */
--class OpenSslKeyMaterialManager {
--
-- // Code in this class is inspired by code of conscrypts:
-- // - https://android.googlesource.com/platform/external/
-- // conscrypt/+/master/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
-- // - https://android.googlesource.com/platform/external/
-- // conscrypt/+/master/src/main/java/org/conscrypt/SSLParametersImpl.java
-- //
-- static final String KEY_TYPE_RSA = "RSA";
-- static final String KEY_TYPE_DH_RSA = "DH_RSA";
-- static final String KEY_TYPE_EC = "EC";
-- static final String KEY_TYPE_EC_EC = "EC_EC";
-- static final String KEY_TYPE_EC_RSA = "EC_RSA";
--
-- // key type mappings for types.
-- private static final Map<String, String> KEY_TYPES = new HashMap<String, String>();
-- static {
-- KEY_TYPES.put("RSA", KEY_TYPE_RSA);
-- KEY_TYPES.put("DHE_RSA", KEY_TYPE_RSA);
-- KEY_TYPES.put("ECDHE_RSA", KEY_TYPE_RSA);
-- KEY_TYPES.put("ECDHE_ECDSA", KEY_TYPE_EC);
-- KEY_TYPES.put("ECDH_RSA", KEY_TYPE_EC_RSA);
-- KEY_TYPES.put("ECDH_ECDSA", KEY_TYPE_EC_EC);
-- KEY_TYPES.put("DH_RSA", KEY_TYPE_DH_RSA);
-- }
--
-- private final X509KeyManager keyManager;
-- private final String password;
--
-- OpenSslKeyMaterialManager(X509KeyManager keyManager, String password) {
-- this.keyManager = keyManager;
-- this.password = password;
-- }
--
-- void setKeyMaterial(ReferenceCountedOpenSslEngine engine) throws SSLException {
-- long ssl = engine.sslPointer();
-- String[] authMethods = SSL.authenticationMethods(ssl);
-- Set<String> aliases = new HashSet<String>(authMethods.length);
-- for (String authMethod : authMethods) {
-- String type = KEY_TYPES.get(authMethod);
-- if (type != null) {
-- String alias = chooseServerAlias(engine, type);
-- if (alias != null && aliases.add(alias)) {
-- setKeyMaterial(ssl, alias);
-- }
-- }
-- }
-- }
--
-- CertificateRequestedCallback.KeyMaterial keyMaterial(ReferenceCountedOpenSslEngine engine, String[] keyTypes,
-- X500Principal[] issuer) throws SSLException {
-- String alias = chooseClientAlias(engine, keyTypes, issuer);
-- long keyBio = 0;
-- long keyCertChainBio = 0;
-- long pkey = 0;
-- long certChain = 0;
--
-- try {
-- // TODO: Should we cache these and so not need to do a memory copy all the time ?
-- X509Certificate[] certificates = keyManager.getCertificateChain(alias);
-- if (certificates == null || certificates.length == 0) {
-- return null;
-- }
--
-- PrivateKey key = keyManager.getPrivateKey(alias);
-- keyCertChainBio = toBIO(certificates);
-- certChain = SSL.parseX509Chain(keyCertChainBio);
-- if (key != null) {
-- keyBio = toBIO(key);
-- pkey = SSL.parsePrivateKey(keyBio, password);
-- }
-- CertificateRequestedCallback.KeyMaterial material = new CertificateRequestedCallback.KeyMaterial(
-- certChain, pkey);
--
-- // Reset to 0 so we do not free these. This is needed as the client certificate callback takes ownership
-- // of both the key and the certificate if they are returned from this method, and thus must not
-- // be freed here.
-- certChain = pkey = 0;
-- return material;
-- } catch (SSLException e) {
-- throw e;
-- } catch (Exception e) {
-- throw new SSLException(e);
-- } finally {
-- freeBio(keyBio);
-- freeBio(keyCertChainBio);
-- SSL.freePrivateKey(pkey);
-- SSL.freeX509Chain(certChain);
-- }
-- }
--
-- private void setKeyMaterial(long ssl, String alias) throws SSLException {
-- long keyBio = 0;
-- long keyCertChainBio = 0;
-- long keyCertChainBio2 = 0;
--
-- try {
-- // TODO: Should we cache these and so not need to do a memory copy all the time ?
-- X509Certificate[] certificates = keyManager.getCertificateChain(alias);
-- if (certificates == null || certificates.length == 0) {
-- return;
-- }
--
-- PrivateKey key = keyManager.getPrivateKey(alias);
--
-- // Only encode one time
-- PemEncoded encoded = PemX509Certificate.toPEM(ByteBufAllocator.DEFAULT, true, certificates);
-- try {
-- keyCertChainBio = toBIO(ByteBufAllocator.DEFAULT, encoded.retain());
-- keyCertChainBio2 = toBIO(ByteBufAllocator.DEFAULT, encoded.retain());
--
-- if (key != null) {
-- keyBio = toBIO(key);
-- }
-- SSL.setCertificateBio(ssl, keyCertChainBio, keyBio, password);
--
-- // We may have more then one cert in the chain so add all of them now.
-- SSL.setCertificateChainBio(ssl, keyCertChainBio2, true);
-- } finally {
-- encoded.release();
-- }
-- } catch (SSLException e) {
-- throw e;
-- } catch (Exception e) {
-- throw new SSLException(e);
-- } finally {
-- freeBio(keyBio);
-- freeBio(keyCertChainBio);
-- freeBio(keyCertChainBio2);
-- }
-- }
--
-- protected String chooseClientAlias(@SuppressWarnings("unused") ReferenceCountedOpenSslEngine engine,
-- String[] keyTypes, X500Principal[] issuer) {
-- return keyManager.chooseClientAlias(keyTypes, issuer, null);
-- }
--
-- protected String chooseServerAlias(@SuppressWarnings("unused") ReferenceCountedOpenSslEngine engine, String type) {
-- return keyManager.chooseServerAlias(type, null, null);
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java
-deleted file mode 100644
-index f57434b..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java
-+++ /dev/null
-@@ -1,373 +0,0 @@
--/*
-- * Copyright 2014 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import io.netty.handler.ssl.ReferenceCountedOpenSslServerContext.ServerContext;
--import io.netty.internal.tcnative.SSL;
--
--import java.io.File;
--import java.security.PrivateKey;
--import java.security.cert.X509Certificate;
--
--import javax.net.ssl.KeyManager;
--import javax.net.ssl.KeyManagerFactory;
--import javax.net.ssl.SSLException;
--import javax.net.ssl.TrustManager;
--import javax.net.ssl.TrustManagerFactory;
--
--import static io.netty.handler.ssl.ReferenceCountedOpenSslServerContext.newSessionContext;
--
--/**
-- * A server-side {@link SslContext} which uses OpenSSL's SSL/TLS implementation.
-- * <p>This class will use a finalizer to ensure native resources are automatically cleaned up. To avoid finalizers
-- * and manually release the native memory see {@link ReferenceCountedOpenSslServerContext}.
-- */
--public final class OpenSslServerContext extends OpenSslContext {
-- private final OpenSslServerSessionContext sessionContext;
-- private final OpenSslKeyMaterialManager keyMaterialManager;
--
-- /**
-- * Creates a new instance.
-- *
-- * @param certChainFile an X.509 certificate chain file in PEM format
-- * @param keyFile a PKCS#8 private key file in PEM format
-- * @deprecated use {@link SslContextBuilder}
-- */
-- @Deprecated
-- public OpenSslServerContext(File certChainFile, File keyFile) throws SSLException {
-- this(certChainFile, keyFile, null);
-- }
--
-- /**
-- * Creates a new instance.
-- *
-- * @param certChainFile an X.509 certificate chain file in PEM format
-- * @param keyFile a PKCS#8 private key file in PEM format
-- * @param keyPassword the password of the {@code keyFile}.
-- * {@code null} if it's not password-protected.
-- * @deprecated use {@link SslContextBuilder}
-- */
-- @Deprecated
-- public OpenSslServerContext(File certChainFile, File keyFile, String keyPassword) throws SSLException {
-- this(certChainFile, keyFile, keyPassword, null, IdentityCipherSuiteFilter.INSTANCE,
-- ApplicationProtocolConfig.DISABLED, 0, 0);
-- }
--
-- /**
-- * Creates a new instance.
-- *
-- * @param certChainFile an X.509 certificate chain file in PEM format
-- * @param keyFile a PKCS#8 private key file in PEM format
-- * @param keyPassword the password of the {@code keyFile}.
-- * {@code null} if it's not password-protected.
-- * @param ciphers the cipher suites to enable, in the order of preference.
-- * {@code null} to use the default cipher suites.
-- * @param apn Provides a means to configure parameters related to application protocol negotiation.
-- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
-- * {@code 0} to use the default value.
-- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
-- * {@code 0} to use the default value.
-- * @deprecated use {@link SslContextBuilder}
-- */
-- @Deprecated
-- public OpenSslServerContext(
-- File certChainFile, File keyFile, String keyPassword,
-- Iterable<String> ciphers, ApplicationProtocolConfig apn,
-- long sessionCacheSize, long sessionTimeout) throws SSLException {
-- this(certChainFile, keyFile, keyPassword, ciphers, IdentityCipherSuiteFilter.INSTANCE,
-- apn, sessionCacheSize, sessionTimeout);
-- }
--
-- /**
-- * Creates a new instance.
-- *
-- * @param certChainFile an X.509 certificate chain file in PEM format
-- * @param keyFile a PKCS#8 private key file in PEM format
-- * @param keyPassword the password of the {@code keyFile}.
-- * {@code null} if it's not password-protected.
-- * @param ciphers the cipher suites to enable, in the order of preference.
-- * {@code null} to use the default cipher suites.
-- * @param nextProtocols the application layer protocols to accept, in the order of preference.
-- * {@code null} to disable TLS NPN/ALPN extension.
-- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
-- * {@code 0} to use the default value.
-- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
-- * {@code 0} to use the default value.
-- * @deprecated use {@link SslContextBuilder}
-- */
-- @Deprecated
-- public OpenSslServerContext(
-- File certChainFile, File keyFile, String keyPassword,
-- Iterable<String> ciphers, Iterable<String> nextProtocols,
-- long sessionCacheSize, long sessionTimeout) throws SSLException {
-- this(certChainFile, keyFile, keyPassword, ciphers,
-- toApplicationProtocolConfig(nextProtocols), sessionCacheSize, sessionTimeout);
-- }
--
-- /**
-- * Creates a new instance.
-- *
-- * @param certChainFile an X.509 certificate chain file in PEM format
-- * @param keyFile a PKCS#8 private key file in PEM format
-- * @param keyPassword the password of the {@code keyFile}.
-- * {@code null} if it's not password-protected.
-- * @param ciphers the cipher suites to enable, in the order of preference.
-- * {@code null} to use the default cipher suites.
-- * @param config Application protocol config.
-- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
-- * {@code 0} to use the default value.
-- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
-- * {@code 0} to use the default value.
-- * @deprecated use {@link SslContextBuilder}
-- */
-- @Deprecated
-- public OpenSslServerContext(
-- File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory,
-- Iterable<String> ciphers, ApplicationProtocolConfig config,
-- long sessionCacheSize, long sessionTimeout) throws SSLException {
-- this(certChainFile, keyFile, keyPassword, trustManagerFactory, ciphers,
-- toNegotiator(config), sessionCacheSize, sessionTimeout);
-- }
--
-- /**
-- * Creates a new instance.
-- *
-- * @param certChainFile an X.509 certificate chain file in PEM format
-- * @param keyFile a PKCS#8 private key file in PEM format
-- * @param keyPassword the password of the {@code keyFile}.
-- * {@code null} if it's not password-protected.
-- * @param ciphers the cipher suites to enable, in the order of preference.
-- * {@code null} to use the default cipher suites.
-- * @param apn Application protocol negotiator.
-- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
-- * {@code 0} to use the default value.
-- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
-- * {@code 0} to use the default value.
-- * @deprecated use {@link SslContextBuilder}
-- */
-- @Deprecated
-- public OpenSslServerContext(
-- File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory,
-- Iterable<String> ciphers, OpenSslApplicationProtocolNegotiator apn,
-- long sessionCacheSize, long sessionTimeout) throws SSLException {
-- this(null, trustManagerFactory, certChainFile, keyFile, keyPassword, null,
-- ciphers, null, apn, sessionCacheSize, sessionTimeout);
-- }
--
-- /**
-- * Creates a new instance.
-- *
-- * @param certChainFile an X.509 certificate chain file in PEM format
-- * @param keyFile a PKCS#8 private key file in PEM format
-- * @param keyPassword the password of the {@code keyFile}.
-- * {@code null} if it's not password-protected.
-- * @param ciphers the cipher suites to enable, in the order of preference.
-- * {@code null} to use the default cipher suites.
-- * @param cipherFilter a filter to apply over the supplied list of ciphers
-- * @param apn Provides a means to configure parameters related to application protocol negotiation.
-- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
-- * {@code 0} to use the default value.
-- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
-- * {@code 0} to use the default value.
-- * @deprecated use {@link SslContextBuilder}
-- */
-- @Deprecated
-- public OpenSslServerContext(
-- File certChainFile, File keyFile, String keyPassword,
-- Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
-- long sessionCacheSize, long sessionTimeout) throws SSLException {
-- this(null, null, certChainFile, keyFile, keyPassword, null,
-- ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout);
-- }
--
-- /**
-- * Creates a new instance.
-- *
-- * @param trustCertCollectionFile an X.509 certificate collection file in PEM format.
-- * This provides the certificate collection used for mutual authentication.
-- * {@code null} to use the system default
-- * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
-- * that verifies the certificates sent from clients.
-- * {@code null} to use the default or the results of parsing
-- * {@code trustCertCollectionFile}.
-- * @param keyCertChainFile an X.509 certificate chain file in PEM format
-- * @param keyFile a PKCS#8 private key file in PEM format
-- * @param keyPassword the password of the {@code keyFile}.
-- * {@code null} if it's not password-protected.
-- * @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link KeyManager}s
-- * that is used to encrypt data being sent to clients.
-- * {@code null} to use the default or the results of parsing
-- * {@code keyCertChainFile} and {@code keyFile}.
-- * @param ciphers the cipher suites to enable, in the order of preference.
-- * {@code null} to use the default cipher suites.
-- * @param cipherFilter a filter to apply over the supplied list of ciphers
-- * Only required if {@code provider} is {@link SslProvider#JDK}
-- * @param config Provides a means to configure parameters related to application protocol negotiation.
-- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
-- * {@code 0} to use the default value.
-- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
-- * {@code 0} to use the default value.
-- * @deprecated use {@link SslContextBuilder}
-- */
-- @Deprecated
-- public OpenSslServerContext(
-- File trustCertCollectionFile, TrustManagerFactory trustManagerFactory,
-- File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory,
-- Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig config,
-- long sessionCacheSize, long sessionTimeout) throws SSLException {
-- this(trustCertCollectionFile, trustManagerFactory, keyCertChainFile, keyFile, keyPassword, keyManagerFactory,
-- ciphers, cipherFilter, toNegotiator(config), sessionCacheSize, sessionTimeout);
-- }
--
-- /**
-- * Creates a new instance.
-- *
-- * @param certChainFile an X.509 certificate chain file in PEM format
-- * @param keyFile a PKCS#8 private key file in PEM format
-- * @param keyPassword the password of the {@code keyFile}.
-- * {@code null} if it's not password-protected.
-- * @param ciphers the cipher suites to enable, in the order of preference.
-- * {@code null} to use the default cipher suites.
-- * @param cipherFilter a filter to apply over the supplied list of ciphers
-- * @param config Application protocol config.
-- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
-- * {@code 0} to use the default value.
-- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
-- * {@code 0} to use the default value.
-- * @deprecated use {@link SslContextBuilder}
-- */
-- @Deprecated
-- public OpenSslServerContext(File certChainFile, File keyFile, String keyPassword,
-- TrustManagerFactory trustManagerFactory, Iterable<String> ciphers,
-- CipherSuiteFilter cipherFilter, ApplicationProtocolConfig config,
-- long sessionCacheSize, long sessionTimeout) throws SSLException {
-- this(null, trustManagerFactory, certChainFile, keyFile, keyPassword, null, ciphers, cipherFilter,
-- toNegotiator(config), sessionCacheSize, sessionTimeout);
-- }
--
-- /**
-- * Creates a new instance.
-- *
-- * @param certChainFile an X.509 certificate chain file in PEM format
-- * @param keyFile a PKCS#8 private key file in PEM format
-- * @param keyPassword the password of the {@code keyFile}.
-- * {@code null} if it's not password-protected.
-- * @param ciphers the cipher suites to enable, in the order of preference.
-- * {@code null} to use the default cipher suites.
-- * @param cipherFilter a filter to apply over the supplied list of ciphers
-- * @param apn Application protocol negotiator.
-- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
-- * {@code 0} to use the default value.
-- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
-- * {@code 0} to use the default value.
-- * @deprecated use {@link SslContextBuilder}}
-- */
-- @Deprecated
-- public OpenSslServerContext(
-- File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory,
-- Iterable<String> ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn,
-- long sessionCacheSize, long sessionTimeout) throws SSLException {
-- this(null, trustManagerFactory, certChainFile, keyFile, keyPassword, null, ciphers, cipherFilter,
-- apn, sessionCacheSize, sessionTimeout);
-- }
--
-- /**
-- * Creates a new instance.
-- *
-- *
-- * @param trustCertCollectionFile an X.509 certificate collection file in PEM format.
-- * This provides the certificate collection used for mutual authentication.
-- * {@code null} to use the system default
-- * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
-- * that verifies the certificates sent from clients.
-- * {@code null} to use the default or the results of parsing
-- * {@code trustCertCollectionFile}.
-- * @param keyCertChainFile an X.509 certificate chain file in PEM format
-- * @param keyFile a PKCS#8 private key file in PEM format
-- * @param keyPassword the password of the {@code keyFile}.
-- * {@code null} if it's not password-protected.
-- * @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link KeyManager}s
-- * that is used to encrypt data being sent to clients.
-- * {@code null} to use the default or the results of parsing
-- * {@code keyCertChainFile} and {@code keyFile}.
-- * @param ciphers the cipher suites to enable, in the order of preference.
-- * {@code null} to use the default cipher suites.
-- * @param cipherFilter a filter to apply over the supplied list of ciphers
-- * Only required if {@code provider} is {@link SslProvider#JDK}
-- * @param apn Application Protocol Negotiator object
-- * @param sessionCacheSize the size of the cache used for storing SSL session objects.
-- * {@code 0} to use the default value.
-- * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
-- * {@code 0} to use the default value.
-- * @deprecated use {@link SslContextBuilder}
-- */
-- @Deprecated
-- public OpenSslServerContext(
-- File trustCertCollectionFile, TrustManagerFactory trustManagerFactory,
-- File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory,
-- Iterable<String> ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn,
-- long sessionCacheSize, long sessionTimeout) throws SSLException {
-- this(toX509CertificatesInternal(trustCertCollectionFile), trustManagerFactory,
-- toX509CertificatesInternal(keyCertChainFile), toPrivateKeyInternal(keyFile, keyPassword),
-- keyPassword, keyManagerFactory, ciphers, cipherFilter,
-- apn, sessionCacheSize, sessionTimeout, ClientAuth.NONE, null, false, false);
-- }
--
-- OpenSslServerContext(
-- X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
-- X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
-- Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
-- long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth, String[] protocols, boolean startTls,
-- boolean enableOcsp) throws SSLException {
-- this(trustCertCollection, trustManagerFactory, keyCertChain, key, keyPassword, keyManagerFactory, ciphers,
-- cipherFilter, toNegotiator(apn), sessionCacheSize, sessionTimeout, clientAuth, protocols, startTls,
-- enableOcsp);
-- }
--
-- @SuppressWarnings("deprecation")
-- private OpenSslServerContext(
-- X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
-- X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
-- Iterable<String> ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn,
-- long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth, String[] protocols, boolean startTls,
-- boolean enableOcsp) throws SSLException {
-- super(ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout, SSL.SSL_MODE_SERVER, keyCertChain,
-- clientAuth, protocols, startTls, enableOcsp);
-- // Create a new SSL_CTX and configure it.
-- boolean success = false;
-- try {
-- ServerContext context = newSessionContext(this, ctx, engineMap, trustCertCollection, trustManagerFactory,
-- keyCertChain, key, keyPassword, keyManagerFactory);
-- sessionContext = context.sessionContext;
-- keyMaterialManager = context.keyMaterialManager;
-- success = true;
-- } finally {
-- if (!success) {
-- release();
-- }
-- }
-- }
--
-- @Override
-- public OpenSslServerSessionContext sessionContext() {
-- return sessionContext;
-- }
--
-- @Override
-- OpenSslKeyMaterialManager keyMaterialManager() {
-- return keyMaterialManager;
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerSessionContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerSessionContext.java
-deleted file mode 100644
-index 8c92deb..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerSessionContext.java
-+++ /dev/null
-@@ -1,124 +0,0 @@
--/*
-- * Copyright 2014 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import io.netty.internal.tcnative.SSL;
--import io.netty.internal.tcnative.SSLContext;
--
--import java.util.concurrent.locks.Lock;
--
--
--/**
-- * {@link OpenSslSessionContext} implementation which offers extra methods which are only useful for the server-side.
-- */
--public final class OpenSslServerSessionContext extends OpenSslSessionContext {
-- OpenSslServerSessionContext(ReferenceCountedOpenSslContext context) {
-- super(context);
-- }
--
-- @Override
-- public void setSessionTimeout(int seconds) {
-- if (seconds < 0) {
-- throw new IllegalArgumentException();
-- }
-- Lock writerLock = context.ctxLock.writeLock();
-- writerLock.lock();
-- try {
-- SSLContext.setSessionCacheTimeout(context.ctx, seconds);
-- } finally {
-- writerLock.unlock();
-- }
-- }
--
-- @Override
-- public int getSessionTimeout() {
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return (int) SSLContext.getSessionCacheTimeout(context.ctx);
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- @Override
-- public void setSessionCacheSize(int size) {
-- if (size < 0) {
-- throw new IllegalArgumentException();
-- }
-- Lock writerLock = context.ctxLock.writeLock();
-- writerLock.lock();
-- try {
-- SSLContext.setSessionCacheSize(context.ctx, size);
-- } finally {
-- writerLock.unlock();
-- }
-- }
--
-- @Override
-- public int getSessionCacheSize() {
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return (int) SSLContext.getSessionCacheSize(context.ctx);
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- @Override
-- public void setSessionCacheEnabled(boolean enabled) {
-- long mode = enabled ? SSL.SSL_SESS_CACHE_SERVER : SSL.SSL_SESS_CACHE_OFF;
--
-- Lock writerLock = context.ctxLock.writeLock();
-- writerLock.lock();
-- try {
-- SSLContext.setSessionCacheMode(context.ctx, mode);
-- } finally {
-- writerLock.unlock();
-- }
-- }
--
-- @Override
-- public boolean isSessionCacheEnabled() {
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return SSLContext.getSessionCacheMode(context.ctx) == SSL.SSL_SESS_CACHE_SERVER;
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- /**
-- * Set the context within which session be reused (server side only)
-- * See <a href="http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html">
-- * man SSL_CTX_set_session_id_context</a>
-- *
-- * @param sidCtx can be any kind of binary data, it is therefore possible to use e.g. the name
-- * of the application and/or the hostname and/or service name
-- * @return {@code true} if success, {@code false} otherwise.
-- */
-- public boolean setSessionIdContext(byte[] sidCtx) {
-- Lock writerLock = context.ctxLock.writeLock();
-- writerLock.lock();
-- try {
-- return SSLContext.setSessionIdContext(context.ctx, sidCtx);
-- } finally {
-- writerLock.unlock();
-- }
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslSessionContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslSessionContext.java
-deleted file mode 100644
-index 846a968..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/OpenSslSessionContext.java
-+++ /dev/null
-@@ -1,137 +0,0 @@
--/*
-- * Copyright 2014 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import io.netty.util.internal.ObjectUtil;
--import io.netty.internal.tcnative.SSL;
--import io.netty.internal.tcnative.SSLContext;
--import io.netty.internal.tcnative.SessionTicketKey;
--
--import javax.net.ssl.SSLSession;
--import javax.net.ssl.SSLSessionContext;
--import java.util.Arrays;
--import java.util.Enumeration;
--import java.util.NoSuchElementException;
--import java.util.concurrent.locks.Lock;
--
--/**
-- * OpenSSL specific {@link SSLSessionContext} implementation.
-- */
--public abstract class OpenSslSessionContext implements SSLSessionContext {
-- private static final Enumeration<byte[]> EMPTY = new EmptyEnumeration();
--
-- private final OpenSslSessionStats stats;
-- final ReferenceCountedOpenSslContext context;
--
-- // IMPORTANT: We take the OpenSslContext and not just the long (which points the native instance) to prevent
-- // the GC to collect OpenSslContext as this would also free the pointer and so could result in a
-- // segfault when the user calls any of the methods here that try to pass the pointer down to the native
-- // level.
-- OpenSslSessionContext(ReferenceCountedOpenSslContext context) {
-- this.context = context;
-- stats = new OpenSslSessionStats(context);
-- }
--
-- @Override
-- public SSLSession getSession(byte[] bytes) {
-- if (bytes == null) {
-- throw new NullPointerException("bytes");
-- }
-- return null;
-- }
--
-- @Override
-- public Enumeration<byte[]> getIds() {
-- return EMPTY;
-- }
--
-- /**
-- * Sets the SSL session ticket keys of this context.
-- * @deprecated use {@link #setTicketKeys(OpenSslSessionTicketKey...)}.
-- */
-- @Deprecated
-- public void setTicketKeys(byte[] keys) {
-- if (keys.length % SessionTicketKey.TICKET_KEY_SIZE != 0) {
-- throw new IllegalArgumentException("keys.length % " + SessionTicketKey.TICKET_KEY_SIZE + " != 0");
-- }
-- SessionTicketKey[] tickets = new SessionTicketKey[keys.length / SessionTicketKey.TICKET_KEY_SIZE];
-- for (int i = 0, a = 0; i < tickets.length; i++) {
-- byte[] name = Arrays.copyOfRange(keys, a, SessionTicketKey.NAME_SIZE);
-- a += SessionTicketKey.NAME_SIZE;
-- byte[] hmacKey = Arrays.copyOfRange(keys, a, SessionTicketKey.HMAC_KEY_SIZE);
-- i += SessionTicketKey.HMAC_KEY_SIZE;
-- byte[] aesKey = Arrays.copyOfRange(keys, a, SessionTicketKey.AES_KEY_SIZE);
-- a += SessionTicketKey.AES_KEY_SIZE;
-- tickets[i] = new SessionTicketKey(name, hmacKey, aesKey);
-- }
-- Lock writerLock = context.ctxLock.writeLock();
-- writerLock.lock();
-- try {
-- SSLContext.clearOptions(context.ctx, SSL.SSL_OP_NO_TICKET);
-- SSLContext.setSessionTicketKeys(context.ctx, tickets);
-- } finally {
-- writerLock.unlock();
-- }
-- }
--
-- /**
-- * Sets the SSL session ticket keys of this context.
-- */
-- public void setTicketKeys(OpenSslSessionTicketKey... keys) {
-- ObjectUtil.checkNotNull(keys, "keys");
-- SessionTicketKey[] ticketKeys = new SessionTicketKey[keys.length];
-- for (int i = 0; i < ticketKeys.length; i++) {
-- ticketKeys[i] = keys[i].key;
-- }
-- Lock writerLock = context.ctxLock.writeLock();
-- writerLock.lock();
-- try {
-- SSLContext.clearOptions(context.ctx, SSL.SSL_OP_NO_TICKET);
-- SSLContext.setSessionTicketKeys(context.ctx, ticketKeys);
-- } finally {
-- writerLock.unlock();
-- }
-- }
--
-- /**
-- * Enable or disable caching of SSL sessions.
-- */
-- public abstract void setSessionCacheEnabled(boolean enabled);
--
-- /**
-- * Return {@code true} if caching of SSL sessions is enabled, {@code false} otherwise.
-- */
-- public abstract boolean isSessionCacheEnabled();
--
-- /**
-- * Returns the stats of this context.
-- */
-- public OpenSslSessionStats stats() {
-- return stats;
-- }
--
-- private static final class EmptyEnumeration implements Enumeration<byte[]> {
-- @Override
-- public boolean hasMoreElements() {
-- return false;
-- }
--
-- @Override
-- public byte[] nextElement() {
-- throw new NoSuchElementException();
-- }
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslSessionStats.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslSessionStats.java
-deleted file mode 100644
-index f49b95f..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/OpenSslSessionStats.java
-+++ /dev/null
-@@ -1,253 +0,0 @@
--/*
-- * Copyright 2014 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--
--package io.netty.handler.ssl;
--
--import io.netty.internal.tcnative.SSLContext;
--
--import java.util.concurrent.locks.Lock;
--
--/**
-- * Stats exposed by an OpenSSL session context.
-- *
-- * @see <a href="https://www.openssl.org/docs/manmaster/man3/SSL_CTX_sess_number.html">SSL_CTX_sess_number</a>
-- */
--public final class OpenSslSessionStats {
--
-- private final ReferenceCountedOpenSslContext context;
--
-- // IMPORTANT: We take the OpenSslContext and not just the long (which points the native instance) to prevent
-- // the GC to collect OpenSslContext as this would also free the pointer and so could result in a
-- // segfault when the user calls any of the methods here that try to pass the pointer down to the native
-- // level.
-- OpenSslSessionStats(ReferenceCountedOpenSslContext context) {
-- this.context = context;
-- }
--
-- /**
-- * Returns the current number of sessions in the internal session cache.
-- */
-- public long number() {
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return SSLContext.sessionNumber(context.ctx);
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- /**
-- * Returns the number of started SSL/TLS handshakes in client mode.
-- */
-- public long connect() {
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return SSLContext.sessionConnect(context.ctx);
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- /**
-- * Returns the number of successfully established SSL/TLS sessions in client mode.
-- */
-- public long connectGood() {
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return SSLContext.sessionConnectGood(context.ctx);
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- /**
-- * Returns the number of start renegotiations in client mode.
-- */
-- public long connectRenegotiate() {
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return SSLContext.sessionConnectRenegotiate(context.ctx);
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- /**
-- * Returns the number of started SSL/TLS handshakes in server mode.
-- */
-- public long accept() {
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return SSLContext.sessionAccept(context.ctx);
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- /**
-- * Returns the number of successfully established SSL/TLS sessions in server mode.
-- */
-- public long acceptGood() {
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return SSLContext.sessionAcceptGood(context.ctx);
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- /**
-- * Returns the number of start renegotiations in server mode.
-- */
-- public long acceptRenegotiate() {
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return SSLContext.sessionAcceptRenegotiate(context.ctx);
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- /**
-- * Returns the number of successfully reused sessions. In client mode, a session set with {@code SSL_set_session}
-- * successfully reused is counted as a hit. In server mode, a session successfully retrieved from internal or
-- * external cache is counted as a hit.
-- */
-- public long hits() {
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return SSLContext.sessionHits(context.ctx);
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- /**
-- * Returns the number of successfully retrieved sessions from the external session cache in server mode.
-- */
-- public long cbHits() {
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return SSLContext.sessionCbHits(context.ctx);
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- /**
-- * Returns the number of sessions proposed by clients that were not found in the internal session cache
-- * in server mode.
-- */
-- public long misses() {
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return SSLContext.sessionMisses(context.ctx);
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- /**
-- * Returns the number of sessions proposed by clients and either found in the internal or external session cache
-- * in server mode, but that were invalid due to timeout. These sessions are not included in the {@link #hits()}
-- * count.
-- */
-- public long timeouts() {
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return SSLContext.sessionTimeouts(context.ctx);
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- /**
-- * Returns the number of sessions that were removed because the maximum session cache size was exceeded.
-- */
-- public long cacheFull() {
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return SSLContext.sessionCacheFull(context.ctx);
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- /**
-- * Returns the number of times a client presented a ticket that did not match any key in the list.
-- */
-- public long ticketKeyFail() {
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return SSLContext.sessionTicketKeyFail(context.ctx);
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- /**
-- * Returns the number of times a client did not present a ticket and we issued a new one
-- */
-- public long ticketKeyNew() {
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return SSLContext.sessionTicketKeyNew(context.ctx);
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- /**
-- * Returns the number of times a client presented a ticket derived from an older key,
-- * and we upgraded to the primary key.
-- */
-- public long ticketKeyRenew() {
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return SSLContext.sessionTicketKeyRenew(context.ctx);
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- /**
-- * Returns the number of times a client presented a ticket derived from the primary key.
-- */
-- public long ticketKeyResume() {
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return SSLContext.sessionTicketKeyResume(context.ctx);
-- } finally {
-- readerLock.unlock();
-- }
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslSessionTicketKey.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslSessionTicketKey.java
-deleted file mode 100644
-index 79f71a6..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/OpenSslSessionTicketKey.java
-+++ /dev/null
-@@ -1,78 +0,0 @@
--/*
-- * Copyright 2015 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import io.netty.internal.tcnative.SessionTicketKey;
--
--/**
-- * Session Ticket Key
-- */
--public final class OpenSslSessionTicketKey {
--
-- /**
-- * Size of session ticket key name
-- */
-- public static final int NAME_SIZE = SessionTicketKey.NAME_SIZE;
-- /**
-- * Size of session ticket key HMAC key
-- */
-- public static final int HMAC_KEY_SIZE = SessionTicketKey.HMAC_KEY_SIZE;
-- /**
-- * Size of session ticket key AES key
-- */
-- public static final int AES_KEY_SIZE = SessionTicketKey.AES_KEY_SIZE;
-- /**
-- * Size of session ticker key
-- */
-- public static final int TICKET_KEY_SIZE = SessionTicketKey.TICKET_KEY_SIZE;
--
-- final SessionTicketKey key;
--
-- /**
-- * Construct a OpenSslSessionTicketKey.
-- *
-- * @param name the name of the session ticket key
-- * @param hmacKey the HMAC key of the session ticket key
-- * @param aesKey the AES key of the session ticket key
-- */
-- public OpenSslSessionTicketKey(byte[] name, byte[] hmacKey, byte[] aesKey) {
-- key = new SessionTicketKey(name.clone(), hmacKey.clone(), aesKey.clone());
-- }
--
-- /**
-- * Get name.
-- * @return the name of the session ticket key
-- */
-- public byte[] name() {
-- return key.getName().clone();
-- }
--
-- /**
-- * Get HMAC key.
-- * @return the HMAC key of the session ticket key
-- */
-- public byte[] hmacKey() {
-- return key.getHmacKey().clone();
-- }
--
-- /**
-- * Get AES Key.
-- * @return the AES key of the session ticket key
-- */
-- public byte[] aesKey() {
-- return key.getAesKey().clone();
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java
-deleted file mode 100644
-index b213573..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java
-+++ /dev/null
-@@ -1,298 +0,0 @@
--/*
-- * Copyright 2016 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import io.netty.util.internal.logging.InternalLogger;
--import io.netty.util.internal.logging.InternalLoggerFactory;
--import io.netty.internal.tcnative.CertificateRequestedCallback;
--import io.netty.internal.tcnative.SSL;
--import io.netty.internal.tcnative.SSLContext;
--
--import java.security.KeyStore;
--import java.security.PrivateKey;
--import java.security.cert.X509Certificate;
--import java.util.HashSet;
--import java.util.Set;
--
--import javax.net.ssl.KeyManagerFactory;
--import javax.net.ssl.SSLException;
--import javax.net.ssl.SSLHandshakeException;
--import javax.net.ssl.TrustManagerFactory;
--import javax.net.ssl.X509ExtendedKeyManager;
--import javax.net.ssl.X509ExtendedTrustManager;
--import javax.net.ssl.X509KeyManager;
--import javax.net.ssl.X509TrustManager;
--import javax.security.auth.x500.X500Principal;
--
--/**
-- * A client-side {@link SslContext} which uses OpenSSL's SSL/TLS implementation.
-- * <p>Instances of this class must be {@link #release() released} or else native memory will leak!
-- *
-- * <p>Instances of this class <strong>must not</strong> be released before any {@link ReferenceCountedOpenSslEngine}
-- * which depends upon the instance of this class is released. Otherwise if any method of
-- * {@link ReferenceCountedOpenSslEngine} is called which uses this class's JNI resources the JVM may crash.
-- */
--public final class ReferenceCountedOpenSslClientContext extends ReferenceCountedOpenSslContext {
-- private static final InternalLogger logger =
-- InternalLoggerFactory.getInstance(ReferenceCountedOpenSslClientContext.class);
-- private final OpenSslSessionContext sessionContext;
--
-- ReferenceCountedOpenSslClientContext(X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
-- X509Certificate[] keyCertChain, PrivateKey key, String keyPassword,
-- KeyManagerFactory keyManagerFactory, Iterable<String> ciphers,
-- CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
-- String[] protocols, long sessionCacheSize, long sessionTimeout,
-- boolean enableOcsp) throws SSLException {
-- super(ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout, SSL.SSL_MODE_CLIENT, keyCertChain,
-- ClientAuth.NONE, protocols, false, enableOcsp, true);
-- boolean success = false;
-- try {
-- sessionContext = newSessionContext(this, ctx, engineMap, trustCertCollection, trustManagerFactory,
-- keyCertChain, key, keyPassword, keyManagerFactory);
-- success = true;
-- } finally {
-- if (!success) {
-- release();
-- }
-- }
-- }
--
-- @Override
-- OpenSslKeyMaterialManager keyMaterialManager() {
-- return null;
-- }
--
-- @Override
-- public OpenSslSessionContext sessionContext() {
-- return sessionContext;
-- }
--
-- static OpenSslSessionContext newSessionContext(ReferenceCountedOpenSslContext thiz, long ctx,
-- OpenSslEngineMap engineMap,
-- X509Certificate[] trustCertCollection,
-- TrustManagerFactory trustManagerFactory,
-- X509Certificate[] keyCertChain, PrivateKey key, String keyPassword,
-- KeyManagerFactory keyManagerFactory) throws SSLException {
-- if (key == null && keyCertChain != null || key != null && keyCertChain == null) {
-- throw new IllegalArgumentException(
-- "Either both keyCertChain and key needs to be null or none of them");
-- }
-- try {
-- if (!OpenSsl.useKeyManagerFactory()) {
-- if (keyManagerFactory != null) {
-- throw new IllegalArgumentException(
-- "KeyManagerFactory not supported");
-- }
-- if (keyCertChain != null/* && key != null*/) {
-- setKeyMaterial(ctx, keyCertChain, key, keyPassword);
-- }
-- } else {
-- // javadocs state that keyManagerFactory has precedent over keyCertChain
-- if (keyManagerFactory == null && keyCertChain != null) {
-- keyManagerFactory = buildKeyManagerFactory(
-- keyCertChain, key, keyPassword, keyManagerFactory);
-- }
--
-- if (keyManagerFactory != null) {
-- X509KeyManager keyManager = chooseX509KeyManager(keyManagerFactory.getKeyManagers());
-- OpenSslKeyMaterialManager materialManager = useExtendedKeyManager(keyManager) ?
-- new OpenSslExtendedKeyMaterialManager(
-- (X509ExtendedKeyManager) keyManager, keyPassword) :
-- new OpenSslKeyMaterialManager(keyManager, keyPassword);
-- SSLContext.setCertRequestedCallback(ctx, new OpenSslCertificateRequestedCallback(
-- engineMap, materialManager));
-- }
-- }
-- } catch (Exception e) {
-- throw new SSLException("failed to set certificate and key", e);
-- }
--
-- SSLContext.setVerify(ctx, SSL.SSL_CVERIFY_NONE, VERIFY_DEPTH);
--
-- try {
-- if (trustCertCollection != null) {
-- trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory);
-- } else if (trustManagerFactory == null) {
-- trustManagerFactory = TrustManagerFactory.getInstance(
-- TrustManagerFactory.getDefaultAlgorithm());
-- trustManagerFactory.init((KeyStore) null);
-- }
-- final X509TrustManager manager = chooseTrustManager(trustManagerFactory.getTrustManagers());
--
-- // IMPORTANT: The callbacks set for verification must be static to prevent memory leak as
-- // otherwise the context can never be collected. This is because the JNI code holds
-- // a global reference to the callbacks.
-- //
-- // See https://github.com/netty/netty/issues/5372
--
-- // Use this to prevent an error when running on java < 7
-- if (useExtendedTrustManager(manager)) {
-- SSLContext.setCertVerifyCallback(ctx,
-- new ExtendedTrustManagerVerifyCallback(engineMap, (X509ExtendedTrustManager) manager));
-- } else {
-- SSLContext.setCertVerifyCallback(ctx, new TrustManagerVerifyCallback(engineMap, manager));
-- }
-- } catch (Exception e) {
-- throw new SSLException("unable to setup trustmanager", e);
-- }
-- return new OpenSslClientSessionContext(thiz);
-- }
--
-- // No cache is currently supported for client side mode.
-- static final class OpenSslClientSessionContext extends OpenSslSessionContext {
-- OpenSslClientSessionContext(ReferenceCountedOpenSslContext context) {
-- super(context);
-- }
--
-- @Override
-- public void setSessionTimeout(int seconds) {
-- if (seconds < 0) {
-- throw new IllegalArgumentException();
-- }
-- }
--
-- @Override
-- public int getSessionTimeout() {
-- return 0;
-- }
--
-- @Override
-- public void setSessionCacheSize(int size) {
-- if (size < 0) {
-- throw new IllegalArgumentException();
-- }
-- }
--
-- @Override
-- public int getSessionCacheSize() {
-- return 0;
-- }
--
-- @Override
-- public void setSessionCacheEnabled(boolean enabled) {
-- // ignored
-- }
--
-- @Override
-- public boolean isSessionCacheEnabled() {
-- return false;
-- }
-- }
--
-- private static final class TrustManagerVerifyCallback extends AbstractCertificateVerifier {
-- private final X509TrustManager manager;
--
-- TrustManagerVerifyCallback(OpenSslEngineMap engineMap, X509TrustManager manager) {
-- super(engineMap);
-- this.manager = manager;
-- }
--
-- @Override
-- void verify(ReferenceCountedOpenSslEngine engine, X509Certificate[] peerCerts, String auth)
-- throws Exception {
-- manager.checkServerTrusted(peerCerts, auth);
-- }
-- }
--
-- private static final class ExtendedTrustManagerVerifyCallback extends AbstractCertificateVerifier {
-- private final X509ExtendedTrustManager manager;
--
-- ExtendedTrustManagerVerifyCallback(OpenSslEngineMap engineMap, X509ExtendedTrustManager manager) {
-- super(engineMap);
-- this.manager = manager;
-- }
--
-- @Override
-- void verify(ReferenceCountedOpenSslEngine engine, X509Certificate[] peerCerts, String auth)
-- throws Exception {
-- manager.checkServerTrusted(peerCerts, auth, engine);
-- }
-- }
--
-- private static final class OpenSslCertificateRequestedCallback implements CertificateRequestedCallback {
-- private final OpenSslEngineMap engineMap;
-- private final OpenSslKeyMaterialManager keyManagerHolder;
--
-- OpenSslCertificateRequestedCallback(OpenSslEngineMap engineMap, OpenSslKeyMaterialManager keyManagerHolder) {
-- this.engineMap = engineMap;
-- this.keyManagerHolder = keyManagerHolder;
-- }
--
-- @Override
-- public KeyMaterial requested(long ssl, byte[] keyTypeBytes, byte[][] asn1DerEncodedPrincipals) {
-- final ReferenceCountedOpenSslEngine engine = engineMap.get(ssl);
-- try {
-- final Set<String> keyTypesSet = supportedClientKeyTypes(keyTypeBytes);
-- final String[] keyTypes = keyTypesSet.toArray(new String[keyTypesSet.size()]);
-- final X500Principal[] issuers;
-- if (asn1DerEncodedPrincipals == null) {
-- issuers = null;
-- } else {
-- issuers = new X500Principal[asn1DerEncodedPrincipals.length];
-- for (int i = 0; i < asn1DerEncodedPrincipals.length; i++) {
-- issuers[i] = new X500Principal(asn1DerEncodedPrincipals[i]);
-- }
-- }
-- return keyManagerHolder.keyMaterial(engine, keyTypes, issuers);
-- } catch (Throwable cause) {
-- logger.debug("request of key failed", cause);
-- SSLHandshakeException e = new SSLHandshakeException("General OpenSslEngine problem");
-- e.initCause(cause);
-- engine.handshakeException = e;
-- return null;
-- }
-- }
--
-- /**
-- * Gets the supported key types for client certificates.
-- *
-- * @param clientCertificateTypes {@code ClientCertificateType} values provided by the server.
-- * See https://www.ietf.org/assignments/tls-parameters/tls-parameters.xml.
-- * @return supported key types that can be used in {@code X509KeyManager.chooseClientAlias} and
-- * {@code X509ExtendedKeyManager.chooseEngineClientAlias}.
-- */
-- private static Set<String> supportedClientKeyTypes(byte[] clientCertificateTypes) {
-- Set<String> result = new HashSet<String>(clientCertificateTypes.length);
-- for (byte keyTypeCode : clientCertificateTypes) {
-- String keyType = clientKeyType(keyTypeCode);
-- if (keyType == null) {
-- // Unsupported client key type -- ignore
-- continue;
-- }
-- result.add(keyType);
-- }
-- return result;
-- }
--
-- private static String clientKeyType(byte clientCertificateType) {
-- // See also http://www.ietf.org/assignments/tls-parameters/tls-parameters.xml
-- switch (clientCertificateType) {
-- case CertificateRequestedCallback.TLS_CT_RSA_SIGN:
-- return OpenSslKeyMaterialManager.KEY_TYPE_RSA; // RFC rsa_sign
-- case CertificateRequestedCallback.TLS_CT_RSA_FIXED_DH:
-- return OpenSslKeyMaterialManager.KEY_TYPE_DH_RSA; // RFC rsa_fixed_dh
-- case CertificateRequestedCallback.TLS_CT_ECDSA_SIGN:
-- return OpenSslKeyMaterialManager.KEY_TYPE_EC; // RFC ecdsa_sign
-- case CertificateRequestedCallback.TLS_CT_RSA_FIXED_ECDH:
-- return OpenSslKeyMaterialManager.KEY_TYPE_EC_RSA; // RFC rsa_fixed_ecdh
-- case CertificateRequestedCallback.TLS_CT_ECDSA_FIXED_ECDH:
-- return OpenSslKeyMaterialManager.KEY_TYPE_EC_EC; // RFC ecdsa_fixed_ecdh
-- default:
-- return null;
-- }
-- }
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslContext.java b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslContext.java
-deleted file mode 100644
-index ee049ab..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslContext.java
-+++ /dev/null
-@@ -1,867 +0,0 @@
--/*
-- * Copyright 2016 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import io.netty.buffer.ByteBuf;
--import io.netty.buffer.ByteBufAllocator;
--import io.netty.internal.tcnative.CertificateVerifier;
--import io.netty.internal.tcnative.SSL;
--import io.netty.internal.tcnative.SSLContext;
--import io.netty.util.AbstractReferenceCounted;
--import io.netty.util.ReferenceCounted;
--import io.netty.util.ResourceLeakDetector;
--import io.netty.util.ResourceLeakDetectorFactory;
--import io.netty.util.ResourceLeakTracker;
--import io.netty.util.internal.PlatformDependent;
--import io.netty.util.internal.StringUtil;
--import io.netty.util.internal.SystemPropertyUtil;
--import io.netty.util.internal.logging.InternalLogger;
--import io.netty.util.internal.logging.InternalLoggerFactory;
--
--import java.security.AccessController;
--import java.security.PrivateKey;
--import java.security.PrivilegedAction;
--import java.security.cert.CertPathValidatorException;
--import java.security.cert.Certificate;
--import java.security.cert.CertificateExpiredException;
--import java.security.cert.CertificateNotYetValidException;
--import java.security.cert.CertificateRevokedException;
--import java.security.cert.X509Certificate;
--import java.util.ArrayList;
--import java.util.Arrays;
--import java.util.Collections;
--import java.util.List;
--import java.util.Map;
--
--import java.util.concurrent.locks.Lock;
--import java.util.concurrent.locks.ReadWriteLock;
--import java.util.concurrent.locks.ReentrantReadWriteLock;
--import javax.net.ssl.KeyManager;
--import javax.net.ssl.SSLEngine;
--import javax.net.ssl.SSLException;
--import javax.net.ssl.SSLHandshakeException;
--import javax.net.ssl.TrustManager;
--import javax.net.ssl.X509ExtendedKeyManager;
--import javax.net.ssl.X509ExtendedTrustManager;
--import javax.net.ssl.X509KeyManager;
--import javax.net.ssl.X509TrustManager;
--
--import static io.netty.util.internal.ObjectUtil.checkNotNull;
--import static io.netty.util.internal.ObjectUtil.checkPositiveOrZero;
--
--/**
-- * An implementation of {@link SslContext} which works with libraries that support the
-- * <a href="https://www.openssl.org/">OpenSsl</a> C library API.
-- * <p>Instances of this class must be {@link #release() released} or else native memory will leak!
-- *
-- * <p>Instances of this class <strong>must not</strong> be released before any {@link ReferenceCountedOpenSslEngine}
-- * which depends upon the instance of this class is released. Otherwise if any method of
-- * {@link ReferenceCountedOpenSslEngine} is called which uses this class's JNI resources the JVM may crash.
-- */
--public abstract class ReferenceCountedOpenSslContext extends SslContext implements ReferenceCounted {
-- private static final InternalLogger logger =
-- InternalLoggerFactory.getInstance(ReferenceCountedOpenSslContext.class);
-- /**
-- * To make it easier for users to replace JDK implementation with OpenSsl version we also use
-- * {@code jdk.tls.rejectClientInitiatedRenegotiation} to allow disabling client initiated renegotiation.
-- * Java8+ uses this system property as well.
-- * <p>
-- * See also <a href="http://blog.ivanristic.com/2014/03/ssl-tls-improvements-in-java-8.html">
-- * Significant SSL/TLS improvements in Java 8</a>
-- */
-- private static final boolean JDK_REJECT_CLIENT_INITIATED_RENEGOTIATION =
-- AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
-- @Override
-- public Boolean run() {
-- return SystemPropertyUtil.getBoolean("jdk.tls.rejectClientInitiatedRenegotiation", false);
-- }
-- });
--
-- private static final int DEFAULT_BIO_NON_APPLICATION_BUFFER_SIZE =
-- AccessController.doPrivileged(new PrivilegedAction<Integer>() {
-- @Override
-- public Integer run() {
-- return Math.max(1,
-- SystemPropertyUtil.getInt("io.netty.handler.ssl.openssl.bioNonApplicationBufferSize",
-- 2048));
-- }
-- });
--
-- private static final List<String> DEFAULT_CIPHERS;
-- private static final Integer DH_KEY_LENGTH;
-- private static final ResourceLeakDetector<ReferenceCountedOpenSslContext> leakDetector =
-- ResourceLeakDetectorFactory.instance().newResourceLeakDetector(ReferenceCountedOpenSslContext.class);
--
-- // TODO: Maybe make configurable ?
-- protected static final int VERIFY_DEPTH = 10;
--
-- /**
-- * The OpenSSL SSL_CTX object.
-- *
-- * <strong>{@link #ctxLock} must be hold while using ctx!</strong>
-- */
-- protected long ctx;
-- private final List<String> unmodifiableCiphers;
-- private final long sessionCacheSize;
-- private final long sessionTimeout;
-- private final OpenSslApplicationProtocolNegotiator apn;
-- private final int mode;
--
-- // Reference Counting
-- private final ResourceLeakTracker<ReferenceCountedOpenSslContext> leak;
-- private final AbstractReferenceCounted refCnt = new AbstractReferenceCounted() {
-- @Override
-- public ReferenceCounted touch(Object hint) {
-- if (leak != null) {
-- leak.record(hint);
-- }
--
-- return ReferenceCountedOpenSslContext.this;
-- }
--
-- @Override
-- protected void deallocate() {
-- destroy();
-- if (leak != null) {
-- boolean closed = leak.close(ReferenceCountedOpenSslContext.this);
-- assert closed;
-- }
-- }
-- };
--
-- final Certificate[] keyCertChain;
-- final ClientAuth clientAuth;
-- final String[] protocols;
-- final boolean enableOcsp;
-- final OpenSslEngineMap engineMap = new DefaultOpenSslEngineMap();
-- final ReadWriteLock ctxLock = new ReentrantReadWriteLock();
--
-- private volatile boolean rejectRemoteInitiatedRenegotiation;
-- private volatile int bioNonApplicationBufferSize = DEFAULT_BIO_NON_APPLICATION_BUFFER_SIZE;
--
-- static final OpenSslApplicationProtocolNegotiator NONE_PROTOCOL_NEGOTIATOR =
-- new OpenSslApplicationProtocolNegotiator() {
-- @Override
-- public ApplicationProtocolConfig.Protocol protocol() {
-- return ApplicationProtocolConfig.Protocol.NONE;
-- }
--
-- @Override
-- public List<String> protocols() {
-- return Collections.emptyList();
-- }
--
-- @Override
-- public ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior() {
-- return ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL;
-- }
--
-- @Override
-- public ApplicationProtocolConfig.SelectedListenerFailureBehavior selectedListenerFailureBehavior() {
-- return ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
-- }
-- };
--
-- static {
-- List<String> ciphers = new ArrayList<String>();
-- // XXX: Make sure to sync this list with JdkSslEngineFactory.
-- Collections.addAll(
-- ciphers,
-- "ECDHE-ECDSA-AES256-GCM-SHA384",
-- "ECDHE-ECDSA-AES128-GCM-SHA256",
-- "ECDHE-RSA-AES128-GCM-SHA256",
-- "ECDHE-RSA-AES128-SHA",
-- "ECDHE-RSA-AES256-SHA",
-- "AES128-GCM-SHA256",
-- "AES128-SHA",
-- "AES256-SHA");
-- DEFAULT_CIPHERS = Collections.unmodifiableList(ciphers);
--
-- if (logger.isDebugEnabled()) {
-- logger.debug("Default cipher suite (OpenSSL): " + ciphers);
-- }
--
-- Integer dhLen = null;
--
-- try {
-- String dhKeySize = AccessController.doPrivileged(new PrivilegedAction<String>() {
-- @Override
-- public String run() {
-- return SystemPropertyUtil.get("jdk.tls.ephemeralDHKeySize");
-- }
-- });
-- if (dhKeySize != null) {
-- try {
-- dhLen = Integer.valueOf(dhKeySize);
-- } catch (NumberFormatException e) {
-- logger.debug("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: "
-- + dhKeySize);
-- }
-- }
-- } catch (Throwable ignore) {
-- // ignore
-- }
-- DH_KEY_LENGTH = dhLen;
-- }
--
-- ReferenceCountedOpenSslContext(Iterable<String> ciphers, CipherSuiteFilter cipherFilter,
-- ApplicationProtocolConfig apnCfg, long sessionCacheSize, long sessionTimeout,
-- int mode, Certificate[] keyCertChain, ClientAuth clientAuth, String[] protocols,
-- boolean startTls, boolean enableOcsp, boolean leakDetection) throws SSLException {
-- this(ciphers, cipherFilter, toNegotiator(apnCfg), sessionCacheSize, sessionTimeout, mode, keyCertChain,
-- clientAuth, protocols, startTls, enableOcsp, leakDetection);
-- }
--
-- ReferenceCountedOpenSslContext(Iterable<String> ciphers, CipherSuiteFilter cipherFilter,
-- OpenSslApplicationProtocolNegotiator apn, long sessionCacheSize,
-- long sessionTimeout, int mode, Certificate[] keyCertChain,
-- ClientAuth clientAuth, String[] protocols, boolean startTls, boolean enableOcsp,
-- boolean leakDetection) throws SSLException {
-- super(startTls);
--
-- OpenSsl.ensureAvailability();
--
-- if (enableOcsp && !OpenSsl.isOcspSupported()) {
-- throw new IllegalStateException("OCSP is not supported.");
-- }
--
-- if (mode != SSL.SSL_MODE_SERVER && mode != SSL.SSL_MODE_CLIENT) {
-- throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
-- }
-- leak = leakDetection ? leakDetector.track(this) : null;
-- this.mode = mode;
-- this.clientAuth = isServer() ? checkNotNull(clientAuth, "clientAuth") : ClientAuth.NONE;
-- this.protocols = protocols;
-- this.enableOcsp = enableOcsp;
--
-- if (mode == SSL.SSL_MODE_SERVER) {
-- rejectRemoteInitiatedRenegotiation =
-- JDK_REJECT_CLIENT_INITIATED_RENEGOTIATION;
-- }
-- this.keyCertChain = keyCertChain == null ? null : keyCertChain.clone();
-- final List<String> convertedCiphers;
-- if (ciphers == null) {
-- convertedCiphers = null;
-- } else {
-- convertedCiphers = new ArrayList<String>();
-- for (String c : ciphers) {
-- if (c == null) {
-- break;
-- }
--
-- String converted = CipherSuiteConverter.toOpenSsl(c);
-- if (converted != null) {
-- c = converted;
-- }
-- convertedCiphers.add(c);
-- }
-- }
--
-- unmodifiableCiphers = Arrays.asList(checkNotNull(cipherFilter, "cipherFilter").filterCipherSuites(
-- convertedCiphers, DEFAULT_CIPHERS, OpenSsl.availableOpenSslCipherSuites()));
--
-- this.apn = checkNotNull(apn, "apn");
--
-- // Create a new SSL_CTX and configure it.
-- boolean success = false;
-- try {
-- try {
-- ctx = SSLContext.make(SSL.SSL_PROTOCOL_ALL, mode);
-- } catch (Exception e) {
-- throw new SSLException("failed to create an SSL_CTX", e);
-- }
--
-- SSLContext.setOptions(ctx, SSLContext.getOptions(ctx) |
-- SSL.SSL_OP_NO_SSLv2 |
-- SSL.SSL_OP_NO_SSLv3 |
-- SSL.SSL_OP_CIPHER_SERVER_PREFERENCE |
--
-- // We do not support compression at the moment so we should explicitly disable it.
-- SSL.SSL_OP_NO_COMPRESSION |
--
-- // Disable ticket support by default to be more inline with SSLEngineImpl of the JDK.
-- // This also let SSLSession.getId() work the same way for the JDK implementation and the
-- // OpenSSLEngine. If tickets are supported SSLSession.getId() will only return an ID on the
-- // server-side if it could make use of tickets.
-- SSL.SSL_OP_NO_TICKET);
--
-- // We need to enable SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER as the memory address may change between
-- // calling OpenSSLEngine.wrap(...).
-- // See https://github.com/netty/netty-tcnative/issues/100
-- SSLContext.setMode(ctx, SSLContext.getMode(ctx) | SSL.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
--
-- if (DH_KEY_LENGTH != null) {
-- SSLContext.setTmpDHLength(ctx, DH_KEY_LENGTH);
-- }
--
-- /* List the ciphers that are permitted to negotiate. */
-- try {
-- SSLContext.setCipherSuite(ctx, CipherSuiteConverter.toOpenSsl(unmodifiableCiphers));
-- } catch (SSLException e) {
-- throw e;
-- } catch (Exception e) {
-- throw new SSLException("failed to set cipher suite: " + unmodifiableCiphers, e);
-- }
--
-- List<String> nextProtoList = apn.protocols();
-- /* Set next protocols for next protocol negotiation extension, if specified */
-- if (!nextProtoList.isEmpty()) {
-- String[] appProtocols = nextProtoList.toArray(new String[nextProtoList.size()]);
-- int selectorBehavior = opensslSelectorFailureBehavior(apn.selectorFailureBehavior());
--
-- switch (apn.protocol()) {
-- case NPN:
-- SSLContext.setNpnProtos(ctx, appProtocols, selectorBehavior);
-- break;
-- case ALPN:
-- SSLContext.setAlpnProtos(ctx, appProtocols, selectorBehavior);
-- break;
-- case NPN_AND_ALPN:
-- SSLContext.setNpnProtos(ctx, appProtocols, selectorBehavior);
-- SSLContext.setAlpnProtos(ctx, appProtocols, selectorBehavior);
-- break;
-- default:
-- throw new Error();
-- }
-- }
--
-- /* Set session cache size, if specified */
-- if (sessionCacheSize > 0) {
-- this.sessionCacheSize = sessionCacheSize;
-- SSLContext.setSessionCacheSize(ctx, sessionCacheSize);
-- } else {
-- // Get the default session cache size using SSLContext.setSessionCacheSize()
-- this.sessionCacheSize = sessionCacheSize = SSLContext.setSessionCacheSize(ctx, 20480);
-- // Revert the session cache size to the default value.
-- SSLContext.setSessionCacheSize(ctx, sessionCacheSize);
-- }
--
-- /* Set session timeout, if specified */
-- if (sessionTimeout > 0) {
-- this.sessionTimeout = sessionTimeout;
-- SSLContext.setSessionCacheTimeout(ctx, sessionTimeout);
-- } else {
-- // Get the default session timeout using SSLContext.setSessionCacheTimeout()
-- this.sessionTimeout = sessionTimeout = SSLContext.setSessionCacheTimeout(ctx, 300);
-- // Revert the session timeout to the default value.
-- SSLContext.setSessionCacheTimeout(ctx, sessionTimeout);
-- }
--
-- if (enableOcsp) {
-- SSLContext.enableOcsp(ctx, isClient());
-- }
-- success = true;
-- } finally {
-- if (!success) {
-- release();
-- }
-- }
-- }
--
-- private static int opensslSelectorFailureBehavior(ApplicationProtocolConfig.SelectorFailureBehavior behavior) {
-- switch (behavior) {
-- case NO_ADVERTISE:
-- return SSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE;
-- case CHOOSE_MY_LAST_PROTOCOL:
-- return SSL.SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL;
-- default:
-- throw new Error();
-- }
-- }
--
-- @Override
-- public final List<String> cipherSuites() {
-- return unmodifiableCiphers;
-- }
--
-- @Override
-- public final long sessionCacheSize() {
-- return sessionCacheSize;
-- }
--
-- @Override
-- public final long sessionTimeout() {
-- return sessionTimeout;
-- }
--
-- @Override
-- public ApplicationProtocolNegotiator applicationProtocolNegotiator() {
-- return apn;
-- }
--
-- @Override
-- public final boolean isClient() {
-- return mode == SSL.SSL_MODE_CLIENT;
-- }
--
-- @Override
-- public final SSLEngine newEngine(ByteBufAllocator alloc, String peerHost, int peerPort) {
-- return newEngine0(alloc, peerHost, peerPort);
-- }
--
-- SSLEngine newEngine0(ByteBufAllocator alloc, String peerHost, int peerPort) {
-- return new ReferenceCountedOpenSslEngine(this, alloc, peerHost, peerPort, true);
-- }
--
-- abstract OpenSslKeyMaterialManager keyMaterialManager();
--
-- /**
-- * Returns a new server-side {@link SSLEngine} with the current configuration.
-- */
-- @Override
-- public final SSLEngine newEngine(ByteBufAllocator alloc) {
-- return newEngine(alloc, null, -1);
-- }
--
-- /**
-- * Returns the pointer to the {@code SSL_CTX} object for this {@link ReferenceCountedOpenSslContext}.
-- * Be aware that it is freed as soon as the {@link #finalize()} method is called.
-- * At this point {@code 0} will be returned.
-- *
-- * @deprecated this method is considered unsafe as the returned pointer may be released later. Dont use it!
-- */
-- @Deprecated
-- public final long context() {
-- Lock readerLock = ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return ctx;
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- /**
-- * Returns the stats of this context.
-- *
-- * @deprecated use {@link #sessionContext#stats()}
-- */
-- @Deprecated
-- public final OpenSslSessionStats stats() {
-- return sessionContext().stats();
-- }
--
-- /**
-- * Specify if remote initiated renegotiation is supported or not. If not supported and the remote side tries
-- * to initiate a renegotiation a {@link SSLHandshakeException} will be thrown during decoding.
-- */
-- public void setRejectRemoteInitiatedRenegotiation(boolean rejectRemoteInitiatedRenegotiation) {
-- this.rejectRemoteInitiatedRenegotiation = rejectRemoteInitiatedRenegotiation;
-- }
--
-- /**
-- * Returns if remote initiated renegotiation is supported or not.
-- */
-- public boolean getRejectRemoteInitiatedRenegotiation() {
-- return rejectRemoteInitiatedRenegotiation;
-- }
--
-- /**
-- * Set the size of the buffer used by the BIO for non-application based writes
-- * (e.g. handshake, renegotiation, etc...).
-- */
-- public void setBioNonApplicationBufferSize(int bioNonApplicationBufferSize) {
-- this.bioNonApplicationBufferSize =
-- checkPositiveOrZero(bioNonApplicationBufferSize, "bioNonApplicationBufferSize");
-- }
--
-- /**
-- * Returns the size of the buffer used by the BIO for non-application based writes
-- */
-- public int getBioNonApplicationBufferSize() {
-- return bioNonApplicationBufferSize;
-- }
--
-- /**
-- * Sets the SSL session ticket keys of this context.
-- *
-- * @deprecated use {@link OpenSslSessionContext#setTicketKeys(byte[])}
-- */
-- @Deprecated
-- public final void setTicketKeys(byte[] keys) {
-- sessionContext().setTicketKeys(keys);
-- }
--
-- @Override
-- public abstract OpenSslSessionContext sessionContext();
--
-- /**
-- * Returns the pointer to the {@code SSL_CTX} object for this {@link ReferenceCountedOpenSslContext}.
-- * Be aware that it is freed as soon as the {@link #release()} method is called.
-- * At this point {@code 0} will be returned.
-- *
-- * @deprecated this method is considered unsafe as the returned pointer may be released later. Dont use it!
-- */
-- @Deprecated
-- public final long sslCtxPointer() {
-- Lock readerLock = ctxLock.readLock();
-- readerLock.lock();
-- try {
-- return ctx;
-- } finally {
-- readerLock.unlock();
-- }
-- }
--
-- // IMPORTANT: This method must only be called from either the constructor or the finalizer as a user MUST never
-- // get access to an OpenSslSessionContext after this method was called to prevent the user from
-- // producing a segfault.
-- private void destroy() {
-- Lock writerLock = ctxLock.writeLock();
-- writerLock.lock();
-- try {
-- if (ctx != 0) {
-- if (enableOcsp) {
-- SSLContext.disableOcsp(ctx);
-- }
--
-- SSLContext.free(ctx);
-- ctx = 0;
-- }
-- } finally {
-- writerLock.unlock();
-- }
-- }
--
-- protected static X509Certificate[] certificates(byte[][] chain) {
-- X509Certificate[] peerCerts = new X509Certificate[chain.length];
-- for (int i = 0; i < peerCerts.length; i++) {
-- peerCerts[i] = new OpenSslX509Certificate(chain[i]);
-- }
-- return peerCerts;
-- }
--
-- protected static X509TrustManager chooseTrustManager(TrustManager[] managers) {
-- for (TrustManager m : managers) {
-- if (m instanceof X509TrustManager) {
-- return (X509TrustManager) m;
-- }
-- }
-- throw new IllegalStateException("no X509TrustManager found");
-- }
--
-- protected static X509KeyManager chooseX509KeyManager(KeyManager[] kms) {
-- for (KeyManager km : kms) {
-- if (km instanceof X509KeyManager) {
-- return (X509KeyManager) km;
-- }
-- }
-- throw new IllegalStateException("no X509KeyManager found");
-- }
--
-- /**
-- * Translate a {@link ApplicationProtocolConfig} object to a
-- * {@link OpenSslApplicationProtocolNegotiator} object.
-- *
-- * @param config The configuration which defines the translation
-- * @return The results of the translation
-- */
-- static OpenSslApplicationProtocolNegotiator toNegotiator(ApplicationProtocolConfig config) {
-- if (config == null) {
-- return NONE_PROTOCOL_NEGOTIATOR;
-- }
--
-- switch (config.protocol()) {
-- case NONE:
-- return NONE_PROTOCOL_NEGOTIATOR;
-- case ALPN:
-- case NPN:
-- case NPN_AND_ALPN:
-- switch (config.selectedListenerFailureBehavior()) {
-- case CHOOSE_MY_LAST_PROTOCOL:
-- case ACCEPT:
-- switch (config.selectorFailureBehavior()) {
-- case CHOOSE_MY_LAST_PROTOCOL:
-- case NO_ADVERTISE:
-- return new OpenSslDefaultApplicationProtocolNegotiator(
-- config);
-- default:
-- throw new UnsupportedOperationException(
-- new StringBuilder("OpenSSL provider does not support ")
-- .append(config.selectorFailureBehavior())
-- .append(" behavior").toString());
-- }
-- default:
-- throw new UnsupportedOperationException(
-- new StringBuilder("OpenSSL provider does not support ")
-- .append(config.selectedListenerFailureBehavior())
-- .append(" behavior").toString());
-- }
-- default:
-- throw new Error();
-- }
-- }
--
-- static boolean useExtendedTrustManager(X509TrustManager trustManager) {
-- return PlatformDependent.javaVersion() >= 7 && trustManager instanceof X509ExtendedTrustManager;
-- }
--
-- static boolean useExtendedKeyManager(X509KeyManager keyManager) {
-- return PlatformDependent.javaVersion() >= 7 && keyManager instanceof X509ExtendedKeyManager;
-- }
--
-- @Override
-- public final int refCnt() {
-- return refCnt.refCnt();
-- }
--
-- @Override
-- public final ReferenceCounted retain() {
-- refCnt.retain();
-- return this;
-- }
--
-- @Override
-- public final ReferenceCounted retain(int increment) {
-- refCnt.retain(increment);
-- return this;
-- }
--
-- @Override
-- public final ReferenceCounted touch() {
-- refCnt.touch();
-- return this;
-- }
--
-- @Override
-- public final ReferenceCounted touch(Object hint) {
-- refCnt.touch(hint);
-- return this;
-- }
--
-- @Override
-- public final boolean release() {
-- return refCnt.release();
-- }
--
-- @Override
-- public final boolean release(int decrement) {
-- return refCnt.release(decrement);
-- }
--
-- abstract static class AbstractCertificateVerifier extends CertificateVerifier {
-- private final OpenSslEngineMap engineMap;
--
-- AbstractCertificateVerifier(OpenSslEngineMap engineMap) {
-- this.engineMap = engineMap;
-- }
--
-- @Override
-- public final int verify(long ssl, byte[][] chain, String auth) {
-- X509Certificate[] peerCerts = certificates(chain);
-- final ReferenceCountedOpenSslEngine engine = engineMap.get(ssl);
-- try {
-- verify(engine, peerCerts, auth);
-- return CertificateVerifier.X509_V_OK;
-- } catch (Throwable cause) {
-- logger.debug("verification of certificate failed", cause);
-- SSLHandshakeException e = new SSLHandshakeException("General OpenSslEngine problem");
-- e.initCause(cause);
-- engine.handshakeException = e;
--
-- // Try to extract the correct error code that should be used.
-- if (cause instanceof OpenSslCertificateException) {
-- // This will never return a negative error code as its validated when constructing the
-- // OpenSslCertificateException.
-- return ((OpenSslCertificateException) cause).errorCode();
-- }
-- if (cause instanceof CertificateExpiredException) {
-- return CertificateVerifier.X509_V_ERR_CERT_HAS_EXPIRED;
-- }
-- if (cause instanceof CertificateNotYetValidException) {
-- return CertificateVerifier.X509_V_ERR_CERT_NOT_YET_VALID;
-- }
-- if (PlatformDependent.javaVersion() >= 7) {
-- if (cause instanceof CertificateRevokedException) {
-- return CertificateVerifier.X509_V_ERR_CERT_REVOKED;
-- }
--
-- // The X509TrustManagerImpl uses a Validator which wraps a CertPathValidatorException into
-- // an CertificateException. So we need to handle the wrapped CertPathValidatorException to be
-- // able to send the correct alert.
-- Throwable wrapped = cause.getCause();
-- while (wrapped != null) {
-- if (wrapped instanceof CertPathValidatorException) {
-- CertPathValidatorException ex = (CertPathValidatorException) wrapped;
-- CertPathValidatorException.Reason reason = ex.getReason();
-- if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
-- return CertificateVerifier.X509_V_ERR_CERT_HAS_EXPIRED;
-- }
-- if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
-- return CertificateVerifier.X509_V_ERR_CERT_NOT_YET_VALID;
-- }
-- if (reason == CertPathValidatorException.BasicReason.REVOKED) {
-- return CertificateVerifier.X509_V_ERR_CERT_REVOKED;
-- }
-- }
-- wrapped = wrapped.getCause();
-- }
-- }
--
-- // Could not detect a specific error code to use, so fallback to a default code.
-- return CertificateVerifier.X509_V_ERR_UNSPECIFIED;
-- }
-- }
--
-- abstract void verify(ReferenceCountedOpenSslEngine engine, X509Certificate[] peerCerts,
-- String auth) throws Exception;
-- }
--
-- private static final class DefaultOpenSslEngineMap implements OpenSslEngineMap {
-- private final Map<Long, ReferenceCountedOpenSslEngine> engines = PlatformDependent.newConcurrentHashMap();
--
-- @Override
-- public ReferenceCountedOpenSslEngine remove(long ssl) {
-- return engines.remove(ssl);
-- }
--
-- @Override
-- public void add(ReferenceCountedOpenSslEngine engine) {
-- engines.put(engine.sslPointer(), engine);
-- }
--
-- @Override
-- public ReferenceCountedOpenSslEngine get(long ssl) {
-- return engines.get(ssl);
-- }
-- }
--
-- static void setKeyMaterial(long ctx, X509Certificate[] keyCertChain, PrivateKey key, String keyPassword)
-- throws SSLException {
-- /* Load the certificate file and private key. */
-- long keyBio = 0;
-- long keyCertChainBio = 0;
-- long keyCertChainBio2 = 0;
-- PemEncoded encoded = null;
-- try {
-- // Only encode one time
-- encoded = PemX509Certificate.toPEM(ByteBufAllocator.DEFAULT, true, keyCertChain);
-- keyCertChainBio = toBIO(ByteBufAllocator.DEFAULT, encoded.retain());
-- keyCertChainBio2 = toBIO(ByteBufAllocator.DEFAULT, encoded.retain());
--
-- if (key != null) {
-- keyBio = toBIO(key);
-- }
--
-- SSLContext.setCertificateBio(
-- ctx, keyCertChainBio, keyBio,
-- keyPassword == null ? StringUtil.EMPTY_STRING : keyPassword);
-- // We may have more then one cert in the chain so add all of them now.
-- SSLContext.setCertificateChainBio(ctx, keyCertChainBio2, true);
-- } catch (SSLException e) {
-- throw e;
-- } catch (Exception e) {
-- throw new SSLException("failed to set certificate and key", e);
-- } finally {
-- freeBio(keyBio);
-- freeBio(keyCertChainBio);
-- freeBio(keyCertChainBio2);
-- if (encoded != null) {
-- encoded.release();
-- }
-- }
-- }
--
-- static void freeBio(long bio) {
-- if (bio != 0) {
-- SSL.freeBIO(bio);
-- }
-- }
--
-- /**
-- * Return the pointer to a <a href="https://www.openssl.org/docs/crypto/BIO_get_mem_ptr.html">in-memory BIO</a>
-- * or {@code 0} if the {@code key} is {@code null}. The BIO contains the content of the {@code key}.
-- */
-- static long toBIO(PrivateKey key) throws Exception {
-- if (key == null) {
-- return 0;
-- }
--
-- ByteBufAllocator allocator = ByteBufAllocator.DEFAULT;
-- PemEncoded pem = PemPrivateKey.toPEM(allocator, true, key);
-- try {
-- return toBIO(allocator, pem.retain());
-- } finally {
-- pem.release();
-- }
-- }
--
-- /**
-- * Return the pointer to a <a href="https://www.openssl.org/docs/crypto/BIO_get_mem_ptr.html">in-memory BIO</a>
-- * or {@code 0} if the {@code certChain} is {@code null}. The BIO contains the content of the {@code certChain}.
-- */
-- static long toBIO(X509Certificate... certChain) throws Exception {
-- if (certChain == null) {
-- return 0;
-- }
--
-- if (certChain.length == 0) {
-- throw new IllegalArgumentException("certChain can't be empty");
-- }
--
-- ByteBufAllocator allocator = ByteBufAllocator.DEFAULT;
-- PemEncoded pem = PemX509Certificate.toPEM(allocator, true, certChain);
-- try {
-- return toBIO(allocator, pem.retain());
-- } finally {
-- pem.release();
-- }
-- }
--
-- static long toBIO(ByteBufAllocator allocator, PemEncoded pem) throws Exception {
-- try {
-- // We can turn direct buffers straight into BIOs. No need to
-- // make a yet another copy.
-- ByteBuf content = pem.content();
--
-- if (content.isDirect()) {
-- return newBIO(content.retainedSlice());
-- }
--
-- ByteBuf buffer = allocator.directBuffer(content.readableBytes());
-- try {
-- buffer.writeBytes(content, content.readerIndex(), content.readableBytes());
-- return newBIO(buffer.retainedSlice());
-- } finally {
-- try {
-- // If the contents of the ByteBuf is sensitive (e.g. a PrivateKey) we
-- // need to zero out the bytes of the copy before we're releasing it.
-- if (pem.isSensitive()) {
-- SslUtils.zeroout(buffer);
-- }
-- } finally {
-- buffer.release();
-- }
-- }
-- } finally {
-- pem.release();
-- }
-- }
--
-- private static long newBIO(ByteBuf buffer) throws Exception {
-- try {
-- long bio = SSL.newMemBIO();
-- int readable = buffer.readableBytes();
-- if (SSL.bioWrite(bio, OpenSsl.memoryAddress(buffer) + buffer.readerIndex(), readable) != readable) {
-- SSL.freeBIO(bio);
-- throw new IllegalStateException("Could not write data to memory BIO");
-- }
-- return bio;
-- } finally {
-- buffer.release();
-- }
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java
-deleted file mode 100644
-index 27460c7..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java
-+++ /dev/null
-@@ -1,2037 +0,0 @@
--/*
-- * Copyright 2016 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import io.netty.buffer.ByteBuf;
--import io.netty.buffer.ByteBufAllocator;
--import io.netty.internal.tcnative.Buffer;
--import io.netty.internal.tcnative.SSL;
--import io.netty.util.AbstractReferenceCounted;
--import io.netty.util.ReferenceCounted;
--import io.netty.util.ResourceLeakDetector;
--import io.netty.util.ResourceLeakDetectorFactory;
--import io.netty.util.ResourceLeakTracker;
--import io.netty.util.internal.EmptyArrays;
--import io.netty.util.internal.PlatformDependent;
--import io.netty.util.internal.StringUtil;
--import io.netty.util.internal.ThrowableUtil;
--import io.netty.util.internal.UnstableApi;
--import io.netty.util.internal.logging.InternalLogger;
--import io.netty.util.internal.logging.InternalLoggerFactory;
--
--import java.nio.ByteBuffer;
--import java.nio.ReadOnlyBufferException;
--import java.security.Principal;
--import java.security.cert.Certificate;
--import java.util.ArrayList;
--import java.util.Arrays;
--import java.util.Collection;
--import java.util.HashMap;
--import java.util.List;
--import java.util.Map;
--import java.util.concurrent.atomic.AtomicIntegerFieldUpdater;
--
--import java.util.concurrent.locks.Lock;
--import javax.net.ssl.SSLEngine;
--import javax.net.ssl.SSLEngineResult;
--import javax.net.ssl.SSLException;
--import javax.net.ssl.SSLHandshakeException;
--import javax.net.ssl.SSLParameters;
--import javax.net.ssl.SSLPeerUnverifiedException;
--import javax.net.ssl.SSLSession;
--import javax.net.ssl.SSLSessionBindingEvent;
--import javax.net.ssl.SSLSessionBindingListener;
--import javax.net.ssl.SSLSessionContext;
--import javax.security.cert.X509Certificate;
--
--import static io.netty.handler.ssl.OpenSsl.memoryAddress;
--import static io.netty.handler.ssl.SslUtils.SSL_RECORD_HEADER_LENGTH;
--import static io.netty.util.internal.EmptyArrays.EMPTY_CERTIFICATES;
--import static io.netty.util.internal.EmptyArrays.EMPTY_JAVAX_X509_CERTIFICATES;
--import static io.netty.util.internal.ObjectUtil.checkNotNull;
--import static java.lang.Math.min;
--import static javax.net.ssl.SSLEngineResult.HandshakeStatus.FINISHED;
--import static javax.net.ssl.SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
--import static javax.net.ssl.SSLEngineResult.HandshakeStatus.NEED_WRAP;
--import static javax.net.ssl.SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
--import static javax.net.ssl.SSLEngineResult.Status.BUFFER_OVERFLOW;
--import static javax.net.ssl.SSLEngineResult.Status.BUFFER_UNDERFLOW;
--import static javax.net.ssl.SSLEngineResult.Status.CLOSED;
--import static javax.net.ssl.SSLEngineResult.Status.OK;
--
--/**
-- * Implements a {@link SSLEngine} using
-- * <a href="https://www.openssl.org/docs/crypto/BIO_s_bio.html#EXAMPLE">OpenSSL BIO abstractions</a>.
-- * <p>Instances of this class must be {@link #release() released} or else native memory will leak!
-- *
-- * <p>Instances of this class <strong>must</strong> be released before the {@link ReferenceCountedOpenSslContext}
-- * the instance depends upon are released. Otherwise if any method of this class is called which uses the
-- * the {@link ReferenceCountedOpenSslContext} JNI resources the JVM may crash.
-- */
--public class ReferenceCountedOpenSslEngine extends SSLEngine implements ReferenceCounted {
--
-- private static final InternalLogger logger = InternalLoggerFactory.getInstance(ReferenceCountedOpenSslEngine.class);
--
-- private static final SSLException BEGIN_HANDSHAKE_ENGINE_CLOSED = ThrowableUtil.unknownStackTrace(
-- new SSLException("engine closed"), ReferenceCountedOpenSslEngine.class, "beginHandshake()");
-- private static final SSLException HANDSHAKE_ENGINE_CLOSED = ThrowableUtil.unknownStackTrace(
-- new SSLException("engine closed"), ReferenceCountedOpenSslEngine.class, "handshake()");
-- private static final SSLException RENEGOTIATION_UNSUPPORTED = ThrowableUtil.unknownStackTrace(
-- new SSLException("renegotiation unsupported"), ReferenceCountedOpenSslEngine.class, "beginHandshake()");
-- private static final ResourceLeakDetector<ReferenceCountedOpenSslEngine> leakDetector =
-- ResourceLeakDetectorFactory.instance().newResourceLeakDetector(ReferenceCountedOpenSslEngine.class);
-- /**
-- * <a href="https://www.openssl.org/docs/man1.0.2/crypto/X509_check_host.html">The flags argument is usually 0</a>.
-- */
-- private static final int DEFAULT_HOSTNAME_VALIDATION_FLAGS = 0;
--
-- static final int MAX_PLAINTEXT_LENGTH = 16 * 1024; // 2^14
--
-- /**
-- * This is the maximum overhead when encrypting plaintext as defined by
-- * <a href="https://www.ietf.org/rfc/rfc5246.txt">rfc5264</a>,
-- * <a href="https://www.ietf.org/rfc/rfc5289.txt">rfc5289</a> and openssl implementation itself.
-- *
-- * Please note that we use a padding of 16 here as openssl uses PKC#5 which uses 16 bytes while the spec itself
-- * allow up to 255 bytes. 16 bytes is the max for PKC#5 (which handles it the same way as PKC#7) as we use a block
-- * size of 16. See <a href="https://tools.ietf.org/html/rfc5652#section-6.3">rfc5652#section-6.3</a>.
-- *
-- * TLS Header (5) + 16 (IV) + 48 (MAC) + 1 (Padding_length field) + 15 (Padding) + 1 (ContentType) +
-- * 2 (ProtocolVersion) + 2 (Length)
-- *
-- * TODO: We may need to review this calculation once TLS 1.3 becomes available.
-- */
-- static final int MAX_TLS_RECORD_OVERHEAD_LENGTH = SSL_RECORD_HEADER_LENGTH + 16 + 48 + 1 + 15 + 1 + 2 + 2;
--
-- static final int MAX_ENCRYPTED_PACKET_LENGTH = MAX_PLAINTEXT_LENGTH + MAX_TLS_RECORD_OVERHEAD_LENGTH;
--
-- private static final AtomicIntegerFieldUpdater<ReferenceCountedOpenSslEngine> DESTROYED_UPDATER =
-- AtomicIntegerFieldUpdater.newUpdater(ReferenceCountedOpenSslEngine.class, "destroyed");
--
-- private static final String INVALID_CIPHER = "SSL_NULL_WITH_NULL_NULL";
-- private static final SSLEngineResult NEED_UNWRAP_OK = new SSLEngineResult(OK, NEED_UNWRAP, 0, 0);
-- private static final SSLEngineResult NEED_UNWRAP_CLOSED = new SSLEngineResult(CLOSED, NEED_UNWRAP, 0, 0);
-- private static final SSLEngineResult NEED_WRAP_OK = new SSLEngineResult(OK, NEED_WRAP, 0, 0);
-- private static final SSLEngineResult NEED_WRAP_CLOSED = new SSLEngineResult(CLOSED, NEED_WRAP, 0, 0);
-- private static final SSLEngineResult CLOSED_NOT_HANDSHAKING = new SSLEngineResult(CLOSED, NOT_HANDSHAKING, 0, 0);
--
-- // OpenSSL state
-- private long ssl;
-- private long networkBIO;
-- private boolean certificateSet;
--
-- private enum HandshakeState {
-- /**
-- * Not started yet.
-- */
-- NOT_STARTED,
-- /**
-- * Started via unwrap/wrap.
-- */
-- STARTED_IMPLICITLY,
-- /**
-- * Started via {@link #beginHandshake()}.
-- */
-- STARTED_EXPLICITLY,
--
-- /**
-- * Handshake is finished.
-- */
-- FINISHED
-- }
--
-- private HandshakeState handshakeState = HandshakeState.NOT_STARTED;
-- private boolean renegotiationPending;
-- private boolean receivedShutdown;
-- private volatile int destroyed;
--
-- // Reference Counting
-- private final ResourceLeakTracker<ReferenceCountedOpenSslEngine> leak;
-- private final AbstractReferenceCounted refCnt = new AbstractReferenceCounted() {
-- @Override
-- public ReferenceCounted touch(Object hint) {
-- if (leak != null) {
-- leak.record(hint);
-- }
--
-- return ReferenceCountedOpenSslEngine.this;
-- }
--
-- @Override
-- protected void deallocate() {
-- shutdown();
-- if (leak != null) {
-- boolean closed = leak.close(ReferenceCountedOpenSslEngine.this);
-- assert closed;
-- }
-- }
-- };
--
-- private volatile ClientAuth clientAuth = ClientAuth.NONE;
--
-- // Updated once a new handshake is started and so the SSLSession reused.
-- private volatile long lastAccessed = -1;
--
-- private String endPointIdentificationAlgorithm;
-- // Store as object as AlgorithmConstraints only exists since java 7.
-- private Object algorithmConstraints;
-- private List<String> sniHostNames;
--
-- // Mark as volatile as accessed by checkSniHostnameMatch(...) and also not specify the SNIMatcher type to allow us
-- // using it with java7.
-- private volatile Collection<?> matchers;
--
-- // SSL Engine status variables
-- private boolean isInboundDone;
-- private boolean outboundClosed;
--
-- private final boolean clientMode;
-- private final ByteBufAllocator alloc;
-- private final OpenSslEngineMap engineMap;
-- private final OpenSslApplicationProtocolNegotiator apn;
-- private final boolean rejectRemoteInitiatedRenegotiation;
-- private final OpenSslSession session;
-- private final Certificate[] localCerts;
-- private final ByteBuffer[] singleSrcBuffer = new ByteBuffer[1];
-- private final ByteBuffer[] singleDstBuffer = new ByteBuffer[1];
-- private final OpenSslKeyMaterialManager keyMaterialManager;
-- private final boolean enableOcsp;
--
-- // This is package-private as we set it from OpenSslContext if an exception is thrown during
-- // the verification step.
-- SSLHandshakeException handshakeException;
--
-- /**
-- * Create a new instance.
-- * @param context Reference count release responsibility is not transferred! The callee still owns this object.
-- * @param alloc The allocator to use.
-- * @param peerHost The peer host name.
-- * @param peerPort The peer port.
-- * @param leakDetection {@code true} to enable leak detection of this object.
-- */
-- ReferenceCountedOpenSslEngine(ReferenceCountedOpenSslContext context, ByteBufAllocator alloc, String peerHost,
-- int peerPort, boolean leakDetection) {
-- super(peerHost, peerPort);
-- OpenSsl.ensureAvailability();
-- leak = leakDetection ? leakDetector.track(this) : null;
-- this.alloc = checkNotNull(alloc, "alloc");
-- apn = (OpenSslApplicationProtocolNegotiator) context.applicationProtocolNegotiator();
-- session = new OpenSslSession(context.sessionContext());
-- clientMode = context.isClient();
-- engineMap = context.engineMap;
-- rejectRemoteInitiatedRenegotiation = context.getRejectRemoteInitiatedRenegotiation();
-- localCerts = context.keyCertChain;
-- keyMaterialManager = context.keyMaterialManager();
-- enableOcsp = context.enableOcsp;
--
-- Lock readerLock = context.ctxLock.readLock();
-- readerLock.lock();
-- try {
-- ssl = SSL.newSSL(context.ctx, !context.isClient());
-- } finally {
-- readerLock.unlock();
-- }
-- try {
-- networkBIO = SSL.bioNewByteBuffer(ssl, context.getBioNonApplicationBufferSize());
--
-- // Set the client auth mode, this needs to be done via setClientAuth(...) method so we actually call the
-- // needed JNI methods.
-- setClientAuth(clientMode ? ClientAuth.NONE : context.clientAuth);
--
-- if (context.protocols != null) {
-- setEnabledProtocols(context.protocols);
-- }
--
-- // Use SNI if peerHost was specified
-- // See https://github.com/netty/netty/issues/4746
-- if (clientMode && peerHost != null) {
-- SSL.setTlsExtHostName(ssl, peerHost);
-- }
--
-- if (enableOcsp) {
-- SSL.enableOcsp(ssl);
-- }
-- } catch (Throwable cause) {
-- SSL.freeSSL(ssl);
-- PlatformDependent.throwException(cause);
-- }
-- }
--
-- /**
-- * Sets the OCSP response.
-- */
-- @UnstableApi
-- public void setOcspResponse(byte[] response) {
-- if (!enableOcsp) {
-- throw new IllegalStateException("OCSP stapling is not enabled");
-- }
--
-- if (clientMode) {
-- throw new IllegalStateException("Not a server SSLEngine");
-- }
--
-- synchronized (this) {
-- SSL.setOcspResponse(ssl, response);
-- }
-- }
--
-- /**
-- * Returns the OCSP response or {@code null} if the server didn't provide a stapled OCSP response.
-- */
-- @UnstableApi
-- public byte[] getOcspResponse() {
-- if (!enableOcsp) {
-- throw new IllegalStateException("OCSP stapling is not enabled");
-- }
--
-- if (!clientMode) {
-- throw new IllegalStateException("Not a client SSLEngine");
-- }
--
-- synchronized (this) {
-- return SSL.getOcspResponse(ssl);
-- }
-- }
--
-- @Override
-- public final int refCnt() {
-- return refCnt.refCnt();
-- }
--
-- @Override
-- public final ReferenceCounted retain() {
-- refCnt.retain();
-- return this;
-- }
--
-- @Override
-- public final ReferenceCounted retain(int increment) {
-- refCnt.retain(increment);
-- return this;
-- }
--
-- @Override
-- public final ReferenceCounted touch() {
-- refCnt.touch();
-- return this;
-- }
--
-- @Override
-- public final ReferenceCounted touch(Object hint) {
-- refCnt.touch(hint);
-- return this;
-- }
--
-- @Override
-- public final boolean release() {
-- return refCnt.release();
-- }
--
-- @Override
-- public final boolean release(int decrement) {
-- return refCnt.release(decrement);
-- }
--
-- @Override
-- public final synchronized SSLSession getHandshakeSession() {
-- // Javadocs state return value should be:
-- // null if this instance is not currently handshaking, or if the current handshake has not
-- // progressed far enough to create a basic SSLSession. Otherwise, this method returns the
-- // SSLSession currently being negotiated.
-- switch(handshakeState) {
-- case NOT_STARTED:
-- case FINISHED:
-- return null;
-- default:
-- return session;
-- }
-- }
--
-- /**
-- * Returns the pointer to the {@code SSL} object for this {@link ReferenceCountedOpenSslEngine}.
-- * Be aware that it is freed as soon as the {@link #release()} or {@link #shutdown()} methods are called.
-- * At this point {@code 0} will be returned.
-- */
-- public final synchronized long sslPointer() {
-- return ssl;
-- }
--
-- /**
-- * Destroys this engine.
-- */
-- public final synchronized void shutdown() {
-- if (DESTROYED_UPDATER.compareAndSet(this, 0, 1)) {
-- engineMap.remove(ssl);
-- SSL.freeSSL(ssl);
-- ssl = networkBIO = 0;
--
-- isInboundDone = outboundClosed = true;
-- }
--
-- // On shutdown clear all errors
-- SSL.clearError();
-- }
--
-- /**
-- * Write plaintext data to the OpenSSL internal BIO
-- *
-- * Calling this function with src.remaining == 0 is undefined.
-- */
-- private int writePlaintextData(final ByteBuffer src, int len) {
-- final int pos = src.position();
-- final int limit = src.limit();
-- final int sslWrote;
--
-- if (src.isDirect()) {
-- sslWrote = SSL.writeToSSL(ssl, Buffer.address(src) + pos, len);
-- if (sslWrote > 0) {
-- src.position(pos + sslWrote);
-- }
-- } else {
-- ByteBuf buf = alloc.directBuffer(len);
-- try {
-- src.limit(pos + len);
--
-- buf.setBytes(0, src);
-- src.limit(limit);
--
-- sslWrote = SSL.writeToSSL(ssl, memoryAddress(buf), len);
-- if (sslWrote > 0) {
-- src.position(pos + sslWrote);
-- } else {
-- src.position(pos);
-- }
-- } finally {
-- buf.release();
-- }
-- }
-- return sslWrote;
-- }
--
-- /**
-- * Write encrypted data to the OpenSSL network BIO.
-- */
-- private ByteBuf writeEncryptedData(final ByteBuffer src, int len) {
-- final int pos = src.position();
-- if (src.isDirect()) {
-- SSL.bioSetByteBuffer(networkBIO, Buffer.address(src) + pos, len, false);
-- } else {
-- final ByteBuf buf = alloc.directBuffer(len);
-- try {
-- final int limit = src.limit();
-- src.limit(pos + len);
-- buf.writeBytes(src);
-- // Restore the original position and limit because we don't want to consume from `src`.
-- src.position(pos);
-- src.limit(limit);
--
-- SSL.bioSetByteBuffer(networkBIO, memoryAddress(buf), len, false);
-- return buf;
-- } catch (Throwable cause) {
-- buf.release();
-- PlatformDependent.throwException(cause);
-- }
-- }
-- return null;
-- }
--
-- /**
-- * Read plaintext data from the OpenSSL internal BIO
-- */
-- private int readPlaintextData(final ByteBuffer dst) {
-- final int sslRead;
-- final int pos = dst.position();
-- if (dst.isDirect()) {
-- sslRead = SSL.readFromSSL(ssl, Buffer.address(dst) + pos, dst.limit() - pos);
-- if (sslRead > 0) {
-- dst.position(pos + sslRead);
-- }
-- } else {
-- final int limit = dst.limit();
-- final int len = min(MAX_ENCRYPTED_PACKET_LENGTH, limit - pos);
-- final ByteBuf buf = alloc.directBuffer(len);
-- try {
-- sslRead = SSL.readFromSSL(ssl, memoryAddress(buf), len);
-- if (sslRead > 0) {
-- dst.limit(pos + sslRead);
-- buf.getBytes(buf.readerIndex(), dst);
-- dst.limit(limit);
-- }
-- } finally {
-- buf.release();
-- }
-- }
--
-- return sslRead;
-- }
--
-- @Override
-- public final SSLEngineResult wrap(
-- final ByteBuffer[] srcs, int offset, final int length, final ByteBuffer dst) throws SSLException {
-- // Throw required runtime exceptions
-- if (srcs == null) {
-- throw new IllegalArgumentException("srcs is null");
-- }
-- if (dst == null) {
-- throw new IllegalArgumentException("dst is null");
-- }
--
-- if (offset >= srcs.length || offset + length > srcs.length) {
-- throw new IndexOutOfBoundsException(
-- "offset: " + offset + ", length: " + length +
-- " (expected: offset <= offset + length <= srcs.length (" + srcs.length + "))");
-- }
--
-- if (dst.isReadOnly()) {
-- throw new ReadOnlyBufferException();
-- }
--
-- synchronized (this) {
-- if (isOutboundDone()) {
-- // All drained in the outbound buffer
-- return isInboundDone() || isDestroyed() ? CLOSED_NOT_HANDSHAKING : NEED_UNWRAP_CLOSED;
-- }
--
-- int bytesProduced = 0;
-- ByteBuf bioReadCopyBuf = null;
-- try {
-- // Setup the BIO buffer so that we directly write the encryption results into dst.
-- if (dst.isDirect()) {
-- SSL.bioSetByteBuffer(networkBIO, Buffer.address(dst) + dst.position(), dst.remaining(),
-- true);
-- } else {
-- bioReadCopyBuf = alloc.directBuffer(dst.remaining());
-- SSL.bioSetByteBuffer(networkBIO, memoryAddress(bioReadCopyBuf), bioReadCopyBuf.writableBytes(),
-- true);
-- }
--
-- int bioLengthBefore = SSL.bioLengthByteBuffer(networkBIO);
--
-- // Explicit use outboundClosed as we want to drain any bytes that are still present.
-- if (outboundClosed) {
-- // There is something left to drain.
-- // See https://github.com/netty/netty/issues/6260
-- bytesProduced = SSL.bioFlushByteBuffer(networkBIO);
-- if (bytesProduced <= 0) {
-- return newResultMayFinishHandshake(NOT_HANDSHAKING, 0, 0);
-- }
-- // It is possible when the outbound was closed there was not enough room in the non-application
-- // buffers to hold the close_notify. We should keep trying to close until we consume all the data
-- // OpenSSL can give us.
-- if (!doSSLShutdown()) {
-- return newResultMayFinishHandshake(NOT_HANDSHAKING, 0, bytesProduced);
-- }
-- bytesProduced = bioLengthBefore - SSL.bioLengthByteBuffer(networkBIO);
-- return newResultMayFinishHandshake(NEED_WRAP, 0, bytesProduced);
-- }
--
-- // Flush any data that may be implicitly generated by OpenSSL (handshake, close, etc..).
-- SSLEngineResult.HandshakeStatus status = NOT_HANDSHAKING;
-- // Prepare OpenSSL to work in server mode and receive handshake
-- if (handshakeState != HandshakeState.FINISHED) {
-- if (handshakeState != HandshakeState.STARTED_EXPLICITLY) {
-- // Update accepted so we know we triggered the handshake via wrap
-- handshakeState = HandshakeState.STARTED_IMPLICITLY;
-- }
--
-- // Flush any data that may have been written implicitly during the handshake by OpenSSL.
-- bytesProduced = SSL.bioFlushByteBuffer(networkBIO);
--
-- if (bytesProduced > 0 && handshakeException != null) {
-- // TODO(scott): It is possible that when the handshake failed there was not enough room in the
-- // non-application buffers to hold the alert. We should get all the data before progressing on.
-- // However I'm not aware of a way to do this with the OpenSSL APIs.
-- // See https://github.com/netty/netty/issues/6385.
--
-- // We produced / consumed some data during the handshake, signal back to the caller.
-- // If there is a handshake exception and we have produced data, we should send the data before
-- // we allow handshake() to throw the handshake exception.
-- return newResult(NEED_WRAP, 0, bytesProduced);
-- }
--
-- status = handshake();
--
-- if (renegotiationPending && status == FINISHED) {
-- // If renegotiationPending is true that means when we attempted to start renegotiation
-- // the BIO buffer didn't have enough space to hold the HelloRequest which prompts the
-- // client to initiate a renegotiation. At this point the HelloRequest has been written
-- // so we can actually start the handshake process.
-- renegotiationPending = false;
-- SSL.setState(ssl, SSL.SSL_ST_ACCEPT);
-- handshakeState = HandshakeState.STARTED_EXPLICITLY;
-- status = handshake();
-- }
--
-- // Handshake may have generated more data, for example if the internal SSL buffer is small
-- // we may have freed up space by flushing above.
-- bytesProduced = bioLengthBefore - SSL.bioLengthByteBuffer(networkBIO);
--
-- if (bytesProduced > 0) {
-- // If we have filled up the dst buffer and we have not finished the handshake we should try to
-- // wrap again. Otherwise we should only try to wrap again if there is still data pending in
-- // SSL buffers.
-- return newResult(mayFinishHandshake(status != FINISHED ?
-- bytesProduced == bioLengthBefore ? NEED_WRAP :
-- getHandshakeStatus(SSL.bioLengthNonApplication(networkBIO)) : FINISHED),
-- 0, bytesProduced);
-- }
--
-- if (status == NEED_UNWRAP) {
-- // Signal if the outbound is done or not.
-- return isOutboundDone() ? NEED_UNWRAP_CLOSED : NEED_UNWRAP_OK;
-- }
--
-- // Explicit use outboundClosed and not outboundClosed() as we want to drain any bytes that are
-- // still present.
-- if (outboundClosed) {
-- bytesProduced = SSL.bioFlushByteBuffer(networkBIO);
-- return newResultMayFinishHandshake(status, 0, bytesProduced);
-- }
-- }
--
-- int srcsLen = 0;
-- final int endOffset = offset + length;
-- for (int i = offset; i < endOffset; ++i) {
-- final ByteBuffer src = srcs[i];
-- if (src == null) {
-- throw new IllegalArgumentException("srcs[" + i + "] is null");
-- }
-- if (srcsLen == MAX_PLAINTEXT_LENGTH) {
-- continue;
-- }
--
-- srcsLen += src.remaining();
-- if (srcsLen > MAX_PLAINTEXT_LENGTH || srcsLen < 0) {
-- // If srcLen > MAX_PLAINTEXT_LENGTH or secLen < 0 just set it to MAX_PLAINTEXT_LENGTH.
-- // This also help us to guard against overflow.
-- // We not break out here as we still need to check for null entries in srcs[].
-- srcsLen = MAX_PLAINTEXT_LENGTH;
-- }
-- }
--
-- // we will only produce a single TLS packet, and we don't aggregate src buffers,
-- // so we always fix the number of buffers to 1 when checking if the dst buffer is large enough.
-- if (dst.remaining() < calculateOutNetBufSize(srcsLen, 1)) {
-- return new SSLEngineResult(BUFFER_OVERFLOW, getHandshakeStatus(), 0, 0);
-- }
--
-- // There was no pending data in the network BIO -- encrypt any application data
-- int bytesConsumed = 0;
-- // Flush any data that may have been written implicitly by OpenSSL in case a shutdown/alert occurs.
-- bytesProduced = SSL.bioFlushByteBuffer(networkBIO);
-- for (; offset < endOffset; ++offset) {
-- final ByteBuffer src = srcs[offset];
-- final int remaining = src.remaining();
-- if (remaining == 0) {
-- continue;
-- }
--
-- // Write plaintext application data to the SSL engine
-- int bytesWritten = writePlaintextData(src, min(remaining, MAX_PLAINTEXT_LENGTH - bytesConsumed));
--
-- if (bytesWritten > 0) {
-- bytesConsumed += bytesWritten;
--
-- // Determine how much encrypted data was generated:
-- final int pendingNow = SSL.bioLengthByteBuffer(networkBIO);
-- bytesProduced += bioLengthBefore - pendingNow;
-- bioLengthBefore = pendingNow;
--
-- return newResultMayFinishHandshake(status, bytesConsumed, bytesProduced);
-- } else {
-- int sslError = SSL.getError(ssl, bytesWritten);
-- if (sslError == SSL.SSL_ERROR_ZERO_RETURN) {
-- // This means the connection was shutdown correctly, close inbound and outbound
-- if (!receivedShutdown) {
-- closeAll();
--
-- bytesProduced += bioLengthBefore - SSL.bioLengthByteBuffer(networkBIO);
--
-- // If we have filled up the dst buffer and we have not finished the handshake we should
-- // try to wrap again. Otherwise we should only try to wrap again if there is still data
-- // pending in SSL buffers.
-- SSLEngineResult.HandshakeStatus hs = mayFinishHandshake(
-- status != FINISHED ? bytesProduced == dst.remaining() ? NEED_WRAP
-- : getHandshakeStatus(SSL.bioLengthNonApplication(networkBIO))
-- : FINISHED);
-- return newResult(hs, bytesConsumed, bytesProduced);
-- }
--
-- return newResult(NOT_HANDSHAKING, bytesConsumed, bytesProduced);
-- } else if (sslError == SSL.SSL_ERROR_WANT_READ) {
-- // If there is no pending data to read from BIO we should go back to event loop and try
-- // to read more data [1]. It is also possible that event loop will detect the socket has
-- // been closed. [1] https://www.openssl.org/docs/manmaster/ssl/SSL_write.html
-- return newResult(NEED_UNWRAP, bytesConsumed, bytesProduced);
-- } else if (sslError == SSL.SSL_ERROR_WANT_WRITE) {
-- // SSL_ERROR_WANT_WRITE typically means that the underlying transport is not writable
-- // and we should set the "want write" flag on the selector and try again when the
-- // underlying transport is writable [1]. However we are not directly writing to the
-- // underlying transport and instead writing to a BIO buffer. The OpenSsl documentation
-- // says we should do the following [1]:
-- //
-- // "When using a buffering BIO, like a BIO pair, data must be written into or retrieved
-- // out of the BIO before being able to continue."
-- //
-- // So we attempt to drain the BIO buffer below, but if there is no data this condition
-- // is undefined and we assume their is a fatal error with the openssl engine and close.
-- // [1] https://www.openssl.org/docs/manmaster/ssl/SSL_write.html
-- return newResult(NEED_WRAP, bytesConsumed, bytesProduced);
-- } else {
-- // Everything else is considered as error
-- throw shutdownWithError("SSL_write");
-- }
-- }
-- }
-- return newResultMayFinishHandshake(status, bytesConsumed, bytesProduced);
-- } finally {
-- SSL.bioClearByteBuffer(networkBIO);
-- if (bioReadCopyBuf == null) {
-- dst.position(dst.position() + bytesProduced);
-- } else {
-- assert bioReadCopyBuf.readableBytes() <= dst.remaining() : "The destination buffer " + dst +
-- " didn't have enough remaining space to hold the encrypted content in " + bioReadCopyBuf;
-- dst.put(bioReadCopyBuf.internalNioBuffer(bioReadCopyBuf.readerIndex(), bytesProduced));
-- bioReadCopyBuf.release();
-- }
-- }
-- }
-- }
--
-- private SSLEngineResult newResult(SSLEngineResult.HandshakeStatus hs, int bytesConsumed, int bytesProduced) {
-- return newResult(OK, hs, bytesConsumed, bytesProduced);
-- }
--
-- private SSLEngineResult newResult(SSLEngineResult.Status status, SSLEngineResult.HandshakeStatus hs,
-- int bytesConsumed, int bytesProduced) {
-- // If isOutboundDone, then the data from the network BIO
-- // was the close_notify message and all was consumed we are not required to wait
-- // for the receipt the peer's close_notify message -- shutdown.
-- if (isOutboundDone()) {
-- if (isInboundDone()) {
-- // If the inbound was done as well, we need to ensure we return NOT_HANDSHAKING to signal we are done.
-- hs = NOT_HANDSHAKING;
--
-- // As the inbound and the outbound is done we can shutdown the engine now.
-- shutdown();
-- }
-- return new SSLEngineResult(CLOSED, hs, bytesConsumed, bytesProduced);
-- }
-- return new SSLEngineResult(status, hs, bytesConsumed, bytesProduced);
-- }
--
-- private SSLEngineResult newResultMayFinishHandshake(SSLEngineResult.HandshakeStatus hs,
-- int bytesConsumed, int bytesProduced) throws SSLException {
-- return newResult(mayFinishHandshake(hs != FINISHED ? getHandshakeStatus() : FINISHED),
-- bytesConsumed, bytesProduced);
-- }
--
-- private SSLEngineResult newResultMayFinishHandshake(SSLEngineResult.Status status,
-- SSLEngineResult.HandshakeStatus hs,
-- int bytesConsumed, int bytesProduced) throws SSLException {
-- return newResult(status, mayFinishHandshake(hs != FINISHED ? getHandshakeStatus() : FINISHED),
-- bytesConsumed, bytesProduced);
-- }
--
-- /**
-- * Log the error, shutdown the engine and throw an exception.
-- */
-- private SSLException shutdownWithError(String operations) {
-- String err = SSL.getLastError();
-- return shutdownWithError(operations, err);
-- }
--
-- private SSLException shutdownWithError(String operation, String err) {
-- if (logger.isDebugEnabled()) {
-- logger.debug("{} failed: OpenSSL error: {}", operation, err);
-- }
--
-- // There was an internal error -- shutdown
-- shutdown();
-- if (handshakeState == HandshakeState.FINISHED) {
-- return new SSLException(err);
-- }
-- return new SSLHandshakeException(err);
-- }
--
-- public final SSLEngineResult unwrap(
-- final ByteBuffer[] srcs, int srcsOffset, final int srcsLength,
-- final ByteBuffer[] dsts, int dstsOffset, final int dstsLength) throws SSLException {
--
-- // Throw required runtime exceptions
-- if (srcs == null) {
-- throw new NullPointerException("srcs");
-- }
-- if (srcsOffset >= srcs.length
-- || srcsOffset + srcsLength > srcs.length) {
-- throw new IndexOutOfBoundsException(
-- "offset: " + srcsOffset + ", length: " + srcsLength +
-- " (expected: offset <= offset + length <= srcs.length (" + srcs.length + "))");
-- }
-- if (dsts == null) {
-- throw new IllegalArgumentException("dsts is null");
-- }
-- if (dstsOffset >= dsts.length || dstsOffset + dstsLength > dsts.length) {
-- throw new IndexOutOfBoundsException(
-- "offset: " + dstsOffset + ", length: " + dstsLength +
-- " (expected: offset <= offset + length <= dsts.length (" + dsts.length + "))");
-- }
-- long capacity = 0;
-- final int dstsEndOffset = dstsOffset + dstsLength;
-- for (int i = dstsOffset; i < dstsEndOffset; i ++) {
-- ByteBuffer dst = dsts[i];
-- if (dst == null) {
-- throw new IllegalArgumentException("dsts[" + i + "] is null");
-- }
-- if (dst.isReadOnly()) {
-- throw new ReadOnlyBufferException();
-- }
-- capacity += dst.remaining();
-- }
--
-- final int srcsEndOffset = srcsOffset + srcsLength;
-- long len = 0;
-- for (int i = srcsOffset; i < srcsEndOffset; i++) {
-- ByteBuffer src = srcs[i];
-- if (src == null) {
-- throw new IllegalArgumentException("srcs[" + i + "] is null");
-- }
-- len += src.remaining();
-- }
--
-- synchronized (this) {
-- if (isInboundDone()) {
-- return isOutboundDone() || isDestroyed() ? CLOSED_NOT_HANDSHAKING : NEED_WRAP_CLOSED;
-- }
--
-- SSLEngineResult.HandshakeStatus status = NOT_HANDSHAKING;
-- // Prepare OpenSSL to work in server mode and receive handshake
-- if (handshakeState != HandshakeState.FINISHED) {
-- if (handshakeState != HandshakeState.STARTED_EXPLICITLY) {
-- // Update accepted so we know we triggered the handshake via wrap
-- handshakeState = HandshakeState.STARTED_IMPLICITLY;
-- }
--
-- status = handshake();
-- if (status == NEED_WRAP) {
-- return NEED_WRAP_OK;
-- }
-- // Check if the inbound is considered to be closed if so let us try to wrap again.
-- if (isInboundDone) {
-- return NEED_WRAP_CLOSED;
-- }
-- }
--
-- if (len < SSL_RECORD_HEADER_LENGTH) {
-- return newResultMayFinishHandshake(BUFFER_UNDERFLOW, status, 0, 0);
-- }
--
-- int packetLength = SslUtils.getEncryptedPacketLength(srcs, srcsOffset);
--
-- if (packetLength == SslUtils.NOT_ENCRYPTED) {
-- throw new NotSslRecordException("not an SSL/TLS record");
-- }
--
-- if (packetLength - SSL_RECORD_HEADER_LENGTH > capacity) {
-- // No enough space in the destination buffer so signal the caller
-- // that the buffer needs to be increased.
-- return newResultMayFinishHandshake(BUFFER_OVERFLOW, status, 0, 0);
-- }
--
-- if (len < packetLength) {
-- // We either have no enough data to read the packet length at all or not enough for reading
-- // the whole packet.
-- return newResultMayFinishHandshake(BUFFER_UNDERFLOW, status, 0, 0);
-- }
--
-- // This must always be the case when we reached here as if not we returned BUFFER_UNDERFLOW.
-- assert srcsOffset < srcsEndOffset;
--
-- // This must always be the case if we reached here.
-- assert capacity > 0;
--
-- // Number of produced bytes
-- int bytesProduced = 0;
-- int bytesConsumed = 0;
-- try {
-- for (; srcsOffset < srcsEndOffset; ++srcsOffset) {
-- ByteBuffer src = srcs[srcsOffset];
-- int remaining = src.remaining();
-- if (remaining == 0) {
-- // We must skip empty buffers as BIO_write will return 0 if asked to write something
-- // with length 0.
-- continue;
-- }
-- // Write more encrypted data into the BIO. Ensure we only read one packet at a time as
-- // stated in the SSLEngine javadocs.
-- int pendingEncryptedBytes = min(packetLength, remaining);
-- ByteBuf bioWriteCopyBuf = writeEncryptedData(src, pendingEncryptedBytes);
-- try {
-- readLoop:
-- for (; dstsOffset < dstsEndOffset; ++dstsOffset) {
-- ByteBuffer dst = dsts[dstsOffset];
-- if (!dst.hasRemaining()) {
-- // No space left in the destination buffer, skip it.
-- continue;
-- }
--
-- int bytesRead = readPlaintextData(dst);
-- // We are directly using the ByteBuffer memory for the write, and so we only know what
-- // has been consumed after we let SSL decrypt the data. At this point we should update
-- // the number of bytes consumed, update the ByteBuffer position, and release temp
-- // ByteBuf.
-- int localBytesConsumed = pendingEncryptedBytes - SSL.bioLengthByteBuffer(networkBIO);
-- bytesConsumed += localBytesConsumed;
-- packetLength -= localBytesConsumed;
-- pendingEncryptedBytes -= localBytesConsumed;
-- src.position(src.position() + localBytesConsumed);
--
-- if (bytesRead > 0) {
-- bytesProduced += bytesRead;
--
-- if (!dst.hasRemaining()) {
-- // Move to the next dst buffer as this one is full.
-- continue;
-- }
-- if (packetLength == 0) {
-- // We read everything return now.
-- return newResultMayFinishHandshake(isInboundDone() ? CLOSED : OK, status,
-- bytesConsumed, bytesProduced);
-- }
-- // try to write again to the BIO. stop reading from it by break out of the readLoop.
-- break;
-- } else {
-- int sslError = SSL.getError(ssl, bytesRead);
-- if (sslError == SSL.SSL_ERROR_WANT_READ || sslError == SSL.SSL_ERROR_WANT_WRITE) {
-- // break to the outer loop as we want to read more data which means we need to
-- // write more to the BIO.
-- break readLoop;
-- } else if (sslError == SSL.SSL_ERROR_ZERO_RETURN) {
-- // This means the connection was shutdown correctly, close inbound and outbound
-- if (!receivedShutdown) {
-- closeAll();
-- }
-- return newResultMayFinishHandshake(isInboundDone() ? CLOSED : OK, status,
-- bytesConsumed, bytesProduced);
-- } else {
-- return sslReadErrorResult(SSL.getLastErrorNumber(), bytesConsumed,
-- bytesProduced);
-- }
-- }
-- }
--
-- // Either we have no more dst buffers to put the data, or no more data to generate; we are done.
-- if (dstsOffset >= dstsEndOffset || packetLength == 0) {
-- break;
-- }
-- } finally {
-- if (bioWriteCopyBuf != null) {
-- bioWriteCopyBuf.release();
-- }
-- }
-- }
-- } finally {
-- SSL.bioClearByteBuffer(networkBIO);
-- rejectRemoteInitiatedRenegotiation();
-- }
--
-- // Check to see if we received a close_notify message from the peer.
-- if (!receivedShutdown && (SSL.getShutdown(ssl) & SSL.SSL_RECEIVED_SHUTDOWN) == SSL.SSL_RECEIVED_SHUTDOWN) {
-- closeAll();
-- }
--
-- return newResultMayFinishHandshake(isInboundDone() ? CLOSED : OK, status, bytesConsumed, bytesProduced);
-- }
-- }
--
-- private SSLEngineResult sslReadErrorResult(int err, int bytesConsumed, int bytesProduced) throws SSLException {
-- String errStr = SSL.getErrorString(err);
--
-- // Check if we have a pending handshakeException and if so see if we need to consume all pending data from the
-- // BIO first or can just shutdown and throw it now.
-- // This is needed so we ensure close_notify etc is correctly send to the remote peer.
-- // See https://github.com/netty/netty/issues/3900
-- if (SSL.bioLengthNonApplication(networkBIO) > 0) {
-- if (handshakeException == null && handshakeState != HandshakeState.FINISHED) {
-- // we seems to have data left that needs to be transfered and so the user needs
-- // call wrap(...). Store the error so we can pick it up later.
-- handshakeException = new SSLHandshakeException(errStr);
-- }
-- return new SSLEngineResult(OK, NEED_WRAP, bytesConsumed, bytesProduced);
-- }
-- throw shutdownWithError("SSL_read", errStr);
-- }
--
-- private void closeAll() throws SSLException {
-- receivedShutdown = true;
-- closeOutbound();
-- closeInbound();
-- }
--
-- private void rejectRemoteInitiatedRenegotiation() throws SSLHandshakeException {
-- if (rejectRemoteInitiatedRenegotiation && SSL.getHandshakeCount(ssl) > 1) {
-- // TODO: In future versions me may also want to send a fatal_alert to the client and so notify it
-- // that the renegotiation failed.
-- shutdown();
-- throw new SSLHandshakeException("remote-initiated renegotiation not allowed");
-- }
-- }
--
-- public final SSLEngineResult unwrap(final ByteBuffer[] srcs, final ByteBuffer[] dsts) throws SSLException {
-- return unwrap(srcs, 0, srcs.length, dsts, 0, dsts.length);
-- }
--
-- private ByteBuffer[] singleSrcBuffer(ByteBuffer src) {
-- singleSrcBuffer[0] = src;
-- return singleSrcBuffer;
-- }
--
-- private void resetSingleSrcBuffer() {
-- singleSrcBuffer[0] = null;
-- }
--
-- private ByteBuffer[] singleDstBuffer(ByteBuffer src) {
-- singleDstBuffer[0] = src;
-- return singleDstBuffer;
-- }
--
-- private void resetSingleDstBuffer() {
-- singleDstBuffer[0] = null;
-- }
--
-- @Override
-- public final synchronized SSLEngineResult unwrap(
-- final ByteBuffer src, final ByteBuffer[] dsts, final int offset, final int length) throws SSLException {
-- try {
-- return unwrap(singleSrcBuffer(src), 0, 1, dsts, offset, length);
-- } finally {
-- resetSingleSrcBuffer();
-- }
-- }
--
-- @Override
-- public final synchronized SSLEngineResult wrap(ByteBuffer src, ByteBuffer dst) throws SSLException {
-- try {
-- return wrap(singleSrcBuffer(src), dst);
-- } finally {
-- resetSingleSrcBuffer();
-- }
-- }
--
-- @Override
-- public final synchronized SSLEngineResult unwrap(ByteBuffer src, ByteBuffer dst) throws SSLException {
-- try {
-- return unwrap(singleSrcBuffer(src), singleDstBuffer(dst));
-- } finally {
-- resetSingleSrcBuffer();
-- resetSingleDstBuffer();
-- }
-- }
--
-- @Override
-- public final synchronized SSLEngineResult unwrap(ByteBuffer src, ByteBuffer[] dsts) throws SSLException {
-- try {
-- return unwrap(singleSrcBuffer(src), dsts);
-- } finally {
-- resetSingleSrcBuffer();
-- }
-- }
--
-- @Override
-- public final Runnable getDelegatedTask() {
-- // Currently, we do not delegate SSL computation tasks
-- // TODO: in the future, possibly create tasks to do encrypt / decrypt async
--
-- return null;
-- }
--
-- @Override
-- public final synchronized void closeInbound() throws SSLException {
-- if (isInboundDone) {
-- return;
-- }
--
-- isInboundDone = true;
--
-- if (isOutboundDone()) {
-- // Only call shutdown if there is no outbound data pending.
-- // See https://github.com/netty/netty/issues/6167
-- shutdown();
-- }
--
-- if (handshakeState != HandshakeState.NOT_STARTED && !receivedShutdown) {
-- throw new SSLException(
-- "Inbound closed before receiving peer's close_notify: possible truncation attack?");
-- }
-- }
--
-- @Override
-- public final synchronized boolean isInboundDone() {
-- return isInboundDone;
-- }
--
-- @Override
-- public final synchronized void closeOutbound() {
-- if (outboundClosed) {
-- return;
-- }
--
-- outboundClosed = true;
--
-- if (handshakeState != HandshakeState.NOT_STARTED && !isDestroyed()) {
-- int mode = SSL.getShutdown(ssl);
-- if ((mode & SSL.SSL_SENT_SHUTDOWN) != SSL.SSL_SENT_SHUTDOWN) {
-- doSSLShutdown();
-- }
-- } else {
-- // engine closing before initial handshake
-- shutdown();
-- }
-- }
--
-- /**
-- * Attempt to call {@link SSL#shutdownSSL(long)}.
-- * @return {@code false} if the call to {@link SSL#shutdownSSL(long)} was not attempted or returned an error.
-- */
-- private boolean doSSLShutdown() {
-- if (SSL.isInInit(ssl) != 0) {
-- // Only try to call SSL_shutdown if we are not in the init state anymore.
-- // Otherwise we will see 'error:140E0197:SSL routines:SSL_shutdown:shutdown while in init' in our logs.
-- //
-- // See also http://hg.nginx.org/nginx/rev/062c189fee20
-- return false;
-- }
-- int err = SSL.shutdownSSL(ssl);
-- if (err < 0) {
-- int sslErr = SSL.getError(ssl, err);
-- if (sslErr == SSL.SSL_ERROR_SYSCALL || sslErr == SSL.SSL_ERROR_SSL) {
-- if (logger.isDebugEnabled()) {
-- logger.debug("SSL_shutdown failed: OpenSSL error: {}", SSL.getLastError());
-- }
-- // There was an internal error -- shutdown
-- shutdown();
-- return false;
-- }
-- SSL.clearError();
-- }
-- return true;
-- }
--
-- @Override
-- public final synchronized boolean isOutboundDone() {
-- // Check if there is anything left in the outbound buffer.
-- // We need to ensure we only call SSL.pendingWrittenBytesInBIO(...) if the engine was not destroyed yet.
-- return outboundClosed && (networkBIO == 0 || SSL.bioLengthNonApplication(networkBIO) == 0);
-- }
--
-- @Override
-- public final String[] getSupportedCipherSuites() {
-- return OpenSsl.AVAILABLE_CIPHER_SUITES.toArray(new String[OpenSsl.AVAILABLE_CIPHER_SUITES.size()]);
-- }
--
-- @Override
-- public final String[] getEnabledCipherSuites() {
-- final String[] enabled;
-- synchronized (this) {
-- if (!isDestroyed()) {
-- enabled = SSL.getCiphers(ssl);
-- } else {
-- return EmptyArrays.EMPTY_STRINGS;
-- }
-- }
-- if (enabled == null) {
-- return EmptyArrays.EMPTY_STRINGS;
-- } else {
-- synchronized (this) {
-- for (int i = 0; i < enabled.length; i++) {
-- String mapped = toJavaCipherSuite(enabled[i]);
-- if (mapped != null) {
-- enabled[i] = mapped;
-- }
-- }
-- }
-- return enabled;
-- }
-- }
--
-- @Override
-- public final void setEnabledCipherSuites(String[] cipherSuites) {
-- checkNotNull(cipherSuites, "cipherSuites");
--
-- final StringBuilder buf = new StringBuilder();
-- for (String c: cipherSuites) {
-- if (c == null) {
-- break;
-- }
--
-- String converted = CipherSuiteConverter.toOpenSsl(c);
-- if (converted == null) {
-- converted = c;
-- }
--
-- if (!OpenSsl.isCipherSuiteAvailable(converted)) {
-- throw new IllegalArgumentException("unsupported cipher suite: " + c + '(' + converted + ')');
-- }
--
-- buf.append(converted);
-- buf.append(':');
-- }
--
-- if (buf.length() == 0) {
-- throw new IllegalArgumentException("empty cipher suites");
-- }
-- buf.setLength(buf.length() - 1);
--
-- final String cipherSuiteSpec = buf.toString();
--
-- synchronized (this) {
-- if (!isDestroyed()) {
-- try {
-- SSL.setCipherSuites(ssl, cipherSuiteSpec);
-- } catch (Exception e) {
-- throw new IllegalStateException("failed to enable cipher suites: " + cipherSuiteSpec, e);
-- }
-- } else {
-- throw new IllegalStateException("failed to enable cipher suites: " + cipherSuiteSpec);
-- }
-- }
-- }
--
-- @Override
-- public final String[] getSupportedProtocols() {
-- return OpenSsl.SUPPORTED_PROTOCOLS_SET.toArray(new String[OpenSsl.SUPPORTED_PROTOCOLS_SET.size()]);
-- }
--
-- @Override
-- public final String[] getEnabledProtocols() {
-- List<String> enabled = new ArrayList<String>(6);
-- // Seems like there is no way to explicit disable SSLv2Hello in openssl so it is always enabled
-- enabled.add(OpenSsl.PROTOCOL_SSL_V2_HELLO);
--
-- int opts;
-- synchronized (this) {
-- if (!isDestroyed()) {
-- opts = SSL.getOptions(ssl);
-- } else {
-- return enabled.toArray(new String[1]);
-- }
-- }
-- if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1, OpenSsl.PROTOCOL_TLS_V1)) {
-- enabled.add(OpenSsl.PROTOCOL_TLS_V1);
-- }
-- if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_1, OpenSsl.PROTOCOL_TLS_V1_1)) {
-- enabled.add(OpenSsl.PROTOCOL_TLS_V1_1);
-- }
-- if (isProtocolEnabled(opts, SSL.SSL_OP_NO_TLSv1_2, OpenSsl.PROTOCOL_TLS_V1_2)) {
-- enabled.add(OpenSsl.PROTOCOL_TLS_V1_2);
-- }
-- if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv2, OpenSsl.PROTOCOL_SSL_V2)) {
-- enabled.add(OpenSsl.PROTOCOL_SSL_V2);
-- }
-- if (isProtocolEnabled(opts, SSL.SSL_OP_NO_SSLv3, OpenSsl.PROTOCOL_SSL_V3)) {
-- enabled.add(OpenSsl.PROTOCOL_SSL_V3);
-- }
-- return enabled.toArray(new String[enabled.size()]);
-- }
--
-- private static boolean isProtocolEnabled(int opts, int disableMask, String protocolString) {
-- // We also need to check if the actual protocolString is supported as depending on the openssl API
-- // implementations it may use a disableMask of 0 (BoringSSL is doing this for example).
-- return (opts & disableMask) == 0 && OpenSsl.SUPPORTED_PROTOCOLS_SET.contains(protocolString);
-- }
--
-- @Override
-- public final void setEnabledProtocols(String[] protocols) {
-- if (protocols == null) {
-- // This is correct from the API docs
-- throw new IllegalArgumentException();
-- }
-- boolean sslv2 = false;
-- boolean sslv3 = false;
-- boolean tlsv1 = false;
-- boolean tlsv1_1 = false;
-- boolean tlsv1_2 = false;
-- for (String p: protocols) {
-- if (!OpenSsl.SUPPORTED_PROTOCOLS_SET.contains(p)) {
-- throw new IllegalArgumentException("Protocol " + p + " is not supported.");
-- }
-- if (p.equals(OpenSsl.PROTOCOL_SSL_V2)) {
-- sslv2 = true;
-- } else if (p.equals(OpenSsl.PROTOCOL_SSL_V3)) {
-- sslv3 = true;
-- } else if (p.equals(OpenSsl.PROTOCOL_TLS_V1)) {
-- tlsv1 = true;
-- } else if (p.equals(OpenSsl.PROTOCOL_TLS_V1_1)) {
-- tlsv1_1 = true;
-- } else if (p.equals(OpenSsl.PROTOCOL_TLS_V1_2)) {
-- tlsv1_2 = true;
-- }
-- }
-- synchronized (this) {
-- if (!isDestroyed()) {
-- // Clear out options which disable protocols
-- SSL.clearOptions(ssl, SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_NO_TLSv1 |
-- SSL.SSL_OP_NO_TLSv1_1 | SSL.SSL_OP_NO_TLSv1_2);
--
-- int opts = 0;
-- if (!sslv2) {
-- opts |= SSL.SSL_OP_NO_SSLv2;
-- }
-- if (!sslv3) {
-- opts |= SSL.SSL_OP_NO_SSLv3;
-- }
-- if (!tlsv1) {
-- opts |= SSL.SSL_OP_NO_TLSv1;
-- }
-- if (!tlsv1_1) {
-- opts |= SSL.SSL_OP_NO_TLSv1_1;
-- }
-- if (!tlsv1_2) {
-- opts |= SSL.SSL_OP_NO_TLSv1_2;
-- }
--
-- // Disable protocols we do not want
-- SSL.setOptions(ssl, opts);
-- } else {
-- throw new IllegalStateException("failed to enable protocols: " + Arrays.asList(protocols));
-- }
-- }
-- }
--
-- @Override
-- public final SSLSession getSession() {
-- return session;
-- }
--
-- @Override
-- public final synchronized void beginHandshake() throws SSLException {
-- switch (handshakeState) {
-- case STARTED_IMPLICITLY:
-- checkEngineClosed(BEGIN_HANDSHAKE_ENGINE_CLOSED);
--
-- // A user did not start handshake by calling this method by him/herself,
-- // but handshake has been started already by wrap() or unwrap() implicitly.
-- // Because it's the user's first time to call this method, it is unfair to
-- // raise an exception. From the user's standpoint, he or she never asked
-- // for renegotiation.
--
-- handshakeState = HandshakeState.STARTED_EXPLICITLY; // Next time this method is invoked by the user,
-- // we should raise an exception.
-- break;
-- case STARTED_EXPLICITLY:
-- // Nothing to do as the handshake is not done yet.
-- break;
-- case FINISHED:
-- if (clientMode) {
-- // Only supported for server mode at the moment.
-- throw RENEGOTIATION_UNSUPPORTED;
-- }
-- // For renegotiate on the server side we need to issue the following command sequence with openssl:
-- //
-- // SSL_renegotiate(ssl)
-- // SSL_do_handshake(ssl)
-- // ssl->state = SSL_ST_ACCEPT
-- // SSL_do_handshake(ssl)
-- //
-- // Because of this we fall-through to call handshake() after setting the state, as this will also take
-- // care of updating the internal OpenSslSession object.
-- //
-- // See also:
-- // https://github.com/apache/httpd/blob/2.4.16/modules/ssl/ssl_engine_kernel...
-- // http://h71000.www7.hp.com/doc/83final/ba554_90007/ch04s03.html
-- int status;
-- if ((status = SSL.renegotiate(ssl)) != 1 || (status = SSL.doHandshake(ssl)) != 1) {
-- int err = SSL.getError(ssl, status);
-- if (err == SSL.SSL_ERROR_WANT_READ || err == SSL.SSL_ERROR_WANT_WRITE) {
-- // If the internal SSL buffer is small it is possible that doHandshake may "fail" because
-- // there is not enough room to write, so we should wait until the renegotiation has been.
-- renegotiationPending = true;
-- handshakeState = HandshakeState.STARTED_EXPLICITLY;
-- lastAccessed = System.currentTimeMillis();
-- return;
-- } else {
-- throw shutdownWithError("renegotiation failed");
-- }
-- }
--
-- SSL.setState(ssl, SSL.SSL_ST_ACCEPT);
--
-- lastAccessed = System.currentTimeMillis();
--
-- // fall-through
-- case NOT_STARTED:
-- handshakeState = HandshakeState.STARTED_EXPLICITLY;
-- handshake();
-- break;
-- default:
-- throw new Error();
-- }
-- }
--
-- private void checkEngineClosed(SSLException cause) throws SSLException {
-- if (isDestroyed()) {
-- throw cause;
-- }
-- }
--
-- private static SSLEngineResult.HandshakeStatus pendingStatus(int pendingStatus) {
-- // Depending on if there is something left in the BIO we need to WRAP or UNWRAP
-- return pendingStatus > 0 ? NEED_WRAP : NEED_UNWRAP;
-- }
--
-- private static boolean isEmpty(Object[] arr) {
-- return arr == null || arr.length == 0;
-- }
--
-- private static boolean isEmpty(byte[] cert) {
-- return cert == null || cert.length == 0;
-- }
--
-- private SSLEngineResult.HandshakeStatus handshake() throws SSLException {
-- if (handshakeState == HandshakeState.FINISHED) {
-- return FINISHED;
-- }
-- checkEngineClosed(HANDSHAKE_ENGINE_CLOSED);
--
-- // Check if we have a pending handshakeException and if so see if we need to consume all pending data from the
-- // BIO first or can just shutdown and throw it now.
-- // This is needed so we ensure close_notify etc is correctly send to the remote peer.
-- // See https://github.com/netty/netty/issues/3900
-- SSLHandshakeException exception = handshakeException;
-- if (exception != null) {
-- if (SSL.bioLengthNonApplication(networkBIO) > 0) {
-- // There is something pending, we need to consume it first via a WRAP so we don't loose anything.
-- return NEED_WRAP;
-- }
-- // No more data left to send to the remote peer, so null out the exception field, shutdown and throw
-- // the exception.
-- handshakeException = null;
-- shutdown();
-- throw exception;
-- }
--
-- // Adding the OpenSslEngine to the OpenSslEngineMap so it can be used in the AbstractCertificateVerifier.
-- engineMap.add(this);
-- if (lastAccessed == -1) {
-- lastAccessed = System.currentTimeMillis();
-- }
--
-- if (!certificateSet && keyMaterialManager != null) {
-- certificateSet = true;
-- keyMaterialManager.setKeyMaterial(this);
-- }
--
-- int code = SSL.doHandshake(ssl);
-- if (code <= 0) {
-- // Check if we have a pending exception that was created during the handshake and if so throw it after
-- // shutdown the connection.
-- if (handshakeException != null) {
-- exception = handshakeException;
-- handshakeException = null;
-- shutdown();
-- throw exception;
-- }
--
-- int sslError = SSL.getError(ssl, code);
-- if (sslError == SSL.SSL_ERROR_WANT_READ || sslError == SSL.SSL_ERROR_WANT_WRITE) {
-- return pendingStatus(SSL.bioLengthNonApplication(networkBIO));
-- } else {
-- // Everything else is considered as error
-- throw shutdownWithError("SSL_do_handshake");
-- }
-- }
-- // if SSL_do_handshake returns > 0 or sslError == SSL.SSL_ERROR_NAME it means the handshake was finished.
-- session.handshakeFinished();
-- engineMap.remove(ssl);
-- return FINISHED;
-- }
--
-- private SSLEngineResult.HandshakeStatus mayFinishHandshake(SSLEngineResult.HandshakeStatus status)
-- throws SSLException {
-- if (status == NOT_HANDSHAKING && handshakeState != HandshakeState.FINISHED) {
-- // If the status was NOT_HANDSHAKING and we not finished the handshake we need to call
-- // SSL_do_handshake() again
-- return handshake();
-- }
-- return status;
-- }
--
-- @Override
-- public final synchronized SSLEngineResult.HandshakeStatus getHandshakeStatus() {
-- // Check if we are in the initial handshake phase or shutdown phase
-- return needPendingStatus() ? pendingStatus(SSL.bioLengthNonApplication(networkBIO)) : NOT_HANDSHAKING;
-- }
--
-- private SSLEngineResult.HandshakeStatus getHandshakeStatus(int pending) {
-- // Check if we are in the initial handshake phase or shutdown phase
-- return needPendingStatus() ? pendingStatus(pending) : NOT_HANDSHAKING;
-- }
--
-- private boolean needPendingStatus() {
-- return handshakeState != HandshakeState.NOT_STARTED && !isDestroyed()
-- && (handshakeState != HandshakeState.FINISHED || isInboundDone() || isOutboundDone());
-- }
--
-- /**
-- * Converts the specified OpenSSL cipher suite to the Java cipher suite.
-- */
-- private String toJavaCipherSuite(String openSslCipherSuite) {
-- if (openSslCipherSuite == null) {
-- return null;
-- }
--
-- String prefix = toJavaCipherSuitePrefix(SSL.getVersion(ssl));
-- return CipherSuiteConverter.toJava(openSslCipherSuite, prefix);
-- }
--
-- /**
-- * Converts the protocol version string returned by {@link SSL#getVersion(long)} to protocol family string.
-- */
-- private static String toJavaCipherSuitePrefix(String protocolVersion) {
-- final char c;
-- if (protocolVersion == null || protocolVersion.isEmpty()) {
-- c = 0;
-- } else {
-- c = protocolVersion.charAt(0);
-- }
--
-- switch (c) {
-- case 'T':
-- return "TLS";
-- case 'S':
-- return "SSL";
-- default:
-- return "UNKNOWN";
-- }
-- }
--
-- @Override
-- public final void setUseClientMode(boolean clientMode) {
-- if (clientMode != this.clientMode) {
-- throw new UnsupportedOperationException();
-- }
-- }
--
-- @Override
-- public final boolean getUseClientMode() {
-- return clientMode;
-- }
--
-- @Override
-- public final void setNeedClientAuth(boolean b) {
-- setClientAuth(b ? ClientAuth.REQUIRE : ClientAuth.NONE);
-- }
--
-- @Override
-- public final boolean getNeedClientAuth() {
-- return clientAuth == ClientAuth.REQUIRE;
-- }
--
-- @Override
-- public final void setWantClientAuth(boolean b) {
-- setClientAuth(b ? ClientAuth.OPTIONAL : ClientAuth.NONE);
-- }
--
-- @Override
-- public final boolean getWantClientAuth() {
-- return clientAuth == ClientAuth.OPTIONAL;
-- }
--
-- /**
-- * See <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_verify.html">SSL_set_verify</a> and
-- * {@link SSL#setVerify(long, int, int)}.
-- */
-- @UnstableApi
-- public final synchronized void setVerify(int verifyMode, int depth) {
-- SSL.setVerify(ssl, verifyMode, depth);
-- }
--
-- private void setClientAuth(ClientAuth mode) {
-- if (clientMode) {
-- return;
-- }
-- synchronized (this) {
-- if (clientAuth == mode) {
-- // No need to issue any JNI calls if the mode is the same
-- return;
-- }
-- switch (mode) {
-- case NONE:
-- SSL.setVerify(ssl, SSL.SSL_CVERIFY_NONE, ReferenceCountedOpenSslContext.VERIFY_DEPTH);
-- break;
-- case REQUIRE:
-- SSL.setVerify(ssl, SSL.SSL_CVERIFY_REQUIRED, ReferenceCountedOpenSslContext.VERIFY_DEPTH);
-- break;
-- case OPTIONAL:
-- SSL.setVerify(ssl, SSL.SSL_CVERIFY_OPTIONAL, ReferenceCountedOpenSslContext.VERIFY_DEPTH);
-- break;
-- default:
-- throw new Error(mode.toString());
-- }
-- clientAuth = mode;
-- }
-- }
--
-- @Override
-- public final void setEnableSessionCreation(boolean b) {
-- if (b) {
-- throw new UnsupportedOperationException();
-- }
-- }
--
-- @Override
-- public final boolean getEnableSessionCreation() {
-- return false;
-- }
--
-- @Override
-- public final synchronized SSLParameters getSSLParameters() {
-- SSLParameters sslParameters = super.getSSLParameters();
--
-- int version = PlatformDependent.javaVersion();
-- if (version >= 7) {
-- sslParameters.setEndpointIdentificationAlgorithm(endPointIdentificationAlgorithm);
-- Java7SslParametersUtils.setAlgorithmConstraints(sslParameters, algorithmConstraints);
-- if (version >= 8) {
-- if (sniHostNames != null) {
-- Java8SslUtils.setSniHostNames(sslParameters, sniHostNames);
-- }
-- if (!isDestroyed()) {
-- Java8SslUtils.setUseCipherSuitesOrder(
-- sslParameters, (SSL.getOptions(ssl) & SSL.SSL_OP_CIPHER_SERVER_PREFERENCE) != 0);
-- }
--
-- Java8SslUtils.setSNIMatchers(sslParameters, matchers);
-- }
-- }
-- return sslParameters;
-- }
--
-- @Override
-- public final synchronized void setSSLParameters(SSLParameters sslParameters) {
-- int version = PlatformDependent.javaVersion();
-- if (version >= 7) {
-- if (sslParameters.getAlgorithmConstraints() != null) {
-- throw new IllegalArgumentException("AlgorithmConstraints are not supported.");
-- }
--
-- if (version >= 8) {
-- if (!isDestroyed()) {
-- if (clientMode) {
-- final List<String> sniHostNames = Java8SslUtils.getSniHostNames(sslParameters);
-- for (String name: sniHostNames) {
-- SSL.setTlsExtHostName(ssl, name);
-- }
-- this.sniHostNames = sniHostNames;
-- }
-- if (Java8SslUtils.getUseCipherSuitesOrder(sslParameters)) {
-- SSL.setOptions(ssl, SSL.SSL_OP_CIPHER_SERVER_PREFERENCE);
-- } else {
-- SSL.clearOptions(ssl, SSL.SSL_OP_CIPHER_SERVER_PREFERENCE);
-- }
-- }
-- matchers = sslParameters.getSNIMatchers();
-- }
--
-- final String endPointIdentificationAlgorithm = sslParameters.getEndpointIdentificationAlgorithm();
-- final boolean endPointVerificationEnabled = endPointIdentificationAlgorithm != null &&
-- !endPointIdentificationAlgorithm.isEmpty();
-- SSL.setHostNameValidation(ssl, DEFAULT_HOSTNAME_VALIDATION_FLAGS,
-- endPointVerificationEnabled ? getPeerHost() : null);
-- // If the user asks for hostname verification we must ensure we verify the peer.
-- // If the user disables hostname verification we leave it up to the user to change the mode manually.
-- if (clientMode && endPointVerificationEnabled) {
-- SSL.setVerify(ssl, SSL.SSL_CVERIFY_REQUIRED, -1);
-- }
--
-- this.endPointIdentificationAlgorithm = endPointIdentificationAlgorithm;
-- algorithmConstraints = sslParameters.getAlgorithmConstraints();
-- }
-- super.setSSLParameters(sslParameters);
-- }
--
-- private boolean isDestroyed() {
-- return destroyed != 0;
-- }
--
-- static int calculateOutNetBufSize(int pendingBytes, int numComponents) {
-- return (int) min(MAX_ENCRYPTED_PACKET_LENGTH,
-- pendingBytes + (long) MAX_TLS_RECORD_OVERHEAD_LENGTH * numComponents);
-- }
--
-- final boolean checkSniHostnameMatch(String hostname) {
-- return Java8SslUtils.checkSniHostnameMatch(matchers, hostname);
-- }
--
-- private final class OpenSslSession implements SSLSession, ApplicationProtocolAccessor {
-- private final OpenSslSessionContext sessionContext;
--
-- // These are guarded by synchronized(OpenSslEngine.this) as handshakeFinished() may be triggered by any
-- // thread.
-- private X509Certificate[] x509PeerCerts;
-- private Certificate[] peerCerts;
-- private String protocol;
-- private String applicationProtocol;
-- private String cipher;
-- private byte[] id;
-- private long creationTime;
--
-- // lazy init for memory reasons
-- private Map<String, Object> values;
--
-- OpenSslSession(OpenSslSessionContext sessionContext) {
-- this.sessionContext = sessionContext;
-- }
--
-- @Override
-- public byte[] getId() {
-- synchronized (ReferenceCountedOpenSslEngine.this) {
-- if (id == null) {
-- return EmptyArrays.EMPTY_BYTES;
-- }
-- return id.clone();
-- }
-- }
--
-- @Override
-- public SSLSessionContext getSessionContext() {
-- return sessionContext;
-- }
--
-- @Override
-- public long getCreationTime() {
-- synchronized (ReferenceCountedOpenSslEngine.this) {
-- if (creationTime == 0 && !isDestroyed()) {
-- creationTime = SSL.getTime(ssl) * 1000L;
-- }
-- }
-- return creationTime;
-- }
--
-- @Override
-- public long getLastAccessedTime() {
-- long lastAccessed = ReferenceCountedOpenSslEngine.this.lastAccessed;
-- // if lastAccessed is -1 we will just return the creation time as the handshake was not started yet.
-- return lastAccessed == -1 ? getCreationTime() : lastAccessed;
-- }
--
-- @Override
-- public void invalidate() {
-- synchronized (ReferenceCountedOpenSslEngine.this) {
-- if (!isDestroyed()) {
-- SSL.setTimeout(ssl, 0);
-- }
-- }
-- }
--
-- @Override
-- public boolean isValid() {
-- synchronized (ReferenceCountedOpenSslEngine.this) {
-- if (!isDestroyed()) {
-- return System.currentTimeMillis() - (SSL.getTimeout(ssl) * 1000L) < (SSL.getTime(ssl) * 1000L);
-- }
-- }
-- return false;
-- }
--
-- @Override
-- public void putValue(String name, Object value) {
-- if (name == null) {
-- throw new NullPointerException("name");
-- }
-- if (value == null) {
-- throw new NullPointerException("value");
-- }
-- Map<String, Object> values = this.values;
-- if (values == null) {
-- // Use size of 2 to keep the memory overhead small
-- values = this.values = new HashMap<String, Object>(2);
-- }
-- Object old = values.put(name, value);
-- if (value instanceof SSLSessionBindingListener) {
-- ((SSLSessionBindingListener) value).valueBound(new SSLSessionBindingEvent(this, name));
-- }
-- notifyUnbound(old, name);
-- }
--
-- @Override
-- public Object getValue(String name) {
-- if (name == null) {
-- throw new NullPointerException("name");
-- }
-- if (values == null) {
-- return null;
-- }
-- return values.get(name);
-- }
--
-- @Override
-- public void removeValue(String name) {
-- if (name == null) {
-- throw new NullPointerException("name");
-- }
-- Map<String, Object> values = this.values;
-- if (values == null) {
-- return;
-- }
-- Object old = values.remove(name);
-- notifyUnbound(old, name);
-- }
--
-- @Override
-- public String[] getValueNames() {
-- Map<String, Object> values = this.values;
-- if (values == null || values.isEmpty()) {
-- return EmptyArrays.EMPTY_STRINGS;
-- }
-- return values.keySet().toArray(new String[values.size()]);
-- }
--
-- private void notifyUnbound(Object value, String name) {
-- if (value instanceof SSLSessionBindingListener) {
-- ((SSLSessionBindingListener) value).valueUnbound(new SSLSessionBindingEvent(this, name));
-- }
-- }
--
-- /**
-- * Finish the handshake and so init everything in the {@link OpenSslSession} that should be accessible by
-- * the user.
-- */
-- void handshakeFinished() throws SSLException {
-- synchronized (ReferenceCountedOpenSslEngine.this) {
-- if (!isDestroyed()) {
-- id = SSL.getSessionId(ssl);
-- cipher = toJavaCipherSuite(SSL.getCipherForSSL(ssl));
-- protocol = SSL.getVersion(ssl);
--
-- initPeerCerts();
-- selectApplicationProtocol();
--
-- handshakeState = HandshakeState.FINISHED;
-- } else {
-- throw new SSLException("Already closed");
-- }
-- }
-- }
--
-- /**
-- * Init peer certificates that can be obtained via {@link #getPeerCertificateChain()}
-- * and {@link #getPeerCertificates()}.
-- */
-- private void initPeerCerts() {
-- // Return the full chain from the JNI layer.
-- byte[][] chain = SSL.getPeerCertChain(ssl);
-- if (clientMode) {
-- if (isEmpty(chain)) {
-- peerCerts = EMPTY_CERTIFICATES;
-- x509PeerCerts = EMPTY_JAVAX_X509_CERTIFICATES;
-- } else {
-- peerCerts = new Certificate[chain.length];
-- x509PeerCerts = new X509Certificate[chain.length];
-- initCerts(chain, 0);
-- }
-- } else {
-- // if used on the server side SSL_get_peer_cert_chain(...) will not include the remote peer
-- // certificate. We use SSL_get_peer_certificate to get it in this case and add it to our
-- // array later.
-- //
-- // See https://www.openssl.org/docs/ssl/SSL_get_peer_cert_chain.html
-- byte[] clientCert = SSL.getPeerCertificate(ssl);
-- if (isEmpty(clientCert)) {
-- peerCerts = EMPTY_CERTIFICATES;
-- x509PeerCerts = EMPTY_JAVAX_X509_CERTIFICATES;
-- } else {
-- if (isEmpty(chain)) {
-- peerCerts = new Certificate[] {new OpenSslX509Certificate(clientCert)};
-- x509PeerCerts = new X509Certificate[] {new OpenSslJavaxX509Certificate(clientCert)};
-- } else {
-- peerCerts = new Certificate[chain.length + 1];
-- x509PeerCerts = new X509Certificate[chain.length + 1];
-- peerCerts[0] = new OpenSslX509Certificate(clientCert);
-- x509PeerCerts[0] = new OpenSslJavaxX509Certificate(clientCert);
-- initCerts(chain, 1);
-- }
-- }
-- }
-- }
--
-- private void initCerts(byte[][] chain, int startPos) {
-- for (int i = 0; i < chain.length; i++) {
-- int certPos = startPos + i;
-- peerCerts[certPos] = new OpenSslX509Certificate(chain[i]);
-- x509PeerCerts[certPos] = new OpenSslJavaxX509Certificate(chain[i]);
-- }
-- }
--
-- /**
-- * Select the application protocol used.
-- */
-- private void selectApplicationProtocol() throws SSLException {
-- ApplicationProtocolConfig.SelectedListenerFailureBehavior behavior = apn.selectedListenerFailureBehavior();
-- List<String> protocols = apn.protocols();
-- String applicationProtocol;
-- switch (apn.protocol()) {
-- case NONE:
-- break;
-- // We always need to check for applicationProtocol == null as the remote peer may not support
-- // the TLS extension or may have returned an empty selection.
-- case ALPN:
-- applicationProtocol = SSL.getAlpnSelected(ssl);
-- if (applicationProtocol != null) {
-- this.applicationProtocol = selectApplicationProtocol(
-- protocols, behavior, applicationProtocol);
-- }
-- break;
-- case NPN:
-- applicationProtocol = SSL.getNextProtoNegotiated(ssl);
-- if (applicationProtocol != null) {
-- this.applicationProtocol = selectApplicationProtocol(
-- protocols, behavior, applicationProtocol);
-- }
-- break;
-- case NPN_AND_ALPN:
-- applicationProtocol = SSL.getAlpnSelected(ssl);
-- if (applicationProtocol == null) {
-- applicationProtocol = SSL.getNextProtoNegotiated(ssl);
-- }
-- if (applicationProtocol != null) {
-- this.applicationProtocol = selectApplicationProtocol(
-- protocols, behavior, applicationProtocol);
-- }
-- break;
-- default:
-- throw new Error();
-- }
-- }
--
-- private String selectApplicationProtocol(List<String> protocols,
-- ApplicationProtocolConfig.SelectedListenerFailureBehavior behavior,
-- String applicationProtocol) throws SSLException {
-- if (behavior == ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT) {
-- return applicationProtocol;
-- } else {
-- int size = protocols.size();
-- assert size > 0;
-- if (protocols.contains(applicationProtocol)) {
-- return applicationProtocol;
-- } else {
-- if (behavior == ApplicationProtocolConfig.SelectedListenerFailureBehavior.CHOOSE_MY_LAST_PROTOCOL) {
-- return protocols.get(size - 1);
-- } else {
-- throw new SSLException("unknown protocol " + applicationProtocol);
-- }
-- }
-- }
-- }
--
-- @Override
-- public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
-- synchronized (ReferenceCountedOpenSslEngine.this) {
-- if (isEmpty(peerCerts)) {
-- throw new SSLPeerUnverifiedException("peer not verified");
-- }
-- return peerCerts.clone();
-- }
-- }
--
-- @Override
-- public Certificate[] getLocalCertificates() {
-- if (localCerts == null) {
-- return null;
-- }
-- return localCerts.clone();
-- }
--
-- @Override
-- public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
-- synchronized (ReferenceCountedOpenSslEngine.this) {
-- if (isEmpty(x509PeerCerts)) {
-- throw new SSLPeerUnverifiedException("peer not verified");
-- }
-- return x509PeerCerts.clone();
-- }
-- }
--
-- @Override
-- public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
-- Certificate[] peer = getPeerCertificates();
-- // No need for null or length > 0 is needed as this is done in getPeerCertificates()
-- // already.
-- return ((java.security.cert.X509Certificate) peer[0]).getSubjectX500Principal();
-- }
--
-- @Override
-- public Principal getLocalPrincipal() {
-- Certificate[] local = localCerts;
-- if (local == null || local.length == 0) {
-- return null;
-- }
-- return ((java.security.cert.X509Certificate) local[0]).getIssuerX500Principal();
-- }
--
-- @Override
-- public String getCipherSuite() {
-- synchronized (ReferenceCountedOpenSslEngine.this) {
-- if (cipher == null) {
-- return INVALID_CIPHER;
-- }
-- return cipher;
-- }
-- }
--
-- @Override
-- public String getProtocol() {
-- String protocol = this.protocol;
-- if (protocol == null) {
-- synchronized (ReferenceCountedOpenSslEngine.this) {
-- if (!isDestroyed()) {
-- protocol = SSL.getVersion(ssl);
-- } else {
-- protocol = StringUtil.EMPTY_STRING;
-- }
-- }
-- }
-- return protocol;
-- }
--
-- @Override
-- public String getApplicationProtocol() {
-- synchronized (ReferenceCountedOpenSslEngine.this) {
-- return applicationProtocol;
-- }
-- }
--
-- @Override
-- public String getPeerHost() {
-- return ReferenceCountedOpenSslEngine.this.getPeerHost();
-- }
--
-- @Override
-- public int getPeerPort() {
-- return ReferenceCountedOpenSslEngine.this.getPeerPort();
-- }
--
-- @Override
-- public int getPacketBufferSize() {
-- return MAX_ENCRYPTED_PACKET_LENGTH;
-- }
--
-- @Override
-- public int getApplicationBufferSize() {
-- return MAX_PLAINTEXT_LENGTH;
-- }
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslServerContext.java b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslServerContext.java
-deleted file mode 100644
-index 4c9df31..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslServerContext.java
-+++ /dev/null
-@@ -1,239 +0,0 @@
--/*
-- * Copyright 2016 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import io.netty.internal.tcnative.SSL;
--import io.netty.internal.tcnative.SSLContext;
--import io.netty.internal.tcnative.SniHostNameMatcher;
--import io.netty.util.internal.PlatformDependent;
--import io.netty.util.internal.logging.InternalLogger;
--import io.netty.util.internal.logging.InternalLoggerFactory;
--
--import java.security.KeyStore;
--import java.security.PrivateKey;
--import java.security.cert.X509Certificate;
--import javax.net.ssl.KeyManagerFactory;
--import javax.net.ssl.SSLException;
--import javax.net.ssl.TrustManagerFactory;
--import javax.net.ssl.X509ExtendedKeyManager;
--import javax.net.ssl.X509ExtendedTrustManager;
--import javax.net.ssl.X509KeyManager;
--import javax.net.ssl.X509TrustManager;
--
--import static io.netty.util.internal.ObjectUtil.checkNotNull;
--
--/**
-- * A server-side {@link SslContext} which uses OpenSSL's SSL/TLS implementation.
-- * <p>Instances of this class must be {@link #release() released} or else native memory will leak!
-- *
-- * <p>Instances of this class <strong>must not</strong> be released before any {@link ReferenceCountedOpenSslEngine}
-- * which depends upon the instance of this class is released. Otherwise if any method of
-- * {@link ReferenceCountedOpenSslEngine} is called which uses this class's JNI resources the JVM may crash.
-- */
--public final class ReferenceCountedOpenSslServerContext extends ReferenceCountedOpenSslContext {
-- private static final InternalLogger logger =
-- InternalLoggerFactory.getInstance(ReferenceCountedOpenSslServerContext.class);
-- private static final byte[] ID = {'n', 'e', 't', 't', 'y'};
-- private final OpenSslServerSessionContext sessionContext;
-- private final OpenSslKeyMaterialManager keyMaterialManager;
--
-- ReferenceCountedOpenSslServerContext(
-- X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
-- X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
-- Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
-- long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth, String[] protocols, boolean startTls,
-- boolean enableOcsp) throws SSLException {
-- this(trustCertCollection, trustManagerFactory, keyCertChain, key, keyPassword, keyManagerFactory, ciphers,
-- cipherFilter, toNegotiator(apn), sessionCacheSize, sessionTimeout, clientAuth, protocols, startTls,
-- enableOcsp);
-- }
--
-- private ReferenceCountedOpenSslServerContext(
-- X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
-- X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
-- Iterable<String> ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn,
-- long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth, String[] protocols, boolean startTls,
-- boolean enableOcsp) throws SSLException {
-- super(ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout, SSL.SSL_MODE_SERVER, keyCertChain,
-- clientAuth, protocols, startTls, enableOcsp, true);
-- // Create a new SSL_CTX and configure it.
-- boolean success = false;
-- try {
-- ServerContext context = newSessionContext(this, ctx, engineMap, trustCertCollection, trustManagerFactory,
-- keyCertChain, key, keyPassword, keyManagerFactory);
-- sessionContext = context.sessionContext;
-- keyMaterialManager = context.keyMaterialManager;
-- success = true;
-- } finally {
-- if (!success) {
-- release();
-- }
-- }
-- }
--
-- @Override
-- public OpenSslServerSessionContext sessionContext() {
-- return sessionContext;
-- }
--
-- @Override
-- OpenSslKeyMaterialManager keyMaterialManager() {
-- return keyMaterialManager;
-- }
--
-- static final class ServerContext {
-- OpenSslServerSessionContext sessionContext;
-- OpenSslKeyMaterialManager keyMaterialManager;
-- }
--
-- static ServerContext newSessionContext(ReferenceCountedOpenSslContext thiz, long ctx, OpenSslEngineMap engineMap,
-- X509Certificate[] trustCertCollection,
-- TrustManagerFactory trustManagerFactory,
-- X509Certificate[] keyCertChain, PrivateKey key,
-- String keyPassword, KeyManagerFactory keyManagerFactory)
-- throws SSLException {
-- ServerContext result = new ServerContext();
-- try {
-- SSLContext.setVerify(ctx, SSL.SSL_CVERIFY_NONE, VERIFY_DEPTH);
-- if (!OpenSsl.useKeyManagerFactory()) {
-- if (keyManagerFactory != null) {
-- throw new IllegalArgumentException(
-- "KeyManagerFactory not supported");
-- }
-- checkNotNull(keyCertChain, "keyCertChain");
--
-- setKeyMaterial(ctx, keyCertChain, key, keyPassword);
-- } else {
-- // javadocs state that keyManagerFactory has precedent over keyCertChain, and we must have a
-- // keyManagerFactory for the server so build one if it is not specified.
-- if (keyManagerFactory == null) {
-- keyManagerFactory = buildKeyManagerFactory(
-- keyCertChain, key, keyPassword, keyManagerFactory);
-- }
-- X509KeyManager keyManager = chooseX509KeyManager(keyManagerFactory.getKeyManagers());
-- result.keyMaterialManager = useExtendedKeyManager(keyManager) ?
-- new OpenSslExtendedKeyMaterialManager(
-- (X509ExtendedKeyManager) keyManager, keyPassword) :
-- new OpenSslKeyMaterialManager(keyManager, keyPassword);
-- }
-- } catch (Exception e) {
-- throw new SSLException("failed to set certificate and key", e);
-- }
-- try {
-- if (trustCertCollection != null) {
-- trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory);
-- } else if (trustManagerFactory == null) {
-- // Mimic the way SSLContext.getInstance(KeyManager[], null, null) works
-- trustManagerFactory = TrustManagerFactory.getInstance(
-- TrustManagerFactory.getDefaultAlgorithm());
-- trustManagerFactory.init((KeyStore) null);
-- }
--
-- final X509TrustManager manager = chooseTrustManager(trustManagerFactory.getTrustManagers());
--
-- // IMPORTANT: The callbacks set for verification must be static to prevent memory leak as
-- // otherwise the context can never be collected. This is because the JNI code holds
-- // a global reference to the callbacks.
-- //
-- // See https://github.com/netty/netty/issues/5372
--
-- // Use this to prevent an error when running on java < 7
-- if (useExtendedTrustManager(manager)) {
-- SSLContext.setCertVerifyCallback(ctx,
-- new ExtendedTrustManagerVerifyCallback(engineMap, (X509ExtendedTrustManager) manager));
-- } else {
-- SSLContext.setCertVerifyCallback(ctx, new TrustManagerVerifyCallback(engineMap, manager));
-- }
--
-- X509Certificate[] issuers = manager.getAcceptedIssuers();
-- if (issuers != null && issuers.length > 0) {
-- long bio = 0;
-- try {
-- bio = toBIO(issuers);
-- if (!SSLContext.setCACertificateBio(ctx, bio)) {
-- throw new SSLException("unable to setup accepted issuers for trustmanager " + manager);
-- }
-- } finally {
-- freeBio(bio);
-- }
-- }
--
-- if (PlatformDependent.javaVersion() >= 8) {
-- // Only do on Java8+ as SNIMatcher is not supported in earlier releases.
-- // IMPORTANT: The callbacks set for hostname matching must be static to prevent memory leak as
-- // otherwise the context can never be collected. This is because the JNI code holds
-- // a global reference to the matcher.
-- SSLContext.setSniHostnameMatcher(ctx, new OpenSslSniHostnameMatcher(engineMap));
-- }
-- } catch (SSLException e) {
-- throw e;
-- } catch (Exception e) {
-- throw new SSLException("unable to setup trustmanager", e);
-- }
--
-- result.sessionContext = new OpenSslServerSessionContext(thiz);
-- result.sessionContext.setSessionIdContext(ID);
-- return result;
-- }
--
-- private static final class TrustManagerVerifyCallback extends AbstractCertificateVerifier {
-- private final X509TrustManager manager;
--
-- TrustManagerVerifyCallback(OpenSslEngineMap engineMap, X509TrustManager manager) {
-- super(engineMap);
-- this.manager = manager;
-- }
--
-- @Override
-- void verify(ReferenceCountedOpenSslEngine engine, X509Certificate[] peerCerts, String auth)
-- throws Exception {
-- manager.checkClientTrusted(peerCerts, auth);
-- }
-- }
--
-- private static final class ExtendedTrustManagerVerifyCallback extends AbstractCertificateVerifier {
-- private final X509ExtendedTrustManager manager;
--
-- ExtendedTrustManagerVerifyCallback(OpenSslEngineMap engineMap, X509ExtendedTrustManager manager) {
-- super(engineMap);
-- this.manager = manager;
-- }
--
-- @Override
-- void verify(ReferenceCountedOpenSslEngine engine, X509Certificate[] peerCerts, String auth)
-- throws Exception {
-- manager.checkClientTrusted(peerCerts, auth, engine);
-- }
-- }
--
-- private static final class OpenSslSniHostnameMatcher implements SniHostNameMatcher {
-- private final OpenSslEngineMap engineMap;
--
-- OpenSslSniHostnameMatcher(OpenSslEngineMap engineMap) {
-- this.engineMap = engineMap;
-- }
--
-- @Override
-- public boolean match(long ssl, String hostname) {
-- ReferenceCountedOpenSslEngine engine = engineMap.get(ssl);
-- if (engine != null) {
-- return engine.checkSniHostnameMatch(hostname);
-- }
-- logger.warn("No ReferenceCountedOpenSslEngine found for SSL pointer: {}", ssl);
-- return false;
-- }
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/SslContext.java b/handler/src/main/java/io/netty/handler/ssl/SslContext.java
-index 4998d0d..8dbc3cf 100644
---- a/handler/src/main/java/io/netty/handler/ssl/SslContext.java
-+++ b/handler/src/main/java/io/netty/handler/ssl/SslContext.java
-@@ -115,11 +115,7 @@ public abstract class SslContext {
- }
-
- private static SslProvider defaultProvider() {
-- if (OpenSsl.isAvailable()) {
-- return SslProvider.OPENSSL;
-- } else {
-- return SslProvider.JDK;
-- }
-+ return SslProvider.JDK;
- }
-
- /**
-@@ -416,18 +412,6 @@ public abstract class SslContext {
- trustCertCollection, trustManagerFactory, keyCertChain, key, keyPassword,
- keyManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout,
- clientAuth, protocols, startTls);
-- case OPENSSL:
-- verifyNullSslContextProvider(provider, sslContextProvider);
-- return new OpenSslServerContext(
-- trustCertCollection, trustManagerFactory, keyCertChain, key, keyPassword,
-- keyManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout,
-- clientAuth, protocols, startTls, enableOcsp);
-- case OPENSSL_REFCNT:
-- verifyNullSslContextProvider(provider, sslContextProvider);
-- return new ReferenceCountedOpenSslServerContext(
-- trustCertCollection, trustManagerFactory, keyCertChain, key, keyPassword,
-- keyManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout,
-- clientAuth, protocols, startTls, enableOcsp);
- default:
- throw new Error(provider.toString());
- }
-@@ -770,18 +754,6 @@ public abstract class SslContext {
- return new JdkSslClientContext(sslContextProvider,
- trustCert, trustManagerFactory, keyCertChain, key, keyPassword,
- keyManagerFactory, ciphers, cipherFilter, apn, protocols, sessionCacheSize, sessionTimeout);
-- case OPENSSL:
-- verifyNullSslContextProvider(provider, sslContextProvider);
-- return new OpenSslClientContext(
-- trustCert, trustManagerFactory, keyCertChain, key, keyPassword,
-- keyManagerFactory, ciphers, cipherFilter, apn, protocols, sessionCacheSize, sessionTimeout,
-- enableOcsp);
-- case OPENSSL_REFCNT:
-- verifyNullSslContextProvider(provider, sslContextProvider);
-- return new ReferenceCountedOpenSslClientContext(
-- trustCert, trustManagerFactory, keyCertChain, key, keyPassword,
-- keyManagerFactory, ciphers, cipherFilter, apn, protocols, sessionCacheSize, sessionTimeout,
-- enableOcsp);
- default:
- throw new Error(provider.toString());
- }
-diff --git a/handler/src/main/java/io/netty/handler/ssl/SslHandler.java b/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
-index c054964..05c451a 100644
---- a/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
-+++ b/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
-@@ -159,6 +159,12 @@ import static io.netty.handler.ssl.SslUtils.getEncryptedPacketLength;
- * <a href="https://github.com/netty/netty/issues/832">#832</a> in our issue tracker.
- */
- public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundHandler {
-+ private static final int MAX_PLAINTEXT_LENGTH = 16 * 1024; // 2^14
-+ private static final int MAX_COMPRESSED_LENGTH = MAX_PLAINTEXT_LENGTH + 1024;
-+ private static final int MAX_CIPHERTEXT_LENGTH = MAX_COMPRESSED_LENGTH + 1024;
-+ // Header (5) + Data (2^14) + Compression (1024) + Encryption (1024) + MAC (20) + Padding (256)
-+ static final int MAX_ENCRYPTED_PACKET_LENGTH = MAX_CIPHERTEXT_LENGTH + 5 + 20 + 256;
-+ static final int MAX_ENCRYPTION_OVERHEAD_LENGTH = MAX_ENCRYPTED_PACKET_LENGTH - MAX_PLAINTEXT_LENGTH;
-
- private static final InternalLogger logger =
- InternalLoggerFactory.getInstance(SslHandler.class);
-@@ -181,40 +187,6 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
- new ClosedChannelException(), SslHandler.class, "channelInactive(...)");
-
- private enum SslEngineType {
-- TCNATIVE(true, COMPOSITE_CUMULATOR) {
-- @Override
-- SSLEngineResult unwrap(SslHandler handler, ByteBuf in, int readerIndex, int len, ByteBuf out)
-- throws SSLException {
-- int nioBufferCount = in.nioBufferCount();
-- int writerIndex = out.writerIndex();
-- final SSLEngineResult result;
-- if (nioBufferCount > 1) {
-- /*
-- * If {@link OpenSslEngine} is in use,
-- * we can use a special {@link OpenSslEngine#unwrap(ByteBuffer[], ByteBuffer[])} method
-- * that accepts multiple {@link ByteBuffer}s without additional memory copies.
-- */
-- ReferenceCountedOpenSslEngine opensslEngine = (ReferenceCountedOpenSslEngine) handler.engine;
-- try {
-- handler.singleBuffer[0] = toByteBuffer(out, writerIndex,
-- out.writableBytes());
-- result = opensslEngine.unwrap(in.nioBuffers(readerIndex, len), handler.singleBuffer);
-- } finally {
-- handler.singleBuffer[0] = null;
-- }
-- } else {
-- result = handler.engine.unwrap(toByteBuffer(in, readerIndex, len),
-- toByteBuffer(out, writerIndex, out.writableBytes()));
-- }
-- out.writerIndex(writerIndex + result.bytesProduced());
-- return result;
-- }
--
-- @Override
-- int calculateWrapBufferCapacity(SslHandler handler, int pendingBytes, int numComponents) {
-- return ReferenceCountedOpenSslEngine.calculateOutNetBufSize(pendingBytes, numComponents);
-- }
-- },
- CONSCRYPT(true, COMPOSITE_CUMULATOR) {
- @Override
- SSLEngineResult unwrap(SslHandler handler, ByteBuf in, int readerIndex, int len, ByteBuf out)
-@@ -265,9 +237,6 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
- };
-
- static SslEngineType forEngine(SSLEngine engine) {
-- if (engine instanceof ReferenceCountedOpenSslEngine) {
-- return TCNATIVE;
-- }
- if (engine instanceof ConscryptAlpnSslEngine) {
- return CONSCRYPT;
- }
-@@ -1034,7 +1003,7 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
-
- boolean nonSslRecord = false;
-
-- while (totalLength < ReferenceCountedOpenSslEngine.MAX_ENCRYPTED_PACKET_LENGTH) {
-+ while (totalLength < MAX_ENCRYPTED_PACKET_LENGTH) {
- final int readableBytes = endOffset - offset;
- if (readableBytes < SslUtils.SSL_RECORD_HEADER_LENGTH) {
- break;
-@@ -1055,7 +1024,7 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
- }
-
- int newTotalLength = totalLength + packetLength;
-- if (newTotalLength > ReferenceCountedOpenSslEngine.MAX_ENCRYPTED_PACKET_LENGTH) {
-+ if (newTotalLength > MAX_ENCRYPTED_PACKET_LENGTH) {
- // Don't read too much.
- break;
- }
-diff --git a/handler/src/main/java/io/netty/handler/ssl/ocsp/OcspClientHandler.java b/handler/src/main/java/io/netty/handler/ssl/ocsp/OcspClientHandler.java
-deleted file mode 100644
-index aff0949..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/ocsp/OcspClientHandler.java
-+++ /dev/null
-@@ -1,65 +0,0 @@
--/*
-- * Copyright 2017 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl.ocsp;
--
--import io.netty.channel.ChannelHandlerContext;
--import io.netty.channel.ChannelInboundHandlerAdapter;
--import io.netty.handler.ssl.ReferenceCountedOpenSslContext;
--import io.netty.handler.ssl.ReferenceCountedOpenSslEngine;
--import io.netty.handler.ssl.SslHandshakeCompletionEvent;
--import io.netty.util.internal.ObjectUtil;
--import io.netty.util.internal.ThrowableUtil;
--import io.netty.util.internal.UnstableApi;
--
--import javax.net.ssl.SSLHandshakeException;
--
--/**
-- * A handler for SSL clients to handle and act upon stapled OCSP responses.
-- *
-- * @see ReferenceCountedOpenSslContext#enableOcsp()
-- * @see ReferenceCountedOpenSslEngine#getOcspResponse()
-- */
--@UnstableApi
--public abstract class OcspClientHandler extends ChannelInboundHandlerAdapter {
--
-- private static final SSLHandshakeException OCSP_VERIFICATION_EXCEPTION = ThrowableUtil.unknownStackTrace(
-- new SSLHandshakeException("Bad OCSP response"), OcspClientHandler.class, "verify(...)");
--
-- private final ReferenceCountedOpenSslEngine engine;
--
-- protected OcspClientHandler(ReferenceCountedOpenSslEngine engine) {
-- this.engine = ObjectUtil.checkNotNull(engine, "engine");
-- }
--
-- /**
-- * @see ReferenceCountedOpenSslEngine#getOcspResponse()
-- */
-- protected abstract boolean verify(ChannelHandlerContext ctx, ReferenceCountedOpenSslEngine engine) throws Exception;
--
-- @Override
-- public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
-- if (evt instanceof SslHandshakeCompletionEvent) {
-- ctx.pipeline().remove(this);
--
-- SslHandshakeCompletionEvent event = (SslHandshakeCompletionEvent) evt;
-- if (event.isSuccess() && !verify(ctx, engine)) {
-- throw OCSP_VERIFICATION_EXCEPTION;
-- }
-- }
--
-- ctx.fireUserEventTriggered(evt);
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/ocsp/package-info.java b/handler/src/main/java/io/netty/handler/ssl/ocsp/package-info.java
-deleted file mode 100644
-index 2883ff4..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/ocsp/package-info.java
-+++ /dev/null
-@@ -1,23 +0,0 @@
--/*
-- * Copyright 2017 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--
--/**
-- * <a href="https://en.wikipedia.org/wiki/OCSP_stapling">OCSP stapling</a>,
-- * formally known as the TLS Certificate Status Request extension, is an
-- * alternative approach to the Online Certificate Status Protocol (OCSP)
-- * for checking the revocation status of X.509 digital certificates.
-- */
--package io.netty.handler.ssl.ocsp;
-diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkOpenSslEngineInteroptTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkOpenSslEngineInteroptTest.java
-deleted file mode 100644
-index d696d6b..0000000
---- a/handler/src/test/java/io/netty/handler/ssl/JdkOpenSslEngineInteroptTest.java
-+++ /dev/null
-@@ -1,108 +0,0 @@
--/*
-- * Copyright 2016 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import org.junit.BeforeClass;
--import org.junit.Test;
--import org.junit.runner.RunWith;
--import org.junit.runners.Parameterized;
--
--import java.util.ArrayList;
--import java.util.Collection;
--import java.util.List;
--
--import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
--import static io.netty.internal.tcnative.SSL.SSL_CVERIFY_IGNORED;
--import static org.junit.Assume.assumeTrue;
--
--(a)RunWith(Parameterized.class)
--public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
--
-- @Parameterized.Parameters(name = "{index}: bufferType = {0}")
-- public static Collection<Object> data() {
-- List<Object> params = new ArrayList<Object>();
-- for (BufferType type: BufferType.values()) {
-- params.add(type);
-- }
-- return params;
-- }
--
-- public JdkOpenSslEngineInteroptTest(BufferType type) {
-- super(type);
-- }
--
-- @BeforeClass
-- public static void checkOpenSsl() {
-- assumeTrue(OpenSsl.isAvailable());
-- }
--
-- @Override
-- protected SslProvider sslClientProvider() {
-- return SslProvider.JDK;
-- }
--
-- @Override
-- protected SslProvider sslServerProvider() {
-- return SslProvider.OPENSSL;
-- }
--
-- @Override
-- @Test
-- public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception {
-- checkShouldUseKeyManagerFactory();
-- super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth();
-- }
--
-- @Override
-- @Test
-- public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception {
-- checkShouldUseKeyManagerFactory();
-- super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth();
-- }
--
-- @Override
-- @Test
-- public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception {
-- checkShouldUseKeyManagerFactory();
-- super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth();
-- }
--
-- @Override
-- @Test
-- public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
-- checkShouldUseKeyManagerFactory();
-- super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth();
-- }
--
-- @Override
-- @Test
-- public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
-- checkShouldUseKeyManagerFactory();
-- super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth();
-- }
--
-- @Override
-- protected void mySetupMutualAuthServerInitSslHandler(SslHandler handler) {
-- ReferenceCountedOpenSslEngine engine = (ReferenceCountedOpenSslEngine) handler.engine();
-- engine.setVerify(SSL_CVERIFY_IGNORED, 1);
-- }
--
-- @Override
-- protected boolean mySetupMutualAuthServerIsValidClientException(Throwable cause) {
-- // TODO(scott): work around for a JDK issue. The exception should be SSLHandshakeException.
-- return super.mySetupMutualAuthServerIsValidClientException(cause) || causedBySSLException(cause);
-- }
--}
-diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslCertificateExceptionTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslCertificateExceptionTest.java
-deleted file mode 100644
-index 229e853..0000000
---- a/handler/src/test/java/io/netty/handler/ssl/OpenSslCertificateExceptionTest.java
-+++ /dev/null
-@@ -1,49 +0,0 @@
--/*
-- * Copyright 2017 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import io.netty.internal.tcnative.CertificateVerifier;
--import org.junit.Assert;
--import org.junit.Assume;
--import org.junit.BeforeClass;
--import org.junit.Test;
--
--import java.lang.reflect.Field;
--
--public class OpenSslCertificateExceptionTest {
--
-- @BeforeClass
-- public static void assumeOpenSsl() {
-- Assume.assumeTrue(OpenSsl.isAvailable());
-- }
--
-- @Test
-- public void testValidErrorCode() throws Exception {
-- Field[] fields = CertificateVerifier.class.getFields();
-- for (Field field : fields) {
-- if (field.isAccessible()) {
-- int errorCode = field.getInt(null);
-- OpenSslCertificateException exception = new OpenSslCertificateException(errorCode);
-- Assert.assertEquals(errorCode, exception.errorCode());
-- }
-- }
-- }
--
-- @Test(expected = IllegalArgumentException.class)
-- public void testNonValidErrorCode() {
-- new OpenSslCertificateException(Integer.MIN_VALUE);
-- }
--}
-diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslClientContextTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslClientContextTest.java
-deleted file mode 100644
-index 6011cf7..0000000
---- a/handler/src/test/java/io/netty/handler/ssl/OpenSslClientContextTest.java
-+++ /dev/null
-@@ -1,38 +0,0 @@
--/*
-- * Copyright 2016 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
--import org.junit.BeforeClass;
--
--import javax.net.ssl.SSLException;
--import java.io.File;
--
--import static org.junit.Assume.assumeTrue;
--
--public class OpenSslClientContextTest extends SslContextTest {
--
-- @BeforeClass
-- public static void checkOpenSsl() {
-- assumeTrue(OpenSsl.isAvailable());
-- }
--
-- @Override
-- protected SslContext newServerContext(File crtFile, File keyFile, String pass) throws SSLException {
-- return new OpenSslClientContext(crtFile, InsecureTrustManagerFactory.INSTANCE, crtFile, keyFile, pass,
-- null, null, IdentityCipherSuiteFilter.INSTANCE, ApplicationProtocolConfig.DISABLED, 0, 0);
-- }
--}
-diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java
-deleted file mode 100644
-index 5939b66..0000000
---- a/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java
-+++ /dev/null
-@@ -1,661 +0,0 @@
--/*
-- * Copyright 2015 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import io.netty.buffer.UnpooledByteBufAllocator;
--import io.netty.handler.ssl.ApplicationProtocolConfig.Protocol;
--import io.netty.handler.ssl.ApplicationProtocolConfig.SelectedListenerFailureBehavior;
--import io.netty.handler.ssl.ApplicationProtocolConfig.SelectorFailureBehavior;
--import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
--import io.netty.handler.ssl.util.SelfSignedCertificate;
--import io.netty.util.internal.PlatformDependent;
--import org.junit.Assume;
--import org.junit.BeforeClass;
--import org.junit.Test;
--import org.junit.runner.RunWith;
--import org.junit.runners.Parameterized;
--
--import java.nio.ByteBuffer;
--import java.security.AlgorithmConstraints;
--import java.security.AlgorithmParameters;
--import java.security.CryptoPrimitive;
--import java.security.Key;
--import java.util.ArrayList;
--import java.util.Collection;
--import java.util.List;
--import java.util.Set;
--import javax.net.ssl.SSLEngine;
--import javax.net.ssl.SSLEngineResult;
--import javax.net.ssl.SSLException;
--import javax.net.ssl.SSLParameters;
--
--import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
--import static io.netty.handler.ssl.ReferenceCountedOpenSslEngine.MAX_ENCRYPTED_PACKET_LENGTH;
--import static io.netty.handler.ssl.ReferenceCountedOpenSslEngine.MAX_TLS_RECORD_OVERHEAD_LENGTH;
--import static io.netty.handler.ssl.ReferenceCountedOpenSslEngine.MAX_PLAINTEXT_LENGTH;
--import static io.netty.internal.tcnative.SSL.SSL_CVERIFY_IGNORED;
--import static java.lang.Integer.MAX_VALUE;
--import static org.junit.Assert.assertEquals;
--import static org.junit.Assert.assertFalse;
--import static org.junit.Assert.assertNull;
--import static org.junit.Assert.assertSame;
--import static org.junit.Assert.assertTrue;
--import static org.junit.Assume.assumeTrue;
--
--(a)RunWith(Parameterized.class)
--public class OpenSslEngineTest extends SSLEngineTest {
-- private static final String PREFERRED_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http2";
-- private static final String FALLBACK_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http1_1";
--
-- @Parameterized.Parameters(name = "{index}: bufferType = {0}")
-- public static Collection<Object> data() {
-- List<Object> params = new ArrayList<Object>();
-- for (BufferType type: BufferType.values()) {
-- params.add(type);
-- }
-- return params;
-- }
--
-- public OpenSslEngineTest(BufferType type) {
-- super(type);
-- }
--
-- @BeforeClass
-- public static void checkOpenSsl() {
-- assumeTrue(OpenSsl.isAvailable());
-- }
--
-- @Override
-- @Test
-- public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception {
-- checkShouldUseKeyManagerFactory();
-- super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth();
-- }
--
-- @Override
-- @Test
-- public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception {
-- checkShouldUseKeyManagerFactory();
-- super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth();
-- }
--
-- @Override
-- @Test
-- public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception {
-- checkShouldUseKeyManagerFactory();
-- super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth();
-- }
--
-- @Override
-- @Test
-- public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
-- checkShouldUseKeyManagerFactory();
-- super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth();
-- }
--
-- @Override
-- @Test
-- public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
-- checkShouldUseKeyManagerFactory();
-- super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth();
-- }
--
-- @Override
-- @Test
-- public void testClientHostnameValidationSuccess() throws InterruptedException, SSLException {
-- assumeTrue(OpenSsl.supportsHostnameValidation());
-- super.testClientHostnameValidationSuccess();
-- }
--
-- @Override
-- @Test
-- public void testClientHostnameValidationFail() throws InterruptedException, SSLException {
-- assumeTrue(OpenSsl.supportsHostnameValidation());
-- super.testClientHostnameValidationFail();
-- }
--
-- @Test
-- public void testNpn() throws Exception {
-- ApplicationProtocolConfig apn = acceptingNegotiator(Protocol.NPN,
-- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
-- setupHandlers(apn);
-- runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
-- }
--
-- @Test
-- public void testAlpn() throws Exception {
-- assumeTrue(OpenSsl.isAlpnSupported());
-- ApplicationProtocolConfig apn = acceptingNegotiator(Protocol.ALPN,
-- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
-- setupHandlers(apn);
-- runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
-- }
--
-- @Test
-- public void testAlpnCompatibleProtocolsDifferentClientOrder() throws Exception {
-- assumeTrue(OpenSsl.isAlpnSupported());
-- ApplicationProtocolConfig clientApn = acceptingNegotiator(Protocol.ALPN,
-- FALLBACK_APPLICATION_LEVEL_PROTOCOL, PREFERRED_APPLICATION_LEVEL_PROTOCOL);
-- ApplicationProtocolConfig serverApn = acceptingNegotiator(Protocol.ALPN,
-- PREFERRED_APPLICATION_LEVEL_PROTOCOL, FALLBACK_APPLICATION_LEVEL_PROTOCOL);
-- setupHandlers(serverApn, clientApn);
-- assertNull(serverException);
-- runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
-- }
--
-- @Test
-- public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
-- testEnablingAnAlreadyDisabledSslProtocol(new String[]{PROTOCOL_SSL_V2_HELLO},
-- new String[]{PROTOCOL_SSL_V2_HELLO, PROTOCOL_TLS_V1_2});
-- }
-- @Test
-- public void testWrapBuffersNoWritePendingError() throws Exception {
-- clientSslCtx = SslContextBuilder.forClient()
-- .trustManager(InsecureTrustManagerFactory.INSTANCE)
-- .sslProvider(sslClientProvider())
-- .build();
-- SelfSignedCertificate ssc = new SelfSignedCertificate();
-- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
-- .sslProvider(sslServerProvider())
-- .build();
-- SSLEngine clientEngine = null;
-- SSLEngine serverEngine = null;
-- try {
-- clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
-- serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
-- handshake(clientEngine, serverEngine);
--
-- ByteBuffer src = allocateBuffer(1024 * 10);
-- byte[] data = new byte[src.capacity()];
-- PlatformDependent.threadLocalRandom().nextBytes(data);
-- src.put(data).flip();
-- ByteBuffer dst = allocateBuffer(1);
-- // Try to wrap multiple times so we are more likely to hit the issue.
-- for (int i = 0; i < 100; i++) {
-- src.position(0);
-- dst.position(0);
-- assertSame(SSLEngineResult.Status.BUFFER_OVERFLOW, clientEngine.wrap(src, dst).getStatus());
-- }
-- } finally {
-- cleanupClientSslEngine(clientEngine);
-- cleanupServerSslEngine(serverEngine);
-- }
-- }
--
-- @Test
-- public void testOnlySmallBufferNeededForWrap() throws Exception {
-- clientSslCtx = SslContextBuilder.forClient()
-- .trustManager(InsecureTrustManagerFactory.INSTANCE)
-- .sslProvider(sslClientProvider())
-- .build();
-- SelfSignedCertificate ssc = new SelfSignedCertificate();
-- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
-- .sslProvider(sslServerProvider())
-- .build();
-- SSLEngine clientEngine = null;
-- SSLEngine serverEngine = null;
-- try {
-- clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
-- serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
-- handshake(clientEngine, serverEngine);
--
-- // Allocate a buffer which is small enough and set the limit to the capacity to mark its whole content
-- // as readable.
-- int srcLen = 1024;
-- ByteBuffer src = allocateBuffer(srcLen);
--
-- ByteBuffer dstTooSmall = allocateBuffer(
-- src.capacity() + MAX_TLS_RECORD_OVERHEAD_LENGTH - 1);
-- ByteBuffer dst = allocateBuffer(
-- src.capacity() + MAX_TLS_RECORD_OVERHEAD_LENGTH);
--
-- // Check that we fail to wrap if the dst buffers capacity is not at least
-- // src.capacity() + ReferenceCountedOpenSslEngine.MAX_TLS_RECORD_OVERHEAD_LENGTH
-- SSLEngineResult result = clientEngine.wrap(src, dstTooSmall);
-- assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, result.getStatus());
-- assertEquals(0, result.bytesConsumed());
-- assertEquals(0, result.bytesProduced());
-- assertEquals(src.remaining(), src.capacity());
-- assertEquals(dst.remaining(), dst.capacity());
--
-- // Check that we can wrap with a dst buffer that has the capacity of
-- // src.capacity() + ReferenceCountedOpenSslEngine.MAX_TLS_RECORD_OVERHEAD_LENGTH
-- result = clientEngine.wrap(src, dst);
-- assertEquals(SSLEngineResult.Status.OK, result.getStatus());
-- assertEquals(srcLen, result.bytesConsumed());
-- assertEquals(0, src.remaining());
-- assertTrue(result.bytesProduced() > srcLen);
-- assertEquals(src.capacity() - result.bytesConsumed(), src.remaining());
-- assertEquals(dst.capacity() - result.bytesProduced(), dst.remaining());
-- } finally {
-- cleanupClientSslEngine(clientEngine);
-- cleanupServerSslEngine(serverEngine);
-- }
-- }
--
-- @Test
-- public void testNeededDstCapacityIsCorrectlyCalculated() throws Exception {
-- clientSslCtx = SslContextBuilder.forClient()
-- .trustManager(InsecureTrustManagerFactory.INSTANCE)
-- .sslProvider(sslClientProvider())
-- .build();
-- SelfSignedCertificate ssc = new SelfSignedCertificate();
-- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
-- .sslProvider(sslServerProvider())
-- .build();
-- SSLEngine clientEngine = null;
-- SSLEngine serverEngine = null;
-- try {
-- clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
-- serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
-- handshake(clientEngine, serverEngine);
--
-- ByteBuffer src = allocateBuffer(1024);
-- ByteBuffer src2 = src.duplicate();
--
-- ByteBuffer dst = allocateBuffer(src.capacity()
-- + MAX_TLS_RECORD_OVERHEAD_LENGTH);
--
-- SSLEngineResult result = clientEngine.wrap(new ByteBuffer[] { src, src2 }, dst);
-- assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, result.getStatus());
-- assertEquals(0, src.position());
-- assertEquals(0, src2.position());
-- assertEquals(0, dst.position());
-- assertEquals(0, result.bytesConsumed());
-- assertEquals(0, result.bytesProduced());
-- } finally {
-- cleanupClientSslEngine(clientEngine);
-- cleanupServerSslEngine(serverEngine);
-- }
-- }
--
-- @Test
-- public void testSrcsLenOverFlowCorrectlyHandled() throws Exception {
-- clientSslCtx = SslContextBuilder.forClient()
-- .trustManager(InsecureTrustManagerFactory.INSTANCE)
-- .sslProvider(sslClientProvider())
-- .build();
-- SelfSignedCertificate ssc = new SelfSignedCertificate();
-- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
-- .sslProvider(sslServerProvider())
-- .build();
-- SSLEngine clientEngine = null;
-- SSLEngine serverEngine = null;
-- try {
-- clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
-- serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
-- handshake(clientEngine, serverEngine);
--
-- ByteBuffer src = allocateBuffer(1024);
-- List<ByteBuffer> srcList = new ArrayList<ByteBuffer>();
-- long srcsLen = 0;
-- long maxLen = ((long) MAX_VALUE) * 2;
--
-- while (srcsLen < maxLen) {
-- ByteBuffer dup = src.duplicate();
-- srcList.add(dup);
-- srcsLen += dup.capacity();
-- }
--
-- ByteBuffer[] srcs = srcList.toArray(new ByteBuffer[srcList.size()]);
--
-- ByteBuffer dst = allocateBuffer(MAX_ENCRYPTED_PACKET_LENGTH - 1);
--
-- SSLEngineResult result = clientEngine.wrap(srcs, dst);
-- assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, result.getStatus());
--
-- for (ByteBuffer buffer : srcs) {
-- assertEquals(0, buffer.position());
-- }
-- assertEquals(0, dst.position());
-- assertEquals(0, result.bytesConsumed());
-- assertEquals(0, result.bytesProduced());
-- } finally {
-- cleanupClientSslEngine(clientEngine);
-- cleanupServerSslEngine(serverEngine);
-- }
-- }
--
-- @Test
-- public void testCalculateOutNetBufSizeOverflow() {
-- assertEquals(MAX_ENCRYPTED_PACKET_LENGTH,
-- ReferenceCountedOpenSslEngine.calculateOutNetBufSize(MAX_VALUE, 1));
-- }
--
-- @Test
-- public void testCalculateOutNetBufSize0() {
-- assertEquals(MAX_TLS_RECORD_OVERHEAD_LENGTH,
-- ReferenceCountedOpenSslEngine.calculateOutNetBufSize(0, 1));
-- }
--
-- @Test
-- public void testCalculateOutNetBufSizeMaxEncryptedPacketLength() {
-- assertEquals(MAX_ENCRYPTED_PACKET_LENGTH,
-- ReferenceCountedOpenSslEngine.calculateOutNetBufSize(MAX_ENCRYPTED_PACKET_LENGTH + 1, 2));
-- }
--
-- @Override
-- protected void mySetupMutualAuthServerInitSslHandler(SslHandler handler) {
-- ReferenceCountedOpenSslEngine engine = (ReferenceCountedOpenSslEngine) handler.engine();
-- engine.setVerify(SSL_CVERIFY_IGNORED, 1);
-- }
--
-- @Test
-- public void testWrapWithDifferentSizesTLSv1() throws Exception {
-- clientSslCtx = SslContextBuilder.forClient()
-- .trustManager(InsecureTrustManagerFactory.INSTANCE)
-- .sslProvider(sslClientProvider())
-- .build();
-- SelfSignedCertificate ssc = new SelfSignedCertificate();
-- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
-- .sslProvider(sslServerProvider())
-- .build();
--
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ADH-AES128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "AES128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ECDHE-RSA-AES128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ADH-CAMELLIA128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "DES-CBC3-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "AECDH-AES128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "AECDH-DES-CBC3-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "CAMELLIA128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "DHE-RSA-AES256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "SEED-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "RC4-MD5");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ADH-AES256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "AES256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ADH-SEED-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ADH-DES-CBC3-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "EDH-RSA-DES-CBC3-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ADH-RC4-MD5");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "IDEA-CBC-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "DHE-RSA-AES128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "RC4-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "CAMELLIA256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "AECDH-RC4-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "DHE-RSA-SEED-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "AECDH-AES256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ECDHE-RSA-DES-CBC3-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ADH-CAMELLIA256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "DHE-RSA-CAMELLIA256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ECDHE-RSA-AES256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "DHE-RSA-CAMELLIA128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1, "ECDHE-RSA-RC4-SHA");
-- }
--
-- @Test
-- public void testWrapWithDifferentSizesTLSv1_1() throws Exception {
-- clientSslCtx = SslContextBuilder.forClient()
-- .trustManager(InsecureTrustManagerFactory.INSTANCE)
-- .sslProvider(sslClientProvider())
-- .build();
-- SelfSignedCertificate ssc = new SelfSignedCertificate();
-- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
-- .sslProvider(sslServerProvider())
-- .build();
--
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "DHE-RSA-AES256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "DHE-RSA-CAMELLIA256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ADH-CAMELLIA256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ADH-AES256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "AES256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "CAMELLIA256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "AECDH-AES128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "DHE-RSA-CAMELLIA128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ADH-AES128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ADH-SEED-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ADH-CAMELLIA128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "SEED-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "CAMELLIA128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "IDEA-CBC-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "AECDH-RC4-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ADH-RC4-MD5");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "RC4-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ECDHE-RSA-DES-CBC3-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "EDH-RSA-DES-CBC3-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "AECDH-DES-CBC3-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "ADH-DES-CBC3-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_1, "DES-CBC3-SHA");
-- }
--
-- @Test
-- public void testWrapWithDifferentSizesTLSv1_2() throws Exception {
-- clientSslCtx = SslContextBuilder.forClient()
-- .trustManager(InsecureTrustManagerFactory.INSTANCE)
-- .sslProvider(sslClientProvider())
-- .build();
-- SelfSignedCertificate ssc = new SelfSignedCertificate();
-- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
-- .sslProvider(sslServerProvider())
-- .build();
--
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-AES128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AES128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-CAMELLIA128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-AES256-GCM-SHA384");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DES-CBC3-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AECDH-AES128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AES128-GCM-SHA256");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-AES128-GCM-SHA256");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-SHA384");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AECDH-DES-CBC3-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AES256-GCM-SHA384");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AES256-SHA256");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-GCM-SHA256");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA256");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "CAMELLIA128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-AES256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "SEED-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "RC4-MD5");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-AES256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AES256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-SEED-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-AES128-SHA256");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-DES-CBC3-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "EDH-RSA-DES-CBC3-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-RC4-MD5");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "IDEA-CBC-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-AES128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "RC4-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "CAMELLIA256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-AES128-GCM-SHA256");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AES128-SHA256");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AECDH-RC4-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-AES256-GCM-SHA384");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-SEED-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-AES256-SHA256");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AECDH-AES256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-DES-CBC3-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-CAMELLIA256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-GCM-SHA384");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-CAMELLIA256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-AES256-SHA256");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-AES128-SHA256");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-CAMELLIA128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-RC4-SHA");
-- }
--
-- @Test
-- public void testWrapWithDifferentSizesSSLv3() throws Exception {
-- clientSslCtx = SslContextBuilder.forClient()
-- .trustManager(InsecureTrustManagerFactory.INSTANCE)
-- .sslProvider(sslClientProvider())
-- .build();
-- SelfSignedCertificate ssc = new SelfSignedCertificate();
-- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
-- .sslProvider(sslServerProvider())
-- .build();
--
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-AES128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "AES128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-CAMELLIA128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "DES-CBC3-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "AECDH-AES128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "AECDH-DES-CBC3-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "CAMELLIA128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "DHE-RSA-AES256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "SEED-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "RC4-MD5");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-AES256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "AES256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-SEED-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-DES-CBC3-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "EDH-RSA-DES-CBC3-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-RC4-MD5");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "IDEA-CBC-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "DHE-RSA-AES128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "RC4-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "CAMELLIA256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "AECDH-RC4-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "DHE-RSA-SEED-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "AECDH-AES256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ECDHE-RSA-DES-CBC3-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-CAMELLIA256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "DHE-RSA-CAMELLIA256-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "DHE-RSA-CAMELLIA128-SHA");
-- testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ECDHE-RSA-RC4-SHA");
-- }
--
-- private void testWrapWithDifferentSizes(String protocol, String cipher) throws Exception {
-- assumeTrue(OpenSsl.SUPPORTED_PROTOCOLS_SET.contains(protocol));
-- if (!OpenSsl.isCipherSuiteAvailable(cipher)) {
-- return;
-- }
--
-- SSLEngine clientEngine = null;
-- SSLEngine serverEngine = null;
-- try {
-- clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
-- serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
-- clientEngine.setEnabledCipherSuites(new String[] { cipher });
-- clientEngine.setEnabledProtocols(new String[] { protocol });
-- serverEngine.setEnabledCipherSuites(new String[] { cipher });
-- serverEngine.setEnabledProtocols(new String[] { protocol });
--
-- try {
-- handshake(clientEngine, serverEngine);
-- } catch (SSLException e) {
-- if (e.getMessage().contains("unsupported protocol")) {
-- Assume.assumeNoException(protocol + " not supported with cipher " + cipher, e);
-- }
-- throw e;
-- }
--
-- int srcLen = 64;
-- do {
-- testWrapDstBigEnough(clientEngine, srcLen);
-- srcLen += 64;
-- } while (srcLen < MAX_PLAINTEXT_LENGTH);
--
-- testWrapDstBigEnough(clientEngine, MAX_PLAINTEXT_LENGTH);
-- } finally {
-- cleanupClientSslEngine(clientEngine);
-- cleanupServerSslEngine(serverEngine);
-- }
-- }
--
-- private void testWrapDstBigEnough(SSLEngine engine, int srcLen) throws SSLException {
-- ByteBuffer src = allocateBuffer(srcLen);
-- ByteBuffer dst = allocateBuffer(srcLen + MAX_TLS_RECORD_OVERHEAD_LENGTH);
--
-- SSLEngineResult result = engine.wrap(src, dst);
-- assertEquals(SSLEngineResult.Status.OK, result.getStatus());
-- int consumed = result.bytesConsumed();
-- int produced = result.bytesProduced();
-- assertEquals(srcLen, consumed);
-- assertTrue(produced > consumed);
--
-- dst.flip();
-- assertEquals(produced, dst.remaining());
-- assertFalse(src.hasRemaining());
-- }
--
-- @Test
-- public void testSNIMatchersDoesNotThrow() throws Exception {
-- assumeTrue(PlatformDependent.javaVersion() >= 8);
-- SelfSignedCertificate ssc = new SelfSignedCertificate();
-- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
-- .sslProvider(sslServerProvider())
-- .build();
--
-- SSLEngine engine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
-- try {
-- SSLParameters parameters = new SSLParameters();
-- Java8SslTestUtils.setSNIMatcher(parameters);
-- engine.setSSLParameters(parameters);
-- } finally {
-- cleanupServerSslEngine(engine);
-- ssc.delete();
-- }
-- }
--
-- @Test(expected = IllegalArgumentException.class)
-- public void testAlgorithmConstraintsThrows() throws Exception {
-- SelfSignedCertificate ssc = new SelfSignedCertificate();
-- serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
-- .sslProvider(sslServerProvider())
-- .build();
--
-- SSLEngine engine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
-- try {
-- SSLParameters parameters = new SSLParameters();
-- parameters.setAlgorithmConstraints(new AlgorithmConstraints() {
-- @Override
-- public boolean permits(
-- Set<CryptoPrimitive> primitives, String algorithm, AlgorithmParameters parameters) {
-- return false;
-- }
--
-- @Override
-- public boolean permits(Set<CryptoPrimitive> primitives, Key key) {
-- return false;
-- }
--
-- @Override
-- public boolean permits(
-- Set<CryptoPrimitive> primitives, String algorithm, Key key, AlgorithmParameters parameters) {
-- return false;
-- }
-- });
-- engine.setSSLParameters(parameters);
-- } finally {
-- cleanupServerSslEngine(engine);
-- ssc.delete();
-- }
-- }
--
-- @Override
-- protected SslProvider sslClientProvider() {
-- return SslProvider.OPENSSL;
-- }
--
-- @Override
-- protected SslProvider sslServerProvider() {
-- return SslProvider.OPENSSL;
-- }
--
-- private static ApplicationProtocolConfig acceptingNegotiator(Protocol protocol,
-- String... supportedProtocols) {
-- return new ApplicationProtocolConfig(protocol,
-- SelectorFailureBehavior.NO_ADVERTISE,
-- SelectedListenerFailureBehavior.ACCEPT,
-- supportedProtocols);
-- }
--}
-diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslJdkSslEngineInteroptTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslJdkSslEngineInteroptTest.java
-deleted file mode 100644
-index f63a16f..0000000
---- a/handler/src/test/java/io/netty/handler/ssl/OpenSslJdkSslEngineInteroptTest.java
-+++ /dev/null
-@@ -1,114 +0,0 @@
--/*
-- * Copyright 2016 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import org.junit.BeforeClass;
--import org.junit.Ignore;
--import org.junit.Test;
--
--import javax.net.ssl.SSLException;
--import org.junit.runner.RunWith;
--import org.junit.runners.Parameterized;
--
--import java.util.ArrayList;
--import java.util.Collection;
--import java.util.List;
--
--import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
--import static org.junit.Assume.assumeTrue;
--
--(a)RunWith(Parameterized.class)
--public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
--
-- @Parameterized.Parameters(name = "{index}: bufferType = {0}")
-- public static Collection<Object> data() {
-- List<Object> params = new ArrayList<Object>();
-- for (BufferType type: BufferType.values()) {
-- params.add(type);
-- }
-- return params;
-- }
--
-- public OpenSslJdkSslEngineInteroptTest(BufferType type) {
-- super(type);
-- }
--
-- @BeforeClass
-- public static void checkOpenSsl() {
-- assumeTrue(OpenSsl.isAvailable());
-- }
--
-- @Override
-- protected SslProvider sslClientProvider() {
-- return SslProvider.OPENSSL;
-- }
--
-- @Override
-- protected SslProvider sslServerProvider() {
-- return SslProvider.JDK;
-- }
--
-- @Ignore /* Does the JDK support a "max certificate chain length"? */
-- @Override
-- public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
-- }
--
-- @Ignore /* Does the JDK support a "max certificate chain length"? */
-- @Override
-- public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
-- }
--
-- @Override
-- @Test
-- public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception {
-- checkShouldUseKeyManagerFactory();
-- super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth();
-- }
--
-- @Override
-- @Test
-- public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception {
-- checkShouldUseKeyManagerFactory();
-- super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth();
-- }
--
-- @Override
-- @Test
-- public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception {
-- checkShouldUseKeyManagerFactory();
-- super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth();
-- }
--
-- @Override
-- @Test
-- public void testClientHostnameValidationSuccess() throws InterruptedException, SSLException {
-- assumeTrue(OpenSsl.supportsHostnameValidation());
-- super.testClientHostnameValidationSuccess();
-- }
--
-- @Override
-- @Test
-- public void testClientHostnameValidationFail() throws InterruptedException, SSLException {
-- assumeTrue(OpenSsl.supportsHostnameValidation());
-- super.testClientHostnameValidationFail();
-- }
--
-- @Override
-- protected boolean mySetupMutualAuthServerIsValidServerException(Throwable cause) {
-- // TODO(scott): work around for a JDK issue. The exception should be SSLHandshakeException.
-- return super.mySetupMutualAuthServerIsValidServerException(cause) || causedBySSLException(cause);
-- }
--}
-diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateSmallBIOTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateSmallBIOTest.java
-deleted file mode 100644
-index 3959e64..0000000
---- a/handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateSmallBIOTest.java
-+++ /dev/null
-@@ -1,23 +0,0 @@
--/*
-- * Copyright 2017 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--public class OpenSslRenegotiateSmallBIOTest extends OpenSslRenegotiateTest {
-- @Override
-- protected void initSslServerContext(SslContext context) {
-- ((ReferenceCountedOpenSslContext) context).setBioNonApplicationBufferSize(1);
-- }
--}
-diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateTest.java
-deleted file mode 100644
-index 8f3dfee..0000000
---- a/handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateTest.java
-+++ /dev/null
-@@ -1,36 +0,0 @@
--/*
-- * Copyright 2015 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import org.junit.BeforeClass;
--
--import static org.junit.Assume.assumeFalse;
--import static org.junit.Assume.assumeTrue;
--
--public class OpenSslRenegotiateTest extends RenegotiateTest {
--
-- @BeforeClass
-- public static void checkOpenSsl() {
-- assumeTrue(OpenSsl.isAvailable());
-- // BoringSSL does not support renegotiation intentionally.
-- assumeFalse("BoringSSL".equals(OpenSsl.versionString()));
-- }
--
-- @Override
-- protected SslProvider serverSslProvider() {
-- return SslProvider.OPENSSL;
-- }
--}
-diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java
-deleted file mode 100644
-index f22d045..0000000
---- a/handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java
-+++ /dev/null
-@@ -1,39 +0,0 @@
--/*
-- * Copyright 2016 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--
--package io.netty.handler.ssl;
--
--import org.junit.Assume;
--import org.junit.BeforeClass;
--
--import javax.net.ssl.SSLException;
--import java.io.File;
--
--import static org.junit.Assume.assumeTrue;
--
--public class OpenSslServerContextTest extends SslContextTest {
--
-- @BeforeClass
-- public static void checkOpenSsl() {
-- assumeTrue(OpenSsl.isAvailable());
-- }
--
-- @Override
-- protected SslContext newServerContext(File crtFile, File keyFile, String pass) throws SSLException {
-- Assume.assumeTrue(OpenSsl.isAvailable());
-- return new OpenSslServerContext(crtFile, keyFile, pass);
-- }
--}
-diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslTestUtils.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslTestUtils.java
-deleted file mode 100644
-index 7882a61..0000000
---- a/handler/src/test/java/io/netty/handler/ssl/OpenSslTestUtils.java
-+++ /dev/null
-@@ -1,27 +0,0 @@
--/*
-- * Copyright 2017 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import static org.junit.Assume.assumeTrue;
--
--final class OpenSslTestUtils {
-- private OpenSslTestUtils() {
-- }
--
-- static void checkShouldUseKeyManagerFactory() {
-- assumeTrue(OpenSsl.supportsKeyManagerFactory() && OpenSsl.useKeyManagerFactory());
-- }
--}
-diff --git a/handler/src/test/java/io/netty/handler/ssl/PemEncodedTest.java b/handler/src/test/java/io/netty/handler/ssl/PemEncodedTest.java
-deleted file mode 100644
-index 793f772..0000000
---- a/handler/src/test/java/io/netty/handler/ssl/PemEncodedTest.java
-+++ /dev/null
-@@ -1,95 +0,0 @@
--/*
-- * Copyright 2016 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--
--package io.netty.handler.ssl;
--
--import static org.junit.Assert.assertEquals;
--import static org.junit.Assert.assertTrue;
--import static org.junit.Assume.assumeFalse;
--import static org.junit.Assume.assumeTrue;
--
--import java.io.ByteArrayOutputStream;
--import java.io.File;
--import java.io.FileInputStream;
--
--import org.junit.Test;
--
--import io.netty.handler.ssl.util.SelfSignedCertificate;
--import io.netty.util.ReferenceCountUtil;
--
--public class PemEncodedTest {
--
-- @Test
-- public void testPemEncodedOpenSsl() throws Exception {
-- testPemEncoded(SslProvider.OPENSSL);
-- }
--
-- @Test
-- public void testPemEncodedOpenSslRef() throws Exception {
-- testPemEncoded(SslProvider.OPENSSL_REFCNT);
-- }
--
-- private static void testPemEncoded(SslProvider provider) throws Exception {
-- assumeTrue(OpenSsl.isAvailable());
-- assumeFalse(OpenSsl.useKeyManagerFactory());
-- PemPrivateKey pemKey;
-- PemX509Certificate pemCert;
-- SelfSignedCertificate ssc = new SelfSignedCertificate();
-- try {
-- pemKey = PemPrivateKey.valueOf(toByteArray(ssc.privateKey()));
-- pemCert = PemX509Certificate.valueOf(toByteArray(ssc.certificate()));
-- } finally {
-- ssc.delete();
-- }
--
-- SslContext context = SslContextBuilder.forServer(pemKey, pemCert)
-- .sslProvider(provider)
-- .build();
-- assertEquals(1, pemKey.refCnt());
-- assertEquals(1, pemCert.refCnt());
-- try {
-- assertTrue(context instanceof ReferenceCountedOpenSslContext);
-- } finally {
-- ReferenceCountUtil.release(context);
-- assertRelease(pemKey);
-- assertRelease(pemCert);
-- }
-- }
--
-- private static void assertRelease(PemEncoded encoded) {
-- assertTrue(encoded.release());
-- }
--
-- private static byte[] toByteArray(File file) throws Exception {
-- FileInputStream in = new FileInputStream(file);
-- try {
-- ByteArrayOutputStream baos = new ByteArrayOutputStream();
-- try {
-- byte[] buf = new byte[1024];
-- int len;
-- while ((len = in.read(buf)) != -1) {
-- baos.write(buf, 0, len);
-- }
-- } finally {
-- baos.close();
-- }
--
-- return baos.toByteArray();
-- } finally {
-- in.close();
-- }
-- }
--}
-diff --git a/handler/src/test/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngineTest.java
-deleted file mode 100644
-index 6d38940..0000000
---- a/handler/src/test/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngineTest.java
-+++ /dev/null
-@@ -1,57 +0,0 @@
--/*
-- * Copyright 2016 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import io.netty.util.ReferenceCountUtil;
--
--import javax.net.ssl.SSLEngine;
--
--public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest {
--
-- public ReferenceCountedOpenSslEngineTest(BufferType type) {
-- super(type);
-- }
--
-- @Override
-- protected SslProvider sslClientProvider() {
-- return SslProvider.OPENSSL_REFCNT;
-- }
--
-- @Override
-- protected SslProvider sslServerProvider() {
-- return SslProvider.OPENSSL_REFCNT;
-- }
--
-- @Override
-- protected void cleanupClientSslContext(SslContext ctx) {
-- ReferenceCountUtil.release(ctx);
-- }
--
-- @Override
-- protected void cleanupClientSslEngine(SSLEngine engine) {
-- ReferenceCountUtil.release(engine);
-- }
--
-- @Override
-- protected void cleanupServerSslContext(SslContext ctx) {
-- ReferenceCountUtil.release(ctx);
-- }
--
-- @Override
-- protected void cleanupServerSslEngine(SSLEngine engine) {
-- ReferenceCountUtil.release(engine);
-- }
--}
-diff --git a/handler/src/test/java/io/netty/handler/ssl/SniClientTest.java b/handler/src/test/java/io/netty/handler/ssl/SniClientTest.java
-deleted file mode 100644
-index 3193d20..0000000
---- a/handler/src/test/java/io/netty/handler/ssl/SniClientTest.java
-+++ /dev/null
-@@ -1,161 +0,0 @@
--/*
-- * Copyright 2016 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import io.netty.bootstrap.Bootstrap;
--import io.netty.bootstrap.ServerBootstrap;
--import io.netty.buffer.ByteBufAllocator;
--import io.netty.channel.Channel;
--import io.netty.channel.ChannelInitializer;
--import io.netty.channel.DefaultEventLoopGroup;
--import io.netty.channel.EventLoopGroup;
--import io.netty.channel.local.LocalAddress;
--import io.netty.channel.local.LocalChannel;
--import io.netty.channel.local.LocalServerChannel;
--import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
--import io.netty.handler.ssl.util.SelfSignedCertificate;
--import io.netty.util.Mapping;
--import io.netty.util.concurrent.Promise;
--import io.netty.util.internal.PlatformDependent;
--import org.junit.Assert;
--import org.junit.Assume;
--import org.junit.Test;
--
--import java.nio.channels.ClosedChannelException;
--
--public class SniClientTest {
--
-- @Test(timeout = 30000)
-- public void testSniClientJdkSslServerJdkSsl() throws Exception {
-- testSniClient(SslProvider.JDK, SslProvider.JDK);
-- }
--
-- @Test(timeout = 30000)
-- public void testSniClientOpenSslServerOpenSsl() throws Exception {
-- Assume.assumeTrue(OpenSsl.isAvailable());
-- testSniClient(SslProvider.OPENSSL, SslProvider.OPENSSL);
-- }
--
-- @Test(timeout = 30000)
-- public void testSniClientJdkSslServerOpenSsl() throws Exception {
-- Assume.assumeTrue(OpenSsl.isAvailable());
-- testSniClient(SslProvider.JDK, SslProvider.OPENSSL);
-- }
--
-- @Test(timeout = 30000)
-- public void testSniClientOpenSslServerJdkSsl() throws Exception {
-- Assume.assumeTrue(OpenSsl.isAvailable());
-- testSniClient(SslProvider.OPENSSL, SslProvider.JDK);
-- }
--
-- @Test(timeout = 30000)
-- public void testSniSNIMatcherMatchesClientJdkSslServerJdkSsl() throws Exception {
-- Assume.assumeTrue(PlatformDependent.javaVersion() >= 8);
-- SniClientJava8TestUtil.testSniClient(SslProvider.JDK, SslProvider.JDK, true);
-- }
--
-- @Test(timeout = 30000, expected = ClosedChannelException.class)
-- public void testSniSNIMatcherDoesNotMatchClientJdkSslServerJdkSsl() throws Exception {
-- Assume.assumeTrue(PlatformDependent.javaVersion() >= 8);
-- SniClientJava8TestUtil.testSniClient(SslProvider.JDK, SslProvider.JDK, false);
-- }
--
-- @Test(timeout = 30000)
-- public void testSniSNIMatcherMatchesClientOpenSslServerOpenSsl() throws Exception {
-- Assume.assumeTrue(PlatformDependent.javaVersion() >= 8);
-- Assume.assumeTrue(OpenSsl.isAvailable());
-- SniClientJava8TestUtil.testSniClient(SslProvider.OPENSSL, SslProvider.OPENSSL, true);
-- }
--
-- @Test(timeout = 30000, expected = ClosedChannelException.class)
-- public void testSniSNIMatcherDoesNotMatchClientOpenSslServerOpenSsl() throws Exception {
-- Assume.assumeTrue(PlatformDependent.javaVersion() >= 8);
-- Assume.assumeTrue(OpenSsl.isAvailable());
-- SniClientJava8TestUtil.testSniClient(SslProvider.OPENSSL, SslProvider.OPENSSL, false);
-- }
--
-- @Test(timeout = 30000)
-- public void testSniSNIMatcherMatchesClientJdkSslServerOpenSsl() throws Exception {
-- Assume.assumeTrue(PlatformDependent.javaVersion() >= 8);
-- Assume.assumeTrue(OpenSsl.isAvailable());
-- SniClientJava8TestUtil.testSniClient(SslProvider.JDK, SslProvider.OPENSSL, true);
-- }
--
-- @Test(timeout = 30000, expected = ClosedChannelException.class)
-- public void testSniSNIMatcherDoesNotMatchClientJdkSslServerOpenSsl() throws Exception {
-- Assume.assumeTrue(PlatformDependent.javaVersion() >= 8);
-- Assume.assumeTrue(OpenSsl.isAvailable());
-- SniClientJava8TestUtil.testSniClient(SslProvider.JDK, SslProvider.OPENSSL, false);
-- }
--
-- @Test(timeout = 30000)
-- public void testSniSNIMatcherMatchesClientOpenSslServerJdkSsl() throws Exception {
-- Assume.assumeTrue(PlatformDependent.javaVersion() >= 8);
-- Assume.assumeTrue(OpenSsl.isAvailable());
-- SniClientJava8TestUtil.testSniClient(SslProvider.OPENSSL, SslProvider.JDK, true);
-- }
--
-- @Test(timeout = 30000, expected = ClosedChannelException.class)
-- public void testSniSNIMatcherDoesNotMatchClientOpenSslServerJdkSsl() throws Exception {
-- Assume.assumeTrue(PlatformDependent.javaVersion() >= 8);
-- Assume.assumeTrue(OpenSsl.isAvailable());
-- SniClientJava8TestUtil.testSniClient(SslProvider.OPENSSL, SslProvider.JDK, false);
-- }
--
-- private static void testSniClient(SslProvider sslClientProvider, SslProvider sslServerProvider) throws Exception {
-- final String sniHost = "sni.netty.io";
-- LocalAddress address = new LocalAddress("test");
-- EventLoopGroup group = new DefaultEventLoopGroup(1);
-- Channel sc = null;
-- Channel cc = null;
-- try {
-- SelfSignedCertificate cert = new SelfSignedCertificate();
-- final SslContext sslServerContext = SslContextBuilder.forServer(cert.key(), cert.cert())
-- .sslProvider(sslServerProvider).build();
--
-- final Promise<String> promise = group.next().newPromise();
-- ServerBootstrap sb = new ServerBootstrap();
-- sc = sb.group(group).channel(LocalServerChannel.class).childHandler(new ChannelInitializer<Channel>() {
-- @Override
-- protected void initChannel(Channel ch) throws Exception {
-- ch.pipeline().addFirst(new SniHandler(new Mapping<String, SslContext>() {
-- @Override
-- public SslContext map(String input) {
-- promise.setSuccess(input);
-- return sslServerContext;
-- }
-- }));
-- }
-- }).bind(address).syncUninterruptibly().channel();
--
-- SslContext sslContext = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE)
-- .sslProvider(sslClientProvider).build();
-- Bootstrap cb = new Bootstrap();
-- cc = cb.group(group).channel(LocalChannel.class).handler(new SslHandler(
-- sslContext.newEngine(ByteBufAllocator.DEFAULT, sniHost, -1)))
-- .connect(address).syncUninterruptibly().channel();
-- Assert.assertEquals(sniHost, promise.syncUninterruptibly().getNow());
-- } finally {
-- if (cc != null) {
-- cc.close().syncUninterruptibly();
-- }
-- if (sc != null) {
-- sc.close().syncUninterruptibly();
-- }
-- group.shutdownGracefully();
-- }
-- }
--}
-diff --git a/handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java b/handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java
-deleted file mode 100644
-index 07c87c6..0000000
---- a/handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java
-+++ /dev/null
-@@ -1,496 +0,0 @@
--/*
-- * Copyright 2014 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--
--package io.netty.handler.ssl;
--
--import static org.hamcrest.CoreMatchers.is;
--import static org.hamcrest.CoreMatchers.nullValue;
--import static org.junit.Assert.assertEquals;
--import static org.junit.Assert.assertThat;
--import static org.junit.Assert.assertTrue;
--import static org.junit.Assume.assumeTrue;
--
--import java.io.File;
--import java.net.InetSocketAddress;
--import java.util.ArrayList;
--import java.util.List;
--import java.util.concurrent.CountDownLatch;
--import java.util.concurrent.TimeUnit;
--
--import javax.net.ssl.SSLEngine;
--
--import org.junit.Test;
--
--import io.netty.bootstrap.Bootstrap;
--import io.netty.bootstrap.ServerBootstrap;
--import io.netty.buffer.ByteBufAllocator;
--import io.netty.buffer.Unpooled;
--import io.netty.channel.Channel;
--import io.netty.channel.ChannelFuture;
--import io.netty.channel.ChannelHandlerContext;
--import io.netty.channel.ChannelInitializer;
--import io.netty.channel.ChannelPipeline;
--import io.netty.channel.DefaultEventLoopGroup;
--import io.netty.channel.EventLoopGroup;
--import io.netty.channel.embedded.EmbeddedChannel;
--import io.netty.channel.local.LocalAddress;
--import io.netty.channel.local.LocalChannel;
--import io.netty.channel.local.LocalServerChannel;
--import io.netty.channel.nio.NioEventLoopGroup;
--import io.netty.channel.socket.nio.NioServerSocketChannel;
--import io.netty.channel.socket.nio.NioSocketChannel;
--import io.netty.handler.codec.DecoderException;
--import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
--import io.netty.handler.ssl.util.SelfSignedCertificate;
--import io.netty.util.DomainNameMapping;
--import io.netty.util.DomainNameMappingBuilder;
--import io.netty.util.Mapping;
--import io.netty.util.ReferenceCountUtil;
--import io.netty.util.ReferenceCounted;
--import io.netty.util.concurrent.Promise;
--import io.netty.util.internal.ObjectUtil;
--import io.netty.util.internal.StringUtil;
--import org.junit.runner.RunWith;
--import org.junit.runners.Parameterized;
--
--(a)RunWith(Parameterized.class)
--public class SniHandlerTest {
--
-- private static ApplicationProtocolConfig newApnConfig() {
-- return new ApplicationProtocolConfig(
-- ApplicationProtocolConfig.Protocol.ALPN,
-- // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
-- ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
-- // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
-- ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
-- "myprotocol");
-- }
--
-- private static void assumeApnSupported(SslProvider provider) {
-- switch (provider) {
-- case OPENSSL:
-- case OPENSSL_REFCNT:
-- assumeTrue(OpenSsl.isAlpnSupported());
-- break;
-- case JDK:
-- assumeTrue(JettyAlpnSslEngine.isAvailable());
-- break;
-- default:
-- throw new Error();
-- }
-- }
--
-- private static SslContext makeSslContext(SslProvider provider, boolean apn) throws Exception {
-- if (apn) {
-- assumeApnSupported(provider);
-- }
--
-- File keyFile = new File(SniHandlerTest.class.getResource("test_encrypted.pem").getFile());
-- File crtFile = new File(SniHandlerTest.class.getResource("test.crt").getFile());
--
-- SslContextBuilder sslCtxBuilder = SslContextBuilder.forServer(crtFile, keyFile, "12345")
-- .sslProvider(provider);
-- if (apn) {
-- sslCtxBuilder.applicationProtocolConfig(newApnConfig());
-- }
-- return sslCtxBuilder.build();
-- }
--
-- private static SslContext makeSslClientContext(SslProvider provider, boolean apn) throws Exception {
-- if (apn) {
-- assumeApnSupported(provider);
-- }
--
-- File crtFile = new File(SniHandlerTest.class.getResource("test.crt").getFile());
--
-- SslContextBuilder sslCtxBuilder = SslContextBuilder.forClient().trustManager(crtFile).sslProvider(provider);
-- if (apn) {
-- sslCtxBuilder.applicationProtocolConfig(newApnConfig());
-- }
-- return sslCtxBuilder.build();
-- }
--
-- @Parameterized.Parameters(name = "{index}: sslProvider={0}")
-- public static Iterable<?> data() {
-- List<SslProvider> params = new ArrayList<SslProvider>(3);
-- if (OpenSsl.isAvailable()) {
-- params.add(SslProvider.OPENSSL);
-- params.add(SslProvider.OPENSSL_REFCNT);
-- }
-- params.add(SslProvider.JDK);
-- return params;
-- }
--
-- private final SslProvider provider;
--
-- public SniHandlerTest(SslProvider provider) {
-- this.provider = provider;
-- }
--
-- @Test
-- public void testServerNameParsing() throws Exception {
-- SslContext nettyContext = makeSslContext(provider, false);
-- SslContext leanContext = makeSslContext(provider, false);
-- SslContext leanContext2 = makeSslContext(provider, false);
--
-- try {
-- DomainNameMapping<SslContext> mapping = new DomainNameMappingBuilder<SslContext>(nettyContext)
-- .add("*.netty.io", nettyContext)
-- // input with custom cases
-- .add("*.LEANCLOUD.CN", leanContext)
-- // a hostname conflict with previous one, since we are using order-sensitive config,
-- // the engine won't be used with the handler.
-- .add("chat4.leancloud.cn", leanContext2)
-- .build();
--
-- SniHandler handler = new SniHandler(mapping);
-- EmbeddedChannel ch = new EmbeddedChannel(handler);
--
-- try {
-- // hex dump of a client hello packet, which contains hostname "CHAT4.LEANCLOUD.CN"
-- String tlsHandshakeMessageHex1 = "16030100";
-- // part 2
-- String tlsHandshakeMessageHex = "c6010000c20303bb0855d66532c05a0ef784f7c384feeafa68b3" +
-- "b655ac7288650d5eed4aa3fb52000038c02cc030009fcca9cca8ccaac02b" +
-- "c02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d" +
-- "009c003d003c0035002f00ff010000610000001700150000124348415434" +
-- "2e4c45414e434c4f55442e434e000b000403000102000a000a0008001d00" +
-- "170019001800230000000d0020001e060106020603050105020503040104" +
-- "0204030301030203030201020202030016000000170000";
--
-- ch.writeInbound(Unpooled.wrappedBuffer(StringUtil.decodeHexDump(tlsHandshakeMessageHex1)));
-- ch.writeInbound(Unpooled.wrappedBuffer(StringUtil.decodeHexDump(tlsHandshakeMessageHex)));
--
-- // This should produce an alert
-- assertTrue(ch.finish());
--
-- assertThat(handler.hostname(), is("chat4.leancloud.cn"));
-- assertThat(handler.sslContext(), is(leanContext));
-- } finally {
-- ch.finishAndReleaseAll();
-- }
-- } finally {
-- releaseAll(leanContext, leanContext2, nettyContext);
-- }
-- }
--
-- @Test(expected = DecoderException.class)
-- public void testNonAsciiServerNameParsing() throws Exception {
-- SslContext nettyContext = makeSslContext(provider, false);
-- SslContext leanContext = makeSslContext(provider, false);
-- SslContext leanContext2 = makeSslContext(provider, false);
--
-- try {
-- DomainNameMapping<SslContext> mapping = new DomainNameMappingBuilder<SslContext>(nettyContext)
-- .add("*.netty.io", nettyContext)
-- // input with custom cases
-- .add("*.LEANCLOUD.CN", leanContext)
-- // a hostname conflict with previous one, since we are using order-sensitive config,
-- // the engine won't be used with the handler.
-- .add("chat4.leancloud.cn", leanContext2)
-- .build();
--
-- SniHandler handler = new SniHandler(mapping);
-- EmbeddedChannel ch = new EmbeddedChannel(handler);
--
-- try {
-- // hex dump of a client hello packet, which contains an invalid hostname "CHAT4LEANCLOUDCN"
-- String tlsHandshakeMessageHex1 = "16030100";
-- // part 2
-- String tlsHandshakeMessageHex = "bd010000b90303a74225676d1814ba57faff3b366" +
-- "3656ed05ee9dbb2a4dbb1bb1c32d2ea5fc39e0000000100008c0000001700150000164348" +
-- "415434E380824C45414E434C4F5544E38082434E000b000403000102000a00340032000e0" +
-- "00d0019000b000c00180009000a0016001700080006000700140015000400050012001300" +
-- "0100020003000f0010001100230000000d0020001e0601060206030501050205030401040" +
-- "20403030103020303020102020203000f00010133740000";
--
-- // Push the handshake message.
-- // Decode should fail because of the badly encoded "HostName" string in the SNI extension
-- // that isn't ASCII as per RFC 6066 - https://tools.ietf.org/html/rfc6066#page-6
-- ch.writeInbound(Unpooled.wrappedBuffer(StringUtil.decodeHexDump(tlsHandshakeMessageHex1)));
-- ch.writeInbound(Unpooled.wrappedBuffer(StringUtil.decodeHexDump(tlsHandshakeMessageHex)));
-- } finally {
-- ch.finishAndReleaseAll();
-- }
-- } finally {
-- releaseAll(leanContext, leanContext2, nettyContext);
-- }
-- }
--
-- @Test
-- public void testFallbackToDefaultContext() throws Exception {
-- SslContext nettyContext = makeSslContext(provider, false);
-- SslContext leanContext = makeSslContext(provider, false);
-- SslContext leanContext2 = makeSslContext(provider, false);
--
-- try {
-- DomainNameMapping<SslContext> mapping = new DomainNameMappingBuilder<SslContext>(nettyContext)
-- .add("*.netty.io", nettyContext)
-- // input with custom cases
-- .add("*.LEANCLOUD.CN", leanContext)
-- // a hostname conflict with previous one, since we are using order-sensitive config,
-- // the engine won't be used with the handler.
-- .add("chat4.leancloud.cn", leanContext2)
-- .build();
--
-- SniHandler handler = new SniHandler(mapping);
-- EmbeddedChannel ch = new EmbeddedChannel(handler);
--
-- // invalid
-- byte[] message = {22, 3, 1, 0, 0};
--
-- try {
-- // Push the handshake message.
-- ch.writeInbound(Unpooled.wrappedBuffer(message));
-- } catch (Exception e) {
-- // expected
-- }
--
-- assertThat(ch.finish(), is(false));
-- assertThat(handler.hostname(), nullValue());
-- assertThat(handler.sslContext(), is(nettyContext));
-- } finally {
-- releaseAll(leanContext, leanContext2, nettyContext);
-- }
-- }
--
-- @Test
-- public void testSniWithApnHandler() throws Exception {
-- SslContext nettyContext = makeSslContext(provider, true);
-- SslContext sniContext = makeSslContext(provider, true);
-- final SslContext clientContext = makeSslClientContext(provider, true);
-- try {
-- final CountDownLatch serverApnDoneLatch = new CountDownLatch(1);
-- final CountDownLatch clientApnDoneLatch = new CountDownLatch(1);
--
-- final DomainNameMapping<SslContext> mapping = new DomainNameMappingBuilder<SslContext>(nettyContext)
-- .add("*.netty.io", nettyContext)
-- .add("sni.fake.site", sniContext).build();
-- final SniHandler handler = new SniHandler(mapping);
-- EventLoopGroup group = new NioEventLoopGroup(2);
-- Channel serverChannel = null;
-- Channel clientChannel = null;
-- try {
-- ServerBootstrap sb = new ServerBootstrap();
-- sb.group(group);
-- sb.channel(NioServerSocketChannel.class);
-- sb.childHandler(new ChannelInitializer<Channel>() {
-- @Override
-- protected void initChannel(Channel ch) throws Exception {
-- ChannelPipeline p = ch.pipeline();
-- // Server side SNI.
-- p.addLast(handler);
-- // Catch the notification event that APN has completed successfully.
-- p.addLast(new ApplicationProtocolNegotiationHandler("foo") {
-- @Override
-- protected void configurePipeline(ChannelHandlerContext ctx, String protocol) {
-- serverApnDoneLatch.countDown();
-- }
-- });
-- }
-- });
--
-- Bootstrap cb = new Bootstrap();
-- cb.group(group);
-- cb.channel(NioSocketChannel.class);
-- cb.handler(new ChannelInitializer<Channel>() {
-- @Override
-- protected void initChannel(Channel ch) throws Exception {
-- ch.pipeline().addLast(new SslHandler(clientContext.newEngine(
-- ch.alloc(), "sni.fake.site", -1)));
-- // Catch the notification event that APN has completed successfully.
-- ch.pipeline().addLast(new ApplicationProtocolNegotiationHandler("foo") {
-- @Override
-- protected void configurePipeline(ChannelHandlerContext ctx, String protocol) {
-- clientApnDoneLatch.countDown();
-- }
-- });
-- }
-- });
--
-- serverChannel = sb.bind(new InetSocketAddress(0)).sync().channel();
--
-- ChannelFuture ccf = cb.connect(serverChannel.localAddress());
-- assertTrue(ccf.awaitUninterruptibly().isSuccess());
-- clientChannel = ccf.channel();
--
-- assertTrue(serverApnDoneLatch.await(5, TimeUnit.SECONDS));
-- assertTrue(clientApnDoneLatch.await(5, TimeUnit.SECONDS));
-- assertThat(handler.hostname(), is("sni.fake.site"));
-- assertThat(handler.sslContext(), is(sniContext));
-- } finally {
-- if (serverChannel != null) {
-- serverChannel.close().sync();
-- }
-- if (clientChannel != null) {
-- clientChannel.close().sync();
-- }
-- group.shutdownGracefully(0, 0, TimeUnit.MICROSECONDS);
-- }
-- } finally {
-- releaseAll(clientContext, nettyContext, sniContext);
-- }
-- }
--
-- @Test(timeout = 30000)
-- public void testReplaceHandler() throws Exception {
-- switch (provider) {
-- case OPENSSL:
-- case OPENSSL_REFCNT:
-- final String sniHost = "sni.netty.io";
-- LocalAddress address = new LocalAddress("testReplaceHandler-" + Math.random());
-- EventLoopGroup group = new DefaultEventLoopGroup(1);
-- Channel sc = null;
-- Channel cc = null;
-- SslContext sslContext = null;
--
-- SelfSignedCertificate cert = new SelfSignedCertificate();
--
-- try {
-- final SslContext sslServerContext = SslContextBuilder
-- .forServer(cert.key(), cert.cert())
-- .sslProvider(provider)
-- .build();
--
-- final Mapping<String, SslContext> mapping = new Mapping<String, SslContext>() {
-- @Override
-- public SslContext map(String input) {
-- return sslServerContext;
-- }
-- };
--
-- final Promise<Void> releasePromise = group.next().newPromise();
--
-- final SniHandler handler = new SniHandler(mapping) {
-- @Override
-- protected void replaceHandler(ChannelHandlerContext ctx,
-- String hostname, final SslContext sslContext)
-- throws Exception {
--
-- boolean success = false;
-- try {
-- // The SniHandler's replaceHandler() method allows us to implement custom behavior.
-- // As an example, we want to release() the SslContext upon channelInactive() or rather
-- // when the SslHandler closes it's SslEngine. If you take a close look at SslHandler
-- // you'll see that it's doing it in the #handlerRemoved0() method.
--
-- SSLEngine sslEngine = sslContext.newEngine(ctx.alloc());
-- try {
-- SslHandler customSslHandler = new CustomSslHandler(sslContext, sslEngine) {
-- @Override
-- public void handlerRemoved0(ChannelHandlerContext ctx) throws Exception {
-- try {
-- super.handlerRemoved0(ctx);
-- } finally {
-- releasePromise.trySuccess(null);
-- }
-- }
-- };
-- ctx.pipeline().replace(this, CustomSslHandler.class.getName(), customSslHandler);
-- success = true;
-- } finally {
-- if (!success) {
-- ReferenceCountUtil.safeRelease(sslEngine);
-- }
-- }
-- } finally {
-- if (!success) {
-- ReferenceCountUtil.safeRelease(sslContext);
-- releasePromise.cancel(true);
-- }
-- }
-- }
-- };
--
-- ServerBootstrap sb = new ServerBootstrap();
-- sc = sb.group(group).channel(LocalServerChannel.class)
-- .childHandler(new ChannelInitializer<Channel>() {
-- @Override
-- protected void initChannel(Channel ch) throws Exception {
-- ch.pipeline().addFirst(handler);
-- }
-- }).bind(address).syncUninterruptibly().channel();
--
-- sslContext = SslContextBuilder.forClient().sslProvider(provider)
-- .trustManager(InsecureTrustManagerFactory.INSTANCE).build();
--
-- Bootstrap cb = new Bootstrap();
-- cc = cb.group(group).channel(LocalChannel.class).handler(new SslHandler(
-- sslContext.newEngine(ByteBufAllocator.DEFAULT, sniHost, -1)))
-- .connect(address).syncUninterruptibly().channel();
--
-- cc.writeAndFlush(Unpooled.wrappedBuffer("Hello, World!".getBytes()))
-- .syncUninterruptibly();
--
-- // Notice how the server's SslContext refCnt is 1
-- assertEquals(1, ((ReferenceCounted) sslServerContext).refCnt());
--
-- // The client disconnects
-- cc.close().syncUninterruptibly();
-- if (!releasePromise.awaitUninterruptibly(10L, TimeUnit.SECONDS)) {
-- throw new IllegalStateException("It doesn't seem #replaceHandler() got called.");
-- }
--
-- // We should have successfully release() the SslContext
-- assertEquals(0, ((ReferenceCounted) sslServerContext).refCnt());
-- } finally {
-- if (cc != null) {
-- cc.close().syncUninterruptibly();
-- }
-- if (sc != null) {
-- sc.close().syncUninterruptibly();
-- }
-- if (sslContext != null) {
-- ReferenceCountUtil.release(sslContext);
-- }
-- group.shutdownGracefully();
--
-- cert.delete();
-- }
-- case JDK:
-- return;
-- default:
-- throw new Error();
-- }
-- }
--
-- /**
-- * This is a {@link SslHandler} that will call {@code release()} on the {@link SslContext} when
-- * the client disconnects.
-- *
-- * @see SniHandlerTest#testReplaceHandler()
-- */
-- private static class CustomSslHandler extends SslHandler {
-- private final SslContext sslContext;
--
-- public CustomSslHandler(SslContext sslContext, SSLEngine sslEngine) {
-- super(sslEngine);
-- this.sslContext = ObjectUtil.checkNotNull(sslContext, "sslContext");
-- }
--
-- @Override
-- public void handlerRemoved0(ChannelHandlerContext ctx) throws Exception {
-- super.handlerRemoved0(ctx);
-- ReferenceCountUtil.release(sslContext);
-- }
-- }
--
-- private static void releaseAll(SslContext... contexts) {
-- for (SslContext ctx: contexts) {
-- ReferenceCountUtil.release(ctx);
-- }
-- }
--}
-diff --git a/handler/src/test/java/io/netty/handler/ssl/SslContextBuilderTest.java b/handler/src/test/java/io/netty/handler/ssl/SslContextBuilderTest.java
-deleted file mode 100644
-index 752424c..0000000
---- a/handler/src/test/java/io/netty/handler/ssl/SslContextBuilderTest.java
-+++ /dev/null
-@@ -1,132 +0,0 @@
--/*
-- * Copyright 2015 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import static org.junit.Assert.assertFalse;
--import static org.junit.Assert.assertTrue;
--
--import io.netty.buffer.UnpooledByteBufAllocator;
--import io.netty.handler.ssl.util.SelfSignedCertificate;
--import org.junit.Assume;
--import org.junit.Test;
--
--import javax.net.ssl.SSLEngine;
--
--public class SslContextBuilderTest {
--
-- @Test
-- public void testClientContextFromFileJdk() throws Exception {
-- testClientContextFromFile(SslProvider.JDK);
-- }
--
-- @Test
-- public void testClientContextFromFileOpenssl() throws Exception {
-- Assume.assumeTrue(OpenSsl.isAvailable());
-- testClientContextFromFile(SslProvider.OPENSSL);
-- }
--
-- @Test
-- public void testClientContextJdk() throws Exception {
-- testClientContext(SslProvider.JDK);
-- }
--
-- @Test
-- public void testClientContextOpenssl() throws Exception {
-- Assume.assumeTrue(OpenSsl.isAvailable());
-- testClientContext(SslProvider.OPENSSL);
-- }
--
-- @Test
-- public void testServerContextFromFileJdk() throws Exception {
-- testServerContextFromFile(SslProvider.JDK);
-- }
--
-- @Test
-- public void testServerContextFromFileOpenssl() throws Exception {
-- Assume.assumeTrue(OpenSsl.isAvailable());
-- testServerContextFromFile(SslProvider.OPENSSL);
-- }
--
-- @Test
-- public void testServerContextJdk() throws Exception {
-- testServerContext(SslProvider.JDK);
-- }
--
-- @Test
-- public void testServerContextOpenssl() throws Exception {
-- Assume.assumeTrue(OpenSsl.isAvailable());
-- testServerContext(SslProvider.OPENSSL);
-- }
--
-- private static void testClientContextFromFile(SslProvider provider) throws Exception {
-- SelfSignedCertificate cert = new SelfSignedCertificate();
-- SslContextBuilder builder = SslContextBuilder.forClient()
-- .sslProvider(provider)
-- .keyManager(cert.certificate(),
-- cert.privateKey())
-- .trustManager(cert.certificate())
-- .clientAuth(ClientAuth.OPTIONAL);
-- SslContext context = builder.build();
-- SSLEngine engine = context.newEngine(UnpooledByteBufAllocator.DEFAULT);
-- assertFalse(engine.getWantClientAuth());
-- assertFalse(engine.getNeedClientAuth());
-- engine.closeInbound();
-- engine.closeOutbound();
-- }
--
-- private static void testClientContext(SslProvider provider) throws Exception {
-- SelfSignedCertificate cert = new SelfSignedCertificate();
-- SslContextBuilder builder = SslContextBuilder.forClient()
-- .sslProvider(provider)
-- .keyManager(cert.key(), cert.cert())
-- .trustManager(cert.cert())
-- .clientAuth(ClientAuth.OPTIONAL);
-- SslContext context = builder.build();
-- SSLEngine engine = context.newEngine(UnpooledByteBufAllocator.DEFAULT);
-- assertFalse(engine.getWantClientAuth());
-- assertFalse(engine.getNeedClientAuth());
-- engine.closeInbound();
-- engine.closeOutbound();
-- }
--
-- private static void testServerContextFromFile(SslProvider provider) throws Exception {
-- SelfSignedCertificate cert = new SelfSignedCertificate();
-- SslContextBuilder builder = SslContextBuilder.forServer(cert.certificate(), cert.privateKey())
-- .sslProvider(provider)
-- .trustManager(cert.certificate())
-- .clientAuth(ClientAuth.OPTIONAL);
-- SslContext context = builder.build();
-- SSLEngine engine = context.newEngine(UnpooledByteBufAllocator.DEFAULT);
-- assertTrue(engine.getWantClientAuth());
-- assertFalse(engine.getNeedClientAuth());
-- engine.closeInbound();
-- engine.closeOutbound();
-- }
--
-- private static void testServerContext(SslProvider provider) throws Exception {
-- SelfSignedCertificate cert = new SelfSignedCertificate();
-- SslContextBuilder builder = SslContextBuilder.forServer(cert.key(), cert.cert())
-- .sslProvider(provider)
-- .trustManager(cert.cert())
-- .clientAuth(ClientAuth.REQUIRE);
-- SslContext context = builder.build();
-- SSLEngine engine = context.newEngine(UnpooledByteBufAllocator.DEFAULT);
-- assertFalse(engine.getWantClientAuth());
-- assertTrue(engine.getNeedClientAuth());
-- engine.closeInbound();
-- engine.closeOutbound();
-- }
--}
-diff --git a/handler/src/test/java/io/netty/handler/ssl/SslErrorTest.java b/handler/src/test/java/io/netty/handler/ssl/SslErrorTest.java
-deleted file mode 100644
-index aacdb69..0000000
---- a/handler/src/test/java/io/netty/handler/ssl/SslErrorTest.java
-+++ /dev/null
-@@ -1,255 +0,0 @@
--/*
-- * Copyright 2016 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import io.netty.bootstrap.Bootstrap;
--import io.netty.bootstrap.ServerBootstrap;
--import io.netty.channel.Channel;
--import io.netty.channel.ChannelHandlerContext;
--import io.netty.channel.ChannelInboundHandlerAdapter;
--import io.netty.channel.ChannelInitializer;
--import io.netty.channel.EventLoopGroup;
--import io.netty.channel.nio.NioEventLoopGroup;
--import io.netty.channel.socket.nio.NioServerSocketChannel;
--import io.netty.channel.socket.nio.NioSocketChannel;
--import io.netty.handler.logging.LogLevel;
--import io.netty.handler.logging.LoggingHandler;
--import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
--import io.netty.handler.ssl.util.SelfSignedCertificate;
--import io.netty.handler.ssl.util.SimpleTrustManagerFactory;
--import io.netty.util.ReferenceCountUtil;
--import io.netty.util.concurrent.Promise;
--import io.netty.util.internal.EmptyArrays;
--import org.junit.Assume;
--import org.junit.Test;
--import org.junit.runner.RunWith;
--import org.junit.runners.Parameterized;
--
--import javax.net.ssl.ManagerFactoryParameters;
--import javax.net.ssl.SSLException;
--import javax.net.ssl.TrustManager;
--import javax.net.ssl.X509TrustManager;
--import javax.security.auth.x500.X500Principal;
--import java.io.File;
--import java.security.KeyStore;
--import java.security.cert.CRLReason;
--import java.security.cert.CertPathValidatorException;
--import java.security.cert.CertificateException;
--import java.security.cert.CertificateExpiredException;
--import java.security.cert.CertificateNotYetValidException;
--import java.security.cert.CertificateRevokedException;
--import java.security.cert.Extension;
--import java.security.cert.X509Certificate;
--import java.util.ArrayList;
--import java.util.Collection;
--import java.util.Collections;
--import java.util.Date;
--import java.util.List;
--import java.util.Locale;
--
--
--(a)RunWith(Parameterized.class)
--public class SslErrorTest {
--
-- @Parameterized.Parameters(name = "{index}: serverProvider = {0}, clientProvider = {1}, exception = {2}")
-- public static Collection<Object[]> data() {
-- List<SslProvider> serverProviders = new ArrayList<SslProvider>(2);
-- List<SslProvider> clientProviders = new ArrayList<SslProvider>(3);
--
-- if (OpenSsl.isAvailable()) {
-- serverProviders.add(SslProvider.OPENSSL);
-- serverProviders.add(SslProvider.OPENSSL_REFCNT);
-- clientProviders.add(SslProvider.OPENSSL);
-- clientProviders.add(SslProvider.OPENSSL_REFCNT);
-- }
-- // We not test with SslProvider.JDK on the server side as the JDK implementation currently just send the same
-- // alert all the time, sigh.....
-- clientProviders.add(SslProvider.JDK);
--
-- List<CertificateException> exceptions = new ArrayList<CertificateException>(6);
-- exceptions.add(new CertificateExpiredException());
-- exceptions.add(new CertificateNotYetValidException());
-- exceptions.add(new CertificateRevokedException(
-- new Date(), CRLReason.AA_COMPROMISE, new X500Principal(""),
-- Collections.<String, Extension>emptyMap()));
--
-- // Also use wrapped exceptions as this is what the JDK implementation of X509TrustManagerFactory is doing.
-- exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.EXPIRED));
-- exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.NOT_YET_VALID));
-- exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.REVOKED));
--
-- List<Object[]> params = new ArrayList<Object[]>();
-- for (SslProvider serverProvider: serverProviders) {
-- for (SslProvider clientProvider: clientProviders) {
-- for (CertificateException exception: exceptions) {
-- params.add(new Object[] { serverProvider, clientProvider, exception});
-- }
-- }
-- }
-- return params;
-- }
--
-- private static CertificateException newCertificateException(CertPathValidatorException.Reason reason) {
-- return new TestCertificateException(
-- new CertPathValidatorException("x", null, null, -1, reason));
-- }
--
-- private final SslProvider serverProvider;
-- private final SslProvider clientProvider;
-- private final CertificateException exception;
--
-- public SslErrorTest(SslProvider serverProvider, SslProvider clientProvider, CertificateException exception) {
-- this.serverProvider = serverProvider;
-- this.clientProvider = clientProvider;
-- this.exception = exception;
-- }
--
-- @Test(timeout = 30000)
-- public void testCorrectAlert() throws Exception {
-- // As this only works correctly at the moment when OpenSslEngine is used on the server-side there is
-- // no need to run it if there is no openssl is available at all.
-- Assume.assumeTrue(OpenSsl.isAvailable());
--
-- SelfSignedCertificate ssc = new SelfSignedCertificate();
-- final SslContext sslServerCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
-- .sslProvider(serverProvider)
-- .trustManager(new SimpleTrustManagerFactory() {
-- @Override
-- protected void engineInit(KeyStore keyStore) { }
-- @Override
-- protected void engineInit(ManagerFactoryParameters managerFactoryParameters) { }
--
-- @Override
-- protected TrustManager[] engineGetTrustManagers() {
-- return new TrustManager[] { new X509TrustManager() {
--
-- @Override
-- public void checkClientTrusted(X509Certificate[] x509Certificates, String s)
-- throws CertificateException {
-- throw exception;
-- }
--
-- @Override
-- public void checkServerTrusted(X509Certificate[] x509Certificates, String s)
-- throws CertificateException {
-- // NOOP
-- }
--
-- @Override
-- public X509Certificate[] getAcceptedIssuers() {
-- return EmptyArrays.EMPTY_X509_CERTIFICATES;
-- }
-- } };
-- }
-- }).clientAuth(ClientAuth.REQUIRE).build();
--
-- final SslContext sslClientCtx = SslContextBuilder.forClient()
-- .trustManager(InsecureTrustManagerFactory.INSTANCE)
-- .keyManager(new File(getClass().getResource("test.crt").getFile()),
-- new File(getClass().getResource("test_unencrypted.pem").getFile()))
-- .sslProvider(clientProvider).build();
--
-- Channel serverChannel = null;
-- Channel clientChannel = null;
-- EventLoopGroup group = new NioEventLoopGroup();
-- try {
-- serverChannel = new ServerBootstrap().group(group)
-- .channel(NioServerSocketChannel.class)
-- .handler(new LoggingHandler(LogLevel.INFO))
-- .childHandler(new ChannelInitializer<Channel>() {
-- @Override
-- protected void initChannel(Channel ch) throws Exception {
-- ch.pipeline().addLast(sslServerCtx.newHandler(ch.alloc()));
-- ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {
--
-- @Override
-- public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
-- ctx.close();
-- }
-- });
-- }
-- }).bind(0).sync().channel();
--
-- final Promise<Void> promise = group.next().newPromise();
--
-- clientChannel = new Bootstrap().group(group)
-- .channel(NioSocketChannel.class)
-- .handler(new ChannelInitializer<Channel>() {
-- @Override
-- protected void initChannel(Channel ch) throws Exception {
-- ch.pipeline().addLast(sslClientCtx.newHandler(ch.alloc()));
-- ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {
-- @Override
-- public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
-- // Unwrap as its wrapped by a DecoderException
-- Throwable unwrappedCause = cause.getCause();
-- if (unwrappedCause instanceof SSLException) {
-- if (exception instanceof TestCertificateException) {
-- CertPathValidatorException.Reason reason =
-- ((CertPathValidatorException) exception.getCause()).getReason();
-- if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
-- verifyException(unwrappedCause, "expired", promise);
-- } else if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
-- verifyException(unwrappedCause, "bad", promise);
-- } else if (reason == CertPathValidatorException.BasicReason.REVOKED) {
-- verifyException(unwrappedCause, "revoked", promise);
-- }
-- } else if (exception instanceof CertificateExpiredException) {
-- verifyException(unwrappedCause, "expired", promise);
-- } else if (exception instanceof CertificateNotYetValidException) {
-- verifyException(unwrappedCause, "bad", promise);
-- } else if (exception instanceof CertificateRevokedException) {
-- verifyException(unwrappedCause, "revoked", promise);
-- }
-- }
-- }
-- });
-- }
-- }).connect(serverChannel.localAddress()).syncUninterruptibly().channel();
-- // Block until we received the correct exception
-- promise.syncUninterruptibly();
-- } finally {
-- if (clientChannel != null) {
-- clientChannel.close().syncUninterruptibly();
-- }
-- if (serverChannel != null) {
-- serverChannel.close().syncUninterruptibly();
-- }
-- group.shutdownGracefully();
--
-- ReferenceCountUtil.release(sslServerCtx);
-- ReferenceCountUtil.release(sslClientCtx);
-- }
-- }
--
-- // Its a bit hacky to verify against the message that is part of the exception but there is no other way
-- // at the moment as there are no different exceptions for the different alerts.
-- private static void verifyException(Throwable cause, String messagePart, Promise<Void> promise) {
-- String message = cause.getMessage();
-- if (message.toLowerCase(Locale.UK).contains(messagePart.toLowerCase(Locale.UK))) {
-- promise.setSuccess(null);
-- } else {
-- promise.setFailure(new AssertionError("message not contains '" + messagePart + "': " + message));
-- }
-- }
--
-- private static final class TestCertificateException extends CertificateException {
--
-- public TestCertificateException(Throwable cause) {
-- super(cause);
-- }
-- }
--}
-diff --git a/handler/src/test/java/io/netty/handler/ssl/SslHandlerTest.java b/handler/src/test/java/io/netty/handler/ssl/SslHandlerTest.java
-index 5ef43de..52c4d22 100644
---- a/handler/src/test/java/io/netty/handler/ssl/SslHandlerTest.java
-+++ b/handler/src/test/java/io/netty/handler/ssl/SslHandlerTest.java
-@@ -121,35 +121,6 @@ public class SslHandlerTest {
- }
- }
-
-- @Test
-- public void testReleaseSslEngine() throws Exception {
-- assumeTrue(OpenSsl.isAvailable());
--
-- SelfSignedCertificate cert = new SelfSignedCertificate();
-- try {
-- SslContext sslContext = SslContextBuilder.forServer(cert.certificate(), cert.privateKey())
-- .sslProvider(SslProvider.OPENSSL)
-- .build();
-- try {
-- SSLEngine sslEngine = sslContext.newEngine(ByteBufAllocator.DEFAULT);
-- EmbeddedChannel ch = new EmbeddedChannel(new SslHandler(sslEngine));
--
-- assertEquals(1, ((ReferenceCounted) sslContext).refCnt());
-- assertEquals(1, ((ReferenceCounted) sslEngine).refCnt());
--
-- assertTrue(ch.finishAndReleaseAll());
-- ch.close().syncUninterruptibly();
--
-- assertEquals(1, ((ReferenceCounted) sslContext).refCnt());
-- assertEquals(0, ((ReferenceCounted) sslEngine).refCnt());
-- } finally {
-- ReferenceCountUtil.release(sslContext);
-- }
-- } finally {
-- cert.delete();
-- }
-- }
--
- private static final class TlsReadTest extends ChannelOutboundHandlerAdapter {
- private volatile boolean readIssued;
-
-@@ -279,13 +250,6 @@ public class SslHandlerTest {
- testAlertProducedAndSend(SslProvider.JDK);
- }
-
-- @Test(timeout = 30000)
-- public void testAlertProducedAndSendOpenSsl() throws Exception {
-- assumeTrue(OpenSsl.isAvailable());
-- testAlertProducedAndSend(SslProvider.OPENSSL);
-- testAlertProducedAndSend(SslProvider.OPENSSL_REFCNT);
-- }
--
- private void testAlertProducedAndSend(SslProvider provider) throws Exception {
- SelfSignedCertificate ssc = new SelfSignedCertificate();
-
-@@ -425,12 +389,6 @@ public class SslHandlerTest {
- testCloseNotify(SslProvider.JDK, 5000, false);
- }
-
-- @Test(timeout = 30000)
-- public void testCloseNotifyReceivedOpenSsl() throws Exception {
-- assumeTrue(OpenSsl.isAvailable());
-- testCloseNotify(SslProvider.OPENSSL, 5000, false);
-- testCloseNotify(SslProvider.OPENSSL_REFCNT, 5000, false);
-- }
-
- @Test(timeout = 30000)
- public void testCloseNotifyReceivedJdkTimeout() throws Exception {
-@@ -438,24 +396,10 @@ public class SslHandlerTest {
- }
-
- @Test(timeout = 30000)
-- public void testCloseNotifyReceivedOpenSslTimeout() throws Exception {
-- assumeTrue(OpenSsl.isAvailable());
-- testCloseNotify(SslProvider.OPENSSL, 100, true);
-- testCloseNotify(SslProvider.OPENSSL_REFCNT, 100, true);
-- }
--
-- @Test(timeout = 30000)
- public void testCloseNotifyNotWaitForResponseJdk() throws Exception {
- testCloseNotify(SslProvider.JDK, 0, false);
- }
-
-- @Test(timeout = 30000)
-- public void testCloseNotifyNotWaitForResponseOpenSsl() throws Exception {
-- assumeTrue(OpenSsl.isAvailable());
-- testCloseNotify(SslProvider.OPENSSL, 0, false);
-- testCloseNotify(SslProvider.OPENSSL_REFCNT, 0, false);
-- }
--
- private static void testCloseNotify(SslProvider provider, final long closeNotifyReadTimeout, final boolean timeout)
- throws Exception {
- SelfSignedCertificate ssc = new SelfSignedCertificate();
-@@ -720,7 +664,7 @@ public class SslHandlerTest {
- switch (provider) {
- case OPENSSL:
- case OPENSSL_REFCNT:
-- return OpenSsl.isAvailable();
-+ return false;
- default:
- return true;
- }
-diff --git a/handler/src/test/java/io/netty/handler/ssl/ocsp/OcspTest.java b/handler/src/test/java/io/netty/handler/ssl/ocsp/OcspTest.java
-deleted file mode 100644
-index 4aecc74..0000000
---- a/handler/src/test/java/io/netty/handler/ssl/ocsp/OcspTest.java
-+++ /dev/null
-@@ -1,501 +0,0 @@
--/*
-- * Copyright 2017 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--
--package io.netty.handler.ssl.ocsp;
--
--import io.netty.bootstrap.Bootstrap;
--import io.netty.bootstrap.ServerBootstrap;
--import io.netty.buffer.ByteBufAllocator;
--import io.netty.buffer.Unpooled;
--import io.netty.channel.Channel;
--import io.netty.channel.ChannelHandler;
--import io.netty.channel.ChannelHandlerContext;
--import io.netty.channel.ChannelInboundHandlerAdapter;
--import io.netty.channel.ChannelInitializer;
--import io.netty.channel.ChannelPipeline;
--import io.netty.channel.DefaultEventLoopGroup;
--import io.netty.channel.EventLoopGroup;
--import io.netty.channel.local.LocalAddress;
--import io.netty.channel.local.LocalChannel;
--import io.netty.channel.local.LocalServerChannel;
--import io.netty.handler.ssl.OpenSsl;
--import io.netty.handler.ssl.ReferenceCountedOpenSslEngine;
--import io.netty.handler.ssl.SslContext;
--import io.netty.handler.ssl.SslContextBuilder;
--import io.netty.handler.ssl.SslHandler;
--import io.netty.handler.ssl.SslProvider;
--import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
--import io.netty.handler.ssl.util.SelfSignedCertificate;
--import io.netty.util.CharsetUtil;
--import io.netty.util.ReferenceCountUtil;
--
--import java.net.SocketAddress;
--import java.util.concurrent.CountDownLatch;
--import java.util.concurrent.TimeUnit;
--import java.util.concurrent.TimeoutException;
--import java.util.concurrent.atomic.AtomicReference;
--
--import javax.net.ssl.SSLHandshakeException;
--
--import org.junit.BeforeClass;
--import org.junit.Test;
--
--import static org.junit.Assert.assertArrayEquals;
--import static org.junit.Assert.assertNotNull;
--import static org.junit.Assert.assertNotSame;
--import static org.junit.Assert.assertNull;
--import static org.junit.Assert.assertSame;
--import static org.junit.Assert.assertTrue;
--import static org.junit.Assume.assumeTrue;
--
--public class OcspTest {
--
-- @BeforeClass
-- public static void checkOcspSupported() {
-- assumeTrue(OpenSsl.isOcspSupported());
-- }
--
-- @Test(expected = IllegalArgumentException.class)
-- public void testJdkClientEnableOcsp() throws Exception {
-- SslContextBuilder.forClient()
-- .sslProvider(SslProvider.JDK)
-- .enableOcsp(true)
-- .build();
-- }
--
-- @Test(expected = IllegalArgumentException.class)
-- public void testJdkServerEnableOcsp() throws Exception {
-- SelfSignedCertificate ssc = new SelfSignedCertificate();
-- try {
-- SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
-- .sslProvider(SslProvider.JDK)
-- .enableOcsp(true)
-- .build();
-- } finally {
-- ssc.delete();
-- }
-- }
--
-- @Test(expected = IllegalStateException.class)
-- public void testClientOcspNotEnabledOpenSsl() throws Exception {
-- testClientOcspNotEnabled(SslProvider.OPENSSL);
-- }
--
-- @Test(expected = IllegalStateException.class)
-- public void testClientOcspNotEnabledOpenSslRefCnt() throws Exception {
-- testClientOcspNotEnabled(SslProvider.OPENSSL_REFCNT);
-- }
--
-- private void testClientOcspNotEnabled(SslProvider sslProvider) throws Exception {
-- SslContext context = SslContextBuilder.forClient()
-- .sslProvider(sslProvider)
-- .build();
-- try {
-- SslHandler sslHandler = context.newHandler(ByteBufAllocator.DEFAULT);
-- ReferenceCountedOpenSslEngine engine = (ReferenceCountedOpenSslEngine) sslHandler.engine();
-- try {
-- engine.getOcspResponse();
-- } finally {
-- engine.release();
-- }
-- } finally {
-- ReferenceCountUtil.release(context);
-- }
-- }
--
-- @Test(expected = IllegalStateException.class)
-- public void testServerOcspNotEnabledOpenSsl() throws Exception {
-- testServerOcspNotEnabled(SslProvider.OPENSSL);
-- }
--
-- @Test(expected = IllegalStateException.class)
-- public void testServerOcspNotEnabledOpenSslRefCnt() throws Exception {
-- testServerOcspNotEnabled(SslProvider.OPENSSL_REFCNT);
-- }
--
-- private void testServerOcspNotEnabled(SslProvider sslProvider) throws Exception {
-- SelfSignedCertificate ssc = new SelfSignedCertificate();
-- try {
-- SslContext context = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
-- .sslProvider(sslProvider)
-- .build();
-- try {
-- SslHandler sslHandler = context.newHandler(ByteBufAllocator.DEFAULT);
-- ReferenceCountedOpenSslEngine engine = (ReferenceCountedOpenSslEngine) sslHandler.engine();
-- try {
-- engine.setOcspResponse(new byte[] { 1, 2, 3 });
-- } finally {
-- engine.release();
-- }
-- } finally {
-- ReferenceCountUtil.release(context);
-- }
-- } finally {
-- ssc.delete();
-- }
-- }
--
-- @Test(timeout = 10000L)
-- public void testClientAcceptingOcspStapleOpenSsl() throws Exception {
-- testClientAcceptingOcspStaple(SslProvider.OPENSSL);
-- }
--
-- @Test(timeout = 10000L)
-- public void testClientAcceptingOcspStapleOpenSslRefCnt() throws Exception {
-- testClientAcceptingOcspStaple(SslProvider.OPENSSL_REFCNT);
-- }
--
-- /**
-- * The Server provides an OCSP staple and the Client accepts it.
-- */
-- private void testClientAcceptingOcspStaple(SslProvider sslProvider) throws Exception {
-- final CountDownLatch latch = new CountDownLatch(1);
-- ChannelInboundHandlerAdapter serverHandler = new ChannelInboundHandlerAdapter() {
-- @Override
-- public void channelActive(ChannelHandlerContext ctx) throws Exception {
-- ctx.writeAndFlush(Unpooled.wrappedBuffer("Hello, World!".getBytes()));
-- ctx.fireChannelActive();
-- }
-- };
--
-- ChannelInboundHandlerAdapter clientHandler = new ChannelInboundHandlerAdapter() {
-- @Override
-- public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
-- try {
-- ReferenceCountUtil.release(msg);
-- } finally {
-- latch.countDown();
-- }
-- }
-- };
--
-- byte[] response = newOcspResponse();
-- TestClientOcspContext callback = new TestClientOcspContext(true);
--
-- handshake(sslProvider, latch, serverHandler, response, clientHandler, callback);
--
-- byte[] actual = callback.response();
--
-- assertNotNull(actual);
-- assertNotSame(response, actual);
-- assertArrayEquals(response, actual);
-- }
--
-- @Test(timeout = 10000L)
-- public void testClientRejectingOcspStapleOpenSsl() throws Exception {
-- testClientRejectingOcspStaple(SslProvider.OPENSSL);
-- }
--
-- @Test(timeout = 10000L)
-- public void testClientRejectingOcspStapleOpenSslRefCnt() throws Exception {
-- testClientRejectingOcspStaple(SslProvider.OPENSSL_REFCNT);
-- }
--
-- /**
-- * The Server provides an OCSP staple and the Client rejects it.
-- */
-- private void testClientRejectingOcspStaple(SslProvider sslProvider) throws Exception {
-- final AtomicReference<Throwable> causeRef = new AtomicReference<Throwable>();
-- final CountDownLatch latch = new CountDownLatch(1);
--
-- ChannelInboundHandlerAdapter clientHandler = new ChannelInboundHandlerAdapter() {
-- @Override
-- public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {
-- try {
-- causeRef.set(cause);
-- } finally {
-- latch.countDown();
-- }
-- }
-- };
--
-- byte[] response = newOcspResponse();
-- TestClientOcspContext callback = new TestClientOcspContext(false);
--
-- handshake(sslProvider, latch, null, response, clientHandler, callback);
--
-- byte[] actual = callback.response();
--
-- assertNotNull(actual);
-- assertNotSame(response, actual);
-- assertArrayEquals(response, actual);
--
-- Throwable cause = causeRef.get();
-- assertTrue("" + cause, cause instanceof SSLHandshakeException);
-- }
--
-- @Test(timeout = 10000L)
-- public void testServerHasNoStapleOpenSsl() throws Exception {
-- testServerHasNoStaple(SslProvider.OPENSSL);
-- }
--
-- @Test(timeout = 10000L)
-- public void testServerHasNoStapleOpenSslRefCnt() throws Exception {
-- testServerHasNoStaple(SslProvider.OPENSSL_REFCNT);
-- }
--
-- /**
-- * The server has OCSP stapling enabled but doesn't provide a staple.
-- */
-- private void testServerHasNoStaple(SslProvider sslProvider) throws Exception {
-- final CountDownLatch latch = new CountDownLatch(1);
-- ChannelInboundHandlerAdapter serverHandler = new ChannelInboundHandlerAdapter() {
-- @Override
-- public void channelActive(ChannelHandlerContext ctx) throws Exception {
-- ctx.writeAndFlush(Unpooled.wrappedBuffer("Hello, World!".getBytes()));
-- ctx.fireChannelActive();
-- }
-- };
--
-- ChannelInboundHandlerAdapter clientHandler = new ChannelInboundHandlerAdapter() {
-- @Override
-- public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
-- try {
-- ReferenceCountUtil.release(msg);
-- } finally {
-- latch.countDown();
-- }
-- }
-- };
--
-- byte[] response = null;
-- TestClientOcspContext callback = new TestClientOcspContext(true);
--
-- handshake(sslProvider, latch, serverHandler, response, clientHandler, callback);
--
-- byte[] actual = callback.response();
--
-- assertNull(response);
-- assertNull(actual);
-- }
--
-- @Test(timeout = 10000L)
-- public void testClientExceptionOpenSsl() throws Exception {
-- testClientException(SslProvider.OPENSSL);
-- }
--
-- @Test(timeout = 10000L)
-- public void testClientExceptionOpenSslRefCnt() throws Exception {
-- testClientException(SslProvider.OPENSSL_REFCNT);
-- }
--
-- /**
-- * Testing what happens if the {@link OcspClientCallback} throws an {@link Exception}.
-- *
-- * The exception should bubble up on the client side and the connection should get closed.
-- */
-- private void testClientException(SslProvider sslProvider) throws Exception {
-- final AtomicReference<Throwable> causeRef = new AtomicReference<Throwable>();
-- final CountDownLatch latch = new CountDownLatch(1);
--
-- ChannelInboundHandlerAdapter clientHandler = new ChannelInboundHandlerAdapter() {
-- @Override
-- public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {
-- try {
-- causeRef.set(cause);
-- } finally {
-- latch.countDown();
-- }
-- }
-- };
--
-- final OcspTestException clientException = new OcspTestException("testClientException");
-- byte[] response = newOcspResponse();
-- OcspClientCallback callback = new OcspClientCallback() {
-- @Override
-- public boolean verify(byte[] response) throws Exception {
-- throw clientException;
-- }
-- };
--
-- handshake(sslProvider, latch, null, response, clientHandler, callback);
--
-- assertSame(clientException, causeRef.get());
-- }
--
-- private static void handshake(SslProvider sslProvider, CountDownLatch latch, ChannelHandler serverHandler,
-- byte[] response, ChannelHandler clientHandler, OcspClientCallback callback) throws Exception {
--
-- SelfSignedCertificate ssc = new SelfSignedCertificate();
-- try {
-- SslContext serverSslContext = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
-- .sslProvider(sslProvider)
-- .enableOcsp(true)
-- .build();
--
-- try {
-- SslContext clientSslContext = SslContextBuilder.forClient()
-- .sslProvider(sslProvider)
-- .enableOcsp(true)
-- .trustManager(InsecureTrustManagerFactory.INSTANCE)
-- .build();
--
-- try {
-- EventLoopGroup group = new DefaultEventLoopGroup();
-- try {
-- LocalAddress address = new LocalAddress("handshake-" + Math.random());
-- Channel server = newServer(group, address, serverSslContext, response, serverHandler);
-- Channel client = newClient(group, address, clientSslContext, callback, clientHandler);
-- try {
-- assertTrue("Something went wrong.", latch.await(10L, TimeUnit.SECONDS));
-- } finally {
-- client.close().syncUninterruptibly();
-- server.close().syncUninterruptibly();
-- }
-- } finally {
-- group.shutdownGracefully(1L, 1L, TimeUnit.SECONDS);
-- }
-- } finally {
-- ReferenceCountUtil.release(clientSslContext);
-- }
-- } finally {
-- ReferenceCountUtil.release(serverSslContext);
-- }
-- } finally {
-- ssc.delete();
-- }
-- }
--
-- private static Channel newServer(EventLoopGroup group, SocketAddress address,
-- SslContext context, byte[] response, ChannelHandler handler) {
--
-- ServerBootstrap bootstrap = new ServerBootstrap()
-- .channel(LocalServerChannel.class)
-- .group(group)
-- .childHandler(newServerHandler(context, response, handler));
--
-- return bootstrap.bind(address)
-- .syncUninterruptibly()
-- .channel();
-- }
--
-- private static Channel newClient(EventLoopGroup group, SocketAddress address,
-- SslContext context, OcspClientCallback callback, ChannelHandler handler) {
--
-- Bootstrap bootstrap = new Bootstrap()
-- .channel(LocalChannel.class)
-- .group(group)
-- .handler(newClientHandler(context, callback, handler));
--
-- return bootstrap.connect(address)
-- .syncUninterruptibly()
-- .channel();
-- }
--
-- private static ChannelHandler newServerHandler(final SslContext context,
-- final byte[] response, final ChannelHandler handler) {
-- return new ChannelInitializer<Channel>() {
-- @Override
-- protected void initChannel(Channel ch) throws Exception {
-- ChannelPipeline pipeline = ch.pipeline();
-- SslHandler sslHandler = context.newHandler(ch.alloc());
--
-- if (response != null) {
-- ReferenceCountedOpenSslEngine engine = (ReferenceCountedOpenSslEngine) sslHandler.engine();
-- engine.setOcspResponse(response);
-- }
--
-- pipeline.addLast(sslHandler);
--
-- if (handler != null) {
-- pipeline.addLast(handler);
-- }
-- }
-- };
-- }
--
-- private static ChannelHandler newClientHandler(final SslContext context,
-- final OcspClientCallback callback, final ChannelHandler handler) {
-- return new ChannelInitializer<Channel>() {
-- @Override
-- protected void initChannel(Channel ch) throws Exception {
-- ChannelPipeline pipeline = ch.pipeline();
--
-- SslHandler sslHandler = context.newHandler(ch.alloc());
-- ReferenceCountedOpenSslEngine engine = (ReferenceCountedOpenSslEngine) sslHandler.engine();
--
-- pipeline.addLast(sslHandler);
-- pipeline.addLast(new OcspClientCallbackHandler(engine, callback));
--
-- if (handler != null) {
-- pipeline.addLast(handler);
-- }
-- }
-- };
-- }
--
-- private static byte[] newOcspResponse() {
-- // Assume we got the OCSP staple from somewhere. Using a bogus byte[]
-- // in the test because getting a true staple from the CA is quite involved.
-- // It requires HttpCodec and Bouncycastle and the test may be very unreliable
-- // because the OCSP responder servers are basically being DDoS'd by the
-- // Internet.
--
-- return "I am a bogus OCSP staple. OpenSSL does not care about the format of the byte[]!"
-- .getBytes(CharsetUtil.US_ASCII);
-- }
--
-- private interface OcspClientCallback {
-- boolean verify(byte[] staple) throws Exception;
-- }
--
-- private static final class TestClientOcspContext implements OcspClientCallback {
--
-- private final CountDownLatch latch = new CountDownLatch(1);
-- private final boolean valid;
--
-- private volatile byte[] response;
--
-- public TestClientOcspContext(boolean valid) {
-- this.valid = valid;
-- }
--
-- public byte[] response() throws InterruptedException, TimeoutException {
-- assertTrue(latch.await(10L, TimeUnit.SECONDS));
-- return response;
-- }
--
-- @Override
-- public boolean verify(byte[] response) throws Exception {
-- this.response = response;
-- latch.countDown();
--
-- return valid;
-- }
-- }
--
-- private static final class OcspClientCallbackHandler extends OcspClientHandler {
--
-- private final OcspClientCallback callback;
--
-- public OcspClientCallbackHandler(ReferenceCountedOpenSslEngine engine, OcspClientCallback callback) {
-- super(engine);
-- this.callback = callback;
-- }
--
-- @Override
-- protected boolean verify(ChannelHandlerContext ctx, ReferenceCountedOpenSslEngine engine) throws Exception {
-- byte[] response = engine.getOcspResponse();
-- return callback.verify(response);
-- }
-- }
--
-- private static final class OcspTestException extends IllegalStateException {
-- public OcspTestException(String message) {
-- super(message);
-- }
-- }
--}
---
-2.9.4
-
diff --git a/0002-Remove-NPN-ALPN.patch b/0002-Remove-NPN-ALPN.patch
deleted file mode 100644
index 73749cc..0000000
--- a/0002-Remove-NPN-ALPN.patch
+++ /dev/null
@@ -1,884 +0,0 @@
-From cfb6f2a620525a94d6964c287792f2645bff4f4a Mon Sep 17 00:00:00 2001
-From: Severin Gehwolf <sgehwolf(a)redhat.com>
-Date: Thu, 20 Oct 2016 16:18:10 +0200
-Subject: [PATCH 2/2] Remove NPN ALPN
-
----
- .../ssl/JdkAlpnApplicationProtocolNegotiator.java | 120 ---------
- .../io/netty/handler/ssl/JdkAlpnSslEngine.java | 124 ----------
- .../ssl/JdkNpnApplicationProtocolNegotiator.java | 120 ---------
- .../java/io/netty/handler/ssl/JdkNpnSslEngine.java | 122 ---------
- .../java/io/netty/handler/ssl/JdkSslContext.java | 44 ----
- .../io/netty/handler/ssl/JdkSslEngineTest.java | 273 ---------------------
- 6 files changed, 803 deletions(-)
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JdkAlpnSslEngine.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JdkNpnSslEngine.java
-
-diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
-deleted file mode 100644
-index aaaf5b7..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
-+++ /dev/null
-@@ -1,120 +0,0 @@
--/*
-- * Copyright 2014 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import javax.net.ssl.SSLEngine;
--
--/**
-- * The {@link JdkApplicationProtocolNegotiator} to use if you need ALPN and are using {@link SslProvider#JDK}.
-- */
--public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator {
-- private static final SslEngineWrapperFactory ALPN_WRAPPER = new SslEngineWrapperFactory() {
-- {
-- if (!JdkAlpnSslEngine.isAvailable()) {
-- throw new RuntimeException("ALPN unsupported. Is your classpatch configured correctly?"
-- + " See http://www.eclipse.org/jetty/documentation/current/alpn-chapter.html#alpn...");
-- }
-- }
--
-- @Override
-- public SSLEngine wrapSslEngine(SSLEngine engine, JdkApplicationProtocolNegotiator applicationNegotiator,
-- boolean isServer) {
-- return new JdkAlpnSslEngine(engine, applicationNegotiator, isServer);
-- }
-- };
--
-- /**
-- * Create a new instance.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkAlpnApplicationProtocolNegotiator(Iterable<String> protocols) {
-- this(false, protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkAlpnApplicationProtocolNegotiator(String... protocols) {
-- this(false, protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkAlpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, Iterable<String> protocols) {
-- this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkAlpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, String... protocols) {
-- this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected.
-- * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkAlpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols,
-- boolean serverFailIfNoCommonProtocols, Iterable<String> protocols) {
-- this(serverFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY,
-- clientFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY,
-- protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected.
-- * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkAlpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols,
-- boolean serverFailIfNoCommonProtocols, String... protocols) {
-- this(serverFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY,
-- clientFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY,
-- protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param selectorFactory The factory which provides classes responsible for selecting the protocol.
-- * @param listenerFactory The factory which provides to be notified of which protocol was selected.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkAlpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory,
-- ProtocolSelectionListenerFactory listenerFactory, Iterable<String> protocols) {
-- super(ALPN_WRAPPER, selectorFactory, listenerFactory, protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param selectorFactory The factory which provides classes responsible for selecting the protocol.
-- * @param listenerFactory The factory which provides to be notified of which protocol was selected.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkAlpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory,
-- ProtocolSelectionListenerFactory listenerFactory, String... protocols) {
-- super(ALPN_WRAPPER, selectorFactory, listenerFactory, protocols);
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnSslEngine.java
-deleted file mode 100644
-index bdf3aca..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnSslEngine.java
-+++ /dev/null
-@@ -1,124 +0,0 @@
--/*
-- * Copyright 2014 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import static io.netty.util.internal.ObjectUtil.checkNotNull;
--import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectionListener;
--import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector;
--
--import java.util.LinkedHashSet;
--import java.util.List;
--
--import javax.net.ssl.SSLEngine;
--import javax.net.ssl.SSLException;
--import javax.net.ssl.SSLHandshakeException;
--
--import org.eclipse.jetty.alpn.ALPN;
--import org.eclipse.jetty.alpn.ALPN.ClientProvider;
--import org.eclipse.jetty.alpn.ALPN.ServerProvider;
--
--final class JdkAlpnSslEngine extends JdkSslEngine {
-- private static boolean available;
--
-- static boolean isAvailable() {
-- updateAvailability();
-- return available;
-- }
--
-- private static void updateAvailability() {
-- if (available) {
-- return;
-- }
--
-- try {
-- // Always use bootstrap class loader.
-- Class.forName("sun.security.ssl.ALPNExtension", true, null);
-- available = true;
-- } catch (Exception ignore) {
-- // alpn-boot was not loaded.
-- }
-- }
--
-- JdkAlpnSslEngine(SSLEngine engine, final JdkApplicationProtocolNegotiator applicationNegotiator, boolean server) {
-- super(engine);
-- checkNotNull(applicationNegotiator, "applicationNegotiator");
--
-- if (server) {
-- final ProtocolSelector protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory()
-- .newSelector(this, new LinkedHashSet<String>(applicationNegotiator.protocols())),
-- "protocolSelector");
-- ALPN.put(engine, new ServerProvider() {
-- @Override
-- public String select(List<String> protocols) throws SSLException {
-- try {
-- return protocolSelector.select(protocols);
-- } catch (SSLHandshakeException e) {
-- throw e;
-- } catch (Throwable t) {
-- SSLHandshakeException e = new SSLHandshakeException(t.getMessage());
-- e.initCause(t);
-- throw e;
-- }
-- }
--
-- @Override
-- public void unsupported() {
-- protocolSelector.unsupported();
-- }
-- });
-- } else {
-- final ProtocolSelectionListener protocolListener = checkNotNull(applicationNegotiator
-- .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()),
-- "protocolListener");
-- ALPN.put(engine, new ClientProvider() {
-- @Override
-- public List<String> protocols() {
-- return applicationNegotiator.protocols();
-- }
--
-- @Override
-- public void selected(String protocol) throws SSLException {
-- try {
-- protocolListener.selected(protocol);
-- } catch (SSLHandshakeException e) {
-- throw e;
-- } catch (Throwable t) {
-- SSLHandshakeException e = new SSLHandshakeException(t.getMessage());
-- e.initCause(t);
-- throw e;
-- }
-- }
--
-- @Override
-- public void unsupported() {
-- protocolListener.unsupported();
-- }
-- });
-- }
-- }
--
-- @Override
-- public void closeInbound() throws SSLException {
-- ALPN.remove(getWrappedEngine());
-- super.closeInbound();
-- }
--
-- @Override
-- public void closeOutbound() {
-- ALPN.remove(getWrappedEngine());
-- super.closeOutbound();
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java
-deleted file mode 100644
-index c893f05..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java
-+++ /dev/null
-@@ -1,120 +0,0 @@
--/*
-- * Copyright 2014 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import javax.net.ssl.SSLEngine;
--
--/**
-- * The {@link JdkApplicationProtocolNegotiator} to use if you need NPN and are using {@link SslProvider#JDK}.
-- */
--public final class JdkNpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator {
-- private static final SslEngineWrapperFactory NPN_WRAPPER = new SslEngineWrapperFactory() {
-- {
-- if (!JdkNpnSslEngine.isAvailable()) {
-- throw new RuntimeException("NPN unsupported. Is your classpatch configured correctly?"
-- + " See http://www.eclipse.org/jetty/documentation/current/npn-chapter.html#npn-s...");
-- }
-- }
--
-- @Override
-- public SSLEngine wrapSslEngine(SSLEngine engine, JdkApplicationProtocolNegotiator applicationNegotiator,
-- boolean isServer) {
-- return new JdkNpnSslEngine(engine, applicationNegotiator, isServer);
-- }
-- };
--
-- /**
-- * Create a new instance.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkNpnApplicationProtocolNegotiator(Iterable<String> protocols) {
-- this(false, protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkNpnApplicationProtocolNegotiator(String... protocols) {
-- this(false, protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkNpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, Iterable<String> protocols) {
-- this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkNpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, String... protocols) {
-- this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected.
-- * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkNpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols,
-- boolean serverFailIfNoCommonProtocols, Iterable<String> protocols) {
-- this(clientFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY,
-- serverFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY,
-- protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected.
-- * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkNpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols,
-- boolean serverFailIfNoCommonProtocols, String... protocols) {
-- this(clientFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY,
-- serverFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY,
-- protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param selectorFactory The factory which provides classes responsible for selecting the protocol.
-- * @param listenerFactory The factory which provides to be notified of which protocol was selected.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkNpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory,
-- ProtocolSelectionListenerFactory listenerFactory, Iterable<String> protocols) {
-- super(NPN_WRAPPER, selectorFactory, listenerFactory, protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param selectorFactory The factory which provides classes responsible for selecting the protocol.
-- * @param listenerFactory The factory which provides to be notified of which protocol was selected.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkNpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory,
-- ProtocolSelectionListenerFactory listenerFactory, String... protocols) {
-- super(NPN_WRAPPER, selectorFactory, listenerFactory, protocols);
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkNpnSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/JdkNpnSslEngine.java
-deleted file mode 100644
-index 422727a..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/JdkNpnSslEngine.java
-+++ /dev/null
-@@ -1,122 +0,0 @@
--/*
-- * Copyright 2014 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--
--package io.netty.handler.ssl;
--
--import static io.netty.util.internal.ObjectUtil.checkNotNull;
--import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectionListener;
--import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector;
--import io.netty.util.internal.PlatformDependent;
--
--import java.util.LinkedHashSet;
--import java.util.List;
--
--import javax.net.ssl.SSLEngine;
--import javax.net.ssl.SSLException;
--
--import org.eclipse.jetty.npn.NextProtoNego;
--import org.eclipse.jetty.npn.NextProtoNego.ClientProvider;
--import org.eclipse.jetty.npn.NextProtoNego.ServerProvider;
--
--final class JdkNpnSslEngine extends JdkSslEngine {
-- private static boolean available;
--
-- static boolean isAvailable() {
-- updateAvailability();
-- return available;
-- }
--
-- private static void updateAvailability() {
-- if (available) {
-- return;
-- }
-- try {
-- // Always use bootstrap class loader.
-- Class.forName("sun.security.ssl.NextProtoNegoExtension", true, null);
-- available = true;
-- } catch (Exception ignore) {
-- // npn-boot was not loaded.
-- }
-- }
--
-- JdkNpnSslEngine(SSLEngine engine, final JdkApplicationProtocolNegotiator applicationNegotiator, boolean server) {
-- super(engine);
-- checkNotNull(applicationNegotiator, "applicationNegotiator");
--
-- if (server) {
-- final ProtocolSelectionListener protocolListener = checkNotNull(applicationNegotiator
-- .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()),
-- "protocolListener");
-- NextProtoNego.put(engine, new ServerProvider() {
-- @Override
-- public void unsupported() {
-- protocolListener.unsupported();
-- }
--
-- @Override
-- public List<String> protocols() {
-- return applicationNegotiator.protocols();
-- }
--
-- @Override
-- public void protocolSelected(String protocol) {
-- try {
-- protocolListener.selected(protocol);
-- } catch (Throwable t) {
-- PlatformDependent.throwException(t);
-- }
-- }
-- });
-- } else {
-- final ProtocolSelector protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory()
-- .newSelector(this, new LinkedHashSet<String>(applicationNegotiator.protocols())),
-- "protocolSelector");
-- NextProtoNego.put(engine, new ClientProvider() {
-- @Override
-- public boolean supports() {
-- return true;
-- }
--
-- @Override
-- public void unsupported() {
-- protocolSelector.unsupported();
-- }
--
-- @Override
-- public String selectProtocol(List<String> protocols) {
-- try {
-- return protocolSelector.select(protocols);
-- } catch (Throwable t) {
-- PlatformDependent.throwException(t);
-- return null;
-- }
-- }
-- });
-- }
-- }
--
-- @Override
-- public void closeInbound() throws SSLException {
-- NextProtoNego.remove(getWrappedEngine());
-- super.closeInbound();
-- }
--
-- @Override
-- public void closeOutbound() {
-- NextProtoNego.remove(getWrappedEngine());
-- super.closeOutbound();
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java b/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
-index 0a120eb..cdad232 100644
---- a/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
-+++ b/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
-@@ -270,50 +270,6 @@ public class JdkSslContext extends SslContext {
- switch(config.protocol()) {
- case NONE:
- return JdkDefaultApplicationProtocolNegotiator.INSTANCE;
-- case ALPN:
-- if (isServer) {
-- switch(config.selectorFailureBehavior()) {
-- case FATAL_ALERT:
-- return new JdkAlpnApplicationProtocolNegotiator(true, config.supportedProtocols());
-- case NO_ADVERTISE:
-- return new JdkAlpnApplicationProtocolNegotiator(false, config.supportedProtocols());
-- default:
-- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
-- .append(config.selectorFailureBehavior()).append(" failure behavior").toString());
-- }
-- } else {
-- switch(config.selectedListenerFailureBehavior()) {
-- case ACCEPT:
-- return new JdkAlpnApplicationProtocolNegotiator(false, config.supportedProtocols());
-- case FATAL_ALERT:
-- return new JdkAlpnApplicationProtocolNegotiator(true, config.supportedProtocols());
-- default:
-- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
-- .append(config.selectedListenerFailureBehavior()).append(" failure behavior").toString());
-- }
-- }
-- case NPN:
-- if (isServer) {
-- switch(config.selectedListenerFailureBehavior()) {
-- case ACCEPT:
-- return new JdkNpnApplicationProtocolNegotiator(false, config.supportedProtocols());
-- case FATAL_ALERT:
-- return new JdkNpnApplicationProtocolNegotiator(true, config.supportedProtocols());
-- default:
-- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
-- .append(config.selectedListenerFailureBehavior()).append(" failure behavior").toString());
-- }
-- } else {
-- switch(config.selectorFailureBehavior()) {
-- case FATAL_ALERT:
-- return new JdkNpnApplicationProtocolNegotiator(true, config.supportedProtocols());
-- case NO_ADVERTISE:
-- return new JdkNpnApplicationProtocolNegotiator(false, config.supportedProtocols());
-- default:
-- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
-- .append(config.selectorFailureBehavior()).append(" failure behavior").toString());
-- }
-- }
- default:
- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
- .append(config.protocol()).append(" protocol").toString());
-diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
-index 9a57230..090f996 100644
---- a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
-+++ b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
-@@ -15,262 +15,15 @@
- */
- package io.netty.handler.ssl;
-
--import io.netty.handler.ssl.ApplicationProtocolConfig.Protocol;
--import io.netty.handler.ssl.ApplicationProtocolConfig.SelectedListenerFailureBehavior;
--import io.netty.handler.ssl.ApplicationProtocolConfig.SelectorFailureBehavior;
--import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector;
--import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectorFactory;
--import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
--import io.netty.handler.ssl.util.SelfSignedCertificate;
- import org.junit.Test;
-
--import javax.net.ssl.SSLEngine;
--import javax.net.ssl.SSLHandshakeException;
--import java.util.List;
--import java.util.Set;
--import java.util.concurrent.TimeUnit;
--
--import static org.junit.Assert.assertNull;
--import static org.junit.Assert.assertTrue;
--import static org.junit.Assume.assumeNoException;
--
- public class JdkSslEngineTest extends SSLEngineTest {
-- private static final String PREFERRED_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http2";
-- private static final String FALLBACK_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http1_1";
-- private static final String APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE = "my-protocol-FOO";
--
-- @Test
-- public void testNpn() throws Exception {
-- try {
-- // Typical code will not have to check this, but will get a initialization error on class load.
-- // Check in this test just in case we have multiple tests that just the class and we already ignored the
-- // initialization error.
-- if (!JdkNpnSslEngine.isAvailable()) {
-- throw tlsExtensionNotFound(Protocol.NPN);
-- }
-- ApplicationProtocolConfig apn = failingNegotiator(Protocol.NPN,
-- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
-- setupHandlers(apn);
-- runTest();
-- } catch (SkipTestException e) {
-- // NPN availability is dependent on the java version. If NPN is not available because of
-- // java version incompatibility don't fail the test, but instead just skip the test
-- assumeNoException(e);
-- }
-- }
--
-- @Test
-- public void testNpnNoCompatibleProtocolsNoHandshakeFailure() throws Exception {
-- try {
-- // Typical code will not have to check this, but will get a initialization error on class load.
-- // Check in this test just in case we have multiple tests that just the class and we already ignored the
-- // initialization error.
-- if (!JdkNpnSslEngine.isAvailable()) {
-- throw tlsExtensionNotFound(Protocol.NPN);
-- }
-- ApplicationProtocolConfig clientApn = acceptingNegotiator(Protocol.NPN,
-- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
-- ApplicationProtocolConfig serverApn = acceptingNegotiator(Protocol.NPN,
-- APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
-- setupHandlers(serverApn, clientApn);
-- runTest(null);
-- } catch (SkipTestException e) {
-- // ALPN availability is dependent on the java version. If ALPN is not available because of
-- // java version incompatibility don't fail the test, but instead just skip the test
-- assumeNoException(e);
-- }
-- }
--
-- @Test
-- public void testNpnNoCompatibleProtocolsClientHandshakeFailure() throws Exception {
-- try {
-- // Typical code will not have to check this, but will get a initialization error on class load.
-- // Check in this test just in case we have multiple tests that just the class and we already ignored the
-- // initialization error.
-- if (!JdkNpnSslEngine.isAvailable()) {
-- throw tlsExtensionNotFound(Protocol.NPN);
-- }
-- ApplicationProtocolConfig clientApn = failingNegotiator(Protocol.NPN,
-- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
-- ApplicationProtocolConfig serverApn = acceptingNegotiator(Protocol.NPN,
-- APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
-- setupHandlers(serverApn, clientApn);
-- assertTrue(clientLatch.await(2, TimeUnit.SECONDS));
-- assertTrue(clientException instanceof SSLHandshakeException);
-- } catch (SkipTestException e) {
-- // NPN availability is dependent on the java version. If NPN is not available because of
-- // java version incompatibility don't fail the test, but instead just skip the test
-- assumeNoException(e);
-- }
-- }
--
-- @Test
-- public void testNpnNoCompatibleProtocolsServerHandshakeFailure() throws Exception {
-- try {
-- // Typical code will not have to check this, but will get a initialization error on class load.
-- // Check in this test just in case we have multiple tests that just the class and we already ignored the
-- // initialization error.
-- if (!JdkNpnSslEngine.isAvailable()) {
-- throw tlsExtensionNotFound(Protocol.NPN);
-- }
-- ApplicationProtocolConfig clientApn = acceptingNegotiator(Protocol.NPN,
-- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
-- ApplicationProtocolConfig serverApn = failingNegotiator(Protocol.NPN,
-- APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
-- setupHandlers(serverApn, clientApn);
-- assertTrue(serverLatch.await(2, TimeUnit.SECONDS));
-- assertTrue(serverException instanceof SSLHandshakeException);
-- } catch (SkipTestException e) {
-- // NPN availability is dependent on the java version. If NPN is not available because of
-- // java version incompatibility don't fail the test, but instead just skip the test
-- assumeNoException(e);
-- }
-- }
--
-- @Test
-- public void testAlpn() throws Exception {
-- try {
-- // Typical code will not have to check this, but will get a initialization error on class load.
-- // Check in this test just in case we have multiple tests that just the class and we already ignored the
-- // initialization error.
-- if (!JdkAlpnSslEngine.isAvailable()) {
-- throw tlsExtensionNotFound(Protocol.ALPN);
-- }
-- ApplicationProtocolConfig apn = failingNegotiator(Protocol.ALPN,
-- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
-- setupHandlers(apn);
-- runTest();
-- } catch (SkipTestException e) {
-- // ALPN availability is dependent on the java version. If ALPN is not available because of
-- // java version incompatibility don't fail the test, but instead just skip the test
-- assumeNoException(e);
-- }
-- }
--
-- @Test
-- public void testAlpnNoCompatibleProtocolsNoHandshakeFailure() throws Exception {
-- try {
-- // Typical code will not have to check this, but will get a initialization error on class load.
-- // Check in this test just in case we have multiple tests that just the class and we already ignored the
-- // initialization error.
-- if (!JdkAlpnSslEngine.isAvailable()) {
-- throw tlsExtensionNotFound(Protocol.ALPN);
-- }
-- ApplicationProtocolConfig clientApn = acceptingNegotiator(Protocol.ALPN,
-- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
-- ApplicationProtocolConfig serverApn = acceptingNegotiator(Protocol.ALPN,
-- APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
-- setupHandlers(serverApn, clientApn);
-- runTest(null);
-- } catch (SkipTestException e) {
-- // ALPN availability is dependent on the java version. If ALPN is not available because of
-- // java version incompatibility don't fail the test, but instead just skip the test
-- assumeNoException(e);
-- }
-- }
--
-- @Test
-- public void testAlpnNoCompatibleProtocolsServerHandshakeFailure() throws Exception {
-- try {
-- // Typical code will not have to check this, but will get a initialization error on class load.
-- // Check in this test just in case we have multiple tests that just the class and we already ignored the
-- // initialization error.
-- if (!JdkAlpnSslEngine.isAvailable()) {
-- throw tlsExtensionNotFound(Protocol.ALPN);
-- }
-- ApplicationProtocolConfig clientApn = acceptingNegotiator(Protocol.ALPN,
-- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
-- ApplicationProtocolConfig serverApn = failingNegotiator(Protocol.ALPN,
-- APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
-- setupHandlers(serverApn, clientApn);
-- assertTrue(serverLatch.await(2, TimeUnit.SECONDS));
-- assertTrue(serverException instanceof SSLHandshakeException);
-- } catch (SkipTestException e) {
-- // ALPN availability is dependent on the java version. If ALPN is not available because of
-- // java version incompatibility don't fail the test, but instead just skip the test
-- assumeNoException(e);
-- }
-- }
--
-- @Test
-- public void testAlpnCompatibleProtocolsDifferentClientOrder() throws Exception {
-- try {
-- // Typical code will not have to check this, but will get a initialization error on class load.
-- // Check in this test just in case we have multiple tests that just the class and we already ignored the
-- // initialization error.
-- if (!JdkAlpnSslEngine.isAvailable()) {
-- throw tlsExtensionNotFound(Protocol.ALPN);
-- }
-- // Even the preferred application protocol appears second in the client's list, it will be picked
-- // because it's the first one on server's list.
-- ApplicationProtocolConfig clientApn = acceptingNegotiator(Protocol.ALPN,
-- FALLBACK_APPLICATION_LEVEL_PROTOCOL, PREFERRED_APPLICATION_LEVEL_PROTOCOL);
-- ApplicationProtocolConfig serverApn = failingNegotiator(Protocol.ALPN,
-- PREFERRED_APPLICATION_LEVEL_PROTOCOL, FALLBACK_APPLICATION_LEVEL_PROTOCOL);
-- setupHandlers(serverApn, clientApn);
-- assertNull(serverException);
-- runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
-- } catch (SkipTestException e) {
-- // ALPN availability is dependent on the java version. If ALPN is not available because of
-- // java version incompatibility don't fail the test, but instead just skip the test
-- assumeNoException(e);
-- }
-- }
--
-- @Test
-- public void testAlpnNoCompatibleProtocolsClientHandshakeFailure() throws Exception {
-- try {
-- // Typical code will not have to check this, but will get a initialization error on class load.
-- // Check in this test just in case we have multiple tests that just the class and we already ignored the
-- // initialization error.
-- if (!JdkAlpnSslEngine.isAvailable()) {
-- throw tlsExtensionNotFound(Protocol.ALPN);
-- }
-- SelfSignedCertificate ssc = new SelfSignedCertificate();
-- JdkApplicationProtocolNegotiator clientApn = new JdkAlpnApplicationProtocolNegotiator(true, true,
-- PREFERRED_APPLICATION_LEVEL_PROTOCOL);
-- JdkApplicationProtocolNegotiator serverApn = new JdkAlpnApplicationProtocolNegotiator(
-- new ProtocolSelectorFactory() {
-- @Override
-- public ProtocolSelector newSelector(SSLEngine engine, Set<String> supportedProtocols) {
-- return new ProtocolSelector() {
-- @Override
-- public void unsupported() {
-- }
--
-- @Override
-- public String select(List<String> protocols) {
-- return APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE;
-- }
-- };
-- }
-- }, JdkBaseApplicationProtocolNegotiator.FAIL_SELECTION_LISTENER_FACTORY,
-- APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
--
-- SslContext serverSslCtx = new JdkSslServerContext(ssc.certificate(), ssc.privateKey(), null, null,
-- IdentityCipherSuiteFilter.INSTANCE, serverApn, 0, 0);
-- SslContext clientSslCtx = new JdkSslClientContext(null, InsecureTrustManagerFactory.INSTANCE, null,
-- IdentityCipherSuiteFilter.INSTANCE, clientApn, 0, 0);
--
-- setupHandlers(serverSslCtx, clientSslCtx);
-- assertTrue(clientLatch.await(2, TimeUnit.SECONDS));
-- assertTrue(clientException instanceof SSLHandshakeException);
-- } catch (SkipTestException e) {
-- // ALPN availability is dependent on the java version. If ALPN is not available because of
-- // java version incompatibility don't fail the test, but instead just skip the test
-- assumeNoException(e);
-- }
-- }
-
- @Test
- public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
- testEnablingAnAlreadyDisabledSslProtocol(new String[]{}, new String[]{PROTOCOL_TLS_V1_2});
- }
-
-- private void runTest() throws Exception {
-- runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
-- }
--
- @Override
- protected SslProvider sslClientProvider() {
- return SslProvider.JDK;
-@@ -280,30 +33,4 @@ public class JdkSslEngineTest extends SSLEngineTest {
- protected SslProvider sslServerProvider() {
- return SslProvider.JDK;
- }
--
-- private ApplicationProtocolConfig failingNegotiator(Protocol protocol,
-- String... supportedProtocols) {
-- return new ApplicationProtocolConfig(protocol,
-- SelectorFailureBehavior.FATAL_ALERT,
-- SelectedListenerFailureBehavior.FATAL_ALERT,
-- supportedProtocols);
-- }
--
-- private ApplicationProtocolConfig acceptingNegotiator(Protocol protocol,
-- String... supportedProtocols) {
-- return new ApplicationProtocolConfig(protocol,
-- SelectorFailureBehavior.NO_ADVERTISE,
-- SelectedListenerFailureBehavior.ACCEPT,
-- supportedProtocols);
-- }
--
-- private SkipTestException tlsExtensionNotFound(Protocol protocol) {
-- throw new SkipTestException(protocol + " not on classpath");
-- }
--
-- private static final class SkipTestException extends RuntimeException {
-- public SkipTestException(String message) {
-- super(message);
-- }
-- }
- }
---
-2.7.4
-
diff --git a/0002-Remove-NPN.patch b/0002-Remove-NPN.patch
deleted file mode 100644
index 77a340a..0000000
--- a/0002-Remove-NPN.patch
+++ /dev/null
@@ -1,353 +0,0 @@
-From f7b8e27b5f55c4a21cf84fb56a616b8bfd4af8da Mon Sep 17 00:00:00 2001
-From: Michael Simacek <msimacek(a)redhat.com>
-Date: Fri, 7 Jul 2017 16:07:23 +0200
-Subject: [PATCH 2/3] Remove NPN
-
----
- handler/pom.xml | 5 -
- .../ssl/JdkNpnApplicationProtocolNegotiator.java | 120 --------------------
- .../java/io/netty/handler/ssl/JdkSslContext.java | 30 -----
- .../io/netty/handler/ssl/JettyNpnSslEngine.java | 122 ---------------------
- .../io/netty/handler/ssl/JdkSslEngineTest.java | 2 +-
- 5 files changed, 1 insertion(+), 278 deletions(-)
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java
-
-diff --git a/handler/pom.xml b/handler/pom.xml
-index d0ed1bc..52e63ca 100644
---- a/handler/pom.xml
-+++ b/handler/pom.xml
-@@ -55,11 +55,6 @@
- <optional>true</optional>
- </dependency>
- <dependency>
-- <groupId>org.eclipse.jetty.npn</groupId>
-- <artifactId>npn-api</artifactId>
-- <optional>true</optional>
-- </dependency>
-- <dependency>
- <groupId>org.eclipse.jetty.alpn</groupId>
- <artifactId>alpn-api</artifactId>
- <optional>true</optional>
-diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java
-deleted file mode 100644
-index 06b29b7..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/JdkNpnApplicationProtocolNegotiator.java
-+++ /dev/null
-@@ -1,120 +0,0 @@
--/*
-- * Copyright 2014 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import javax.net.ssl.SSLEngine;
--
--/**
-- * The {@link JdkApplicationProtocolNegotiator} to use if you need NPN and are using {@link SslProvider#JDK}.
-- */
--public final class JdkNpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator {
-- private static final SslEngineWrapperFactory NPN_WRAPPER = new SslEngineWrapperFactory() {
-- {
-- if (!JettyNpnSslEngine.isAvailable()) {
-- throw new RuntimeException("NPN unsupported. Is your classpath configured correctly?"
-- + " See https://wiki.eclipse.org/Jetty/Feature/NPN");
-- }
-- }
--
-- @Override
-- public SSLEngine wrapSslEngine(SSLEngine engine, JdkApplicationProtocolNegotiator applicationNegotiator,
-- boolean isServer) {
-- return new JettyNpnSslEngine(engine, applicationNegotiator, isServer);
-- }
-- };
--
-- /**
-- * Create a new instance.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkNpnApplicationProtocolNegotiator(Iterable<String> protocols) {
-- this(false, protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkNpnApplicationProtocolNegotiator(String... protocols) {
-- this(false, protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkNpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, Iterable<String> protocols) {
-- this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkNpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, String... protocols) {
-- this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected.
-- * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkNpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols,
-- boolean serverFailIfNoCommonProtocols, Iterable<String> protocols) {
-- this(clientFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY,
-- serverFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY,
-- protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected.
-- * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkNpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols,
-- boolean serverFailIfNoCommonProtocols, String... protocols) {
-- this(clientFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY,
-- serverFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY,
-- protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param selectorFactory The factory which provides classes responsible for selecting the protocol.
-- * @param listenerFactory The factory which provides to be notified of which protocol was selected.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkNpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory,
-- ProtocolSelectionListenerFactory listenerFactory, Iterable<String> protocols) {
-- super(NPN_WRAPPER, selectorFactory, listenerFactory, protocols);
-- }
--
-- /**
-- * Create a new instance.
-- * @param selectorFactory The factory which provides classes responsible for selecting the protocol.
-- * @param listenerFactory The factory which provides to be notified of which protocol was selected.
-- * @param protocols The order of iteration determines the preference of support for protocols.
-- */
-- public JdkNpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory,
-- ProtocolSelectionListenerFactory listenerFactory, String... protocols) {
-- super(NPN_WRAPPER, selectorFactory, listenerFactory, protocols);
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java b/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
-index 0ad6639..d5b86ff 100644
---- a/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
-+++ b/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java
-@@ -288,47 +288,17 @@ public class JdkSslContext extends SslContext {
- case ALPN:
- if (isServer) {
- switch(config.selectorFailureBehavior()) {
-- case FATAL_ALERT:
-- return new JdkAlpnApplicationProtocolNegotiator(true, config.supportedProtocols());
-- case NO_ADVERTISE:
-- return new JdkAlpnApplicationProtocolNegotiator(false, config.supportedProtocols());
- default:
- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
- .append(config.selectorFailureBehavior()).append(" failure behavior").toString());
- }
- } else {
- switch(config.selectedListenerFailureBehavior()) {
-- case ACCEPT:
-- return new JdkAlpnApplicationProtocolNegotiator(false, config.supportedProtocols());
-- case FATAL_ALERT:
-- return new JdkAlpnApplicationProtocolNegotiator(true, config.supportedProtocols());
- default:
- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
- .append(config.selectedListenerFailureBehavior()).append(" failure behavior").toString());
- }
- }
-- case NPN:
-- if (isServer) {
-- switch(config.selectedListenerFailureBehavior()) {
-- case ACCEPT:
-- return new JdkNpnApplicationProtocolNegotiator(false, config.supportedProtocols());
-- case FATAL_ALERT:
-- return new JdkNpnApplicationProtocolNegotiator(true, config.supportedProtocols());
-- default:
-- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
-- .append(config.selectedListenerFailureBehavior()).append(" failure behavior").toString());
-- }
-- } else {
-- switch(config.selectorFailureBehavior()) {
-- case FATAL_ALERT:
-- return new JdkNpnApplicationProtocolNegotiator(true, config.supportedProtocols());
-- case NO_ADVERTISE:
-- return new JdkNpnApplicationProtocolNegotiator(false, config.supportedProtocols());
-- default:
-- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
-- .append(config.selectorFailureBehavior()).append(" failure behavior").toString());
-- }
-- }
- default:
- throw new UnsupportedOperationException(new StringBuilder("JDK provider does not support ")
- .append(config.protocol()).append(" protocol").toString());
-diff --git a/handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java
-deleted file mode 100644
-index 77e7366..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/JettyNpnSslEngine.java
-+++ /dev/null
-@@ -1,122 +0,0 @@
--/*
-- * Copyright 2014 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--
--package io.netty.handler.ssl;
--
--import static io.netty.util.internal.ObjectUtil.checkNotNull;
--import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectionListener;
--import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector;
--import io.netty.util.internal.PlatformDependent;
--
--import java.util.LinkedHashSet;
--import java.util.List;
--
--import javax.net.ssl.SSLEngine;
--import javax.net.ssl.SSLException;
--
--import org.eclipse.jetty.npn.NextProtoNego;
--import org.eclipse.jetty.npn.NextProtoNego.ClientProvider;
--import org.eclipse.jetty.npn.NextProtoNego.ServerProvider;
--
--final class JettyNpnSslEngine extends JdkSslEngine {
-- private static boolean available;
--
-- static boolean isAvailable() {
-- updateAvailability();
-- return available;
-- }
--
-- private static void updateAvailability() {
-- if (available) {
-- return;
-- }
-- try {
-- // Always use bootstrap class loader.
-- Class.forName("sun.security.ssl.NextProtoNegoExtension", true, null);
-- available = true;
-- } catch (Exception ignore) {
-- // npn-boot was not loaded.
-- }
-- }
--
-- JettyNpnSslEngine(SSLEngine engine, final JdkApplicationProtocolNegotiator applicationNegotiator, boolean server) {
-- super(engine);
-- checkNotNull(applicationNegotiator, "applicationNegotiator");
--
-- if (server) {
-- final ProtocolSelectionListener protocolListener = checkNotNull(applicationNegotiator
-- .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()),
-- "protocolListener");
-- NextProtoNego.put(engine, new ServerProvider() {
-- @Override
-- public void unsupported() {
-- protocolListener.unsupported();
-- }
--
-- @Override
-- public List<String> protocols() {
-- return applicationNegotiator.protocols();
-- }
--
-- @Override
-- public void protocolSelected(String protocol) {
-- try {
-- protocolListener.selected(protocol);
-- } catch (Throwable t) {
-- PlatformDependent.throwException(t);
-- }
-- }
-- });
-- } else {
-- final ProtocolSelector protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory()
-- .newSelector(this, new LinkedHashSet<String>(applicationNegotiator.protocols())),
-- "protocolSelector");
-- NextProtoNego.put(engine, new ClientProvider() {
-- @Override
-- public boolean supports() {
-- return true;
-- }
--
-- @Override
-- public void unsupported() {
-- protocolSelector.unsupported();
-- }
--
-- @Override
-- public String selectProtocol(List<String> protocols) {
-- try {
-- return protocolSelector.select(protocols);
-- } catch (Throwable t) {
-- PlatformDependent.throwException(t);
-- return null;
-- }
-- }
-- });
-- }
-- }
--
-- @Override
-- public void closeInbound() throws SSLException {
-- NextProtoNego.remove(getWrappedEngine());
-- super.closeInbound();
-- }
--
-- @Override
-- public void closeOutbound() {
-- NextProtoNego.remove(getWrappedEngine());
-- super.closeOutbound();
-- }
--}
-diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
-index d6cd94d..4489b16 100644
---- a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
-+++ b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
-@@ -46,7 +46,7 @@ public class JdkSslEngineTest extends SSLEngineTest {
- NPN_DEFAULT {
- @Override
- boolean isAvailable() {
-- return JettyNpnSslEngine.isAvailable();
-+ return false;
- }
-
- @Override
---
-2.9.4
-
diff --git a/0003-Remove-conscrypt-ALPN.patch b/0003-Remove-conscrypt-ALPN.patch
deleted file mode 100644
index e71ba5a..0000000
--- a/0003-Remove-conscrypt-ALPN.patch
+++ /dev/null
@@ -1,511 +0,0 @@
-From 039534e20546221c3466d1ceb663625c59edb0e7 Mon Sep 17 00:00:00 2001
-From: Michael Simacek <msimacek(a)redhat.com>
-Date: Tue, 11 Jul 2017 13:37:22 +0200
-Subject: [PATCH 3/3] Remove conscrypt ALPN
-
----
- handler/pom.xml | 6 -
- .../netty/handler/ssl/ConscryptAlpnSslEngine.java | 176 ---------------------
- .../ssl/JdkAlpnApplicationProtocolNegotiator.java | 6 +-
- .../main/java/io/netty/handler/ssl/SslHandler.java | 35 ----
- .../ssl/ConscryptJdkSslEngineInteropTest.java | 76 ---------
- .../io/netty/handler/ssl/Java8SslTestUtils.java | 7 -
- .../ssl/JdkConscryptSslEngineInteropTest.java | 86 ----------
- .../io/netty/handler/ssl/JdkSslEngineTest.java | 2 +-
- 8 files changed, 2 insertions(+), 392 deletions(-)
- delete mode 100644 handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java
- delete mode 100644 handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java
- delete mode 100644 handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java
-
-diff --git a/handler/pom.xml b/handler/pom.xml
-index 52e63ca..69af32a 100644
---- a/handler/pom.xml
-+++ b/handler/pom.xml
-@@ -60,12 +60,6 @@
- <optional>true</optional>
- </dependency>
- <dependency>
-- <groupId>${conscrypt.groupId}</groupId>
-- <artifactId>${conscrypt.artifactId}</artifactId>
-- <classifier>${conscrypt.classifier}</classifier>
-- <optional>true</optional>
-- </dependency>
-- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-core</artifactId>
- </dependency>
-diff --git a/handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java
-deleted file mode 100644
-index 8e7a544..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/ConscryptAlpnSslEngine.java
-+++ /dev/null
-@@ -1,176 +0,0 @@
--/*
-- * Copyright 2017 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import static io.netty.handler.ssl.SslUtils.toSSLHandshakeException;
--import static io.netty.util.internal.ObjectUtil.checkNotNull;
--import static java.lang.Math.min;
--
--import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectionListener;
--import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector;
--import java.lang.reflect.Method;
--import java.nio.ByteBuffer;
--import java.util.Collections;
--import java.util.LinkedHashSet;
--import java.util.List;
--import javax.net.ssl.SSLEngine;
--import javax.net.ssl.SSLEngineResult;
--import javax.net.ssl.SSLException;
--
--import io.netty.util.internal.PlatformDependent;
--import org.conscrypt.Conscrypt;
--import org.conscrypt.HandshakeListener;
--
--/**
-- * A {@link JdkSslEngine} that uses the Conscrypt provider or SSL with ALPN.
-- */
--abstract class ConscryptAlpnSslEngine extends JdkSslEngine {
-- private static final Class<?> ENGINES_CLASS = getEnginesClass();
--
-- /**
-- * Indicates whether or not conscrypt is available on the current system.
-- */
-- static boolean isAvailable() {
-- return ENGINES_CLASS != null && PlatformDependent.javaVersion() >= 8;
-- }
--
-- static boolean isEngineSupported(SSLEngine engine) {
-- return isAvailable() && isConscryptEngine(engine, ENGINES_CLASS);
-- }
--
-- static ConscryptAlpnSslEngine newClientEngine(SSLEngine engine,
-- JdkApplicationProtocolNegotiator applicationNegotiator) {
-- return new ClientEngine(engine, applicationNegotiator);
-- }
--
-- static ConscryptAlpnSslEngine newServerEngine(SSLEngine engine,
-- JdkApplicationProtocolNegotiator applicationNegotiator) {
-- return new ServerEngine(engine, applicationNegotiator);
-- }
--
-- private ConscryptAlpnSslEngine(SSLEngine engine, List<String> protocols) {
-- super(engine);
--
-- // Set the list of supported ALPN protocols on the engine.
-- Conscrypt.Engines.setAlpnProtocols(engine, protocols.toArray(new String[protocols.size()]));
-- }
--
-- /**
-- * Calculates the maximum size of the encrypted output buffer required to wrap the given plaintext bytes. Assumes
-- * as a worst case that there is one TLS record per buffer.
-- *
-- * @param plaintextBytes the number of plaintext bytes to be wrapped.
-- * @param numBuffers the number of buffers that the plaintext bytes are spread across.
-- * @return the maximum size of the encrypted output buffer required for the wrap operation.
-- */
-- final int calculateOutNetBufSize(int plaintextBytes, int numBuffers) {
-- // Assuming a max of one frame per component in a composite buffer.
-- long maxOverhead = (long) Conscrypt.Engines.maxSealOverhead(getWrappedEngine()) * numBuffers;
-- // TODO(nmittler): update this to use MAX_ENCRYPTED_PACKET_LENGTH instead of Integer.MAX_VALUE
-- return (int) min(Integer.MAX_VALUE, plaintextBytes + maxOverhead);
-- }
--
-- final SSLEngineResult unwrap(ByteBuffer[] srcs, ByteBuffer[] dests) throws SSLException {
-- return Conscrypt.Engines.unwrap(getWrappedEngine(), srcs, dests);
-- }
--
-- private static final class ClientEngine extends ConscryptAlpnSslEngine {
-- private final ProtocolSelectionListener protocolListener;
--
-- ClientEngine(SSLEngine engine,
-- JdkApplicationProtocolNegotiator applicationNegotiator) {
-- super(engine, applicationNegotiator.protocols());
-- // Register for completion of the handshake.
-- Conscrypt.Engines.setHandshakeListener(engine, new HandshakeListener() {
-- @Override
-- public void onHandshakeFinished() throws SSLException {
-- selectProtocol();
-- }
-- });
--
-- protocolListener = checkNotNull(applicationNegotiator
-- .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()),
-- "protocolListener");
-- }
--
-- private void selectProtocol() throws SSLException {
-- String protocol = Conscrypt.Engines.getAlpnSelectedProtocol(getWrappedEngine());
-- try {
-- protocolListener.selected(protocol);
-- } catch (Throwable e) {
-- throw toSSLHandshakeException(e);
-- }
-- }
-- }
--
-- private static final class ServerEngine extends ConscryptAlpnSslEngine {
-- private final ProtocolSelector protocolSelector;
--
-- ServerEngine(SSLEngine engine, JdkApplicationProtocolNegotiator applicationNegotiator) {
-- super(engine, applicationNegotiator.protocols());
--
-- // Register for completion of the handshake.
-- Conscrypt.Engines.setHandshakeListener(engine, new HandshakeListener() {
-- @Override
-- public void onHandshakeFinished() throws SSLException {
-- selectProtocol();
-- }
-- });
--
-- protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory()
-- .newSelector(this,
-- new LinkedHashSet<String>(applicationNegotiator.protocols())),
-- "protocolSelector");
-- }
--
-- private void selectProtocol() throws SSLException {
-- try {
-- String protocol = Conscrypt.Engines.getAlpnSelectedProtocol(getWrappedEngine());
-- protocolSelector.select(protocol != null ? Collections.singletonList(protocol)
-- : Collections.<String>emptyList());
-- } catch (Throwable e) {
-- throw toSSLHandshakeException(e);
-- }
-- }
-- }
--
-- private static Class<?> getEnginesClass() {
-- try {
-- // Always use bootstrap class loader.
-- Class<?> engineClass = Class.forName("org.conscrypt.Conscrypt$Engines", true,
-- ConscryptAlpnSslEngine.class.getClassLoader());
-- // Ensure that it also has the isConscrypt method.
-- getIsConscryptMethod(engineClass);
-- return engineClass;
-- } catch (Throwable ignore) {
-- // Conscrypt was not loaded.
-- return null;
-- }
-- }
--
-- private static boolean isConscryptEngine(SSLEngine engine, Class<?> enginesClass) {
-- try {
-- Method method = getIsConscryptMethod(enginesClass);
-- return (Boolean) method.invoke(null, engine);
-- } catch (Throwable ignore) {
-- return false;
-- }
-- }
--
-- private static Method getIsConscryptMethod(Class<?> enginesClass) throws NoSuchMethodException {
-- return enginesClass.getMethod("isConscrypt", SSLEngine.class);
-- }
--}
-diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
-index f82c7da..9c4ab9e 100644
---- a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
-+++ b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
-@@ -21,7 +21,7 @@ import javax.net.ssl.SSLEngine;
- * The {@link JdkApplicationProtocolNegotiator} to use if you need ALPN and are using {@link SslProvider#JDK}.
- */
- public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator {
-- private static final boolean AVAILABLE = ConscryptAlpnSslEngine.isAvailable() || JettyAlpnSslEngine.isAvailable();
-+ private static final boolean AVAILABLE = JettyAlpnSslEngine.isAvailable();
- private static final SslEngineWrapperFactory ALPN_WRAPPER = AVAILABLE ? new AlpnWrapper() : new FailureWrapper();
-
- /**
-@@ -121,10 +121,6 @@ public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicati
- @Override
- public SSLEngine wrapSslEngine(SSLEngine engine, JdkApplicationProtocolNegotiator applicationNegotiator,
- boolean isServer) {
-- if (ConscryptAlpnSslEngine.isEngineSupported(engine)) {
-- return isServer ? ConscryptAlpnSslEngine.newServerEngine(engine, applicationNegotiator)
-- : ConscryptAlpnSslEngine.newClientEngine(engine, applicationNegotiator);
-- }
- if (JettyAlpnSslEngine.isAvailable()) {
- return isServer ? JettyAlpnSslEngine.newServerEngine(engine, applicationNegotiator)
- : JettyAlpnSslEngine.newClientEngine(engine, applicationNegotiator);
-diff --git a/handler/src/main/java/io/netty/handler/ssl/SslHandler.java b/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
-index 05c451a..8693011 100644
---- a/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
-+++ b/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
-@@ -187,38 +187,6 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
- new ClosedChannelException(), SslHandler.class, "channelInactive(...)");
-
- private enum SslEngineType {
-- CONSCRYPT(true, COMPOSITE_CUMULATOR) {
-- @Override
-- SSLEngineResult unwrap(SslHandler handler, ByteBuf in, int readerIndex, int len, ByteBuf out)
-- throws SSLException {
-- int nioBufferCount = in.nioBufferCount();
-- int writerIndex = out.writerIndex();
-- final SSLEngineResult result;
-- if (nioBufferCount > 1) {
-- /*
-- * Use a special unwrap method without additional memory copies.
-- */
-- try {
-- handler.singleBuffer[0] = toByteBuffer(out, writerIndex, out.writableBytes());
-- result = ((ConscryptAlpnSslEngine) handler.engine).unwrap(
-- in.nioBuffers(readerIndex, len),
-- handler.singleBuffer);
-- } finally {
-- handler.singleBuffer[0] = null;
-- }
-- } else {
-- result = handler.engine.unwrap(toByteBuffer(in, readerIndex, len),
-- toByteBuffer(out, writerIndex, out.writableBytes()));
-- }
-- out.writerIndex(writerIndex + result.bytesProduced());
-- return result;
-- }
--
-- @Override
-- int calculateWrapBufferCapacity(SslHandler handler, int pendingBytes, int numComponents) {
-- return ((ConscryptAlpnSslEngine) handler.engine).calculateOutNetBufSize(pendingBytes, numComponents);
-- }
-- },
- JDK(false, MERGE_CUMULATOR) {
- @Override
- SSLEngineResult unwrap(SslHandler handler, ByteBuf in, int readerIndex, int len, ByteBuf out)
-@@ -237,9 +205,6 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
- };
-
- static SslEngineType forEngine(SSLEngine engine) {
-- if (engine instanceof ConscryptAlpnSslEngine) {
-- return CONSCRYPT;
-- }
- return JDK;
- }
-
-diff --git a/handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java b/handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java
-deleted file mode 100644
-index e217136..0000000
---- a/handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java
-+++ /dev/null
-@@ -1,76 +0,0 @@
--/*
-- * Copyright 2016 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import java.security.Provider;
--import org.junit.BeforeClass;
--import org.junit.Ignore;
--
--import org.junit.runner.RunWith;
--import org.junit.runners.Parameterized;
--
--import java.util.ArrayList;
--import java.util.Collection;
--import java.util.List;
--
--import static org.junit.Assume.assumeTrue;
--
--(a)RunWith(Parameterized.class)
--public class ConscryptJdkSslEngineInteropTest extends SSLEngineTest {
--
-- @Parameterized.Parameters(name = "{index}: bufferType = {0}")
-- public static Collection<Object> data() {
-- List<Object> params = new ArrayList<Object>();
-- for (BufferType type: BufferType.values()) {
-- params.add(type);
-- }
-- return params;
-- }
--
-- public ConscryptJdkSslEngineInteropTest(BufferType type) {
-- super(type);
-- }
--
-- @BeforeClass
-- public static void checkConscrypt() {
-- assumeTrue(ConscryptAlpnSslEngine.isAvailable());
-- }
--
-- @Override
-- protected SslProvider sslClientProvider() {
-- return SslProvider.JDK;
-- }
--
-- @Override
-- protected SslProvider sslServerProvider() {
-- return SslProvider.JDK;
-- }
--
-- @Override
-- protected Provider clientSslContextProvider() {
-- return Java8SslTestUtils.conscryptProvider();
-- }
--
-- @Ignore /* Does the JDK support a "max certificate chain length"? */
-- @Override
-- public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
-- }
--
-- @Ignore /* Does the JDK support a "max certificate chain length"? */
-- @Override
-- public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
-- }
--}
-diff --git a/handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java b/handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java
-index cc2e6c6..f9cf771 100644
---- a/handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java
-+++ b/handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java
-@@ -16,12 +16,9 @@
-
- package io.netty.handler.ssl;
-
--import org.conscrypt.OpenSSLProvider;
--
- import javax.net.ssl.SNIMatcher;
- import javax.net.ssl.SNIServerName;
- import javax.net.ssl.SSLParameters;
--import java.security.Provider;
- import java.util.Collections;
-
- final class Java8SslTestUtils {
-@@ -37,8 +34,4 @@ final class Java8SslTestUtils {
- };
- parameters.setSNIMatchers(Collections.singleton(matcher));
- }
--
-- static Provider conscryptProvider() {
-- return new OpenSSLProvider();
-- }
- }
-diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java
-deleted file mode 100644
-index 0625f7a..0000000
---- a/handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java
-+++ /dev/null
-@@ -1,86 +0,0 @@
--/*
-- * Copyright 2017 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import java.security.Provider;
--import org.junit.BeforeClass;
--import org.junit.Ignore;
--import org.junit.Test;
--import org.junit.runner.RunWith;
--import org.junit.runners.Parameterized;
--
--import java.util.ArrayList;
--import java.util.Collection;
--import java.util.List;
--
--import static org.junit.Assume.assumeTrue;
--
--(a)RunWith(Parameterized.class)
--public class JdkConscryptSslEngineInteropTest extends SSLEngineTest {
--
-- @Parameterized.Parameters(name = "{index}: bufferType = {0}")
-- public static Collection<Object> data() {
-- List<Object> params = new ArrayList<Object>();
-- for (BufferType type: BufferType.values()) {
-- params.add(type);
-- }
-- return params;
-- }
--
-- public JdkConscryptSslEngineInteropTest(BufferType type) {
-- super(type);
-- }
--
-- @BeforeClass
-- public static void checkConscrypt() {
-- assumeTrue(ConscryptAlpnSslEngine.isAvailable());
-- }
--
-- @Override
-- protected SslProvider sslClientProvider() {
-- return SslProvider.JDK;
-- }
--
-- @Override
-- protected SslProvider sslServerProvider() {
-- return SslProvider.JDK;
-- }
--
-- @Override
-- protected Provider serverSslContextProvider() {
-- return Java8SslTestUtils.conscryptProvider();
-- }
--
-- @Override
-- @Test
-- @Ignore("TODO: Make this work with Conscrypt")
-- public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
-- super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth();
-- }
--
-- @Override
-- @Test
-- @Ignore("TODO: Make this work with Conscrypt")
-- public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
-- super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth();
-- }
--
-- @Override
-- protected boolean mySetupMutualAuthServerIsValidClientException(Throwable cause) {
-- // TODO(scott): work around for a JDK issue. The exception should be SSLHandshakeException.
-- return super.mySetupMutualAuthServerIsValidClientException(cause) || causedBySSLException(cause);
-- }
--}
-diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
-index 4489b16..e32fa0d 100644
---- a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
-+++ b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
-@@ -81,7 +81,7 @@ public class JdkSslEngineTest extends SSLEngineTest {
-
- @Override
- boolean isAvailable() {
-- return ConscryptAlpnSslEngine.isAvailable();
-+ return false;
- }
-
- @Override
---
-2.9.4
-
diff --git a/0004-Remove-jetty-ALPN.patch b/0004-Remove-jetty-ALPN.patch
deleted file mode 100644
index 42b5415..0000000
--- a/0004-Remove-jetty-ALPN.patch
+++ /dev/null
@@ -1,217 +0,0 @@
-diff --git a/handler/pom.xml b/handler/pom.xml
-index 69af32a..b9e5596 100644
---- a/handler/pom.xml
-+++ b/handler/pom.xml
-@@ -54,11 +54,6 @@
- <artifactId>bcpkix-jdk15on</artifactId>
- <optional>true</optional>
- </dependency>
-- <dependency>
-- <groupId>org.eclipse.jetty.alpn</groupId>
-- <artifactId>alpn-api</artifactId>
-- <optional>true</optional>
-- </dependency>
- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-core</artifactId>
-diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
-index 9c4ab9e..5cc1ab7 100644
---- a/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
-+++ b/handler/src/main/java/io/netty/handler/ssl/JdkAlpnApplicationProtocolNegotiator.java
-@@ -21,7 +21,7 @@ import javax.net.ssl.SSLEngine;
- * The {@link JdkApplicationProtocolNegotiator} to use if you need ALPN and are using {@link SslProvider#JDK}.
- */
- public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator {
-- private static final boolean AVAILABLE = JettyAlpnSslEngine.isAvailable();
-+ private static final boolean AVAILABLE = false;
- private static final SslEngineWrapperFactory ALPN_WRAPPER = AVAILABLE ? new AlpnWrapper() : new FailureWrapper();
-
- /**
-@@ -121,10 +121,6 @@ public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicati
- @Override
- public SSLEngine wrapSslEngine(SSLEngine engine, JdkApplicationProtocolNegotiator applicationNegotiator,
- boolean isServer) {
-- if (JettyAlpnSslEngine.isAvailable()) {
-- return isServer ? JettyAlpnSslEngine.newServerEngine(engine, applicationNegotiator)
-- : JettyAlpnSslEngine.newClientEngine(engine, applicationNegotiator);
-- }
- throw new RuntimeException("Unable to wrap SSLEngine of type " + engine.getClass().getName());
- }
- }
-diff --git a/handler/src/main/java/io/netty/handler/ssl/JettyAlpnSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/JettyAlpnSslEngine.java
-deleted file mode 100644
-index 624719a..0000000
---- a/handler/src/main/java/io/netty/handler/ssl/JettyAlpnSslEngine.java
-+++ /dev/null
-@@ -1,158 +0,0 @@
--/*
-- * Copyright 2014 The Netty Project
-- *
-- * The Netty Project licenses this file to you under the Apache License,
-- * version 2.0 (the "License"); you may not use this file except in compliance
-- * with the License. You may obtain a copy of the License at:
-- *
-- * http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-- * License for the specific language governing permissions and limitations
-- * under the License.
-- */
--package io.netty.handler.ssl;
--
--import static io.netty.handler.ssl.SslUtils.toSSLHandshakeException;
--import static io.netty.util.internal.ObjectUtil.checkNotNull;
--
--import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectionListener;
--import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector;
--
--import java.util.LinkedHashSet;
--import java.util.List;
--
--import javax.net.ssl.SSLEngine;
--import javax.net.ssl.SSLException;
--
--import io.netty.util.internal.PlatformDependent;
--import org.eclipse.jetty.alpn.ALPN;
--
--abstract class JettyAlpnSslEngine extends JdkSslEngine {
-- private static final boolean available = initAvailable();
--
-- static boolean isAvailable() {
-- return available;
-- }
--
-- private static boolean initAvailable() {
-- // TODO: Add support for ALPN when using Java9 and still be able to configure it the Netty way.
-- if (PlatformDependent.javaVersion() <= 8) {
-- try {
-- // Always use bootstrap class loader.
-- Class.forName("sun.security.ssl.ALPNExtension", true, null);
-- return true;
-- } catch (Throwable ignore) {
-- // alpn-boot was not loaded.
-- }
-- }
-- return false;
-- }
--
-- static JettyAlpnSslEngine newClientEngine(SSLEngine engine,
-- JdkApplicationProtocolNegotiator applicationNegotiator) {
-- return new ClientEngine(engine, applicationNegotiator);
-- }
--
-- static JettyAlpnSslEngine newServerEngine(SSLEngine engine,
-- JdkApplicationProtocolNegotiator applicationNegotiator) {
-- return new ServerEngine(engine, applicationNegotiator);
-- }
--
-- private JettyAlpnSslEngine(SSLEngine engine) {
-- super(engine);
-- }
--
-- private static final class ClientEngine extends JettyAlpnSslEngine {
-- ClientEngine(SSLEngine engine, final JdkApplicationProtocolNegotiator applicationNegotiator) {
-- super(engine);
-- checkNotNull(applicationNegotiator, "applicationNegotiator");
-- final ProtocolSelectionListener protocolListener = checkNotNull(applicationNegotiator
-- .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()),
-- "protocolListener");
-- ALPN.put(engine, new ALPN.ClientProvider() {
-- @Override
-- public List<String> protocols() {
-- return applicationNegotiator.protocols();
-- }
--
-- @Override
-- public void selected(String protocol) throws SSLException {
-- try {
-- protocolListener.selected(protocol);
-- } catch (Throwable t) {
-- throw toSSLHandshakeException(t);
-- }
-- }
--
-- @Override
-- public void unsupported() {
-- protocolListener.unsupported();
-- }
-- });
-- }
--
-- @Override
-- public void closeInbound() throws SSLException {
-- try {
-- ALPN.remove(getWrappedEngine());
-- } finally {
-- super.closeInbound();
-- }
-- }
--
-- @Override
-- public void closeOutbound() {
-- try {
-- ALPN.remove(getWrappedEngine());
-- } finally {
-- super.closeOutbound();
-- }
-- }
-- }
--
-- private static final class ServerEngine extends JettyAlpnSslEngine {
-- ServerEngine(SSLEngine engine, final JdkApplicationProtocolNegotiator applicationNegotiator) {
-- super(engine);
-- checkNotNull(applicationNegotiator, "applicationNegotiator");
-- final ProtocolSelector protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory()
-- .newSelector(this, new LinkedHashSet<String>(applicationNegotiator.protocols())),
-- "protocolSelector");
-- ALPN.put(engine, new ALPN.ServerProvider() {
-- @Override
-- public String select(List<String> protocols) throws SSLException {
-- try {
-- return protocolSelector.select(protocols);
-- } catch (Throwable t) {
-- throw toSSLHandshakeException(t);
-- }
-- }
--
-- @Override
-- public void unsupported() {
-- protocolSelector.unsupported();
-- }
-- });
-- }
--
-- @Override
-- public void closeInbound() throws SSLException {
-- try {
-- ALPN.remove(getWrappedEngine());
-- } finally {
-- super.closeInbound();
-- }
-- }
--
-- @Override
-- public void closeOutbound() {
-- try {
-- ALPN.remove(getWrappedEngine());
-- } finally {
-- super.closeOutbound();
-- }
-- }
-- }
--}
-diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
-index e32fa0d..a8014e5 100644
---- a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
-+++ b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
-@@ -62,7 +62,7 @@ public class JdkSslEngineTest extends SSLEngineTest {
- ALPN_DEFAULT {
- @Override
- boolean isAvailable() {
-- return JettyAlpnSslEngine.isAvailable();
-+ return false;
- }
-
- @Override
diff --git a/codegen.bash b/codegen.bash
deleted file mode 100755
index f9837e4..0000000
--- a/codegen.bash
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-for type in byte char short int long; do
- case $type in
- int) object=Integer ;;
- char) object=Character ;;
- *) object=${type^} ;;
- esac
- hash='(int) key'
- if [ $type = long ]; then
- hash='(int) (key ^ (key >>> 32))'
- fi
- mkdir -p target/generated-sources/collections/java
- for file in `find src/main/templates -name '*.template'`; do
- filename=$(basename $file | sed "s/K/${type^}/;s/\.template/.java/")
- sed -e "s/@k@/${type}/g" \
- -e "s/@K@/${type^}/g" \
- -e "s/@O@/${object}/g" \
- -e "s/@KEY_NUMBER_METHOD@/${type}Value/g" \
- -e "s/@HASH_CODE@/${hash}/g" \
- $file > target/generated-sources/collections/java/$filename
- done
-done
diff --git a/dead.package b/dead.package
new file mode 100644
index 0000000..5204a84
--- /dev/null
+++ b/dead.package
@@ -0,0 +1 @@
+Orphaned for 6+ weeks
diff --git a/netty.spec b/netty.spec
deleted file mode 100644
index 1f29cb8..0000000
--- a/netty.spec
+++ /dev/null
@@ -1,432 +0,0 @@
-# Disable generation of debuginfo package
-%global debug_package %{nil}
-%global namedreltag .Final
-%global namedversion %{version}%{?namedreltag}
-
-%bcond_with jp_minimal
-
-Name: netty
-Version: 4.1.13
-Release: 15%{?dist}
-Summary: An asynchronous event-driven network application framework and tools for Java
-License: ASL 2.0
-URL: https://netty.io/
-Source0: https://github.com/netty/netty/archive/netty-%{namedversion}.tar.gz
-# Upsteam uses a simple template generator script written in groovy and run with gmaven
-# We don't have the plugin and want to avoid groovy dependency
-# This script is written in bash+sed and performs the same task
-Source1: codegen.bash
-Patch0: 0001-Remove-OpenSSL-parts-depending-on-tcnative.patch
-Patch1: 0002-Remove-NPN.patch
-Patch2: 0003-Remove-conscrypt-ALPN.patch
-Patch3: 0004-Remove-jetty-ALPN.patch
-
-BuildRequires: maven-local
-BuildRequires: mvn(ant-contrib:ant-contrib)
-BuildRequires: mvn(com.jcraft:jzlib)
-BuildRequires: mvn(commons-logging:commons-logging)
-BuildRequires: mvn(kr.motd.maven:os-maven-plugin)
-BuildRequires: mvn(log4j:log4j:1.2.17)
-BuildRequires: mvn(org.apache.felix:maven-bundle-plugin)
-BuildRequires: mvn(org.apache.maven.plugins:maven-antrun-plugin)
-BuildRequires: mvn(org.apache.maven.plugins:maven-dependency-plugin)
-BuildRequires: mvn(org.apache.maven.plugins:maven-remote-resources-plugin)
-BuildRequires: mvn(org.codehaus.mojo:build-helper-maven-plugin)
-BuildRequires: mvn(org.codehaus.mojo:exec-maven-plugin)
-BuildRequires: mvn(org.fusesource.hawtjni:maven-hawtjni-plugin)
-BuildRequires: mvn(org.jctools:jctools-core)
-BuildRequires: mvn(org.slf4j:slf4j-api)
-%if %{without jp_minimal}
-BuildRequires: mvn(com.fasterxml:aalto-xml)
-BuildRequires: mvn(com.github.jponge:lzma-java)
-BuildRequires: mvn(com.ning:compress-lzf)
-BuildRequires: mvn(net.jpountz.lz4:lz4)
-BuildRequires: mvn(org.apache.logging.log4j:log4j-api)
-BuildRequires: mvn(org.bouncycastle:bcpkix-jdk15on)
-BuildRequires: mvn(org.jboss.marshalling:jboss-marshalling)
-BuildRequires: mvn(org.eclipse.jetty.alpn:alpn-api)
-%endif
-
-%ifarch %{arm}
-# Speed up builds on 32bit arm
-# Disable temporarily due to https://bugzilla.redhat.com/show_bug.cgi?id=1818078
-#BuildRequires: java-1.8.0-openjdk-aarch32-devel
-%endif
-
-%description
-Netty is a NIO client server framework which enables quick and easy
-development of network applications such as protocol servers and
-clients. It greatly simplifies and streamlines network programming
-such as TCP and UDP socket server.
-
-'Quick and easy' doesn't mean that a resulting application will suffer
-from a maintainability or a performance issue. Netty has been designed
-carefully with the experiences earned from the implementation of a lot
-of protocols such as FTP, SMTP, HTTP, and various binary and
-text-based legacy protocols. As a result, Netty has succeeded to find
-a way to achieve ease of development, performance, stability, and
-flexibility without a compromise.
-
-%package javadoc
-Summary: API documentation for %{name}
-
-%description javadoc
-%{summary}.
-
-%prep
-%setup -q -n netty-netty-%{namedversion}
-
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%if %{with jp_minimal}
-%patch3 -p1
-%endif
-
-# remove unnecessary dependency on parent POM
-%pom_remove_parent . bom dev-tools
-
-# Missing Mavenized rxtx
-%pom_disable_module "transport-rxtx"
-%pom_remove_dep ":netty-transport-rxtx" all
-# Missing com.barchart.udt:barchart-udt-bundle:jar:2.3.0
-%pom_disable_module "transport-udt"
-%pom_remove_dep ":netty-transport-udt" all
-%pom_remove_dep ":netty-build" all
-# Not needed
-%pom_disable_module "example"
-%pom_remove_dep ":netty-example" all
-%pom_disable_module "testsuite"
-%pom_disable_module "testsuite-autobahn"
-%pom_disable_module "testsuite-osgi"
-%pom_disable_module "tarball"
-%pom_disable_module "microbench"
-
-%pom_xpath_inject 'pom:plugin[pom:artifactId="maven-remote-resources-plugin"]' '
-<dependencies>
-<dependency>
-<groupId>io.netty</groupId>
-<artifactId>netty-dev-tools</artifactId>
-<version>${project.version}</version>
-</dependency>
-</dependencies>'
-
-%pom_remove_plugin :maven-antrun-plugin
-%pom_remove_plugin :maven-dependency-plugin
-# style checker
-%pom_remove_plugin :xml-maven-plugin
-%pom_remove_plugin -r :maven-checkstyle-plugin
-%pom_remove_plugin -r :animal-sniffer-maven-plugin
-%pom_remove_plugin -r :maven-enforcer-plugin
-%pom_remove_plugin -r :maven-shade-plugin
-%pom_remove_plugin -r :maven-release-plugin
-%pom_remove_plugin -r :maven-clean-plugin
-%pom_remove_plugin -r :maven-source-plugin
-%pom_remove_plugin -r :maven-deploy-plugin
-%pom_remove_plugin -r :maven-jxr-plugin
-%pom_remove_plugin -r :maven-javadoc-plugin
-%pom_remove_plugin -r :forbiddenapis
-
-cp %{SOURCE1} common/codegen.bash
-%pom_add_plugin org.codehaus.mojo:exec-maven-plugin common '
-<executions>
- <execution>
- <id>generate-collections</id>
- <phase>generate-sources</phase>
- <goals>
- <goal>exec</goal>
- </goals>
- <configuration>
- <executable>common/codegen.bash</executable>
- </configuration>
- </execution>
-</executions>
-'
-%pom_remove_plugin :groovy-maven-plugin common
-
-# The protobuf-javanano API was discontinued upstream and obsoleted in Fedora
-# so disable support for protobuf in the codecs module
-%pom_remove_dep -r "com.google.protobuf:protobuf-java"
-%pom_remove_dep -r "com.google.protobuf.nano:protobuf-javanano"
-rm codec/src/main/java/io/netty/handler/codec/protobuf/*
-sed -i '/import.*protobuf/d' codec/src/main/java/io/netty/handler/codec/DatagramPacket*.java
-
-%if %{with jp_minimal}
-%pom_remove_dep -r "org.jboss.marshalling:jboss-marshalling"
-rm codec/src/main/java/io/netty/handler/codec/marshalling/*
-%pom_remove_dep -r org.bouncycastle
-rm handler/src/main/java/io/netty/handler/ssl/util/BouncyCastleSelfSignedCertGenerator.java
-sed -i '/BouncyCastleSelfSignedCertGenerator/s/.*/throw new UnsupportedOperationException();/' \
- handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java
-%pom_remove_dep -r com.fasterxml:aalto-xml
-%pom_disable_module codec-xml
-%pom_remove_dep :netty-codec-xml all
-%pom_remove_dep -r com.github.jponge:lzma-java
-rm codec/src/*/java/io/netty/handler/codec/compression/Lzma*.java
-%pom_remove_dep -r com.ning:compress-lzf
-rm codec/src/*/java/io/netty/handler/codec/compression/Lzf*.java
-%pom_remove_dep -r net.jpountz.lz4:lz4
-rm codec/src/*/java/io/netty/handler/codec/compression/Lz4*.java
-%pom_remove_dep -r org.apache.logging.log4j:
-rm common/*/main/java/io/netty/util/internal/logging/Log4J2*.java
-
-# Disable rarely needed native artifacts
-%pom_disable_module transport-native-epoll
-%pom_disable_module transport-native-kqueue
-%pom_remove_dep :netty-transport-native-epoll all
-%pom_remove_dep :netty-transport-native-kqueue all
-%endif
-
-sed -i 's|taskdef|taskdef classpathref="maven.plugin.classpath"|' all/pom.xml
-
-%pom_xpath_inject "pom:plugins/pom:plugin[pom:artifactId = 'maven-antrun-plugin']" '<dependencies><dependency><groupId>ant-contrib</groupId><artifactId>ant-contrib</artifactId><version>1.0b3</version></dependency></dependencies>' all/pom.xml
-%pom_xpath_inject "pom:execution[pom:id = 'build-native-lib']/pom:configuration" '<verbose>true</verbose>' transport-native-epoll/pom.xml
-
-# Upstream has jctools bundled.
-%pom_xpath_remove "pom:build/pom:plugins/pom:plugin[pom:artifactId = 'maven-bundle-plugin']/pom:executions/pom:execution[pom:id = 'generate-manifest']/pom:configuration/pom:instructions/pom:Import-Package" common/pom.xml
-
-# Tell xmvn to install attached artifact, which it does not
-# do by default. In this case install all attached artifacts with
-# the linux classifier.
-%mvn_package ":::linux*:"
-
-%mvn_package ':*-tests' __noinstall
-
-%build
-# Ensure we get the jit on arm
-%ifarch %{arm}
-export JAVA_HOME=$(ls -d %{_jvmdir}/java-1.8.0-openjdk-aarch32*)
-%else
-export JAVA_HOME=%{_jvmdir}/java
-%endif
-
-# Ensure we use distro compile flags
-export CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS"
-
-%mvn_build -f
-
-%install
-%mvn_install
-
-%files -f .mfiles
-%license LICENSE.txt NOTICE.txt
-
-%files javadoc -f .mfiles-javadoc
-%license LICENSE.txt NOTICE.txt
-
-%changelog
-* Fri Mar 27 2020 Mat Booth <mat.booth(a)redhat.com> - 4.1.13-15
-- Disable JIT'd builds on arm 32 temporarily due to segfault in JDK, see bug
- 1818078
-
-* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.1.13-14
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Thu Nov 21 2019 Fabio Valentini <decathorpe(a)gmail.com> - 4.1.13-13
-- Remove unnecessary dependency on parent POM.
-
-* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.1.13-12
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Sat Jun 08 2019 Mat Booth <mbooth(a)apache.org> - 4.1.13-11
-- Ensure we use the JIT on 32bit arm
-
-* Sun Jun 02 2019 Mat Booth <mat.booth(a)redhat.com> - 4.1.13-10
-- Speed up builds on 32bit arm
-
-* Thu Mar 07 2019 Mat Booth <mat.booth(a)redhat.com> - 4.1.13-9
-- Add more artifacts to the jp_minimal conditional
-
-* Fri Feb 01 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.1.13-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Sat Dec 08 2018 Mat Booth <mat.booth(a)redhat.com> - 4.1.13-7
-- Disable support for protobuf in the codecs module due to the javanano API
- being discontinued upstream and obsoleted in Fedora
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.1.13-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Wed Apr 25 2018 Michael Simacek <msimacek(a)redhat.com> - 4.1.13-5
-- Remove log4j from jp_minimal build
-
-* Tue Apr 24 2018 mskalick(a)redhat.com - 4.1.13-4
-- Remove org.eclipse.jetty.alpn dependency for jp_minimal
-
-* Tue Apr 24 2018 Michael Simacek <msimacek(a)redhat.com> - 4.1.13-3
-- Don't package test artifacts
-
-* Thu Feb 08 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.1.13-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Mon Aug 14 2017 Michael Simacek <msimacek(a)redhat.com> - 4.1.13-1
-- Update to upstream version 4.1.13
-
-* Thu Aug 03 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.42-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
-
-* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.42-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Wed Mar 29 2017 Michael Simacek <msimacek(a)redhat.com> - 4.0.42-5
-- Keep Import-Package default value
-
-* Thu Mar 16 2017 Michael Simacek <msimacek(a)redhat.com> - 4.0.42-4
-- Remove maven-javadoc-plugin from POM
-
-* Wed Mar 15 2017 Michael Simacek <msimacek(a)redhat.com> - 4.0.42-3
-- Add jp_minimal conditional
-
-* Mon Feb 06 2017 Michael Simacek <msimacek(a)redhat.com> - 4.0.42-2
-- Remove useless plugins
-
-* Thu Oct 20 2016 Severin Gehwolf <sgehwolf(a)redhat.com> - 4.0.42-1
-- Remove old netty4 provides/obsoletes.
-
-* Thu Oct 20 2016 Severin Gehwolf <sgehwolf(a)redhat.com> - 4.0.42-1
-- Update to upstream 4.0.42 release.
-- Resolves RHBZ#1380921
-
-* Thu Feb 04 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.28-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 4.0.28-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Wed May 20 2015 Severin Gehwolf <sgehwolf(a)redhat.com> - 4.0.28-1
-- Update to upstream 4.0.28 release.
-- Fixes CVE-2015-2156 (HttpOnly cookie bypass).
-- Resolves RHBZ#1111502
-
-* Wed May 20 2015 Severin Gehwolf <sgehwolf(a)redhat.com> - 4.0.27-1
-- Update to upstream 4.0.27 release.
-
-* Wed Apr 01 2015 Severin Gehwolf <sgehwolf(a)redhat.com> - 4.0.19-3
-- Drop mvn(org.easymock:easymockclassextension) BR.
- Resolves: RHBZ#1207991
-
-* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 4.0.19-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
-
-* Mon Jun 9 2014 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 4.0.19-1
-- Update to upstream version 4.0.19
-- Convert to arch-specific package
-
-* Sat Jun 07 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 4.0.14-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
-* Tue Mar 04 2014 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 4.0.14-4
-- Use Requires: java-headless rebuild (#1067528)
-
-* Mon Jan 13 2014 Marek Goldmann <mgoldman(a)redhat.com> - 4.0.14-3
-- Enable netty-all.jar artifact
-
-* Mon Jan 13 2014 Marek Goldmann <mgoldman(a)redhat.com> - 4.0.14-2
-- Bump the release, so Obsoletes work properly
-
-* Mon Dec 30 2013 Marek Goldmann <mgoldman(a)redhat.com> - 4.0.14-1
-- Upstream release 4.0.14.Final
-
-* Sat Aug 03 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.6.6-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
-
-* Thu May 16 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.6.6-1
-- Update to upstream version 3.6.6
-
-* Wed Apr 10 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.6.5-1
-- Update to upstream version 3.6.5
-
-* Mon Apr 8 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.6.4-1
-- Update to upstream version 3.6.4
-
-* Wed Feb 27 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.6.3-3
-- Set scope of optional compile dependencies to 'provided'
-
-* Wed Feb 27 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.6.3-2
-- Drop dependency on OSGi
-- Resolves: rhbz#916139
-
-* Mon Feb 25 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.6.3-1
-- Update to upstream version 3.6.3
-
-* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.6.2-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
-
-* Wed Feb 06 2013 Java SIG <java-devel(a)lists.fedoraproject.org> - 3.6.2-2
-- Update for https://fedoraproject.org/wiki/Fedora_19_Maven_Rebuild
-- Replace maven BuildRequires with maven-local
-
-* Wed Jan 16 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.6.2-1
-- Update to upstream version 3.6.2
-
-* Tue Jan 15 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.6.1-1
-- Update to upstream version 3.6.1
-
-* Thu Dec 13 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.11-2
-- Use system jzlib instead of bundled jzlib
-- Resolves: rhbz#878391
-
-* Mon Dec 3 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.11-1
-- Update to upstream version 3.5.11
-
-* Mon Nov 12 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.10-1
-- Update to upstream version 3.5.10
-
-* Thu Oct 25 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.9-1
-- Update to upstream version 3.5.9
-
-* Fri Oct 5 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.8-1
-- Update to upstream version 3.5.8
-
-* Fri Sep 7 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.7-1
-- Update to upstream version 3.5.7
-
-* Mon Sep 3 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.6-1
-- Update to upstream version 3.5.6
-
-* Thu Aug 23 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.5-1
-- Update to upstream version 3.5.5
-
-* Wed Aug 15 2012 Tomas Rohovsky <trohovsk(a)redhat.com> - 3.5.4-1
-- Update to upstream version 3.5.4
-
-* Tue Jul 24 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.3-1
-- Update to upstream version 3.5.3
-
-* Fri Jul 20 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.5.2-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
-
-* Mon Jul 16 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.2-2
-- Add additional depmap for org.jboss.netty:netty
-- Fixes #840301
-
-* Thu Jul 12 2012 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.5.2-1
-- Update to upstream version 3.5.2
-- Convert patches to POM macros
-- Enable jboss-logging
-
-* Fri May 18 2012 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 3.2.4-4
-- Add enforcer-plugin to BR
-
-* Wed Apr 18 2012 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 3.2.4-3
-- Remove eclipse plugin from BuildRequires
-
-* Fri Jan 13 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.2.4-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
-
-* Mon Dec 5 2011 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 3.2.4-1
-- Update to latest upstream version
-
-* Mon Jul 4 2011 Alexander Kurtakov <akurtako(a)redhat.com> 3.2.3-4
-- Fix FTBFS.
-- Adapt to current guidelines.
-
-* Tue Feb 08 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.2.3-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
-
-* Mon Jan 17 2011 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 3.2.3-2
-- Use maven 3 to build
-- Drop ant-contrib depmap (no longer needed)
-
-* Thu Jan 13 2011 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 3.2.3-1
-- Initial version of the package
diff --git a/sources b/sources
deleted file mode 100644
index 39533ac..0000000
--- a/sources
+++ /dev/null
@@ -1 +0,0 @@
-SHA512 (netty-4.1.13.Final.tar.gz) = f0a269adf5b6552eb2f0f12614c2093e0ccfd5a5bb38521dcf39c3827160c8983adcfe1bbcf93a24e71506e323ae723a837621046657fec0df50c59a07aee54c
4 years, 1 month
Architecture specific change in rpms/swt-chart.git
by githook-noreply@fedoraproject.org
The package rpms/swt-chart.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/swt-chart.git/commit/?id=44fd534c....
Change:
+ExcludeArch: s390 %{arm} %{ix86}
Thanks.
Full change:
============
commit 44fd534cabdafc1e1f9fad606f7d89c08dffb990
Author: Tomas Hrcka <thrcka(a)redhat.com>
Date: Wed Apr 1 17:12:20 2020 +0200
Revert "Orphaned for 6+ weeks"
This reverts commit 89e6a8059c77f7617050781173f8e768c49f0cfe.
Unretirement request: https://pagure.io/releng/issue/9371
Signed-off-by: Tomas Hrcka <thrcka(a)redhat.com>
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f51d031
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,7 @@
+/swt-chart-*.tar.xz
+/swt-chart-*/
+/.project
+/.build-*.log
+/*.src.rpm
+/noarch/
+/swt-chart-code-312-tags-0.10.0.zip
diff --git a/dead.package b/dead.package
deleted file mode 100644
index 5204a84..0000000
--- a/dead.package
+++ /dev/null
@@ -1 +0,0 @@
-Orphaned for 6+ weeks
diff --git a/sources b/sources
new file mode 100644
index 0000000..8617d89
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+d7605e00b59bad2f98bb968f18dc1825 swt-chart-code-312-tags-0.10.0.zip
diff --git a/swt-chart.spec b/swt-chart.spec
new file mode 100644
index 0000000..a143b8a
--- /dev/null
+++ b/swt-chart.spec
@@ -0,0 +1,115 @@
+Name: swt-chart
+Version: 0.10.0
+Release: 8%{?dist}
+Summary: SWTChart Feature
+
+License: EPL-1.0
+URL: http://www.swtchart.org/
+Source0: http://sourceforge.net/code-snapshots/svn/s/sw/swt-chart/code/swt-chart-c...
+
+BuildArch: noarch
+
+# Upstream Eclipse no longer supports non-64bit arches
+ExcludeArch: s390 %{arm} %{ix86}
+
+BuildRequires: tycho >= 0.14.0
+Requires: eclipse-platform >= 3.4.0
+
+%description
+SWTChart is a light-weight charting component for SWT.
+
+%package javadoc
+Summary: Javadoc for %{name}
+
+%description javadoc
+%{summary}.
+
+%prep
+%setup -q -n %{name}-code-312-tags-%{version}
+# Create the poms
+xmvn -o org.eclipse.tycho:tycho-pomgenerator-plugin:generate-poms -DgroupId=org.swtchart
+%mvn_package "::pom::" __noinstall
+%mvn_package :org.swtchart.example* __noinstall
+
+%build
+%mvn_build
+
+%install
+%mvn_install
+
+%files -f .mfiles
+
+%files javadoc -f .mfiles-javadoc
+
+%changelog
+* Sat Jul 27 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Mar 14 2019 Mat Booth <mat.booth(a)redhat.com> - 0.10.0-7
+- Update license tag
+- Restrict to same architectures as Eclipse itself
+- Don't ship aggregator pom
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Tue Feb 23 2016 Alexander Kurtakov <akurtako(a)redhat.com> 0.10.0-1
+- Update to upstream 0.10 release.
+
+* Fri Feb 05 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Fri Jun 19 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.9.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Thu Jan 15 2015 Mat Booth <mat.booth(a)redhat.com> - 0.9.0-4
+- Fix failure to build from source
+- Minor spec file clean ups
+
+* Thu Aug 14 2014 Mat Booth <mat.booth(a)redhat.com> - 0.9.0-3
+- Fix unowned directory
+
+* Sun Jun 08 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.9.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Thu Feb 27 2014 Roland Grunberg <rgrunber(a)redhat.com> - 0.9.0-1
+- Update to 0.9.0 Release.
+
+* Wed Feb 26 2014 Roland Grunberg <rgrunber(a)redhat.com> - 0.8.0-9
+- Change R:java to R:java-headless (Bug 1068558).
+
+* Wed Oct 23 2013 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-8
+- Fix Bug 1022166.
+
+* Sun Aug 04 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.8.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Fri Feb 15 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.8.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Tue Aug 14 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-5
+- Remove deprecated tycho.targetPlatform due to p2 support.
+
+* Sat Jul 21 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.8.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Wed Apr 4 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-3
+- Use %%{_eclipse_base} from eclipse-platform.
+
+* Mon Apr 2 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-2
+- Explicitly require java/java-devel >= 1.5 as per manifest.
+
+* Tue Mar 6 2012 Roland Grunberg <rgrunber(a)redhat.com> 0.8.0-1
+- Initial packaging of SWTChart.
4 years, 1 month
Architecture specific change in rpms/gromacs.git
by githook-noreply@fedoraproject.org
The package rpms/gromacs.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/gromacs.git/commit/?id=9ab1c2fd23....
Change:
+%ifnarch i686 %arm ppc64le
Thanks.
Full change:
============
commit 9ab1c2fd2316bcfec90a2494978167e287495cd6
Author: Jitka Plesnikova <jplesnik(a)redhat.com>
Date: Wed Apr 1 16:38:46 2020 +0200
Specify perl dependencies needed for tests
diff --git a/gromacs.spec b/gromacs.spec
index 683a5a5..e1fa032 100644
--- a/gromacs.spec
+++ b/gromacs.spec
@@ -31,7 +31,7 @@
Name: gromacs
Version: 2019.6
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Fast, Free and Flexible Molecular Dynamics
License: GPLv2+
URL: http://www.gromacs.org
@@ -63,6 +63,19 @@ Recommends: gromacs-opencl = %{version}-%{release}
%endif
BuildRequires: tng-devel
BuildRequires: bash-completion
+%ifnarch i686 %arm ppc64le
+# Dependencies used for regressiontest
+BuildRequires: perl(Carp)
+BuildRequires: perl(Cwd)
+BuildRequires: perl(Exporter)
+BuildRequires: perl(File::Basename)
+BuildRequires: perl(File::Copy)
+BuildRequires: perl(File::Spec)
+BuildRequires: perl(lib)
+BuildRequires: perl(List::Util)
+BuildRequires: perl(strict)
+BuildRequires: perl(vars)
+%endif
%define compdir %(pkg-config --variable=completionsdir bash-completion)
%if "%{compdir}" == ""
%define compdir "/etc/bash_completion.d"
@@ -358,6 +371,9 @@ done
%{_libdir}/mpich/bin/mdrun_mpich*
%changelog
+* Wed Apr 01 2020 Jitka Plesnikova <jplesnik(a)redhat.com> - 2019.6-2
+- Specify perl dependencies needed for tests
+
* Fri Feb 28 2020 Christoph Junghans <junghans(a)votca.org> - 2019.6-1
- Version bump to 2019.6
4 years, 1 month