You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2020/10/29 14:45:33 UTC
[httpcomponents-core] branch tls_upgrade_redesign updated (030040a
-> 445c6c6)
This is an automated email from the ASF dual-hosted git repository.
olegk pushed a change to branch tls_upgrade_redesign
in repository https://gitbox.apache.org/repos/asf/httpcomponents-core.git.
discard 030040a Revised TLS session initialization in I/O reactor code
new 6332022 Revised TLS session initialization in I/O reactor code
new 445c6c6 Revised HTTP protocol negotiation for non-blocking I/O sessions
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (030040a)
\
N -- N -- N refs/heads/tls_upgrade_redesign (445c6c6)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../impl/nio/ClientHttpProtocolNegotiator.java | 52 +++++++++++++++-------
.../impl/nio/ProtocolNegotiationException.java | 14 +++---
.../impl/nio/ServerHttpProtocolNegotiator.java | 16 ++++++-
.../hc/core5/reactor/InternalDataChannel.java | 14 ------
.../core5/reactor/ssl/TransportSecurityLayer.java | 2 +-
5 files changed, 56 insertions(+), 42 deletions(-)
copy httpcore5/src/main/java/org/apache/hc/core5/http/MessageConstraintException.java => httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/nio/ProtocolNegotiationException.java (80%)
[httpcomponents-core] 01/02: Revised TLS session initialization in
I/O reactor code
Posted by ol...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
olegk pushed a commit to branch tls_upgrade_redesign
in repository https://gitbox.apache.org/repos/asf/httpcomponents-core.git
commit 633202249b7833e372bcdf64c5fc1f26edd08da3
Author: Oleg Kalnichevski <ol...@apache.org>
AuthorDate: Thu Oct 29 10:26:57 2020 +0100
Revised TLS session initialization in I/O reactor code
---
.../http/impl/nio/AbstractHttp1StreamDuplexer.java | 6 ++-
.../hc/core5/reactor/InternalDataChannel.java | 51 +++++++++------------
.../apache/hc/core5/reactor/ssl/SSLIOSession.java | 53 ++++++++++++----------
.../core5/reactor/ssl/TransportSecurityLayer.java | 2 +-
4 files changed, 57 insertions(+), 55 deletions(-)
diff --git a/httpcore5/src/main/java/org/apache/hc/core5/http/impl/nio/AbstractHttp1StreamDuplexer.java b/httpcore5/src/main/java/org/apache/hc/core5/http/impl/nio/AbstractHttp1StreamDuplexer.java
index d8b27d6..7d63e08 100644
--- a/httpcore5/src/main/java/org/apache/hc/core5/http/impl/nio/AbstractHttp1StreamDuplexer.java
+++ b/httpcore5/src/main/java/org/apache/hc/core5/http/impl/nio/AbstractHttp1StreamDuplexer.java
@@ -230,8 +230,10 @@ abstract class AbstractHttp1StreamDuplexer<IncomingMessage extends HttpMessage,
}
public final void onConnect() throws HttpException, IOException {
- connState = ConnectionState.ACTIVE;
- processCommands();
+ if (connState == ConnectionState.READY) {
+ connState = ConnectionState.ACTIVE;
+ processCommands();
+ }
}
IncomingMessage parseMessageHead(final boolean endOfStream) throws IOException, HttpException {
diff --git a/httpcore5/src/main/java/org/apache/hc/core5/reactor/InternalDataChannel.java b/httpcore5/src/main/java/org/apache/hc/core5/reactor/InternalDataChannel.java
index 583220d..12ee7c6 100644
--- a/httpcore5/src/main/java/org/apache/hc/core5/reactor/InternalDataChannel.java
+++ b/httpcore5/src/main/java/org/apache/hc/core5/reactor/InternalDataChannel.java
@@ -58,7 +58,6 @@ final class InternalDataChannel extends InternalChannel implements ProtocolIOSes
private final IOSessionListener sessionListener;
private final AtomicReference<SSLIOSession> tlsSessionRef;
private final Queue<InternalDataChannel> closedSessions;
- private final AtomicBoolean connected;
private final AtomicBoolean closed;
InternalDataChannel(
@@ -71,7 +70,6 @@ final class InternalDataChannel extends InternalChannel implements ProtocolIOSes
this.closedSessions = closedSessions;
this.sessionListener = sessionListener;
this.tlsSessionRef = new AtomicReference<>(null);
- this.connected = new AtomicBoolean(false);
this.closed = new AtomicBoolean(false);
}
@@ -95,6 +93,11 @@ final class InternalDataChannel extends InternalChannel implements ProtocolIOSes
ioSession.upgrade(handler);
}
+ private IOSession getSessionImpl() {
+ final SSLIOSession tlsSession = tlsSessionRef.get();
+ return tlsSession != null ? tlsSession : ioSession;
+ }
+
private IOEventHandler ensureHandler(final IOSession session) {
final IOEventHandler handler = session.getHandler();
Asserts.notNull(handler, "IO event handler");
@@ -107,7 +110,7 @@ final class InternalDataChannel extends InternalChannel implements ProtocolIOSes
final IOSession currentSession = tlsSession != null ? tlsSession : ioSession;
if ((readyOps & SelectionKey.OP_CONNECT) != 0) {
currentSession.clearEvent(SelectionKey.OP_CONNECT);
- if (tlsSession == null && connected.compareAndSet(false, true)) {
+ if (tlsSession == null) {
if (sessionListener != null) {
sessionListener.connected(this);
}
@@ -144,8 +147,7 @@ final class InternalDataChannel extends InternalChannel implements ProtocolIOSes
if (sessionListener != null) {
sessionListener.timeout(this);
}
- final SSLIOSession tlsSession = tlsSessionRef.get();
- final IOSession currentSession = tlsSession != null ? tlsSession : ioSession;
+ final IOSession currentSession = getSessionImpl();
final IOEventHandler handler = ensureHandler(currentSession);
handler.timeout(this, timeout);
}
@@ -155,14 +157,25 @@ final class InternalDataChannel extends InternalChannel implements ProtocolIOSes
if (sessionListener != null) {
sessionListener.exception(this, cause);
}
- final SSLIOSession tlsSession = tlsSessionRef.get();
- final IOSession currentSession = tlsSession != null ? tlsSession : ioSession;
+ final IOSession currentSession = getSessionImpl();
final IOEventHandler handler = currentSession.getHandler();
if (handler != null) {
handler.exception(this, cause);
}
}
+ void onTLSSessionStart() {
+ if (sessionListener != null) {
+ sessionListener.connected(this);
+ }
+ }
+
+ void onTLSSessionEnd() {
+ if (closed.compareAndSet(false, true)) {
+ closedSessions.add(this);
+ }
+ }
+
void disconnected() {
if (sessionListener != null) {
sessionListener.disconnected(this);
@@ -195,20 +208,7 @@ final class InternalDataChannel extends InternalChannel implements ProtocolIOSes
@Override
public void execute(final SSLIOSession sslSession) {
- if (connected.compareAndSet(false, true)) {
- final IOEventHandler handler = ensureHandler(ioSession);
- try {
- if (sessionListener != null) {
- sessionListener.connected(InternalDataChannel.this);
- }
- handler.connected(InternalDataChannel.this);
- } catch (final Exception ex) {
- if (sessionListener != null) {
- sessionListener.exception(InternalDataChannel.this, ex);
- }
- handler.exception(InternalDataChannel.this, ex);
- }
- }
+ onTLSSessionStart();
}
},
@@ -216,9 +216,7 @@ final class InternalDataChannel extends InternalChannel implements ProtocolIOSes
@Override
public void execute(final SSLIOSession sslSession) {
- if (closed.compareAndSet(false, true)) {
- closedSessions.add(InternalDataChannel.this);
- }
+ onTLSSessionEnd();
}
},
@@ -243,11 +241,6 @@ final class InternalDataChannel extends InternalChannel implements ProtocolIOSes
return ioSession.getLock();
}
- private IOSession getSessionImpl() {
- final SSLIOSession tlsSession = tlsSessionRef.get();
- return tlsSession != null ? tlsSession : ioSession;
- }
-
@Override
public void close() {
close(CloseMode.GRACEFUL);
diff --git a/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLIOSession.java b/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLIOSession.java
index 806794c..e6a40b4 100644
--- a/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLIOSession.java
+++ b/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLIOSession.java
@@ -80,11 +80,13 @@ public class SSLIOSession implements IOSession {
private final SSLManagedBuffer inPlain;
private final SSLSessionInitializer initializer;
private final SSLSessionVerifier verifier;
- private final Callback<SSLIOSession> connectedCallback;
- private final Callback<SSLIOSession> disconnectedCallback;
+ private final Callback<SSLIOSession> sessionStartCallback;
+ private final Callback<SSLIOSession> sessionEndCallback;
private final Timeout connectTimeout;
private final SSLMode sslMode;
private final AtomicInteger outboundClosedCount;
+ private final IOEventHandler internalEventHandler;
+
private int appEventMask;
private volatile boolean endOfStream;
@@ -115,8 +117,8 @@ public class SSLIOSession implements IOSession {
final SSLBufferMode sslBufferMode,
final SSLSessionInitializer initializer,
final SSLSessionVerifier verifier,
- final Callback<SSLIOSession> connectedCallback,
- final Callback<SSLIOSession> disconnectedCallback,
+ final Callback<SSLIOSession> sessionStartCallback,
+ final Callback<SSLIOSession> sessionEndCallback,
final Timeout connectTimeout) {
super();
Args.notNull(session, "IO session");
@@ -126,8 +128,8 @@ public class SSLIOSession implements IOSession {
this.sslMode = sslMode;
this.initializer = initializer;
this.verifier = verifier;
- this.connectedCallback = connectedCallback;
- this.disconnectedCallback = disconnectedCallback;
+ this.sessionStartCallback = sessionStartCallback;
+ this.sessionEndCallback = sessionEndCallback;
this.appEventMask = session.getEventMask();
if (this.sslMode == SSLMode.CLIENT && targetEndpoint != null) {
@@ -147,17 +149,7 @@ public class SSLIOSession implements IOSession {
this.inPlain = SSLManagedBuffer.create(sslBufferMode, appBufferSize);
this.outboundClosedCount = new AtomicInteger(0);
this.connectTimeout = connectTimeout;
- }
-
- private IOEventHandler ensureHandler() {
- final IOEventHandler handler = session.getHandler();
- Asserts.notNull(handler, "IO event handler");
- return handler;
- }
-
- @Override
- public IOEventHandler getHandler() {
- return new IOEventHandler() {
+ this.internalEventHandler = new IOEventHandler() {
@Override
public void connected(final IOSession protocolSession) throws IOException {
@@ -214,9 +206,21 @@ public class SSLIOSession implements IOSession {
}
};
+
}
- private void initialize() throws SSLException {
+ private IOEventHandler ensureHandler() {
+ final IOEventHandler handler = session.getHandler();
+ Asserts.notNull(handler, "IO event handler");
+ return handler;
+ }
+
+ @Override
+ public IOEventHandler getHandler() {
+ return internalEventHandler;
+ }
+
+ private void initialize() throws IOException {
Asserts.check(!this.initialized, "SSL I/O session already initialized");
// Save the initial socketTimeout of the underlying IOSession, to be restored after the handshake is finished
@@ -292,7 +296,7 @@ public class SSLIOSession implements IOSession {
}
}
- private void doHandshake() throws SSLException {
+ private void doHandshake() throws IOException {
boolean handshaking = true;
SSLEngineResult result = null;
@@ -380,8 +384,11 @@ public class SSLIOSession implements IOSession {
final String applicationProtocol = ReflectionUtils.callGetter(this.sslEngine, "ApplicationProtocol", String.class);
this.tlsDetails = new TlsDetails(sslSession, applicationProtocol);
}
- if (this.connectedCallback != null) {
- this.connectedCallback.execute(this);
+
+ ensureHandler().connected(this);
+
+ if (this.sessionStartCallback != null) {
+ this.sessionStartCallback.execute(this);
}
}
}
@@ -409,8 +416,8 @@ public class SSLIOSession implements IOSession {
}
if (this.status == Status.CLOSED) {
this.session.close();
- if (disconnectedCallback != null) {
- disconnectedCallback.execute(this);
+ if (sessionEndCallback != null) {
+ sessionEndCallback.execute(this);
}
return;
}
diff --git a/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/TransportSecurityLayer.java b/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/TransportSecurityLayer.java
index e9add69..42de768 100644
--- a/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/TransportSecurityLayer.java
+++ b/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/TransportSecurityLayer.java
@@ -33,7 +33,7 @@ import org.apache.hc.core5.net.NamedEndpoint;
import org.apache.hc.core5.util.Timeout;
/**
- * Represents a TLS capable session layer.
+ * TLS capable session layer interface.
*
* @since 5.0
*/
[httpcomponents-core] 02/02: Revised HTTP protocol negotiation for
non-blocking I/O sessions
Posted by ol...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
olegk pushed a commit to branch tls_upgrade_redesign
in repository https://gitbox.apache.org/repos/asf/httpcomponents-core.git
commit 445c6c6d835fc55b1203f65be1730f1955289a21
Author: Oleg Kalnichevski <ol...@apache.org>
AuthorDate: Thu Oct 29 15:43:45 2020 +0100
Revised HTTP protocol negotiation for non-blocking I/O sessions
---
.../impl/nio/ClientHttpProtocolNegotiator.java | 52 +++++++++++++++-------
.../impl/nio/ProtocolNegotiationException.java | 49 ++++++++++++++++++++
.../impl/nio/ServerHttpProtocolNegotiator.java | 16 ++++++-
3 files changed, 98 insertions(+), 19 deletions(-)
diff --git a/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/nio/ClientHttpProtocolNegotiator.java b/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/nio/ClientHttpProtocolNegotiator.java
index 30e6117..1bd8907 100644
--- a/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/nio/ClientHttpProtocolNegotiator.java
+++ b/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/nio/ClientHttpProtocolNegotiator.java
@@ -32,6 +32,7 @@ import java.net.SocketAddress;
import java.nio.ByteBuffer;
import java.nio.channels.ByteChannel;
import java.nio.channels.SelectionKey;
+import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.SSLSession;
@@ -76,6 +77,7 @@ public class ClientHttpProtocolNegotiator implements HttpConnectionEventHandler
private final ClientH2StreamMultiplexerFactory http2StreamHandlerFactory;
private final HttpVersionPolicy versionPolicy;
private final AtomicReference<HttpConnectionEventHandler> protocolHandlerRef;
+ private final AtomicBoolean initialized;
private volatile ByteBuffer preface;
private volatile BufferedData inBuf;
@@ -90,6 +92,7 @@ public class ClientHttpProtocolNegotiator implements HttpConnectionEventHandler
this.http2StreamHandlerFactory = Args.notNull(http2StreamHandlerFactory, "HTTP/2 stream handler factory");
this.versionPolicy = versionPolicy != null ? versionPolicy : HttpVersionPolicy.NEGOTIATE;
this.protocolHandlerRef = new AtomicReference<>(null);
+ this.initialized = new AtomicBoolean();
}
private void startHttp1(final IOSession session) {
@@ -126,21 +129,7 @@ public class ClientHttpProtocolNegotiator implements HttpConnectionEventHandler
}
}
- private void writeOutPreface(final IOSession session) throws IOException {
- if (preface.hasRemaining()) {
- final ByteChannel channel = session;
- channel.write(preface);
- }
- if (!preface.hasRemaining()) {
- session.clearEvent(SelectionKey.OP_WRITE);
- startHttp2(session);
- } else {
- session.setEvent(SelectionKey.OP_WRITE);
- }
- }
-
- @Override
- public void connected(final IOSession session) throws IOException {
+ private void initialize(final IOSession session) throws IOException {
switch (versionPolicy) {
case NEGOTIATE:
final TlsDetails tlsDetails = ioSession.getTlsDetails();
@@ -158,6 +147,28 @@ public class ClientHttpProtocolNegotiator implements HttpConnectionEventHandler
if (preface == null) {
startHttp1(session);
} else {
+ session.setEvent(SelectionKey.OP_WRITE);
+ }
+ }
+
+ private void writeOutPreface(final IOSession session) throws IOException {
+ if (preface.hasRemaining()) {
+ final ByteChannel channel = session;
+ channel.write(preface);
+ }
+ if (!preface.hasRemaining()) {
+ session.clearEvent(SelectionKey.OP_WRITE);
+ startHttp2(session);
+ preface = null;
+ }
+ }
+
+ @Override
+ public void connected(final IOSession session) throws IOException {
+ if (initialized.compareAndSet(false, true)) {
+ initialize(session);
+ }
+ if (preface != null) {
writeOutPreface(session);
}
}
@@ -170,15 +181,22 @@ public class ClientHttpProtocolNegotiator implements HttpConnectionEventHandler
}
inBuf.put(src);
}
- outputReady(session);
+ if (preface != null) {
+ writeOutPreface(session);
+ } else {
+ throw new ProtocolNegotiationException("Unexpected input");
+ }
}
@Override
public void outputReady(final IOSession session) throws IOException {
+ if (initialized.compareAndSet(false, true)) {
+ initialize(session);
+ }
if (preface != null) {
writeOutPreface(session);
} else {
- session.close(CloseMode.GRACEFUL);
+ throw new ProtocolNegotiationException("Unexpected output");
}
}
diff --git a/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/nio/ProtocolNegotiationException.java b/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/nio/ProtocolNegotiationException.java
new file mode 100644
index 0000000..b984db2
--- /dev/null
+++ b/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/nio/ProtocolNegotiationException.java
@@ -0,0 +1,49 @@
+/*
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.hc.core5.http2.impl.nio;
+
+import java.io.IOException;
+
+/**
+ * Signals a protocol error in HTTP protocol negotiation.
+ *
+ * @since 5.1
+ */
+public class ProtocolNegotiationException extends IOException {
+
+ /**
+ * Creates a MessageConstraintException with the specified detail message.
+ *
+ * @param message The exception detail message
+ */
+ public ProtocolNegotiationException(final String message) {
+ super(message);
+ }
+
+
+}
diff --git a/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/nio/ServerHttpProtocolNegotiator.java b/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/nio/ServerHttpProtocolNegotiator.java
index 7bb65d2..a0eb407 100644
--- a/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/nio/ServerHttpProtocolNegotiator.java
+++ b/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/nio/ServerHttpProtocolNegotiator.java
@@ -30,6 +30,7 @@ package org.apache.hc.core5.http2.impl.nio;
import java.io.IOException;
import java.net.SocketAddress;
import java.nio.ByteBuffer;
+import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.SSLSession;
@@ -74,6 +75,7 @@ public class ServerHttpProtocolNegotiator implements HttpConnectionEventHandler
private final HttpVersionPolicy versionPolicy;
private final BufferedData inBuf;
private final AtomicReference<HttpConnectionEventHandler> protocolHandlerRef;
+ private final AtomicBoolean initialized;
private volatile boolean expectValidH2Preface;
@@ -88,10 +90,10 @@ public class ServerHttpProtocolNegotiator implements HttpConnectionEventHandler
this.versionPolicy = versionPolicy != null ? versionPolicy : HttpVersionPolicy.NEGOTIATE;
this.inBuf = BufferedData.allocate(1024);
this.protocolHandlerRef = new AtomicReference<>(null);
+ this.initialized = new AtomicBoolean();
}
- @Override
- public void connected(final IOSession session) {
+ private void initialize(final IOSession session) {
try {
final TlsDetails tlsDetails = ioSession.getTlsDetails();
switch (versionPolicy) {
@@ -123,6 +125,13 @@ public class ServerHttpProtocolNegotiator implements HttpConnectionEventHandler
}
@Override
+ public void connected(final IOSession session) {
+ if (initialized.compareAndSet(false, true)) {
+ initialize(session);
+ }
+ }
+
+ @Override
public void inputReady(final IOSession session, final ByteBuffer src) {
try {
if (src != null) {
@@ -178,6 +187,9 @@ public class ServerHttpProtocolNegotiator implements HttpConnectionEventHandler
@Override
public void outputReady(final IOSession session) {
+ if (initialized.compareAndSet(false, true)) {
+ initialize(session);
+ }
}
@Override