├── .gitattributes ├── .github ├── scripts │ ├── bundle_create.sh │ ├── bundle_upload.sh │ ├── check_build_result.sh │ ├── local_staging_install_release.sh │ ├── local_staging_install_snapshot.sh │ ├── local_staging_merge_release.sh │ ├── local_staging_merge_snapshot.sh │ ├── release_checkout_tag.sh │ ├── release_rollback.ps1 │ └── release_rollback.sh └── workflows │ ├── ci-build.yml │ ├── ci-deploy.yml │ ├── ci-pr.yml │ ├── ci-release.yml │ └── codeql-analysis.yml ├── .gitignore ├── .mvn └── wrapper │ ├── maven-wrapper.jar │ └── maven-wrapper.properties ├── Brewfile ├── LICENSE.txt ├── NOTICE.txt ├── README.md ├── boringssl-static ├── pom.xml └── src │ └── test │ └── java │ └── io │ └── netty │ └── internal │ └── tcnative │ └── NativeTest.java ├── docker ├── Dockerfile.arch ├── Dockerfile.centos6 ├── Dockerfile.cross_compile_aarch64 ├── Dockerfile.debian ├── Dockerfile.opensuse ├── README.md ├── docker-compose.arch-18.yaml ├── docker-compose.arch.yaml ├── docker-compose.centos-6.18.yaml ├── docker-compose.centos-6.yaml ├── docker-compose.centos-7.yaml ├── docker-compose.debian-7.18.yaml ├── docker-compose.debian.yaml ├── docker-compose.opensuse-151.18.yaml └── docker-compose.opensuse.yaml ├── libressl-static └── pom.xml ├── license ├── LICENSE.aix-netbsd.txt ├── LICENSE.boringssl.txt ├── LICENSE.mvn-wrapper.txt └── LICENSE.tomcat-native.txt ├── mvnw ├── mvnw.cmd ├── openssl-classes ├── pom.xml └── src │ └── main │ └── java │ ├── io │ └── netty │ │ └── internal │ │ └── tcnative │ │ ├── AsyncSSLPrivateKeyMethod.java │ │ ├── AsyncSSLPrivateKeyMethodAdapter.java │ │ ├── AsyncTask.java │ │ ├── Buffer.java │ │ ├── CertificateCallback.java │ │ ├── CertificateCallbackTask.java │ │ ├── CertificateCompressionAlgo.java │ │ ├── CertificateRequestedCallback.java │ │ ├── CertificateVerifier.java │ │ ├── CertificateVerifierTask.java │ │ ├── KeyLogCallback.java │ │ ├── Library.java │ │ ├── NativeStaticallyReferencedJniMethods.java │ │ ├── ResultCallback.java │ │ ├── SSL.java │ │ ├── SSLContext.java │ │ ├── SSLPrivateKeyMethod.java │ │ ├── SSLPrivateKeyMethodDecryptTask.java │ │ ├── SSLPrivateKeyMethodSignTask.java │ │ ├── SSLPrivateKeyMethodTask.java │ │ ├── SSLSession.java │ │ ├── SSLSessionCache.java │ │ ├── SSLTask.java │ │ ├── SessionTicketKey.java │ │ └── SniHostNameMatcher.java │ └── module-info.yml ├── openssl-dynamic ├── pom.xml └── src │ ├── main │ ├── c │ │ ├── bb.c │ │ ├── bb.h │ │ ├── cert_compress.c │ │ ├── cert_compress.h │ │ ├── error.c │ │ ├── error.h │ │ ├── jnilib.c │ │ ├── native_constants.c │ │ ├── native_constants.h │ │ ├── ssl.c │ │ ├── ssl.h │ │ ├── ssl_private.h │ │ ├── sslcontext.c │ │ ├── sslcontext.h │ │ ├── sslsession.c │ │ ├── sslsession.h │ │ ├── sslutils.c │ │ └── tcn.h │ └── native-package │ │ ├── configure.ac │ │ └── m4 │ │ ├── apr_common.m4 │ │ ├── custom.m4 │ │ ├── find_apr.m4 │ │ └── tcnative.m4 │ └── test │ └── java │ └── io │ └── netty │ └── internal │ └── tcnative │ ├── AbstractNativeTest.java │ └── CertificateVerifierTest.java ├── openssl-static └── pom.xml ├── patches └── apr_crypt.patch ├── pom.xml ├── scripts ├── finish_release.sh └── list_staged_release.sh └── vs2010.vcxproj.static.template /.gitattributes: -------------------------------------------------------------------------------- 1 | # Set the default behavior, in case people don't have core.autocrlf set. 2 | * text=auto 3 | -------------------------------------------------------------------------------- /.github/scripts/bundle_create.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # ---------------------------------------------------------------------------- 3 | # Copyright 2025 The Netty Project 4 | # 5 | # The Netty Project licenses this file to you under the Apache License, 6 | # version 2.0 (the "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at: 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 14 | # License for the specific language governing permissions and limitations 15 | # under the License. 16 | # ---------------------------------------------------------------------------- 17 | set -e 18 | 19 | if [ "$#" -ne 2 ]; then 20 | echo "Expected bundle name and directory" 21 | exit 1 22 | fi 23 | 24 | # Create a bundle zip that contains all jars. 25 | # See https://central.sonatype.org/publish/publish-portal-upload/ 26 | pushd $2 27 | zip -r $1 * -x maven-metadata-central-staging.xml 28 | popd 29 | -------------------------------------------------------------------------------- /.github/scripts/bundle_upload.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # ---------------------------------------------------------------------------- 3 | # Copyright 2025 The Netty Project 4 | # 5 | # The Netty Project licenses this file to you under the Apache License, 6 | # version 2.0 (the "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at: 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 14 | # License for the specific language governing permissions and limitations 15 | # under the License. 16 | # ---------------------------------------------------------------------------- 17 | set -e 18 | 19 | if [ "$#" -ne 3 ]; then 20 | echo "Expected bundle-name, username, password" 21 | exit 1 22 | fi 23 | 24 | # Generate the correct Bearer. 25 | # See https://central.sonatype.org/publish/publish-portal-api/ 26 | BEARER=`printf "$2:$3" | base64` 27 | 28 | # Upload a previous build bundle. 29 | # See https://central.sonatype.org/publish/publish-portal-api/ 30 | curl --request POST \ 31 | --header "Authorization: Bearer $BEARER" \ 32 | --form bundle=@$1 \ 33 | https://central.sonatype.com/api/v1/publisher/upload 34 | -------------------------------------------------------------------------------- /.github/scripts/check_build_result.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | if [ "$#" -ne 1 ]; then 5 | echo "Expected build log as argument" 6 | exit 1 7 | fi 8 | 9 | if grep -q 'BUILD FAILURE' $1 ; then 10 | echo "Build failure detected, please inspect build log" 11 | exit 1 12 | else 13 | echo "Build successful" 14 | exit 0 15 | fi 16 | -------------------------------------------------------------------------------- /.github/scripts/local_staging_install_release.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # ---------------------------------------------------------------------------- 3 | # Copyright 2021 The Netty Project 4 | # 5 | # The Netty Project licenses this file to you under the Apache License, 6 | # version 2.0 (the "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at: 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 14 | # License for the specific language governing permissions and limitations 15 | # under the License. 16 | # ---------------------------------------------------------------------------- 17 | set -e 18 | if [ "$#" -lt 2 ]; then 19 | echo "Expected target directory and at least one local staging directory" 20 | exit 1 21 | fi 22 | TARGET=$1 23 | 24 | for ((i=2; i<=$#; i++)) 25 | do 26 | DIR="${!i}" 27 | 28 | if [ ! -d "${TARGET}" ] 29 | then 30 | mkdir -p "${TARGET}" 31 | fi 32 | cp -r "${DIR}"/* "${TARGET}"/ 33 | done 34 | -------------------------------------------------------------------------------- /.github/scripts/local_staging_install_snapshot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # ---------------------------------------------------------------------------- 3 | # Copyright 2021 The Netty Project 4 | # 5 | # The Netty Project licenses this file to you under the Apache License, 6 | # version 2.0 (the "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at: 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 14 | # License for the specific language governing permissions and limitations 15 | # under the License. 16 | # ---------------------------------------------------------------------------- 17 | set -e 18 | if [ "$#" -lt 2 ]; then 19 | echo "Expected target directory and at least one local staging directory" 20 | exit 1 21 | fi 22 | TARGET=$1 23 | 24 | for ((i=2; i<=$#; i++)) 25 | do 26 | DIR="${!i}" 27 | SUB_DIR=$(ls -d "${DIR}"/* | awk -F / '{print $NF}') 28 | 29 | if [ ! -d "${TARGET}" ] 30 | then 31 | mkdir -p "${TARGET}" 32 | fi 33 | cp -r "${DIR}"/"${SUB_DIR}"/* "${TARGET}"/ 34 | done 35 | -------------------------------------------------------------------------------- /.github/scripts/local_staging_merge_release.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # ---------------------------------------------------------------------------- 3 | # Copyright 2025 The Netty Project 4 | # 5 | # The Netty Project licenses this file to you under the Apache License, 6 | # version 2.0 (the "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at: 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 14 | # License for the specific language governing permissions and limitations 15 | # under the License. 16 | # ---------------------------------------------------------------------------- 17 | 18 | set -e 19 | if [ "$#" -lt 2 ]; then 20 | echo "Expected target directory and at least one local staging directory" 21 | exit 1 22 | fi 23 | TARGET=$1 24 | 25 | for ((i=2; i<=$#; i++)) 26 | do 27 | DIR="${!i}" 28 | 29 | if [ ! -d "${TARGET}" ] 30 | then 31 | mkdir -p "${TARGET}" 32 | fi 33 | cp -r "${DIR}"/"${SUB_DIR}"/* "${TARGET}/${SUB_DIR}"/ 34 | done 35 | -------------------------------------------------------------------------------- /.github/scripts/local_staging_merge_snapshot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # ---------------------------------------------------------------------------- 3 | # Copyright 2021 The Netty Project 4 | # 5 | # The Netty Project licenses this file to you under the Apache License, 6 | # version 2.0 (the "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at: 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 14 | # License for the specific language governing permissions and limitations 15 | # under the License. 16 | # ---------------------------------------------------------------------------- 17 | 18 | set -e 19 | if [ "$#" -lt 2 ]; then 20 | echo "Expected target directory and at least one local staging directory" 21 | exit 1 22 | fi 23 | TARGET=$1 24 | 25 | for ((i=2; i<=$#; i++)) 26 | do 27 | DIR="${!i}" 28 | SUB_DIR=$(ls -d "${DIR}"/* | awk -F / '{print $NF}') 29 | 30 | if [ ! -d "${TARGET}/${SUB_DIR}" ] 31 | then 32 | mkdir -p "${TARGET}/${SUB_DIR}" 33 | fi 34 | cat "${DIR}"/"${SUB_DIR}"/.index >> "${TARGET}/${SUB_DIR}"/.index 35 | cp -r "${DIR}"/"${SUB_DIR}"/* "${TARGET}/${SUB_DIR}"/ 36 | done 37 | -------------------------------------------------------------------------------- /.github/scripts/release_checkout_tag.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | if [ "$#" -ne 1 ]; then 5 | echo "Expected release.properties file" 6 | exit 1 7 | fi 8 | 9 | TAG=$(grep scm.tag= "$1" | cut -d'=' -f2) 10 | 11 | echo "Checkout tag $TAG" 12 | git checkout "$TAG" 13 | exit 0 14 | -------------------------------------------------------------------------------- /.github/scripts/release_rollback.ps1: -------------------------------------------------------------------------------- 1 | $file=$args[0] 2 | $repository=$args[1] 3 | $branch=$args[2] 4 | $line = Select-String -Path $file -Pattern "scm.tag=" 5 | $tag = ($line -split "=")[1] 6 | $url = "git@github.com:" + $repository + ".git" 7 | git remote set-url origin $url 8 | git fetch 9 | git checkout $branch 10 | ./mvnw.cmd -B --file pom.xml release:rollback 11 | git push origin :$tag 12 | -------------------------------------------------------------------------------- /.github/scripts/release_rollback.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | if [ "$#" -ne 3 ]; then 5 | echo "Expected release.properties file, repository name and branch" 6 | exit 1 7 | fi 8 | 9 | TAG=$(grep scm.tag= "$1" | cut -d'=' -f2) 10 | git remote set-url origin git@github.com:"$2".git 11 | git fetch 12 | git checkout "$3" 13 | ./mvnw -B --file pom.xml release:rollback 14 | git push origin :"$TAG" 15 | -------------------------------------------------------------------------------- /.github/workflows/ci-build.yml: -------------------------------------------------------------------------------- 1 | name: Build project 2 | 3 | on: 4 | push: 5 | branches: [ main ] 6 | 7 | schedule: 8 | - cron: '30 3 * * 1' # At 03:30 on Monday, every Monday. 9 | 10 | # Allows you to run this workflow manually from the Actions tab 11 | workflow_dispatch: 12 | 13 | permissions: 14 | contents: read 15 | 16 | env: 17 | MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryhandler.count=5 -Dmaven.wagon.httpconnectionManager.ttlSeconds=240 18 | 19 | # Cancel running jobs when a new push happens to the same branch as otherwise it will 20 | # tie up too many resources without providing much value. 21 | concurrency: 22 | group: ${{ github.workflow }}-${{ github.ref }} 23 | cancel-in-progress: true 24 | 25 | jobs: 26 | build: 27 | runs-on: ubuntu-latest 28 | strategy: 29 | matrix: 30 | include: 31 | - setup: centos6-x86_64 32 | docker-compose-build: "-f docker/docker-compose.centos-6.yaml -f docker/docker-compose.centos-6.18.yaml build" 33 | docker-compose-run: "-f docker/docker-compose.centos-6.yaml -f docker/docker-compose.centos-6.18.yaml run build" 34 | - setup: debian7-x86_64 35 | docker-compose-build: "-f docker/docker-compose.debian.yaml -f docker/docker-compose.debian-7.18.yaml build" 36 | docker-compose-run: "-f docker/docker-compose.debian.yaml -f docker/docker-compose.debian-7.18.yaml run build-dynamic-only" 37 | - setup: centos7-aarch64 38 | docker-compose-build: "-f docker/docker-compose.centos-7.yaml build" 39 | docker-compose-run: "-f docker/docker-compose.centos-7.yaml run cross-compile-aarch64-build" 40 | 41 | name: ${{ matrix.setup }} 42 | steps: 43 | - uses: actions/checkout@v4 44 | 45 | # Cache .m2/repository 46 | - uses: actions/cache@v4 47 | continue-on-error: true 48 | with: 49 | path: ~/.m2/repository 50 | key: build-${{ matrix.setup }}-m2-repository-cache-${{ hashFiles('**/pom.xml') }} 51 | restore-keys: | 52 | build-${{ matrix.setup }}-m2-repository-cache- 53 | 54 | - name: Build docker image 55 | run: docker compose ${{ matrix.docker-compose-build }} 56 | 57 | - name: Build project 58 | run: docker compose ${{ matrix.docker-compose-run }} | tee build.output 59 | 60 | - name: Checking for test failures 61 | run: ./.github/scripts/check_build_result.sh build.output 62 | 63 | - uses: actions/upload-artifact@v4 64 | if: ${{ always() }} 65 | with: 66 | name: build-${{ matrix.setup }}-jars 67 | path: | 68 | **/target/*.jar 69 | 70 | - uses: actions/upload-artifact@v4 71 | if: ${{ failure() }} 72 | with: 73 | name: build-${{ matrix.setup }}-target 74 | path: | 75 | **/target/surefire-reports/ 76 | **/hs_err*.log 77 | 78 | 79 | build-windows: 80 | runs-on: windows-2019 81 | name: windows-x86_64 82 | steps: 83 | - uses: actions/checkout@v4 84 | 85 | - name: Set up JDK 8 86 | uses: actions/setup-java@v4 87 | with: 88 | java-version: 8 89 | distribution: zulu 90 | 91 | - name: Add msbuild to PATH 92 | uses: microsoft/setup-msbuild@v2 93 | 94 | - name: Configuring Developer Command Prompt 95 | uses: ilammy/msvc-dev-cmd@v1 96 | with: 97 | arch: x86_amd64 98 | 99 | - name: Install tools 100 | uses: crazy-max/ghaction-chocolatey@v3 101 | with: 102 | args: install ninja nasm 103 | 104 | # Cache .m2/repository 105 | - uses: actions/cache@v4 106 | continue-on-error: true 107 | with: 108 | path: ~/.m2/repository 109 | key: build-windows-m2-repository-cache-${{ hashFiles('**/pom.xml') }} 110 | restore-keys: | 111 | build-windows-m2-repository-cache- 112 | 113 | - name: Build netty-tcnative-boringssl-static 114 | run: ./mvnw.cmd --file pom.xml -am -pl boringssl-static clean package 115 | 116 | - uses: actions/upload-artifact@v4 117 | if: ${{ always() }} 118 | with: 119 | name: build-windows-jars 120 | path: | 121 | **/target/*.jar 122 | 123 | - uses: actions/upload-artifact@v4 124 | if: ${{ failure() }} 125 | with: 126 | name: build-windows-target 127 | path: | 128 | **/target/surefire-reports/ 129 | **/hs_err*.log 130 | -------------------------------------------------------------------------------- /.github/workflows/ci-deploy.yml: -------------------------------------------------------------------------------- 1 | name: Deploy project 2 | 3 | on: 4 | push: 5 | branches: [ main ] 6 | 7 | schedule: 8 | - cron: '30 3 * * 1' # At 03:30 on Monday, every Monday. 9 | 10 | # Allows you to run this workflow manually from the Actions tab 11 | workflow_dispatch: 12 | 13 | permissions: 14 | contents: read 15 | 16 | env: 17 | MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryhandler.count=5 -Dmaven.wagon.httpconnectionManager.ttlSeconds=240 18 | 19 | # Cancel running jobs when a new push happens to the same branch as otherwise it will 20 | # tie up too many resources without providing much value. 21 | concurrency: 22 | group: ${{ github.workflow }}-${{ github.ref }} 23 | cancel-in-progress: true 24 | 25 | jobs: 26 | stage-snapshot: 27 | runs-on: ubuntu-latest 28 | strategy: 29 | matrix: 30 | include: 31 | - setup: centos6-x86_64 32 | docker-compose-build: "-f docker/docker-compose.centos-6.yaml -f docker/docker-compose.centos-6.18.yaml build" 33 | docker-compose-run: "-f docker/docker-compose.centos-6.yaml -f docker/docker-compose.centos-6.18.yaml run stage-snapshot" 34 | - setup: debian7-x86_64 35 | docker-compose-build: "-f docker/docker-compose.debian.yaml -f docker/docker-compose.debian-7.18.yaml build" 36 | docker-compose-run: "-f docker/docker-compose.debian.yaml -f docker/docker-compose.debian-7.18.yaml run stage-snapshot" 37 | - setup: centos7-aarch64 38 | docker-compose-build: "-f docker/docker-compose.centos-7.yaml build" 39 | docker-compose-run: "-f docker/docker-compose.centos-7.yaml run cross-compile-aarch64-stage-snapshot" 40 | 41 | name: stage-snapshot-${{ matrix.setup }} 42 | steps: 43 | - uses: actions/checkout@v4 44 | 45 | # Cache .m2/repository 46 | - uses: actions/cache@v4 47 | continue-on-error: true 48 | with: 49 | path: ~/.m2/repository 50 | key: stage-snapshot-${{ matrix.setup }}-m2-repository-cache-${{ hashFiles('**/pom.xml') }} 51 | restore-keys: | 52 | stage-snapshot-${{ matrix.setup }}-m2-repository-cache- 53 | 54 | - name: Create local staging directory 55 | run: mkdir -p ~/local-staging 56 | 57 | - name: Build docker image 58 | run: docker compose ${{ matrix.docker-compose-build }} 59 | 60 | - name: Stage snapshots to local staging directory 61 | run: docker compose ${{ matrix.docker-compose-run }} 62 | 63 | - name: Upload local staging directory 64 | uses: actions/upload-artifact@v4 65 | with: 66 | name: ${{ matrix.setup }}-local-staging 67 | path: ~/local-staging 68 | if-no-files-found: error 69 | include-hidden-files: true 70 | 71 | stage-snapshot-macos: 72 | strategy: 73 | fail-fast: false 74 | matrix: 75 | include: 76 | - setup: macos-x86_64 77 | os: macos-13 78 | - setup: macos-aarch64 79 | os: macos-15 80 | 81 | runs-on: ${{ matrix.os }} 82 | name: ${{ matrix.setup }} build 83 | 84 | steps: 85 | - uses: actions/checkout@v4 86 | 87 | - name: Set up JDK 8 88 | uses: actions/setup-java@v4 89 | with: 90 | distribution: 'zulu' 91 | java-version: '8' 92 | 93 | # Cache .m2/repository 94 | # Caching of maven dependencies 95 | - uses: actions/cache@v4 96 | continue-on-error: true 97 | with: 98 | path: ~/.m2/repository 99 | key: pr-${{ matrix.setup }}-maven-cache-${{ hashFiles('**/pom.xml') }} 100 | restore-keys: | 101 | pr-${{ matrix.setup }}-maven-cache- 102 | 103 | - name: Install tools via brew 104 | run: brew bundle 105 | 106 | - name: Create local staging directory 107 | run: mkdir -p ~/local-staging 108 | 109 | - name: Stage snapshots to local staging directory 110 | run: ./mvnw -B -ntp -am -pl openssl-dynamic,boringssl-static clean package org.sonatype.plugins:nexus-staging-maven-plugin:deploy -DaltStagingDirectory=$HOME/local-staging -DskipTests=true 111 | 112 | - name: Upload local staging directory 113 | uses: actions/upload-artifact@v4 114 | with: 115 | name: ${{ matrix.setup }}-local-staging 116 | path: ~/local-staging 117 | if-no-files-found: error 118 | include-hidden-files: true 119 | 120 | stage-snapshot-windows: 121 | runs-on: windows-2019 122 | name: stage-snapshot-windows-x86_64 123 | steps: 124 | - uses: actions/checkout@v4 125 | 126 | - name: Create local staging directory 127 | run: mkdir local-staging 128 | 129 | - name: Set up JDK 8 130 | uses: actions/setup-java@v4 131 | with: 132 | java-version: 8 133 | distribution: zulu 134 | 135 | - name: Add msbuild to PATH 136 | uses: microsoft/setup-msbuild@v2 137 | 138 | - name: Configuring Developer Command Prompt 139 | uses: ilammy/msvc-dev-cmd@v1 140 | with: 141 | arch: x86_amd64 142 | 143 | - name: Install tools 144 | uses: crazy-max/ghaction-chocolatey@v3 145 | with: 146 | args: install ninja nasm 147 | 148 | # Cache .m2/repository 149 | - uses: actions/cache@v4 150 | continue-on-error: true 151 | with: 152 | path: ~/.m2/repository 153 | key: stage-snapshot-windows-m2-repository-cache-${{ hashFiles('**/pom.xml') }} 154 | restore-keys: | 155 | stage-snapshot-windows-m2-repository-cache- 156 | 157 | - name: Build netty-tcnative-boringssl-static 158 | run: ./mvnw.cmd --file pom.xml -am -pl boringssl-static clean package org.sonatype.plugins:nexus-staging-maven-plugin:deploy -DaltStagingDirectory=/local-staging -DskipRemoteStaging=true -DskipTests=true 159 | 160 | - name: Upload local staging directory 161 | uses: actions/upload-artifact@v4 162 | with: 163 | name: windows-x86_64-local-staging 164 | path: /local-staging 165 | if-no-files-found: error 166 | include-hidden-files: true 167 | 168 | deploy-staged-snapshots: 169 | runs-on: ubuntu-latest 170 | # Wait until we have staged everything 171 | needs: [stage-snapshot, stage-snapshot-macos, stage-snapshot-windows] 172 | steps: 173 | - uses: actions/checkout@v4 174 | 175 | - name: Set up JDK 8 176 | uses: actions/setup-java@v4 177 | with: 178 | java-version: 8 179 | distribution: zulu 180 | 181 | # Cache .m2/repository 182 | - uses: actions/cache@v4 183 | continue-on-error: true 184 | with: 185 | path: ~/.m2/repository 186 | key: deploy-staged-snapshot-m2-repository-cache-${{ hashFiles('**/pom.xml') }} 187 | restore-keys: | 188 | deploy-stage-snapshot-m2-repository-cache- 189 | 190 | - uses: s4u/maven-settings-action@v3.0.0 191 | with: 192 | servers: | 193 | [{ 194 | "id": "central-portal-snapshots", 195 | "username": "${{ secrets.MAVEN_CENTRAL_USERNAME }}", 196 | "password": "${{ secrets.MAVEN_CENTRAL_PASSWORD }}" 197 | }] 198 | 199 | # Hardcode the staging artifacts that need to be downloaded. 200 | # These must match the matrix setups and windows build. There is currently no way to pull this out of the config. 201 | - name: Download windows_x86_64 staging directory 202 | uses: actions/download-artifact@v4 203 | with: 204 | name: windows-x86_64-local-staging 205 | path: ~/windows-x86_64-local-staging 206 | 207 | - name: Download macos-aarch64 staging directory 208 | uses: actions/download-artifact@v4 209 | with: 210 | name: macos-aarch64-local-staging 211 | path: ~/macos-aarch64-local-staging 212 | 213 | - name: Download macos-x86_64 staging directory 214 | uses: actions/download-artifact@v4 215 | with: 216 | name: macos-x86_64-local-staging 217 | path: ~/macos-x86_64-local-staging 218 | 219 | - name: Download centos7-aarch64 staging directory 220 | uses: actions/download-artifact@v4 221 | with: 222 | name: centos7-aarch64-local-staging 223 | path: ~/centos7-aarch64-local-staging 224 | 225 | - name: Download debian7-x86_64 staging directory 226 | uses: actions/download-artifact@v4 227 | with: 228 | name: debian7-x86_64-local-staging 229 | path: ~/debian7-x86_64-local-staging 230 | 231 | - name: Download centos6-x86_64 staging directory 232 | uses: actions/download-artifact@v4 233 | with: 234 | name: centos6-x86_64-local-staging 235 | path: ~/centos6-x86_64-local-staging 236 | 237 | - name: Copy previous build artifacts to local maven repository 238 | run: bash ./.github/scripts/local_staging_install_snapshot.sh ~/.m2/repository ~/windows-x86_64-local-staging ~/macos-aarch64-local-staging ~/macos-x86_64-local-staging ~/centos7-aarch64-local-staging ~/debian7-x86_64-local-staging ~/centos6-x86_64-local-staging 239 | 240 | - name: Generate uber jar and deploy to local staging. 241 | run: | 242 | mkdir -p ~/uber-local-staging 243 | ./mvnw -B --file pom.xml -Puber-snapshot -pl boringssl-static clean package org.sonatype.plugins:nexus-staging-maven-plugin:deploy -DaltStagingDirectory=$HOME/uber-local-staging -DskipTests=true 244 | 245 | - name: Merge staging repositories 246 | run: bash ./.github/scripts/local_staging_merge_snapshot.sh ~/local-staging ~/windows-x86_64-local-staging ~/macos-aarch64-local-staging ~/macos-x86_64-local-staging ~/centos7-aarch64-local-staging ~/debian7-x86_64-local-staging ~/centos6-x86_64-local-staging ~/uber-local-staging 247 | 248 | - name: Deploy local staged artifacts 249 | run: ./mvnw -B --file pom.xml org.sonatype.plugins:nexus-staging-maven-plugin:deploy-staged -DaltStagingDirectory=$HOME/local-staging 250 | -------------------------------------------------------------------------------- /.github/workflows/ci-pr.yml: -------------------------------------------------------------------------------- 1 | name: Build PR 2 | 3 | on: 4 | pull_request: 5 | branches: [ main ] 6 | 7 | # Allows you to run this workflow manually from the Actions tab 8 | workflow_dispatch: 9 | 10 | permissions: 11 | contents: read 12 | 13 | env: 14 | MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryhandler.count=5 -Dmaven.wagon.httpconnectionManager.ttlSeconds=240 15 | 16 | # Cancel running jobs when a new push happens to the same branch as otherwise it will 17 | # tie up too many resources without providing much value. 18 | concurrency: 19 | group: ${{ github.workflow }}-${{ github.ref }} 20 | cancel-in-progress: true 21 | 22 | jobs: 23 | build-pr: 24 | runs-on: ubuntu-latest 25 | strategy: 26 | fail-fast: false 27 | matrix: 28 | include: 29 | - setup: centos6-x86_64 30 | docker-compose-build: "-f docker/docker-compose.centos-6.yaml -f docker/docker-compose.centos-6.18.yaml build" 31 | docker-compose-run: "-f docker/docker-compose.centos-6.yaml -f docker/docker-compose.centos-6.18.yaml run build" 32 | - setup: debian7-x86_64 33 | docker-compose-build: "-f docker/docker-compose.debian.yaml -f docker/docker-compose.debian-7.18.yaml build" 34 | docker-compose-run: "-f docker/docker-compose.debian.yaml -f docker/docker-compose.debian-7.18.yaml run build-dynamic-only" 35 | - setup: centos7-aarch64 36 | docker-compose-build: "-f docker/docker-compose.centos-7.yaml build" 37 | docker-compose-run: "-f docker/docker-compose.centos-7.yaml run cross-compile-aarch64-build" 38 | 39 | name: ${{ matrix.setup }} 40 | steps: 41 | - uses: actions/checkout@v4 42 | 43 | # Cache .m2/repository 44 | - uses: actions/cache@v4 45 | continue-on-error: true 46 | with: 47 | path: ~/.m2/repository 48 | key: build-pr-${{ matrix.setup }}-m2-repository-cache-${{ hashFiles('**/pom.xml') }} 49 | restore-keys: | 50 | build-pr-${{ matrix.setup }}-m2-repository-cache- 51 | 52 | - name: Build docker image 53 | run: docker compose ${{ matrix.docker-compose-build }} 54 | 55 | - name: Build project 56 | run: docker compose ${{ matrix.docker-compose-run }} | tee build.output 57 | 58 | - name: Checking for test failures 59 | run: ./.github/scripts/check_build_result.sh build.output 60 | 61 | - uses: actions/upload-artifact@v4 62 | if: ${{ always() }} 63 | with: 64 | name: build-pr-${{ matrix.setup }}-jars 65 | path: | 66 | **/target/*.jar 67 | 68 | - uses: actions/upload-artifact@v4 69 | if: ${{ failure() }} 70 | with: 71 | name: build-pr-${{ matrix.setup }}-target 72 | path: | 73 | **/target/surefire-reports/ 74 | **/hs_err*.log 75 | 76 | build-pr-windows: 77 | runs-on: windows-2019 78 | name: windows-x86_64 79 | steps: 80 | - uses: actions/checkout@v4 81 | 82 | - name: Set up JDK 8 83 | uses: actions/setup-java@v4 84 | with: 85 | java-version: 8 86 | distribution: zulu 87 | 88 | - name: Add msbuild to PATH 89 | uses: microsoft/setup-msbuild@v2 90 | 91 | - name: Configuring Developer Command Prompt 92 | uses: ilammy/msvc-dev-cmd@v1 93 | with: 94 | arch: x86_amd64 95 | 96 | - name: Install tools 97 | uses: crazy-max/ghaction-chocolatey@v3 98 | with: 99 | args: install ninja nasm 100 | 101 | # Cache .m2/repository 102 | - uses: actions/cache@v4 103 | continue-on-error: true 104 | with: 105 | path: ~/.m2/repository 106 | key: build-pr-windows-m2-repository-cache-${{ hashFiles('**/pom.xml') }} 107 | restore-keys: | 108 | build-pr-windows-m2-repository-cache- 109 | 110 | - name: Build netty-tcnative-boringssl-static 111 | run: ./mvnw.cmd --file pom.xml -am -pl boringssl-static clean package 112 | 113 | - uses: actions/upload-artifact@v4 114 | if: ${{ always() }} 115 | with: 116 | name: build-pr-windows-jars 117 | path: | 118 | **/target/*.jar 119 | 120 | - uses: actions/upload-artifact@v4 121 | if: ${{ failure() }} 122 | with: 123 | name: build-pr-windows-target 124 | path: | 125 | **/target/surefire-reports/ 126 | **/hs_err*.log 127 | 128 | build-pr-macos: 129 | strategy: 130 | fail-fast: false 131 | matrix: 132 | include: 133 | - setup: macos-x86_64 134 | os: macos-13 135 | - setup: macos-aarch64 136 | os: macos-15 137 | 138 | runs-on: ${{ matrix.os }} 139 | name: ${{ matrix.setup }} build 140 | 141 | steps: 142 | - uses: actions/checkout@v4 143 | 144 | - name: Set up JDK 8 145 | uses: actions/setup-java@v4 146 | with: 147 | distribution: 'zulu' 148 | java-version: '8' 149 | 150 | # Cache .m2/repository 151 | # Caching of maven dependencies 152 | - uses: actions/cache@v4 153 | continue-on-error: true 154 | with: 155 | path: ~/.m2/repository 156 | key: pr-${{ matrix.setup }}-maven-cache-${{ hashFiles('**/pom.xml') }} 157 | restore-keys: | 158 | pr-${{ matrix.setup }}-maven-cache- 159 | 160 | - name: Install tools via brew 161 | run: brew bundle 162 | 163 | - name: Build project 164 | run: ./mvnw -B -ntp --file pom.xml -am -pl openssl-dynamic,boringssl-static clean package 165 | 166 | - uses: actions/upload-artifact@v4 167 | if: ${{ always() }} 168 | with: 169 | name: build-pr-${{ matrix.setup }}-jars 170 | path: | 171 | **/target/*.jar 172 | 173 | - uses: actions/upload-artifact@v4 174 | if: ${{ failure() }} 175 | with: 176 | name: build-pr-${{ matrix.setup }}-target 177 | path: | 178 | **/target/surefire-reports/ 179 | **/hs_err*.log 180 | -------------------------------------------------------------------------------- /.github/workflows/codeql-analysis.yml: -------------------------------------------------------------------------------- 1 | # For most projects, this workflow file will not need changing; you simply need 2 | # to commit it to your repository. 3 | # 4 | # You may wish to alter this file to override the set of languages analyzed, 5 | # or to provide custom queries or build logic. 6 | name: "CodeQL" 7 | 8 | permissions: read-all 9 | 10 | on: 11 | push: 12 | branches: [main] 13 | pull_request: 14 | # The branches below must be a subset of the branches above 15 | branches: [main] 16 | schedule: 17 | - cron: '0 19 * * 5' 18 | env: 19 | MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryhandler.count=5 -Dmaven.wagon.httpconnectionManager.ttlSeconds=240 20 | 21 | # Cancel running jobs when a new push happens to the same branch as otherwise it will 22 | # tie up too many resources without providing much value. 23 | concurrency: 24 | group: ${{ github.workflow }}-${{ github.ref }} 25 | cancel-in-progress: true 26 | 27 | jobs: 28 | analyze: 29 | name: Analyze 30 | runs-on: ubuntu-latest 31 | 32 | permissions: 33 | security-events: write 34 | 35 | strategy: 36 | fail-fast: false 37 | matrix: 38 | # Override automatic language detection by changing the below list 39 | # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] 40 | language: ['cpp', 'java'] 41 | # Learn more... 42 | # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection 43 | 44 | steps: 45 | - name: Checkout repository 46 | uses: actions/checkout@v4 47 | 48 | # Cache .m2/repository 49 | - uses: actions/cache@v4 50 | continue-on-error: true 51 | with: 52 | path: ~/.m2/repository 53 | key: analyze-${{ matrix.language }}-cache-m2-repository-${{ hashFiles('**/pom.xml') }} 54 | restore-keys: | 55 | analyze-${{ matrix.language }}-cache-m2-repository- 56 | 57 | # Initializes the CodeQL tools for scanning. 58 | - name: Initialize CodeQL 59 | uses: github/codeql-action/init@v2 60 | with: 61 | languages: ${{ matrix.language }} 62 | # If you wish to specify custom queries, you can do so here or in a config file. 63 | # By default, queries listed here will override any specified in a config file. 64 | # Prefix the list here with "+" to use these queries and those in the config file. 65 | # queries: ./path/to/local/query, your-org/your-repo/queries@main 66 | 67 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). 68 | # If this step fails, then you should remove it and run the build manually (see below) 69 | # - name: Autobuild 70 | # uses: github/codeql-action/autobuild@v2 71 | 72 | # ℹ️ Command-line programs to run using the OS shell. 73 | # 📚 https://git.io/JvXDl 74 | 75 | # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines 76 | # and modify them (or add more) to build your code if your project 77 | # uses a compiled language 78 | 79 | - name: Install tools / libraries 80 | run: sudo apt-get update && sudo apt-get -y install autoconf automake libtool libtool-bin make tar libapr1-dev libssl-dev cmake perl ninja-build 81 | 82 | - name: Build project 83 | run: ./mvnw clean package -pl openssl-dynamic -DskipTests=true 84 | 85 | - name: Perform CodeQL Analysis 86 | uses: github/codeql-action/analyze@v2 87 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Eclipse project files 2 | .project 3 | .classpath 4 | .settings 5 | 6 | # IntelliJ IDEA project files and directories 7 | *.iml 8 | *.ipr 9 | *.iws 10 | .idea/ 11 | 12 | # Geany project file 13 | .geany 14 | 15 | # KDevelop project file and directory 16 | .kdev4/ 17 | *.kdev4 18 | 19 | # Build targets 20 | /target 21 | */target 22 | 23 | # Report directories 24 | /reports 25 | */reports 26 | 27 | # Mac-specific directory that no other operating system needs. 28 | .DS_Store 29 | 30 | # exclude mainframer files 31 | mainframer 32 | .mainframer 33 | 34 | # exclude cmake related files 35 | CMakeLists.txt 36 | cmake-* 37 | 38 | # exclude docker-sync stuff 39 | .docker-sync 40 | */.docker-sync 41 | 42 | .vscode 43 | 44 | # exclude file created by the flatten plugin 45 | .flattened-pom.xml 46 | -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/netty/netty-tcnative/06279ba6f3548a9ec3350e66e22bceff6bf5131f/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | distributionUrl=https://maven-central.storage-download.googleapis.com/maven2/org/apache/maven/apache-maven/3.9.6/apache-maven-3.9.6-bin.zip 18 | distributionSha512Sum=0eb0432004a91ebf399314ad33e5aaffec3d3b29279f2f143b2f43ade26f4db7bd1c0f08e436e9445ac6dc4a564a2945d13072a160ae54a930e90581284d6461 19 | -------------------------------------------------------------------------------- /Brewfile: -------------------------------------------------------------------------------- 1 | brew 'autoconf' 2 | brew 'automake' 3 | brew 'libtool' 4 | brew 'openssl' 5 | brew 'perl' 6 | brew 'ninja' 7 | brew 'golang' 8 | brew 'cmake' 9 | brew 'apr' 10 | -------------------------------------------------------------------------------- /NOTICE.txt: -------------------------------------------------------------------------------- 1 | The Netty Project 2 | ================= 3 | 4 | Please visit the Netty web site for more information: 5 | 6 | * http://netty.io/ 7 | 8 | Copyright 2016 The Netty Project 9 | 10 | The Netty Project licenses this file to you under the Apache License, 11 | version 2.0 (the "License"); you may not use this file except in compliance 12 | with the License. You may obtain a copy of the License at: 13 | 14 | http://www.apache.org/licenses/LICENSE-2.0 15 | 16 | Unless required by applicable law or agreed to in writing, software 17 | distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 19 | License for the specific language governing permissions and limitations 20 | under the License. 21 | 22 | ------------------------------------------------------------------------------- 23 | This product contains a forked and modified version of Tomcat Native 24 | 25 | * LICENSE: 26 | * license/LICENSE.tomcat-native.txt (Apache License 2.0) 27 | * HOMEPAGE: 28 | * http://tomcat.apache.org/native-doc/ 29 | * https://svn.apache.org/repos/asf/tomcat/native/ 30 | 31 | This product contains the Maven wrapper scripts from 'Maven Wrapper', that provides an easy way to ensure a user has everything necessary to run the Maven build. 32 | 33 | * LICENSE: 34 | * license/LICENSE.mvn-wrapper.txt (Apache License 2.0) 35 | * HOMEPAGE: 36 | * https://github.com/takari/maven-wrapper 37 | 38 | This product contains small piece of code to support AIX, taken from netbsd. 39 | 40 | * LICENSE: 41 | * license/LICENSE.aix-netbsd.txt (OpenSSL License) 42 | * HOMEPAGE: 43 | * https://ftp.netbsd.org/pub/NetBSD/NetBSD-current/src/crypto/external/bsd/openssl/dist 44 | 45 | 46 | This product contains code from boringssl. 47 | 48 | * LICENSE (Combination ISC and OpenSSL license) 49 | * license/LICENSE.boringssl.txt (Combination ISC and OpenSSL license) 50 | * HOMEPAGE: 51 | * https://boringssl.googlesource.com/boringssl/ 52 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![Build project](https://github.com/netty/netty-tcnative/workflows/Build%20project/badge.svg) 2 | 3 | ## Tomcat Native Fork for Netty 4 | 5 | See [our wiki page](http://netty.io/wiki/forked-tomcat-native.html). 6 | -------------------------------------------------------------------------------- /boringssl-static/src/test/java/io/netty/internal/tcnative/NativeTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | 19 | import org.junit.jupiter.api.Test; 20 | 21 | import java.io.File; 22 | 23 | public class NativeTest { 24 | 25 | @Test 26 | public void loadNativeLib() throws Exception { 27 | String testClassesRoot = NativeTest.class.getProtectionDomain().getCodeSource().getLocation().getFile(); 28 | File f = new File(testClassesRoot + File.separator + "META-INF" + File.separator + "native"); 29 | File[] directories = new File(testClassesRoot + File.separator + "META-INF" + File.separator + "native") 30 | .listFiles(); 31 | if (directories == null || directories.length != 1) { 32 | throw new IllegalStateException("Could not find platform specific native directory: " + f); 33 | } 34 | String libName = System.mapLibraryName("netty_tcnative") 35 | // Fix the filename (this is needed for macOS). 36 | .replace(".dylib", ".jnilib"); 37 | String libPath = directories[0].getAbsoluteFile() + File.separator + libName; 38 | System.load(libPath); 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /docker/Dockerfile.arch: -------------------------------------------------------------------------------- 1 | FROM --platform=linux/amd64 archlinux/base 2 | 3 | ARG java_version=8 4 | ENV JAVA_VERSION $java_version 5 | 6 | # install dependencies 7 | # use openSSL 1.0.x for now, for highest compatibility 8 | RUN pacman -Sy --noconfirm --needed \ 9 | apr \ 10 | autoconf \ 11 | automake \ 12 | bzip2 \ 13 | cmake \ 14 | git \ 15 | glibc \ 16 | gcc \ 17 | gnupg \ 18 | go \ 19 | gzip \ 20 | jdk${JAVA_VERSION}-openjdk \ 21 | openssl-1.0 \ 22 | libtool \ 23 | lsb-release \ 24 | make \ 25 | ninja \ 26 | perl \ 27 | tar \ 28 | unzip \ 29 | wget \ 30 | which 31 | -------------------------------------------------------------------------------- /docker/Dockerfile.centos6: -------------------------------------------------------------------------------- 1 | FROM --platform=linux/amd64 centos:6.10 2 | 3 | ENV SOURCE_DIR /root/source 4 | ENV CMAKE_VERSION_BASE 3.26 5 | ENV CMAKE_VERSION $CMAKE_VERSION_BASE.4 6 | ENV NINJA_VERSION 1.7.2 7 | ENV GO_VERSION 1.9.3 8 | ENV MAVEN_VERSION 3.9.1 9 | 10 | # Update as we need to use the vault now. 11 | RUN sed -i -e 's/^mirrorlist/#mirrorlist/g' -e 's/^#baseurl=http:\/\/mirror.centos.org\/centos\/$releasever\//baseurl=https:\/\/linuxsoft.cern.ch\/centos-vault\/\/6.10\//g' /etc/yum.repos.d/CentOS-Base.repo 12 | 13 | # install dependencies 14 | RUN yum install -y \ 15 | apr-devel \ 16 | autoconf \ 17 | automake \ 18 | bzip2 \ 19 | git \ 20 | glibc-devel \ 21 | gnupg \ 22 | libapr1-dev \ 23 | libtool \ 24 | lsb-core \ 25 | make \ 26 | openssl-devel \ 27 | patch \ 28 | perl \ 29 | perl-parent \ 30 | perl-devel \ 31 | tar \ 32 | unzip \ 33 | wget \ 34 | which \ 35 | zip 36 | 37 | RUN mkdir $SOURCE_DIR 38 | WORKDIR $SOURCE_DIR 39 | 40 | RUN wget -q https://github.com/ninja-build/ninja/releases/download/v$NINJA_VERSION/ninja-linux.zip && unzip ninja-linux.zip && mkdir -p /opt/ninja-$NINJA_VERSION/bin && mv ninja /opt/ninja-$NINJA_VERSION/bin && echo 'PATH=/opt/ninja-$NINJA_VERSION/bin:$PATH' >> ~/.bashrc 41 | RUN wget -q https://storage.googleapis.com/golang/go$GO_VERSION.linux-amd64.tar.gz && tar zxf go$GO_VERSION.linux-amd64.tar.gz && mv go /opt/ && echo 'PATH=/opt/go/bin:$PATH' >> ~/.bashrc && echo 'export GOROOT=/opt/go/' >> ~/.bashrc 42 | RUN curl -s https://cmake.org/files/v$CMAKE_VERSION_BASE/cmake-$CMAKE_VERSION-linux-x86_64.tar.gz --output cmake-$CMAKE_VERSION-linux-x86_64.tar.gz && tar zvxf cmake-$CMAKE_VERSION-linux-x86_64.tar.gz && mv cmake-$CMAKE_VERSION-linux-x86_64 /opt/ && echo 'PATH=/opt/cmake-$CMAKE_VERSION-linux-x86_64/bin:$PATH' >> ~/.bashrc 43 | 44 | RUN yum install -y centos-release-scl 45 | # Update repository urls as we need to use the vault now. 46 | RUN sed -i -e 's/^mirrorlist/#mirrorlist/g' -e 's/^# baseurl=http:\/\/mirror.centos.org\/centos\/6\//baseurl=https:\/\/vault.centos.org\/centos\/6\//g' /etc/yum.repos.d/CentOS-SCLo-scl.repo 47 | RUN sed -i -e 's/^mirrorlist/#mirrorlist/g' -e 's/^#baseurl=http:\/\/mirror.centos.org\/centos\/6\//baseurl=https:\/\/vault.centos.org\/centos\/6\//g' /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo 48 | 49 | RUN yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++ 50 | RUN echo 'source /opt/rh/devtoolset-9/enable' >> ~/.bashrc 51 | 52 | RUN rm -rf $SOURCE_DIR 53 | 54 | # Downloading and installing perlbrew as we need a more up to date perl version for boringssl 55 | # Use the same version as centos7 does. 56 | RUN curl -L https://install.perlbrew.pl | bash 57 | RUN echo 'source ~/perl5/perlbrew/etc/bashrc' >> ~/.bashrc 58 | 59 | RUN /root/perl5/perlbrew/bin/perlbrew install-patchperl 60 | RUN /root/perl5/perlbrew/bin/perlbrew install --notest --force --thread --switch perl-5.40.1 61 | RUN ln -sf /root/perl5/perlbrew/perls/perl-5.40.1/bin/perl /usr/bin/perl 62 | 63 | # Downloading and installing SDKMAN! 64 | RUN curl -s "https://get.sdkman.io" | bash 65 | 66 | ARG java_version="8.0.302-zulu" 67 | ENV JAVA_VERSION $java_version 68 | 69 | # Installing Java removing some unnecessary SDKMAN files 70 | RUN bash -c "source $HOME/.sdkman/bin/sdkman-init.sh && \ 71 | yes | sdk install java $JAVA_VERSION && \ 72 | yes | sdk install maven $MAVEN_VERSION && \ 73 | rm -rf $HOME/.sdkman/archives/* && \ 74 | rm -rf $HOME/.sdkman/tmp/*" 75 | 76 | RUN echo 'export JAVA_HOME="/root/.sdkman/candidates/java/current"' >> ~/.bashrc 77 | RUN echo 'PATH=$JAVA_HOME/bin:$PATH' >> ~/.bashrc 78 | 79 | # Prepare our own build 80 | ENV PATH /root/.sdkman/candidates/maven/current:$PATH 81 | ENV JAVA_HOME /jdk/ 82 | 83 | # This is workaround to be able to compile boringssl with atomics as while we use a recent gcc installation it still needs some 84 | # help to define static_assert(...) as otherwise the compilation will fail due the system installed assert.h which missed this definition. 85 | RUN mkdir ~/.include 86 | RUN echo '#include "/usr/include/assert.h"' >> ~/.include/assert.h 87 | RUN echo '#define static_assert _Static_assert' >> ~/.include/assert.h 88 | RUN echo 'export C_INCLUDE_PATH="$HOME/.include/"' >> ~/.bashrc 89 | 90 | # Cleanup 91 | RUN yum clean all && \ 92 | rm -rf /var/cache/yum 93 | -------------------------------------------------------------------------------- /docker/Dockerfile.cross_compile_aarch64: -------------------------------------------------------------------------------- 1 | FROM --platform=linux/amd64 centos:7.6.1810 2 | 3 | ARG gcc_version=10.2-2020.11 4 | ARG openssl_version=1_1_1d 5 | ARG apr_version=1.7.6 6 | ENV SOURCE_DIR /root/source 7 | ENV GCC_VERSION $gcc_version 8 | ENV OPENSSL_VERSION $openssl_version 9 | ENV MAVEN_VERSION 3.9.1 10 | ENV APR_VERSION $apr_version 11 | ENV CMAKE_VERSION_BASE 3.26 12 | ENV CMAKE_VERSION $CMAKE_VERSION_BASE.4 13 | 14 | RUN mkdir $SOURCE_DIR 15 | WORKDIR $SOURCE_DIR 16 | 17 | # Update to use the vault 18 | RUN sed -i -e 's/^mirrorlist/#mirrorlist/g' -e 's/^#baseurl=http:\/\/mirror.centos.org\/centos\/$releasever\//baseurl=https:\/\/linuxsoft.cern.ch\/centos-vault\/\/7.6.1810\//g' /etc/yum.repos.d/CentOS-Base.repo 19 | 20 | # We want to have git 2.x for the maven scm plugin and also for boringssl 21 | RUN yum install -y http://opensource.wandisco.com/centos/6/git/x86_64/wandisco-git-release-6-1.noarch.rpm 22 | 23 | # Install requirements 24 | RUN set -x && \ 25 | yum -y install epel-release && \ 26 | yum -y install wget tar git make autoconf automake libtool openssl-devel ninja-build gcc-c++ patch unzip zip which 27 | 28 | # Install Java 29 | RUN yum install -y java-1.8.0-openjdk-devel golang 30 | ENV JAVA_HOME="/usr/lib/jvm/java-1.8.0-openjdk/" 31 | 32 | # Install aarch64 gcc 10.2 toolchain 33 | RUN set -x && \ 34 | wget https://developer.arm.com/-/media/Files/downloads/gnu-a/$GCC_VERSION/binrel/gcc-arm-$GCC_VERSION-x86_64-aarch64-none-linux-gnu.tar.xz && \ 35 | tar xvf gcc-arm-$GCC_VERSION-x86_64-aarch64-none-linux-gnu.tar.xz && \ 36 | mv gcc-arm-$GCC_VERSION-x86_64-aarch64-none-linux-gnu / 37 | ENV PATH="/gcc-arm-$GCC_VERSION-x86_64-aarch64-none-linux-gnu/bin:${PATH}" 38 | 39 | # Cross compile Apache Apr for aarch64 - share 40 | RUN set -x && \ 41 | wget --no-check-certificate https://downloads.apache.org//apr/apr-$APR_VERSION.tar.gz && \ 42 | tar xvf apr-$APR_VERSION.tar.gz && \ 43 | pushd apr-$APR_VERSION && \ 44 | CC=aarch64-none-linux-gnu-gcc CFLAGS='-O3 -fno-omit-frame-pointer -fPIC' ./configure --prefix=/opt/apr-$APR_VERSION-share --host=aarch64-none-linux-gnu ac_cv_have_decl_sys_siglist=no ac_cv_file__dev_zero=yes ac_cv_func_setpgrp_void=yes apr_cv_tcp_nodelay_with_cork=yes ac_cv_sizeof_struct_iovec=8 && \ 45 | make || true && \ 46 | pushd tools && \ 47 | gcc -Wall -O2 -DCROSS_COMPILE gen_test_char.c -s -o gen_test_char && \ 48 | popd && \ 49 | make && make install && \ 50 | popd 51 | 52 | # Cross compile OpenSSL for aarch64 - share 53 | RUN set -x && \ 54 | wget https://github.com/openssl/openssl/archive/OpenSSL_$OPENSSL_VERSION.tar.gz && \ 55 | tar xvf OpenSSL_$OPENSSL_VERSION.tar.gz && \ 56 | pushd openssl-OpenSSL_$OPENSSL_VERSION && \ 57 | ./Configure linux-aarch64 --cross-compile-prefix=aarch64-none-linux-gnu- --prefix=/opt/openssl-$OPENSSL_VERSION-share shared && \ 58 | make && make install && \ 59 | popd 60 | 61 | # Install cmake 62 | RUN curl -s https://cmake.org/files/v$CMAKE_VERSION_BASE/cmake-$CMAKE_VERSION-linux-x86_64.tar.gz --output cmake-$CMAKE_VERSION-linux-x86_64.tar.gz && tar zvxf cmake-$CMAKE_VERSION-linux-x86_64.tar.gz && mv cmake-$CMAKE_VERSION-linux-x86_64 /opt/ && echo 'PATH=/opt/cmake-$CMAKE_VERSION-linux-x86_64/bin:$PATH' >> ~/.bashrc 63 | 64 | # Downloading and installing SDKMAN! 65 | RUN curl -s "https://get.sdkman.io" | bash 66 | 67 | # Don't check the certificates as our curl version is too old. 68 | RUN echo 'sdkman_insecure_ssl=true' >> $HOME/.sdkman/etc/config 69 | 70 | # Installing Java and Maven, removing some unnecessary SDKMAN files 71 | RUN bash -c "source $HOME/.sdkman/bin/sdkman-init.sh && \ 72 | yes | sdk install maven $MAVEN_VERSION && \ 73 | rm -rf $HOME/.sdkman/archives/* && \ 74 | rm -rf $HOME/.sdkman/tmp/*" 75 | 76 | # Prepare our own build 77 | ENV PATH /root/.sdkman/candidates/maven/current:$PATH 78 | 79 | 80 | # Cleanup 81 | RUN rm -rf $SOURCE_DIR 82 | RUN yum clean all && \ 83 | rm -rf /var/cache/yum 84 | -------------------------------------------------------------------------------- /docker/Dockerfile.debian: -------------------------------------------------------------------------------- 1 | ARG debian_version=7 2 | FROM --platform=linux/amd64 debian:$debian_version 3 | # needed to do again after FROM due to docker limitation 4 | ARG debian_version 5 | 6 | ENV SOURCE_DIR /root/source 7 | ENV CMAKE_VERSION_BASE 3.8 8 | ENV CMAKE_VERSION $CMAKE_VERSION_BASE.2 9 | ENV NINJA_VERSION 1.7.2 10 | ENV GO_VERSION 1.9.3 11 | ENV GCC_VERSION 4.9.4 12 | 13 | ARG java_version="8.0.302-zulu" 14 | ENV JAVA_VERSION $java_version 15 | 16 | # install dependencies 17 | RUN echo "deb http://archive.debian.org/debian/ wheezy contrib main non-free" > /etc/apt/sources.list && \ 18 | echo "deb-src http://archive.debian.org/debian/ wheezy contrib main non-free" >> /etc/apt/sources.list && \ 19 | apt-get -y update && apt-get --force-yes -y install \ 20 | autoconf \ 21 | automake \ 22 | bzip2 \ 23 | cmake \ 24 | curl \ 25 | gcc \ 26 | gcc-multilib \ 27 | git \ 28 | gnupg \ 29 | g++ \ 30 | libapr1-dev \ 31 | libssl1.0.0=1.0.1e-2+deb7u20 \ 32 | libssl-dev \ 33 | libtool \ 34 | libc-bin=2.13-38+deb7u10 \ 35 | libc6=2.13-38+deb7u10 libc6-dev \ 36 | make \ 37 | patch \ 38 | perl-base=5.14.2-21+deb7u3 \ 39 | tar \ 40 | unzip \ 41 | wget \ 42 | xutils-dev \ 43 | zip 44 | 45 | RUN mkdir $SOURCE_DIR 46 | WORKDIR $SOURCE_DIR 47 | 48 | RUN curl -q -k https://cmake.org/files/v$CMAKE_VERSION_BASE/cmake-$CMAKE_VERSION-Linux-x86_64.tar.gz --output cmake-$CMAKE_VERSION-Linux-x86_64.tar.gz && tar zxf cmake-$CMAKE_VERSION-Linux-x86_64.tar.gz && mv cmake-$CMAKE_VERSION-Linux-x86_64 /opt/ && echo 'PATH=/opt/cmake-$CMAKE_VERSION-Linux-x86_64/bin:$PATH' >> ~/.bashrc 49 | 50 | RUN wget -q --no-check-certificate https://github.com/ninja-build/ninja/releases/download/v$NINJA_VERSION/ninja-linux.zip && unzip ninja-linux.zip && mkdir -p /opt/ninja-$NINJA_VERSION/bin && mv ninja /opt/ninja-$NINJA_VERSION/bin && echo 'PATH=/opt/ninja-$NINJA_VERSION/bin:$PATH' >> ~/.bashrc 51 | 52 | RUN wget -q http://storage.googleapis.com/golang/go$GO_VERSION.linux-amd64.tar.gz && tar zxf go$GO_VERSION.linux-amd64.tar.gz && mv go /opt/ && echo 'PATH=/opt/go/bin:$PATH' >> ~/.bashrc && echo 'export GOROOT=/opt/go/' >> ~/.bashrc 53 | 54 | RUN wget -q --no-check-certificate https://github.com/netty/netty-tcnative/releases/download/gcc-precompile/gcc-$GCC_VERSION.tar.gz && tar zxf gcc-$GCC_VERSION.tar.gz && mv gcc-$GCC_VERSION /opt/ && echo 'PATH=/opt/gcc-$GCC_VERSION/bin:$PATH' >> ~/.bashrc && echo 'export CC=/opt/gcc-$GCC_VERSION/bin/gcc' >> ~/.bashrc && echo 'export CXX=/opt/gcc-$GCC_VERSION/bin/g++' >> ~/.bashrc 55 | 56 | RUN rm -rf $SOURCE_DIR 57 | 58 | # Downloading and installing SDKMAN! 59 | RUN echo '-k' > $HOME/.curlrc 60 | RUN curl -s "https://get.sdkman.io" | bash 61 | RUN rm $HOME/.curlrc 62 | 63 | # Don't check the certificates as our curl version is too old. 64 | RUN echo 'sdkman_insecure_ssl=true' >> $HOME/.sdkman/etc/config 65 | 66 | # Installing Java removing some unnecessary SDKMAN files 67 | RUN bash -c "source $HOME/.sdkman/bin/sdkman-init.sh && \ 68 | yes | sdk install java $JAVA_VERSION && \ 69 | rm -rf $HOME/.sdkman/archives/* && \ 70 | rm -rf $HOME/.sdkman/tmp/*" 71 | 72 | 73 | RUN echo 'export JAVA_HOME="/root/.sdkman/candidates/java/current"' >> ~/.bashrc 74 | RUN echo 'PATH=$JAVA_HOME/bin:$PATH' >> ~/.bashrc 75 | 76 | # Prepare our own build 77 | ENV JAVA_HOME /jdk/ 78 | 79 | ## Cleanup 80 | RUN apt-get clean 81 | -------------------------------------------------------------------------------- /docker/Dockerfile.opensuse: -------------------------------------------------------------------------------- 1 | ARG opensuse_version=15.1 2 | FROM --platform=linux/amd64 opensuse/leap:$opensuse_version 3 | # needed to do again after FROM due to docker limitation 4 | ARG opensuse_version 5 | 6 | ARG java_version=1.8.0 7 | ENV JAVA_VERSION $java_version 8 | 9 | # install dependencies 10 | # use openSSL 1.0.x for now, for highest compatibility 11 | RUN zypper install --force-resolution --no-recommends --no-confirm \ 12 | apr-devel \ 13 | autoconf \ 14 | automake \ 15 | bzip2 \ 16 | cmake \ 17 | git \ 18 | glibc-devel \ 19 | gcc \ 20 | gcc-c++ \ 21 | go \ 22 | gpg2 \ 23 | gzip \ 24 | java-${JAVA_VERSION}-devel \ 25 | libopenssl-1_0_0-devel \ 26 | libtool \ 27 | lsb-release \ 28 | make \ 29 | ninja \ 30 | patch \ 31 | perl \ 32 | tar \ 33 | unzip \ 34 | wget 35 | -------------------------------------------------------------------------------- /docker/README.md: -------------------------------------------------------------------------------- 1 | # Using the docker images 2 | 3 | ``` 4 | cd /path/to/netty-tcnative/ 5 | ``` 6 | # Using the docker images 7 | 8 | ``` 9 | cd /path/to/netty-tcnative/ 10 | ``` 11 | 12 | ## Arch Linux with java 8 13 | 14 | ``` 15 | docker compose -f docker/docker-compose.arch.yaml -f docker/docker-compose.arch-18.yaml run build 16 | ``` 17 | 18 | ## centos 6 with java 8 19 | 20 | ``` 21 | docker compose -f docker/docker-compose.centos-6.yaml -f docker/docker-compose.centos-6.18.yaml run build 22 | ``` 23 | 24 | ## debian 7 with java 8 25 | 26 | ``` 27 | docker compose -f docker/docker-compose.debian.yaml -f docker/docker-compose.debian-7.18.yaml run build 28 | ``` 29 | 30 | ## openSUSE Leap 15.1 with java 8 31 | 32 | ``` 33 | docker compose -f docker/docker-compose.opensuse.yaml -f docker/docker-compose.opensuse-151.18.yaml run build 34 | ``` 35 | 36 | ## centos7 with java8 for aarch64 cross compile 37 | 38 | ``` 39 | docker compose -f docker/docker-compose.centos-7.yaml run cross-compile-aarch64-build 40 | ``` 41 | 42 | etc, etc 43 | 44 | -------------------------------------------------------------------------------- /docker/docker-compose.arch-18.yaml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | 5 | runtime-setup: 6 | image: netty-tcnative-arch:arch-1.8 7 | build: 8 | args: 9 | java_version : "8" 10 | 11 | build: 12 | image: netty-tcnative-arch:arch-1.8 13 | 14 | shell: 15 | image: netty-tcnative-arch:arch-1.8 16 | -------------------------------------------------------------------------------- /docker/docker-compose.arch.yaml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | 5 | runtime-setup: 6 | image: netty-tcnative-arch:default 7 | build: 8 | context: ../ 9 | dockerfile: docker/Dockerfile.arch 10 | 11 | common: &common 12 | image: netty-tcnative-arch:default 13 | depends_on: [runtime-setup] 14 | environment: 15 | - GPG_KEYNAME 16 | - GPG_PASSPHRASE 17 | - GPG_PRIVATE_KEY 18 | - MAVEN_OPTS 19 | volumes: 20 | - ~/.ssh:/root/.ssh 21 | - ~/.gnupg:/root/.gnupg 22 | - ~/.m2/repository:/root/.m2/repository 23 | - ..:/code 24 | working_dir: /code 25 | 26 | build: 27 | <<: *common 28 | command: /bin/bash -cl "./mvnw clean package" 29 | 30 | shell: 31 | <<: *common 32 | volumes: 33 | - ~/.ssh:/root/.ssh 34 | - ~/.gnupg:/root/.gnupg 35 | - ~/.m2:/root/.m2 36 | - ~/.gitconfig:/root/.gitconfig 37 | - ~/.gitignore:/root/.gitignore 38 | - ..:/code 39 | entrypoint: /bin/bash 40 | -------------------------------------------------------------------------------- /docker/docker-compose.centos-6.18.yaml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | 5 | runtime-setup: 6 | image: netty-tcnative-centos:centos-6-1.8 7 | build: 8 | args: 9 | centos_version : "6" 10 | java_version : "8.0.412-zulu" 11 | 12 | build: 13 | image: netty-tcnative-centos:centos-6-1.8 14 | 15 | build-clean: 16 | image: netty-tcnative-centos:centos-6-1.8 17 | 18 | deploy: 19 | image: netty-tcnative-centos:centos-6-1.8 20 | 21 | stage-snapshot: 22 | image: netty-tcnative-centos:centos-6-1.8 23 | 24 | stage-release: 25 | image: netty-tcnative-centos:centos-6-1.8 26 | 27 | shell: 28 | image: netty-tcnative-centos:centos-6-1.8 29 | -------------------------------------------------------------------------------- /docker/docker-compose.centos-6.yaml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | 5 | runtime-setup: 6 | image: netty-tcnative-centos:default 7 | build: 8 | context: ../ 9 | dockerfile: docker/Dockerfile.centos6 10 | 11 | common: &common 12 | image: netty-tcnative-centos:default 13 | depends_on: [runtime-setup] 14 | environment: 15 | - GPG_KEYNAME 16 | - GPG_PASSPHRASE 17 | - GPG_PRIVATE_KEY 18 | - MAVEN_OPTS 19 | volumes: 20 | - ~/.ssh:/root/.ssh:delegated 21 | - ~/.m2/repository:/root/.m2/repository 22 | - ~/.gnupg:/root/.gnupg:delegated 23 | - ..:/code:delegated 24 | working_dir: /code 25 | 26 | build-clean: 27 | <<: *common 28 | command: /bin/bash -cl "./mvnw clean package" 29 | 30 | build: 31 | <<: *common 32 | command: /bin/bash -cl "./mvnw clean package" 33 | 34 | stage-snapshot: 35 | <<: *common 36 | volumes: 37 | - ~/.ssh:/root/.ssh 38 | - ~/.gnupg:/root/.gnupg 39 | - ~/.m2/repository:/root/.m2/repository 40 | - ~/local-staging:/root/local-staging 41 | - ..:/code 42 | command: /bin/bash -cl "./mvnw -Pstage -am -pl openssl-dynamic,boringssl-static clean package org.sonatype.plugins:nexus-staging-maven-plugin:deploy -DaltStagingDirectory=/root/local-staging -DskipTests=true" 43 | 44 | stage-release: 45 | <<: *common 46 | volumes: 47 | - ~/.ssh:/root/.ssh 48 | - ~/.m2/repository:/root/.m2/repository 49 | - ~/.m2/settings.xml:/root/.m2/settings.xml 50 | - ~/local-staging:/root/local-staging 51 | - ..:/code 52 | command: /bin/bash -cl "cat <(echo -e \"${GPG_PRIVATE_KEY}\") | gpg --batch --import && ./mvnw -B -Pstage -am -pl openssl-dynamic,boringssl-static clean javadoc:jar package gpg:sign org.sonatype.central:central-publishing-maven-plugin:publish -DskipTests=true -Dgpg.passphrase=${GPG_PASSPHRASE} -Dgpg.keyname=${GPG_KEYNAME}" 53 | 54 | deploy: 55 | <<: *common 56 | volumes: 57 | - ~/.ssh:/root/.ssh 58 | - ~/.gnupg:/root/.gnupg 59 | - ~/.m2/repository:/root/.m2/repository 60 | - ~/.m2/settings.xml:/root/.m2/settings.xml 61 | - ..:/code 62 | command: /bin/bash -cl "./mvnw clean deploy -DskipTests=true" 63 | 64 | shell: 65 | <<: *common 66 | volumes: 67 | - ~/.ssh:/root/.ssh:delegated 68 | - ~/.gnupg:/root/.gnupg:delegated 69 | - ~/.m2/repository:/root/.m2/repository 70 | - ~/.m2/settings.xml:/root/.m2/settings.xml 71 | - ~/.gitconfig:/root/.gitconfig:delegated 72 | - ~/.gitignore:/root/.gitignore:delegated 73 | - ..:/code:delegated 74 | entrypoint: /bin/bash -------------------------------------------------------------------------------- /docker/docker-compose.centos-7.yaml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | 5 | cross-compile-aarch64-runtime-setup: 6 | image: netty-tcnative-centos:cross_compile_aarch64 7 | build: 8 | context: ../ 9 | dockerfile: docker/Dockerfile.cross_compile_aarch64 10 | args: 11 | gcc_version: "10.2-2020.11" 12 | apr_version: "1.7.6" 13 | openssl_version: "1_1_1k" 14 | 15 | cross-compile-aarch64-common: &cross-compile-aarch64-common 16 | image: netty-tcnative-centos:cross_compile_aarch64 17 | depends_on: [cross-compile-aarch64-runtime-setup] 18 | environment: 19 | - GPG_KEYNAME 20 | - GPG_PASSPHRASE 21 | - GPG_PRIVATE_KEY 22 | - MAVEN_OPTS 23 | volumes: 24 | - ~/.ssh:/root/.ssh:delegated 25 | - ~/.gnupg:/root/.gnupg:delegated 26 | - ~/.m2/repository:/root/.m2/repository 27 | - ..:/code:delegated 28 | working_dir: /code 29 | 30 | cross-compile-aarch64-shell: 31 | <<: *cross-compile-aarch64-common 32 | volumes: 33 | - ~/.ssh:/root/.ssh:delegated 34 | - ~/.gnupg:/root/.gnupg:delegated 35 | - ~/.m2:/root/.m2:delegated 36 | - ~/.gitconfig:/root/.gitconfig:delegated 37 | - ~/.gitignore:/root/.gitignore:delegated 38 | - ..:/code:delegated 39 | entrypoint: /bin/bash 40 | 41 | cross-compile-aarch64-build: 42 | <<: *cross-compile-aarch64-common 43 | command: /bin/bash -cl "./mvnw clean package -Plinux-aarch64 -am -pl openssl-dynamic -DaprArmHome=/opt/apr-$$APR_VERSION-share -DopensslArmHome=/opt/openssl-$$OPENSSL_VERSION-share -DskipTests && ./mvnw clean package -Plinux-aarch64 -am -pl boringssl-static -DskipTests" 44 | 45 | cross-compile-aarch64-deploy: 46 | <<: *cross-compile-aarch64-common 47 | volumes: 48 | - ~/.ssh:/root/.ssh 49 | - ~/.gnupg:/root/.gnupg 50 | - ~/.m2/repository:/root/.m2/repository 51 | - ~/.m2/settings.xml:/root/.m2/settings.xml 52 | - ..:/code 53 | command: /bin/bash -cl "./mvnw clean deploy -Plinux-aarch64 -am -pl openssl-dynamic -DaprArmHome=/opt/apr-$$APR_VERSION-share -DopensslArmHome=/opt/openssl-$$OPENSSL_VERSION-share -DskipTests && ./mvnw clean deploy -Plinux-aarch64 -am -pl boringssl-static -DskipTests" 54 | 55 | cross-compile-aarch64-stage-snapshot: 56 | <<: *cross-compile-aarch64-common 57 | volumes: 58 | - ~/.ssh:/root/.ssh 59 | - ~/.gnupg:/root/.gnupg 60 | - ~/.m2/repository:/root/.m2/repository 61 | - ~/local-staging:/root/local-staging 62 | - ..:/code 63 | command: /bin/bash -cl "./mvnw -Plinux-aarch64 -am -pl openssl-dynamic -DaprArmHome=/opt/apr-$$APR_VERSION-share -DopensslArmHome=/opt/openssl-$$OPENSSL_VERSION-share clean package org.sonatype.plugins:nexus-staging-maven-plugin:deploy -DaltStagingDirectory=/root/local-staging -DskipTests=true && ./mvnw -Plinux-aarch64 -am -pl boringssl-static clean package org.sonatype.plugins:nexus-staging-maven-plugin:deploy -DaltStagingDirectory=/root/local-staging -DskipTests=true" 64 | 65 | cross-compile-aarch64-stage-release: 66 | <<: *cross-compile-aarch64-common 67 | volumes: 68 | - ~/.ssh:/root/.ssh 69 | - ~/.m2/repository:/root/.m2/repository 70 | - ~/.m2/settings.xml:/root/.m2/settings.xml 71 | - ~/local-staging:/root/local-staging 72 | - ..:/code 73 | command: /bin/bash -cl "cat <(echo -e \"${GPG_PRIVATE_KEY}\") | gpg --batch --import && ./mvnw -Plinux-aarch64 -am -pl openssl-dynamic -DaprArmHome=/opt/apr-$$APR_VERSION-share -DopensslArmHome=/opt/openssl-$$OPENSSL_VERSION-share clean javadoc:jar package gpg:sign org.sonatype.central:central-publishing-maven-plugin:publish -DskipTests=true -Dgpg.passphrase=${GPG_PASSPHRASE} -Dgpg.keyname=${GPG_KEYNAME} && ./mvnw -Plinux-aarch64 -am -pl boringssl-static clean javadoc:jar package gpg:sign org.sonatype.central:central-publishing-maven-plugin:publish -DskipTests=true -Dgpg.passphrase=${GPG_PASSPHRASE} -Dgpg.keyname=${GPG_KEYNAME}" 74 | 75 | -------------------------------------------------------------------------------- /docker/docker-compose.debian-7.18.yaml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | 5 | runtime-setup: 6 | image: netty-tcnative-debian:debian-7-1.8 7 | build: 8 | args: 9 | debian_version : "7" 10 | java_version : "8.0.412-zulu" 11 | 12 | deploy-dynamic-only: 13 | image: netty-tcnative-debian:debian-7-1.8 14 | 15 | stage-snapshot: 16 | image: netty-tcnative-debian:debian-7-1.8 17 | 18 | stage-release: 19 | image: netty-tcnative-debian:debian-7-1.8 20 | 21 | build-dynamic-only: 22 | image: netty-tcnative-debian:debian-7-1.8 23 | 24 | build: 25 | image: netty-tcnative-debian:debian-7-1.8 26 | 27 | shell: 28 | image: netty-tcnative-debian:debian-7-1.8 29 | -------------------------------------------------------------------------------- /docker/docker-compose.debian.yaml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | 5 | runtime-setup: 6 | image: netty-tcnative-debian:default 7 | build: 8 | context: .. 9 | dockerfile: docker/Dockerfile.debian 10 | 11 | common: &common 12 | image: netty-tcnative-debian:default 13 | depends_on: [runtime-setup] 14 | environment: 15 | - GPG_KEYNAME 16 | - GPG_PASSPHRASE 17 | - GPG_PRIVATE_KEY 18 | - MAVEN_OPTS 19 | volumes: 20 | - ~/.ssh:/root/.ssh:delegated 21 | - ~/.gnupg:/root/.gnupg:delegated 22 | - ~/.m2/repository:/root/.m2/repository 23 | - ..:/code:delegated 24 | working_dir: /code 25 | 26 | build: 27 | <<: *common 28 | command: /bin/bash -cl "./mvnw clean package" 29 | 30 | deploy-dynamic-only: 31 | <<: *common 32 | volumes: 33 | - ~/.ssh:/root/.ssh 34 | - ~/.gnupg:/root/.gnupg 35 | - ~/.m2/repository:/root/.m2/repository 36 | - ~/.m2/settings.xml:/root/.m2/settings.xml 37 | - ..:/code 38 | command: /bin/bash -cl "./mvnw -am -pl openssl-dynamic clean deploy -DskipTests=true" 39 | 40 | build-dynamic-only: 41 | <<: *common 42 | command: /bin/bash -cl "./mvnw -am -pl openssl-dynamic clean package" 43 | 44 | stage-snapshot: 45 | <<: *common 46 | volumes: 47 | - ~/.ssh:/root/.ssh 48 | - ~/.gnupg:/root/.gnupg 49 | - ~/.m2/repository:/root/.m2/repository 50 | - ~/local-staging:/root/local-staging 51 | - ..:/code 52 | command: /bin/bash -cl "./mvnw -Pstage -am -pl openssl-dynamic clean package org.sonatype.plugins:nexus-staging-maven-plugin:deploy -DaltStagingDirectory=/root/local-staging -DskipTests=true" 53 | 54 | stage-release: 55 | <<: *common 56 | environment: 57 | - GPG_KEYNAME 58 | - GPG_PASSPHRASE 59 | - GPG_PRIVATE_KEY 60 | volumes: 61 | - ~/.ssh:/root/.ssh 62 | - ~/.m2/repository:/root/.m2/repository 63 | - ~/.m2/settings.xml:/root/.m2/settings.xml 64 | - ~/local-staging:/root/local-staging 65 | - ..:/code 66 | command: /bin/bash -cl "cat <(echo -e \"${GPG_PRIVATE_KEY}\") | gpg --batch --import && ./mvnw -B -Pstage -am -pl openssl-dynamic clean javadoc:jar package gpg:sign org.sonatype.central:central-publishing-maven-plugin:publish -DskipTests=true -Dgpg.passphrase=${GPG_PASSPHRASE} -Dgpg.keyname=${GPG_KEYNAME}" 67 | 68 | shell: 69 | <<: *common 70 | volumes: 71 | - ~/.ssh:/root/.ssh:delegated 72 | - ~/.gnupg:/root/.gnupg:delegated 73 | - ~/.m2:/root/.m2:delegated 74 | - ~/.gitconfig:/root/.gitconfig:delegated 75 | - ~/.gitignore:/root/.gitignore:delegated 76 | - ..:/code:delegated 77 | entrypoint: /bin/bash 78 | -------------------------------------------------------------------------------- /docker/docker-compose.opensuse-151.18.yaml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | 5 | runtime-setup: 6 | image: netty-tcnative-opensuse:opensuse-15.1-1.8 7 | build: 8 | args: 9 | opensuse_version : "15.1" 10 | java_version : "1.8.0" 11 | 12 | build: 13 | image: netty-tcnative-opensuse:opensuse-15.1-1.8 14 | 15 | shell: 16 | image: netty-tcnative-opensuse:opensuse-15.1-1.8 17 | -------------------------------------------------------------------------------- /docker/docker-compose.opensuse.yaml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | 5 | runtime-setup: 6 | image: netty-tcnative-opensuse:default 7 | build: 8 | context: ../ 9 | dockerfile: docker/Dockerfile.opensuse 10 | 11 | common: &common 12 | image: netty-tcnative-opensuse:default 13 | depends_on: [runtime-setup] 14 | environment: 15 | - GPG_KEYNAME 16 | - GPG_PASSPHRASE 17 | - GPG_PRIVATE_KEY 18 | - MAVEN_OPTS 19 | volumes: 20 | - ~/.ssh:/root/.ssh 21 | - ~/.gnupg:/root/.gnupg 22 | - ~/.m2/repository:/root/.m2/repository 23 | - ..:/code 24 | working_dir: /code 25 | 26 | build: 27 | <<: *common 28 | command: /bin/bash -cl "./mvnw clean package" 29 | 30 | shell: 31 | <<: *common 32 | volumes: 33 | - ~/.ssh:/root/.ssh 34 | - ~/.gnupg:/root/.gnupg 35 | - ~/.m2:/root/.m2 36 | - ~/.gitconfig:/root/.gitconfig 37 | - ~/.gitignore:/root/.gitignore 38 | - ..:/code 39 | entrypoint: /bin/bash 40 | -------------------------------------------------------------------------------- /license/LICENSE.aix-netbsd.txt: -------------------------------------------------------------------------------- 1 | 2 | LICENSE ISSUES 3 | ============== 4 | 5 | The OpenSSL toolkit stays under a double license, i.e. both the conditions of 6 | the OpenSSL License and the original SSLeay license apply to the toolkit. 7 | See below for the actual license texts. 8 | 9 | OpenSSL License 10 | --------------- 11 | 12 | /* ==================================================================== 13 | * Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved. 14 | * 15 | * Redistribution and use in source and binary forms, with or without 16 | * modification, are permitted provided that the following conditions 17 | * are met: 18 | * 19 | * 1. Redistributions of source code must retain the above copyright 20 | * notice, this list of conditions and the following disclaimer. 21 | * 22 | * 2. Redistributions in binary form must reproduce the above copyright 23 | * notice, this list of conditions and the following disclaimer in 24 | * the documentation and/or other materials provided with the 25 | * distribution. 26 | * 27 | * 3. All advertising materials mentioning features or use of this 28 | * software must display the following acknowledgment: 29 | * "This product includes software developed by the OpenSSL Project 30 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 31 | * 32 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 33 | * endorse or promote products derived from this software without 34 | * prior written permission. For written permission, please contact 35 | * openssl-core@openssl.org. 36 | * 37 | * 5. Products derived from this software may not be called "OpenSSL" 38 | * nor may "OpenSSL" appear in their names without prior written 39 | * permission of the OpenSSL Project. 40 | * 41 | * 6. Redistributions of any form whatsoever must retain the following 42 | * acknowledgment: 43 | * "This product includes software developed by the OpenSSL Project 44 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 45 | * 46 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 47 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 48 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 49 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 50 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 51 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 52 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 53 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 54 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 55 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 56 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 57 | * OF THE POSSIBILITY OF SUCH DAMAGE. 58 | * ==================================================================== 59 | * 60 | * This product includes cryptographic software written by Eric Young 61 | * (eay@cryptsoft.com). This product includes software written by Tim 62 | * Hudson (tjh@cryptsoft.com). 63 | * 64 | */ 65 | 66 | Original SSLeay License 67 | ----------------------- 68 | 69 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 70 | * All rights reserved. 71 | * 72 | * This package is an SSL implementation written 73 | * by Eric Young (eay@cryptsoft.com). 74 | * The implementation was written so as to conform with Netscapes SSL. 75 | * 76 | * This library is free for commercial and non-commercial use as long as 77 | * the following conditions are aheared to. The following conditions 78 | * apply to all code found in this distribution, be it the RC4, RSA, 79 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation 80 | * included with this distribution is covered by the same copyright terms 81 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). 82 | * 83 | * Copyright remains Eric Young's, and as such any Copyright notices in 84 | * the code are not to be removed. 85 | * If this package is used in a product, Eric Young should be given attribution 86 | * as the author of the parts of the library used. 87 | * This can be in the form of a textual message at program startup or 88 | * in documentation (online or textual) provided with the package. 89 | * 90 | * Redistribution and use in source and binary forms, with or without 91 | * modification, are permitted provided that the following conditions 92 | * are met: 93 | * 1. Redistributions of source code must retain the copyright 94 | * notice, this list of conditions and the following disclaimer. 95 | * 2. Redistributions in binary form must reproduce the above copyright 96 | * notice, this list of conditions and the following disclaimer in the 97 | * documentation and/or other materials provided with the distribution. 98 | * 3. All advertising materials mentioning features or use of this software 99 | * must display the following acknowledgement: 100 | * "This product includes cryptographic software written by 101 | * Eric Young (eay@cryptsoft.com)" 102 | * The word 'cryptographic' can be left out if the rouines from the library 103 | * being used are not cryptographic related :-). 104 | * 4. If you include any Windows specific code (or a derivative thereof) from 105 | * the apps directory (application code) you must include an acknowledgement: 106 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 107 | * 108 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 109 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 110 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 111 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 112 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 113 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 114 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 115 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 116 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 117 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 118 | * SUCH DAMAGE. 119 | * 120 | * The licence and distribution terms for any publically available version or 121 | * derivative of this code cannot be changed. i.e. this code cannot simply be 122 | * copied and put under another distribution licence 123 | * [including the GNU Public Licence.] 124 | */ 125 | 126 | -------------------------------------------------------------------------------- /mvnw.cmd: -------------------------------------------------------------------------------- 1 | @REM ---------------------------------------------------------------------------- 2 | @REM Licensed to the Apache Software Foundation (ASF) under one 3 | @REM or more contributor license agreements. See the NOTICE file 4 | @REM distributed with this work for additional information 5 | @REM regarding copyright ownership. The ASF licenses this file 6 | @REM to you under the Apache License, Version 2.0 (the 7 | @REM "License"); you may not use this file except in compliance 8 | @REM with the License. You may obtain a copy of the License at 9 | @REM 10 | @REM http://www.apache.org/licenses/LICENSE-2.0 11 | @REM 12 | @REM Unless required by applicable law or agreed to in writing, 13 | @REM software distributed under the License is distributed on an 14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | @REM KIND, either express or implied. See the License for the 16 | @REM specific language governing permissions and limitations 17 | @REM under the License. 18 | @REM ---------------------------------------------------------------------------- 19 | 20 | @REM ---------------------------------------------------------------------------- 21 | @REM Apache Maven Wrapper startup batch script, version 3.2.0 22 | @REM 23 | @REM Required ENV vars: 24 | @REM JAVA_HOME - location of a JDK home dir 25 | @REM 26 | @REM Optional ENV vars 27 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands 28 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending 29 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven 30 | @REM e.g. to debug Maven itself, use 31 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 32 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files 33 | @REM ---------------------------------------------------------------------------- 34 | 35 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' 36 | @echo off 37 | @REM set title of command window 38 | title %0 39 | @REM enable echoing by setting MAVEN_BATCH_ECHO to 'on' 40 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% 41 | 42 | @REM set %HOME% to equivalent of $HOME 43 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") 44 | 45 | @REM Execute a user defined script before this one 46 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre 47 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending 48 | if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %* 49 | if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %* 50 | :skipRcPre 51 | 52 | @setlocal 53 | 54 | set ERROR_CODE=0 55 | 56 | @REM To isolate internal variables from possible post scripts, we use another setlocal 57 | @setlocal 58 | 59 | @REM ==== START VALIDATION ==== 60 | if not "%JAVA_HOME%" == "" goto OkJHome 61 | 62 | echo. 63 | echo Error: JAVA_HOME not found in your environment. >&2 64 | echo Please set the JAVA_HOME variable in your environment to match the >&2 65 | echo location of your Java installation. >&2 66 | echo. 67 | goto error 68 | 69 | :OkJHome 70 | if exist "%JAVA_HOME%\bin\java.exe" goto init 71 | 72 | echo. 73 | echo Error: JAVA_HOME is set to an invalid directory. >&2 74 | echo JAVA_HOME = "%JAVA_HOME%" >&2 75 | echo Please set the JAVA_HOME variable in your environment to match the >&2 76 | echo location of your Java installation. >&2 77 | echo. 78 | goto error 79 | 80 | @REM ==== END VALIDATION ==== 81 | 82 | :init 83 | 84 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn". 85 | @REM Fallback to current working directory if not found. 86 | 87 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% 88 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir 89 | 90 | set EXEC_DIR=%CD% 91 | set WDIR=%EXEC_DIR% 92 | :findBaseDir 93 | IF EXIST "%WDIR%"\.mvn goto baseDirFound 94 | cd .. 95 | IF "%WDIR%"=="%CD%" goto baseDirNotFound 96 | set WDIR=%CD% 97 | goto findBaseDir 98 | 99 | :baseDirFound 100 | set MAVEN_PROJECTBASEDIR=%WDIR% 101 | cd "%EXEC_DIR%" 102 | goto endDetectBaseDir 103 | 104 | :baseDirNotFound 105 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR% 106 | cd "%EXEC_DIR%" 107 | 108 | :endDetectBaseDir 109 | 110 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig 111 | 112 | @setlocal EnableExtensions EnableDelayedExpansion 113 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a 114 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% 115 | 116 | :endReadAdditionalConfig 117 | 118 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" 119 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" 120 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 121 | 122 | set WRAPPER_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar" 123 | 124 | FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO ( 125 | IF "%%A"=="wrapperUrl" SET WRAPPER_URL=%%B 126 | ) 127 | 128 | @REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central 129 | @REM This allows using the maven wrapper in projects that prohibit checking in binary data. 130 | if exist %WRAPPER_JAR% ( 131 | if "%MVNW_VERBOSE%" == "true" ( 132 | echo Found %WRAPPER_JAR% 133 | ) 134 | ) else ( 135 | if not "%MVNW_REPOURL%" == "" ( 136 | SET WRAPPER_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar" 137 | ) 138 | if "%MVNW_VERBOSE%" == "true" ( 139 | echo Couldn't find %WRAPPER_JAR%, downloading it ... 140 | echo Downloading from: %WRAPPER_URL% 141 | ) 142 | 143 | powershell -Command "&{"^ 144 | "$webclient = new-object System.Net.WebClient;"^ 145 | "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^ 146 | "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^ 147 | "}"^ 148 | "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%WRAPPER_URL%', '%WRAPPER_JAR%')"^ 149 | "}" 150 | if "%MVNW_VERBOSE%" == "true" ( 151 | echo Finished downloading %WRAPPER_JAR% 152 | ) 153 | ) 154 | @REM End of extension 155 | 156 | @REM If specified, validate the SHA-256 sum of the Maven wrapper jar file 157 | SET WRAPPER_SHA_256_SUM="" 158 | FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO ( 159 | IF "%%A"=="wrapperSha256Sum" SET WRAPPER_SHA_256_SUM=%%B 160 | ) 161 | IF NOT %WRAPPER_SHA_256_SUM%=="" ( 162 | powershell -Command "&{"^ 163 | "$hash = (Get-FileHash \"%WRAPPER_JAR%\" -Algorithm SHA256).Hash.ToLower();"^ 164 | "If('%WRAPPER_SHA_256_SUM%' -ne $hash){"^ 165 | " Write-Output 'Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised.';"^ 166 | " Write-Output 'Investigate or delete %WRAPPER_JAR% to attempt a clean download.';"^ 167 | " Write-Output 'If you updated your Maven version, you need to update the specified wrapperSha256Sum property.';"^ 168 | " exit 1;"^ 169 | "}"^ 170 | "}" 171 | if ERRORLEVEL 1 goto error 172 | ) 173 | 174 | @REM Provide a "standardized" way to retrieve the CLI args that will 175 | @REM work with both Windows and non-Windows executions. 176 | set MAVEN_CMD_LINE_ARGS=%* 177 | 178 | %MAVEN_JAVA_EXE% ^ 179 | %JVM_CONFIG_MAVEN_PROPS% ^ 180 | %MAVEN_OPTS% ^ 181 | %MAVEN_DEBUG_OPTS% ^ 182 | -classpath %WRAPPER_JAR% ^ 183 | "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^ 184 | %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* 185 | if ERRORLEVEL 1 goto error 186 | goto end 187 | 188 | :error 189 | set ERROR_CODE=1 190 | 191 | :end 192 | @endlocal & set ERROR_CODE=%ERROR_CODE% 193 | 194 | if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost 195 | @REM check for post script, once with legacy .bat ending and once with .cmd ending 196 | if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat" 197 | if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd" 198 | :skipRcPost 199 | 200 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' 201 | if "%MAVEN_BATCH_PAUSE%"=="on" pause 202 | 203 | if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE% 204 | 205 | cmd /C exit /B %ERROR_CODE% 206 | -------------------------------------------------------------------------------- /openssl-classes/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 17 | 18 | 4.0.0 19 | 20 | io.netty 21 | netty-tcnative-parent 22 | 2.0.73.Final-SNAPSHOT 23 | 24 | netty-tcnative-classes 25 | jar 26 | 27 | Netty/TomcatNative [OpenSSL - Classes] 28 | 29 | A Mavenized fork of Tomcat Native which incorporates various patches. This artifact is dynamically linked 30 | to OpenSSL and Apache APR. 31 | 32 | 33 | 34 | true 35 | false 36 | io.netty.tcnative.classes.openssl 37 | 38 | 39 | 40 | 41 | 42 | org.apache.maven.plugins 43 | maven-source-plugin 44 | 3.3.1 45 | 46 | 47 | attach-sources 48 | 49 | jar-no-fork 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/AsyncSSLPrivateKeyMethod.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2021 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | /** 19 | * Allows to customize private key signing / decrypt (when using RSA). 20 | */ 21 | public interface AsyncSSLPrivateKeyMethod { 22 | int SSL_SIGN_RSA_PKCS1_SHA1 = NativeStaticallyReferencedJniMethods.sslSignRsaPkcsSha1(); 23 | int SSL_SIGN_RSA_PKCS1_SHA256 = NativeStaticallyReferencedJniMethods.sslSignRsaPkcsSha256(); 24 | int SSL_SIGN_RSA_PKCS1_SHA384 = NativeStaticallyReferencedJniMethods.sslSignRsaPkcsSha384(); 25 | int SSL_SIGN_RSA_PKCS1_SHA512 = NativeStaticallyReferencedJniMethods.sslSignRsaPkcsSha512(); 26 | int SSL_SIGN_ECDSA_SHA1 = NativeStaticallyReferencedJniMethods.sslSignEcdsaPkcsSha1(); 27 | int SSL_SIGN_ECDSA_SECP256R1_SHA256 = NativeStaticallyReferencedJniMethods.sslSignEcdsaSecp256r1Sha256(); 28 | int SSL_SIGN_ECDSA_SECP384R1_SHA384 = NativeStaticallyReferencedJniMethods.sslSignEcdsaSecp384r1Sha384(); 29 | int SSL_SIGN_ECDSA_SECP521R1_SHA512 = NativeStaticallyReferencedJniMethods.sslSignEcdsaSecp521r1Sha512(); 30 | int SSL_SIGN_RSA_PSS_RSAE_SHA256 = NativeStaticallyReferencedJniMethods.sslSignRsaPssRsaeSha256(); 31 | int SSL_SIGN_RSA_PSS_RSAE_SHA384 = NativeStaticallyReferencedJniMethods.sslSignRsaPssRsaeSha384(); 32 | int SSL_SIGN_RSA_PSS_RSAE_SHA512 = NativeStaticallyReferencedJniMethods.sslSignRsaPssRsaeSha512(); 33 | int SSL_SIGN_ED25519 = NativeStaticallyReferencedJniMethods.sslSignEd25519(); 34 | int SSL_SIGN_RSA_PKCS1_MD5_SHA1 = NativeStaticallyReferencedJniMethods.sslSignRsaPkcs1Md5Sha1(); 35 | 36 | /** 37 | * Sign the input with given EC key and notify {@link ResultCallback} with the signed bytes. 38 | * 39 | * @param ssl the SSL instance 40 | * @param signatureAlgorithm the algorithm to use for signing 41 | * @param input the input itself 42 | * @param resultCallback the callback that will be notified once the operation completes 43 | */ 44 | void sign(long ssl, int signatureAlgorithm, byte[] input, ResultCallback resultCallback); 45 | 46 | /** 47 | * Decrypts the input with the given RSA key and notify {@link ResultCallback} with the decrypted bytes. 48 | * 49 | * @param ssl the SSL instance 50 | * @param input the input which should be decrypted 51 | * @param resultCallback the callback that will be notified once the operation completes 52 | */ 53 | void decrypt(long ssl, byte[] input, ResultCallback resultCallback); 54 | } 55 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/AsyncSSLPrivateKeyMethodAdapter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2021 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | final class AsyncSSLPrivateKeyMethodAdapter implements AsyncSSLPrivateKeyMethod { 19 | private final SSLPrivateKeyMethod method; 20 | 21 | AsyncSSLPrivateKeyMethodAdapter(SSLPrivateKeyMethod method) { 22 | if (method == null) { 23 | throw new NullPointerException("method"); 24 | } 25 | this.method = method; 26 | } 27 | 28 | @Override 29 | public void sign(long ssl, int signatureAlgorithm, byte[] input, ResultCallback resultCallback) { 30 | final byte[] result; 31 | try { 32 | result = method.sign(ssl, signatureAlgorithm, input); 33 | } catch (Throwable cause) { 34 | resultCallback.onError(ssl, cause); 35 | return; 36 | } 37 | resultCallback.onSuccess(ssl, result); 38 | } 39 | 40 | @Override 41 | public void decrypt(long ssl, byte[] input, ResultCallback resultCallback) { 42 | final byte[] result; 43 | try { 44 | result = method.decrypt(ssl, input); 45 | } catch (Throwable cause) { 46 | resultCallback.onError(ssl, cause); 47 | return; 48 | } 49 | resultCallback.onSuccess(ssl, result); 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/AsyncTask.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2021 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | public interface AsyncTask extends Runnable { 19 | 20 | /** 21 | * Run this {@link AsyncTask} in an async fashion. Which means it will be run and completed at some point. 22 | * Once it is done the {@link Runnable} is called 23 | * 24 | * @param completeCallback The {@link Runnable} that is run once the task was run and completed. 25 | */ 26 | void runAsync(Runnable completeCallback); 27 | } 28 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/Buffer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2016 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | /* 17 | * Licensed to the Apache Software Foundation (ASF) under one or more 18 | * contributor license agreements. See the NOTICE file distributed with 19 | * this work for additional information regarding copyright ownership. 20 | * The ASF licenses this file to You under the Apache License, Version 2.0 21 | * (the "License"); you may not use this file except in compliance with 22 | * the License. You may obtain a copy of the License at 23 | * 24 | * http://www.apache.org/licenses/LICENSE-2.0 25 | * 26 | * Unless required by applicable law or agreed to in writing, software 27 | * distributed under the License is distributed on an "AS IS" BASIS, 28 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 29 | * See the License for the specific language governing permissions and 30 | * limitations under the License. 31 | */ 32 | 33 | package io.netty.internal.tcnative; 34 | 35 | import java.nio.ByteBuffer; 36 | 37 | public final class Buffer { 38 | 39 | private Buffer() { } 40 | 41 | /** 42 | * Returns the memory address of the ByteBuffer. 43 | * @param buf Previously allocated ByteBuffer. 44 | * @return the memory address. 45 | */ 46 | public static native long address(ByteBuffer buf); 47 | 48 | /** 49 | * Returns the allocated memory size of the ByteBuffer. 50 | * @param buf Previously allocated ByteBuffer. 51 | * @return the allocated memory size 52 | */ 53 | public static native long size(ByteBuffer buf); 54 | } 55 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/CertificateCallback.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | /** 19 | * Is called during handshake and hooked into openssl via {@code SSL_CTX_set_cert_cb}. 20 | * 21 | * IMPORTANT: Implementations of this interface should be static as it is stored as a global reference via JNI. This 22 | * means if you use an inner / anonymous class to implement this and also depend on the finalizer of the 23 | * class to free up the SSLContext the finalizer will never run as the object is never GC, due the hard 24 | * reference to the enclosing class. This will most likely result in a memory leak. 25 | */ 26 | public interface CertificateCallback { 27 | 28 | /** 29 | * The types contained in the {@code keyTypeBytes} array. 30 | */ 31 | // Extracted from https://github.com/openssl/openssl/blob/master/include/openssl/tls1.h 32 | byte TLS_CT_RSA_SIGN = 1; 33 | byte TLS_CT_DSS_SIGN = 2; 34 | byte TLS_CT_RSA_FIXED_DH = 3; 35 | byte TLS_CT_DSS_FIXED_DH = 4; 36 | byte TLS_CT_ECDSA_SIGN = 64; 37 | byte TLS_CT_RSA_FIXED_ECDH = 65; 38 | byte TLS_CT_ECDSA_FIXED_ECDH = 66; 39 | 40 | /** 41 | * Called during cert selection. If a certificate chain / key should be used 42 | * {@link SSL#setKeyMaterial(long, long, long)} must be called from this callback after 43 | * all preparations / validations were completed. 44 | * 45 | * @param ssl the SSL instance 46 | * @param keyTypeBytes an array of the key types on client-mode or {@code null} on server-mode. 47 | * @param asn1DerEncodedPrincipals the principals or {@code null}. 48 | * 49 | */ 50 | void handle(long ssl, byte[] keyTypeBytes, byte[][] asn1DerEncodedPrincipals) throws Exception; 51 | } 52 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/CertificateCallbackTask.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2019 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | /** 19 | * Execute {@link CertificateCallback#handle(long, byte[], byte[][])}. 20 | */ 21 | final class CertificateCallbackTask extends SSLTask { 22 | private final byte[] keyTypeBytes; 23 | private final byte[][] asn1DerEncodedPrincipals; 24 | private final CertificateCallback callback; 25 | 26 | CertificateCallbackTask(long ssl, byte[] keyTypeBytes, byte[][] asn1DerEncodedPrincipals, 27 | CertificateCallback callback) { 28 | // It is important that this constructor never throws. Be sure to not change this! 29 | super(ssl); 30 | // It's ok to not clone the arrays as we create these in JNI and not-reuse. 31 | this.keyTypeBytes = keyTypeBytes; 32 | this.asn1DerEncodedPrincipals = asn1DerEncodedPrincipals; 33 | this.callback = callback; 34 | } 35 | 36 | // See https://www.openssl.org/docs/man1.0.2/man3/SSL_set_cert_cb.html. 37 | @Override 38 | protected void runTask(long ssl, TaskCallback taskCallback) { 39 | try { 40 | callback.handle(ssl, keyTypeBytes, asn1DerEncodedPrincipals); 41 | taskCallback.onResult(ssl, 1); 42 | } catch (Exception e) { 43 | // Just catch the exception and return 0 to fail the handshake. 44 | // The problem is that rethrowing here is really "useless" as we will process it as part of an openssl 45 | // c callback which needs to return 0 for an error to abort the handshake. 46 | taskCallback.onResult(ssl, 0); 47 | } 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/CertificateCompressionAlgo.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2022 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | /** 19 | * Provides compression/decompression implementations for TLS Certificate Compression 20 | * (RFC 8879). 21 | */ 22 | public interface CertificateCompressionAlgo { 23 | int TLS_EXT_CERT_COMPRESSION_ZLIB = NativeStaticallyReferencedJniMethods.tlsExtCertCompressionZlib(); 24 | int TLS_EXT_CERT_COMPRESSION_BROTLI = NativeStaticallyReferencedJniMethods.tlsExtCertCompressionBrotli(); 25 | int TLS_EXT_CERT_COMPRESSION_ZSTD = NativeStaticallyReferencedJniMethods.tlsExtCertCompressionZstd(); 26 | 27 | /** 28 | * Compress the given input with the specified algorithm and return the compressed bytes. 29 | * 30 | * @param ssl the SSL instance 31 | * @param input the uncompressed form of the certificate 32 | * @return the compressed form of the certificate 33 | * @throws Exception thrown if an error occurs while compressing 34 | */ 35 | byte[] compress(long ssl, byte[] input) throws Exception; 36 | 37 | /** 38 | * Decompress the given input with the specified algorithm and return the decompressed bytes. 39 | * 40 | *

Implementation 41 | * Security Considerations

42 | *

Implementations SHOULD bound the memory usage when decompressing the CompressedCertificate message.

43 | *

44 | * Implementations MUST limit the size of the resulting decompressed chain to the specified {@code uncompressedLen}, 45 | * and they MUST abort the connection (throw an exception) if the size of the output of the decompression 46 | * function exceeds that limit. 47 | *

48 | * 49 | * @param ssl the SSL instance 50 | * @param uncompressedLen the expected length of the uncompressed certificate 51 | * @param input the compressed form of the certificate 52 | * @return the decompressed form of the certificate 53 | * @throws Exception thrown if an error occurs while decompressing or output 54 | * size exceeds {@code uncompressedLen} 55 | */ 56 | byte[] decompress(long ssl, int uncompressedLen, byte[] input) throws Exception; 57 | 58 | /** 59 | * Return the ID for the compression algorithm provided for by a given implementation. 60 | * 61 | * @return compression algorithm ID as specified by RFC8879 62 | * 
63 |      * {@link CertificateCompressionAlgo#TLS_EXT_CERT_COMPRESSION_ZLIB}
64 |      * {@link CertificateCompressionAlgo#TLS_EXT_CERT_COMPRESSION_BROTLI}
65 |      * {@link CertificateCompressionAlgo#TLS_EXT_CERT_COMPRESSION_ZSTD}
66 |      *
67 | */ 68 | int algorithmId(); 69 | 70 | } 71 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/CertificateRequestedCallback.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2016 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | /** 19 | * Is called during handshake and hooked into openssl via {@code SSL_CTX_set_client_cert_cb}. 20 | * 21 | * IMPORTANT: Implementations of this interface should be static as it is stored as a global reference via JNI. This 22 | * means if you use an inner / anonymous class to implement this and also depend on the finalizer of the 23 | * class to free up the SSLContext the finalizer will never run as the object is never GC, due the hard 24 | * reference to the enclosing class. This will most likely result in a memory leak.+ 25 | * 26 | * @deprecated use {@link CertificateCallback} 27 | */ 28 | @Deprecated 29 | public interface CertificateRequestedCallback { 30 | 31 | /** 32 | * The types contained in the {@code keyTypeBytes} array. 33 | */ 34 | // Extracted from https://github.com/openssl/openssl/blob/master/include/openssl/tls1.h 35 | byte TLS_CT_RSA_SIGN = CertificateCallback.TLS_CT_RSA_SIGN; 36 | byte TLS_CT_DSS_SIGN = CertificateCallback.TLS_CT_DSS_SIGN; 37 | byte TLS_CT_RSA_FIXED_DH = CertificateCallback.TLS_CT_RSA_FIXED_DH; 38 | byte TLS_CT_DSS_FIXED_DH = CertificateCallback.TLS_CT_DSS_FIXED_DH; 39 | byte TLS_CT_ECDSA_SIGN = CertificateCallback.TLS_CT_ECDSA_SIGN; 40 | byte TLS_CT_RSA_FIXED_ECDH = CertificateCallback.TLS_CT_RSA_FIXED_ECDH; 41 | byte TLS_CT_ECDSA_FIXED_ECDH = CertificateCallback.TLS_CT_ECDSA_FIXED_ECDH; 42 | 43 | /** 44 | * Called during cert selection. If a certificate chain / key should be used 45 | * {@link SSL#setKeyMaterialClientSide(long, long, long, long, long)} must be called from this callback after 46 | * all preparations / validations were completed. 47 | * 48 | * @param ssl the SSL instance 49 | * @param certOut the pointer to the pointer of the certificate to use. 50 | * @param keyOut the pointer to the pointer of the private key to use. 51 | * @param keyTypeBytes an array of the key types. 52 | * @param asn1DerEncodedPrincipals the principals 53 | * 54 | */ 55 | void requested(long ssl, long certOut, long keyOut, byte[] keyTypeBytes, byte[][] asn1DerEncodedPrincipals) 56 | throws Exception; 57 | } 58 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/CertificateVerifierTask.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2019 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | 19 | /** 20 | * Execute {@link CertificateVerifier#verify(long, byte[][], String)}. 21 | */ 22 | final class CertificateVerifierTask extends SSLTask { 23 | private final byte[][] x509; 24 | private final String authAlgorithm; 25 | private final CertificateVerifier verifier; 26 | 27 | CertificateVerifierTask(long ssl, byte[][] x509, String authAlgorithm, CertificateVerifier verifier) { 28 | super(ssl); 29 | this.x509 = x509; 30 | this.authAlgorithm = authAlgorithm; 31 | this.verifier = verifier; 32 | } 33 | 34 | @Override 35 | protected void runTask(long ssl, TaskCallback callback) { 36 | int result = verifier.verify(ssl, x509, authAlgorithm); 37 | callback.onResult(ssl, result); 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/KeyLogCallback.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | /** 19 | * Callback hooked into SSL_CTX_set_keylog_callback 20 | * This is intended for TLS debugging with tools like Wireshark. 21 | * For instance, a valid {@code SSLKEYLOGFILE} implementation could look like this: 22 | * 
{@code
23 |  *         final PrintStream out = new PrintStream("~/tls.sslkeylog_file");
24 |  *         SSLContext.setKeyLogCallback(ctxPtr, new KeyLogCallback() {
25 |  *             @Override
26 |  *             public void handle(long ssl, byte[] line) {
27 |  *                 out.println(new String(line));
28 |  *             }
29 |  *         });
30 |  * }
31 | *

32 | * Warning: The log output will contain secret key material, and can be used to decrypt 33 | * TLS sessions! The log output should be handled with the same care given to the private keys. 34 | */ 35 | public interface KeyLogCallback { 36 | /** 37 | * Called when a new key log line is emitted. 38 | *

39 | * Warning: The log output will contain secret key material, and can be used to decrypt 40 | * TLS sessions! The log output should be handled with the same care given to the private keys. 41 | * 42 | * @param ssl the SSL instance 43 | * @param line an array of the key types on client-mode or {@code null} on server-mode. 44 | * 45 | */ 46 | void handle(long ssl, byte[] line); 47 | } 48 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/Library.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2016 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | /* 17 | * Licensed to the Apache Software Foundation (ASF) under one or more 18 | * contributor license agreements. See the NOTICE file distributed with 19 | * this work for additional information regarding copyright ownership. 20 | * The ASF licenses this file to You under the Apache License, Version 2.0 21 | * (the "License"); you may not use this file except in compliance with 22 | * the License. You may obtain a copy of the License at 23 | * 24 | * http://www.apache.org/licenses/LICENSE-2.0 25 | * 26 | * Unless required by applicable law or agreed to in writing, software 27 | * distributed under the License is distributed on an "AS IS" BASIS, 28 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 29 | * See the License for the specific language governing permissions and 30 | * limitations under the License. 31 | */ 32 | 33 | package io.netty.internal.tcnative; 34 | 35 | import java.io.File; 36 | 37 | public final class Library { 38 | 39 | /* Default library names */ 40 | private static final String [] NAMES = { 41 | "netty_tcnative", 42 | "libnetty_tcnative" 43 | }; 44 | 45 | private static final String PROVIDED = "provided"; 46 | 47 | /* 48 | * A handle to the unique Library singleton instance. 49 | */ 50 | private static Library _instance = null; 51 | 52 | static { 53 | // Preload all classes that will be used in the OnLoad(...) function of JNI to eliminate the possiblity of a 54 | // class-loader deadlock. This is a workaround for https://github.com/netty/netty/issues/11209. 55 | 56 | // This needs to match all the classes that are loaded via NETTY_JNI_UTIL_LOAD_CLASS or looked up via 57 | // NETTY_JNI_UTIL_FIND_CLASS. 58 | tryLoadClasses(ClassLoader.getSystemClassLoader(), 59 | // error 60 | Exception.class, NullPointerException.class, IllegalArgumentException.class, OutOfMemoryError.class, 61 | 62 | // jnilib 63 | String.class, byte[].class, 64 | 65 | // sslcontext 66 | SSLTask.class, CertificateCallbackTask.class, CertificateCallback.class, SSLPrivateKeyMethodTask.class, 67 | SSLPrivateKeyMethodSignTask.class, SSLPrivateKeyMethodDecryptTask.class 68 | ); 69 | } 70 | 71 | /** 72 | * Preload the given classes and so ensure the {@link ClassLoader} has these loaded after this method call. 73 | * 74 | * @param classLoader the {@link ClassLoader} 75 | * @param classes the classes to load. 76 | */ 77 | private static void tryLoadClasses(ClassLoader classLoader, Class... classes) { 78 | for (Class clazz: classes) { 79 | tryLoadClass(classLoader, clazz.getName()); 80 | } 81 | } 82 | 83 | private static void tryLoadClass(ClassLoader classLoader, String className) { 84 | try { 85 | // Load the class and also ensure we init it which means its linked etc. 86 | Class.forName(className, true, classLoader); 87 | } catch (ClassNotFoundException ignore) { 88 | // Ignore 89 | } catch (SecurityException ignore) { 90 | // Ignore 91 | } 92 | } 93 | 94 | private Library() throws Exception { 95 | boolean loaded = false; 96 | String path = System.getProperty("java.library.path"); 97 | String [] paths = path.split(File.pathSeparator); 98 | StringBuilder err = new StringBuilder(); 99 | for (int i = 0; i < NAMES.length; i++) { 100 | try { 101 | loadLibrary(NAMES[i]); 102 | loaded = true; 103 | } catch (ThreadDeath t) { 104 | throw t; 105 | } catch (VirtualMachineError t) { 106 | throw t; 107 | } catch (Throwable t) { 108 | String name = System.mapLibraryName(NAMES[i]); 109 | for (int j = 0; j < paths.length; j++) { 110 | File fd = new File(paths[j] , name); 111 | if (fd.exists()) { 112 | // File exists but failed to load 113 | throw new RuntimeException(t); 114 | } 115 | } 116 | if (i > 0) { 117 | err.append(", "); 118 | } 119 | err.append(t.getMessage()); 120 | } 121 | if (loaded) { 122 | break; 123 | } 124 | } 125 | if (!loaded) { 126 | throw new UnsatisfiedLinkError(err.toString()); 127 | } 128 | } 129 | 130 | private Library(String libraryName) { 131 | if (!PROVIDED.equals(libraryName)) { 132 | loadLibrary(libraryName); 133 | } 134 | } 135 | 136 | private static void loadLibrary(String libraryName) { 137 | System.loadLibrary(calculatePackagePrefix().replace('.', '_') + libraryName); 138 | } 139 | 140 | /** 141 | * The shading prefix added to this class's full name. 142 | * 143 | * @throws UnsatisfiedLinkError if the shader used something other than a prefix 144 | */ 145 | private static String calculatePackagePrefix() { 146 | String maybeShaded = Library.class.getName(); 147 | // Use ! instead of . to avoid shading utilities from modifying the string 148 | String expected = "io!netty!internal!tcnative!Library".replace('!', '.'); 149 | if (!maybeShaded.endsWith(expected)) { 150 | throw new UnsatisfiedLinkError(String.format( 151 | "Could not find prefix added to %s to get %s. When shading, only adding a " 152 | + "package prefix is supported", expected, maybeShaded)); 153 | } 154 | return maybeShaded.substring(0, maybeShaded.length() - expected.length()); 155 | } 156 | 157 | /* create global TCN's APR pool 158 | * This has to be the first call to TCN library. 159 | */ 160 | private static native boolean initialize0(); 161 | 162 | private static native boolean aprHasThreads(); 163 | 164 | private static native int aprMajorVersion(); 165 | 166 | /* APR_VERSION_STRING */ 167 | private static native String aprVersionString(); 168 | 169 | /** 170 | * Calls {@link #initialize(String, String)} with {@code "provided"} and {@code null}. 171 | * 172 | * @return {@code true} if initialization was successful 173 | * @throws Exception if an error happens during initialization 174 | */ 175 | public static boolean initialize() throws Exception { 176 | return initialize(PROVIDED, null); 177 | } 178 | 179 | /** 180 | * Setup native library. This is the first method that must be called! 181 | * 182 | * @param libraryName the name of the library to load 183 | * @param engine Support for external a Crypto Device ("engine"), usually 184 | * @return {@code true} if initialization was successful 185 | * @throws Exception if an error happens during initialization 186 | */ 187 | public static boolean initialize(String libraryName, String engine) throws Exception { 188 | if (_instance == null) { 189 | _instance = libraryName == null ? new Library() : new Library(libraryName); 190 | 191 | if (aprMajorVersion() < 1) { 192 | throw new UnsatisfiedLinkError("Unsupported APR Version (" + 193 | aprVersionString() + ")"); 194 | } 195 | 196 | if (!aprHasThreads()) { 197 | throw new UnsatisfiedLinkError("Missing APR_HAS_THREADS"); 198 | } 199 | } 200 | return initialize0() && SSL.initialize(engine) == 0; 201 | } 202 | } 203 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/NativeStaticallyReferencedJniMethods.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | /** 19 | * This class is necessary to break the following cyclic dependency: 20 | *

    21 | *
  1. JNI_OnLoad
    2. 22 | *
  2. JNI Calls FindClass because RegisterNatives (used to register JNI methods) requires a class
    3. 23 | *
  3. FindClass loads the class, but static members variables of that class attempt to call a JNI method which has not 24 | * yet been registered.
    4. 25 | *
  4. {@link UnsatisfiedLinkError} is thrown because native method has not yet been registered.
    5. 26 | *
27 | * Static members which call JNI methods must not be declared in this class! 28 | */ 29 | final class NativeStaticallyReferencedJniMethods { 30 | private NativeStaticallyReferencedJniMethods() { 31 | } 32 | 33 | /** 34 | * Options that may impact security and may be set by default as defined in: 35 | * SSL Docs. 36 | */ 37 | static native int sslOpCipherServerPreference(); 38 | static native int sslOpNoSSLv2(); 39 | static native int sslOpNoSSLv3(); 40 | static native int sslOpNoTLSv1(); 41 | static native int sslOpNoTLSv11(); 42 | static native int sslOpNoTLSv12(); 43 | static native int sslOpNoTLSv13(); 44 | static native int sslOpNoTicket(); 45 | static native int sslOpAllowUnsafeLegacyRenegotiation(); 46 | static native int sslOpLegacyServerConnect(); 47 | 48 | /** 49 | * Options not defined in the OpenSSL docs but may impact security. 50 | */ 51 | static native int sslOpNoCompression(); 52 | 53 | static native int sslSessCacheOff(); 54 | static native int sslSessCacheServer(); 55 | static native int sslSessCacheClient(); 56 | static native int sslSessCacheNoInternalLookup(); 57 | static native int sslSessCacheNoInternalStore(); 58 | 59 | static native int sslStConnect(); 60 | static native int sslStAccept(); 61 | 62 | static native int sslModeEnablePartialWrite(); 63 | static native int sslModeAcceptMovingWriteBuffer(); 64 | static native int sslModeReleaseBuffers(); 65 | static native int sslModeEnableFalseStart(); 66 | 67 | static native int sslSendShutdown(); 68 | static native int sslReceivedShutdown(); 69 | static native int sslErrorNone(); 70 | static native int sslErrorSSL(); 71 | static native int sslErrorWantRead(); 72 | static native int sslErrorWantWrite(); 73 | static native int sslErrorWantX509Lookup(); 74 | static native int sslErrorSyscall(); 75 | static native int sslErrorZeroReturn(); 76 | static native int sslErrorWantConnect(); 77 | static native int sslErrorWantAccept(); 78 | 79 | static native int sslMaxPlaintextLength(); 80 | static native int sslMaxEncryptedLength(); 81 | static native int sslMaxRecordLength(); 82 | 83 | static native int x509CheckFlagAlwaysCheckSubject(); 84 | static native int x509CheckFlagDisableWildCards(); 85 | static native int x509CheckFlagNoPartialWildCards(); 86 | static native int x509CheckFlagMultiLabelWildCards(); 87 | 88 | /* x509 certificate verification errors */ 89 | static native int x509vOK(); 90 | static native int x509vErrUnspecified(); 91 | static native int x509vErrUnableToGetIssuerCert(); 92 | static native int x509vErrUnableToGetCrl(); 93 | static native int x509vErrUnableToDecryptCertSignature(); 94 | static native int x509vErrUnableToDecryptCrlSignature(); 95 | static native int x509vErrUnableToDecodeIssuerPublicKey(); 96 | static native int x509vErrCertSignatureFailure(); 97 | static native int x509vErrCrlSignatureFailure(); 98 | static native int x509vErrCertNotYetValid(); 99 | static native int x509vErrCertHasExpired(); 100 | static native int x509vErrCrlNotYetValid(); 101 | static native int x509vErrCrlHasExpired(); 102 | static native int x509vErrErrorInCertNotBeforeField(); 103 | static native int x509vErrErrorInCertNotAfterField(); 104 | static native int x509vErrErrorInCrlLastUpdateField(); 105 | static native int x509vErrErrorInCrlNextUpdateField(); 106 | static native int x509vErrOutOfMem(); 107 | static native int x509vErrDepthZeroSelfSignedCert(); 108 | static native int x509vErrSelfSignedCertInChain(); 109 | static native int x509vErrUnableToGetIssuerCertLocally(); 110 | static native int x509vErrUnableToVerifyLeafSignature(); 111 | static native int x509vErrCertChainTooLong(); 112 | static native int x509vErrCertRevoked(); 113 | static native int x509vErrInvalidCa(); 114 | static native int x509vErrPathLengthExceeded(); 115 | static native int x509vErrInvalidPurpose(); 116 | static native int x509vErrCertUntrusted(); 117 | static native int x509vErrCertRejected(); 118 | static native int x509vErrSubjectIssuerMismatch(); 119 | static native int x509vErrAkidSkidMismatch(); 120 | static native int x509vErrAkidIssuerSerialMismatch(); 121 | static native int x509vErrKeyUsageNoCertSign(); 122 | static native int x509vErrUnableToGetCrlIssuer(); 123 | static native int x509vErrUnhandledCriticalExtension(); 124 | static native int x509vErrKeyUsageNoCrlSign(); 125 | static native int x509vErrUnhandledCriticalCrlExtension(); 126 | static native int x509vErrInvalidNonCa(); 127 | static native int x509vErrProxyPathLengthExceeded(); 128 | static native int x509vErrKeyUsageNoDigitalSignature(); 129 | static native int x509vErrProxyCertificatesNotAllowed(); 130 | static native int x509vErrInvalidExtension(); 131 | static native int x509vErrInvalidPolicyExtension(); 132 | static native int x509vErrNoExplicitPolicy(); 133 | static native int x509vErrDifferntCrlScope(); 134 | static native int x509vErrUnsupportedExtensionFeature(); 135 | static native int x509vErrUnnestedResource(); 136 | static native int x509vErrPermittedViolation(); 137 | static native int x509vErrExcludedViolation(); 138 | static native int x509vErrSubtreeMinMax(); 139 | static native int x509vErrApplicationVerification(); 140 | static native int x509vErrUnsupportedConstraintType(); 141 | static native int x509vErrUnsupportedConstraintSyntax(); 142 | static native int x509vErrUnsupportedNameSyntax(); 143 | static native int x509vErrCrlPathValidationError(); 144 | static native int x509vErrPathLoop(); 145 | static native int x509vErrSuiteBInvalidVersion(); 146 | static native int x509vErrSuiteBInvalidAlgorithm(); 147 | static native int x509vErrSuiteBInvalidCurve(); 148 | static native int x509vErrSuiteBInvalidSignatureAlgorithm(); 149 | static native int x509vErrSuiteBLosNotAllowed(); 150 | static native int x509vErrSuiteBCannotSignP384WithP256(); 151 | static native int x509vErrHostnameMismatch(); 152 | static native int x509vErrEmailMismatch(); 153 | static native int x509vErrIpAddressMismatch(); 154 | static native int x509vErrDaneNoMatch(); 155 | 156 | // BoringSSL specific. 157 | static native int sslErrorWantCertificateVerify(); 158 | static native int sslErrorWantPrivateKeyOperation(); 159 | static native int sslSignRsaPkcsSha1(); 160 | static native int sslSignRsaPkcsSha256(); 161 | static native int sslSignRsaPkcsSha384(); 162 | static native int sslSignRsaPkcsSha512(); 163 | static native int sslSignEcdsaPkcsSha1(); 164 | static native int sslSignEcdsaSecp256r1Sha256(); 165 | static native int sslSignEcdsaSecp384r1Sha384(); 166 | static native int sslSignEcdsaSecp521r1Sha512(); 167 | static native int sslSignRsaPssRsaeSha256(); 168 | static native int sslSignRsaPssRsaeSha384(); 169 | static native int sslSignRsaPssRsaeSha512(); 170 | static native int sslSignEd25519(); 171 | static native int sslSignRsaPkcs1Md5Sha1(); 172 | 173 | static native int sslRenegotiateNever(); 174 | static native int sslRenegotiateOnce(); 175 | static native int sslRenegotiateFreely(); 176 | static native int sslRenegotiateIgnore(); 177 | static native int sslRenegotiateExplicit(); 178 | static native int sslCertCompressionDirectionCompress(); 179 | static native int sslCertCompressionDirectionDecompress(); 180 | static native int sslCertCompressionDirectionBoth(); 181 | static native int tlsExtCertCompressionZlib(); 182 | static native int tlsExtCertCompressionBrotli(); 183 | static native int tlsExtCertCompressionZstd(); 184 | } 185 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/ResultCallback.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2021 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | /** 19 | * Callback that is called once an operation completed. 20 | * 21 | * @param The result type. 22 | */ 23 | public interface ResultCallback { 24 | /** 25 | * Called when the operation completes with the given result. 26 | * 27 | * @param ssl the SSL instance (SSL *) 28 | * @param result the result. 29 | */ 30 | void onSuccess(long ssl, T result); 31 | 32 | /** 33 | * Called when the operation completes with an error. 34 | * 35 | * @param ssl the SSL instance (SSL *) 36 | * @param cause the error. 37 | */ 38 | void onError(long ssl, Throwable cause); 39 | } 40 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/SSLPrivateKeyMethod.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2019 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | /** 19 | * Allows to customize private key signing / decrypt (when using RSA). 20 | */ 21 | public interface SSLPrivateKeyMethod { 22 | int SSL_SIGN_RSA_PKCS1_SHA1 = NativeStaticallyReferencedJniMethods.sslSignRsaPkcsSha1(); 23 | int SSL_SIGN_RSA_PKCS1_SHA256 = NativeStaticallyReferencedJniMethods.sslSignRsaPkcsSha256(); 24 | int SSL_SIGN_RSA_PKCS1_SHA384 = NativeStaticallyReferencedJniMethods.sslSignRsaPkcsSha384(); 25 | int SSL_SIGN_RSA_PKCS1_SHA512 = NativeStaticallyReferencedJniMethods.sslSignRsaPkcsSha512(); 26 | int SSL_SIGN_ECDSA_SHA1 = NativeStaticallyReferencedJniMethods.sslSignEcdsaPkcsSha1(); 27 | int SSL_SIGN_ECDSA_SECP256R1_SHA256 = NativeStaticallyReferencedJniMethods.sslSignEcdsaSecp256r1Sha256(); 28 | int SSL_SIGN_ECDSA_SECP384R1_SHA384 = NativeStaticallyReferencedJniMethods.sslSignEcdsaSecp384r1Sha384(); 29 | int SSL_SIGN_ECDSA_SECP521R1_SHA512 = NativeStaticallyReferencedJniMethods.sslSignEcdsaSecp521r1Sha512(); 30 | int SSL_SIGN_RSA_PSS_RSAE_SHA256 = NativeStaticallyReferencedJniMethods.sslSignRsaPssRsaeSha256(); 31 | int SSL_SIGN_RSA_PSS_RSAE_SHA384 = NativeStaticallyReferencedJniMethods.sslSignRsaPssRsaeSha384(); 32 | int SSL_SIGN_RSA_PSS_RSAE_SHA512 = NativeStaticallyReferencedJniMethods.sslSignRsaPssRsaeSha512(); 33 | int SSL_SIGN_ED25519 = NativeStaticallyReferencedJniMethods.sslSignEd25519(); 34 | int SSL_SIGN_RSA_PKCS1_MD5_SHA1 = NativeStaticallyReferencedJniMethods.sslSignRsaPkcs1Md5Sha1(); 35 | 36 | /** 37 | * Sign the input with given EC key and returns the signed bytes. 38 | * 39 | * @param ssl the SSL instance 40 | * @param signatureAlgorithm the algorithm to use for signing 41 | * @param input the input itself 42 | * @return the sign 43 | * @throws Exception thrown if an error accours while signing. 44 | */ 45 | byte[] sign(long ssl, int signatureAlgorithm, byte[] input) throws Exception; 46 | 47 | /** 48 | * Decrypts the input with the given RSA key and returns the decrypted bytes. 49 | * 50 | * @param ssl the SSL instance 51 | * @param input the input which should be decrypted 52 | * @return the decrypted data 53 | * @throws Exception thrown if an error accours while decrypting. 54 | */ 55 | byte[] decrypt(long ssl, byte[] input) throws Exception; 56 | } 57 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/SSLPrivateKeyMethodDecryptTask.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2019 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | final class SSLPrivateKeyMethodDecryptTask extends SSLPrivateKeyMethodTask { 19 | 20 | private final byte[] input; 21 | 22 | SSLPrivateKeyMethodDecryptTask(long ssl, byte[] input, AsyncSSLPrivateKeyMethod method) { 23 | super(ssl, method); 24 | // It's OK to not clone the arrays as we create these in JNI and not reuse. 25 | this.input = input; 26 | } 27 | 28 | @Override 29 | protected void runTask(long ssl, AsyncSSLPrivateKeyMethod method, 30 | ResultCallback resultCallback) { 31 | method.decrypt(ssl, input, resultCallback); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/SSLPrivateKeyMethodSignTask.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2019 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | final class SSLPrivateKeyMethodSignTask extends SSLPrivateKeyMethodTask { 19 | private final int signatureAlgorithm; 20 | private final byte[] digest; 21 | 22 | SSLPrivateKeyMethodSignTask(long ssl, int signatureAlgorithm, byte[] digest, AsyncSSLPrivateKeyMethod method) { 23 | super(ssl, method); 24 | this.signatureAlgorithm = signatureAlgorithm; 25 | // It's OK to not clone the arrays as we create these in JNI and not reuse. 26 | this.digest = digest; 27 | } 28 | 29 | @Override 30 | protected void runTask(long ssl, AsyncSSLPrivateKeyMethod method, 31 | ResultCallback resultCallback) { 32 | method.sign(ssl, signatureAlgorithm, digest, resultCallback); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/SSLPrivateKeyMethodTask.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2019 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | abstract class SSLPrivateKeyMethodTask extends SSLTask implements AsyncTask { 19 | private static final byte[] EMPTY = new byte[0]; 20 | private final AsyncSSLPrivateKeyMethod method; 21 | 22 | // Will be accessed via JNI. 23 | private byte[] resultBytes; 24 | 25 | SSLPrivateKeyMethodTask(long ssl, AsyncSSLPrivateKeyMethod method) { 26 | super(ssl); 27 | this.method = method; 28 | } 29 | 30 | 31 | @Override 32 | public final void runAsync(final Runnable completeCallback) { 33 | run(completeCallback); 34 | } 35 | 36 | @Override 37 | protected final void runTask(final long ssl, final TaskCallback callback) { 38 | runTask(ssl, method, new ResultCallback() { 39 | @Override 40 | public void onSuccess(long ssl, byte[] result) { 41 | resultBytes = result; 42 | callback.onResult(ssl, 1); 43 | } 44 | 45 | @Override 46 | public void onError(long ssl, Throwable cause) { 47 | // Return 0 as this signals back that the operation failed. 48 | resultBytes = EMPTY; 49 | callback.onResult(ssl, 0); 50 | } 51 | }); 52 | } 53 | 54 | protected abstract void runTask(long ssl, AsyncSSLPrivateKeyMethod method, 55 | ResultCallback resultCallback); 56 | } 57 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/SSLSession.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | /** 19 | * Methods to operate on a {@code SSL_SESSION}. 20 | */ 21 | public final class SSLSession { 22 | 23 | private SSLSession() { } 24 | 25 | /** 26 | * See SSL_SESSION_get_time. 27 | * 28 | * @param session the SSL_SESSION instance (SSL_SESSION *) 29 | * @return returns the time at which the session was established. The time is given in seconds since the Epoch 30 | */ 31 | public static native long getTime(long session); 32 | 33 | /** 34 | * See SSL_SESSION_get_timeout. 35 | * 36 | * @param session the SSL_SESSION instance (SSL_SESSION *) 37 | * @return returns the timeout for the session. The time is given in seconds since the Epoch 38 | */ 39 | public static native long getTimeout(long session); 40 | 41 | /** 42 | * See SSL_SESSION_set_timeout. 43 | * 44 | * @param session the SSL_SESSION instance (SSL_SESSION *) 45 | * @param seconds timeout in seconds 46 | * @return returns the timeout for the session before this call. The time is given in seconds since the Epoch 47 | */ 48 | public static native long setTimeout(long session, long seconds); 49 | 50 | /** 51 | * See SSL_SESSION_get_id. 52 | * 53 | * @param session the SSL_SESSION instance (SSL_SESSION *) 54 | * @return the session id as byte array representation obtained via SSL_SESSION_get_id. 55 | */ 56 | public static native byte[] getSessionId(long session); 57 | 58 | /** 59 | * See SSL_SESSION_up_ref. 60 | * 61 | * @param session the SSL_SESSION instance (SSL_SESSION *) 62 | * @return {@code true} if successful, {@code false} otherwise. 63 | */ 64 | public static native boolean upRef(long session); 65 | 66 | /** 67 | * See SSL_SESSION_free. 68 | * 69 | * @param session the SSL_SESSION instance (SSL_SESSION *) 70 | */ 71 | public static native void free(long session); 72 | 73 | /** 74 | * Will return {@code true} if the session should only re-used once. 75 | * See SSL_SESSION_should_be_single_use. 76 | * @param session 77 | * @return {@code true} if the session should be re-used once only, {@code false} otherwise. 78 | */ 79 | public static native boolean shouldBeSingleUse(long session); 80 | } 81 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/SSLSessionCache.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | /** 19 | * Allows to implement a custom external {@code SSL_SESSION} cache. 20 | * 21 | * See SSL_CTX_sess_set_get_cb.html 22 | * and {a href="https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set_session_cache_mode.html">SSL_CTX_set_session_cache_mode. 23 | */ 24 | public interface SSLSessionCache { 25 | 26 | /** 27 | * Returns {@code true} if the cache takes ownership of the {@code SSL_SESSION} and will call {@code SSL_SESSION_free} once it should be destroyed, 28 | * {@code false} otherwise. 29 | * 30 | * See SSL_CTX_sess_set_new_cb. 31 | * 32 | * @param ssl {@code SSL*} 33 | * @param sslSession {@code SSL_SESSION*} 34 | * @return {@code true} if session ownership was transfered, {@code false} if not. 35 | */ 36 | boolean sessionCreated(long ssl, long sslSession); 37 | 38 | /** 39 | * Called once a {@code SSL_SESSION} should be retrieved for the given {@code SSL} and with the given session ID. 40 | * See SSL_CTX_sess_set_get_cb. 41 | * If the session is shared you need to call {@link SSLSession#upRef(long)} explicit in this callback and explicit free all {@code SSL_SESSION}s 42 | * once the cache is destroyed via {@link SSLSession#free(long)}. 43 | * 44 | * @param sslCtx {code SSL_CTX*} 45 | * @param sessionId the session id 46 | * @return the {@link SSL_SESSION} or {@code -1} if none was found in the cache. 47 | */ 48 | long getSession(long sslCtx, byte[] sessionId); 49 | } 50 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/SSLTask.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2019 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | /** 19 | * A SSL related task that will be returned by {@link SSL#getTask(long)}. 20 | */ 21 | abstract class SSLTask implements Runnable { 22 | private static final Runnable NOOP = new Runnable() { 23 | @Override 24 | public void run() { 25 | // NOOP 26 | } 27 | }; 28 | private final long ssl; 29 | 30 | // These fields are accessed via JNI. 31 | private int returnValue; 32 | private boolean complete; 33 | protected boolean didRun; 34 | 35 | protected SSLTask(long ssl) { 36 | // It is important that this constructor never throws. Be sure to not change this! 37 | this.ssl = ssl; 38 | } 39 | 40 | @Override 41 | public final void run() { 42 | run(NOOP); 43 | } 44 | 45 | protected final void run(final Runnable completeCallback) { 46 | if (!didRun) { 47 | didRun = true; 48 | runTask(ssl, new TaskCallback() { 49 | @Override 50 | public void onResult(long ssl, int result) { 51 | returnValue = result; 52 | complete = true; 53 | completeCallback.run(); 54 | } 55 | }); 56 | } else { 57 | completeCallback.run(); 58 | } 59 | } 60 | 61 | /** 62 | * Run the task and return the return value that should be passed back to OpenSSL. 63 | */ 64 | protected abstract void runTask(long ssl, TaskCallback callback); 65 | 66 | interface TaskCallback { 67 | void onResult(long ssl, int result); 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/SessionTicketKey.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2016 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | 17 | package io.netty.internal.tcnative; 18 | 19 | /** 20 | * Session Ticket Key 21 | */ 22 | public final class SessionTicketKey { 23 | /** 24 | * Size of session ticket key name 25 | */ 26 | public static final int NAME_SIZE = 16; 27 | /** 28 | * Size of session ticket key HMAC key 29 | */ 30 | public static final int HMAC_KEY_SIZE = 16; 31 | /** 32 | * Size of session ticket key AES key 33 | */ 34 | public static final int AES_KEY_SIZE = 16; 35 | /** 36 | * Size of session ticket key 37 | */ 38 | public static final int TICKET_KEY_SIZE = NAME_SIZE + HMAC_KEY_SIZE + AES_KEY_SIZE; 39 | 40 | // package private so we can access these in SSLContext without calling clone() on the byte[]. 41 | final byte[] name; 42 | final byte[] hmacKey; 43 | final byte[] aesKey; 44 | 45 | /** 46 | * Construct SessionTicketKey. 47 | * @param name the name of the session ticket key 48 | * @param hmacKey the HMAC key of the session ticket key 49 | * @param aesKey the AES key of the session ticket key 50 | */ 51 | public SessionTicketKey(byte[] name, byte[] hmacKey, byte[] aesKey) { 52 | if (name == null || name.length != NAME_SIZE) { 53 | throw new IllegalArgumentException("Length of name should be " + NAME_SIZE); 54 | } 55 | if (hmacKey == null || hmacKey.length != HMAC_KEY_SIZE) { 56 | throw new IllegalArgumentException("Length of hmacKey should be " + HMAC_KEY_SIZE); 57 | } 58 | if (aesKey == null || aesKey.length != AES_KEY_SIZE) { 59 | throw new IllegalArgumentException("Length of aesKey should be " + AES_KEY_SIZE); 60 | } 61 | this.name = name; 62 | this.hmacKey = hmacKey; 63 | this.aesKey = aesKey; 64 | } 65 | 66 | /** 67 | * Get name. 68 | * 69 | * @return the name of the session ticket key 70 | */ 71 | public byte[] getName() { 72 | return name.clone(); 73 | } 74 | 75 | /** 76 | * Get HMAC key. 77 | * @return the HMAC key of the session ticket key 78 | */ 79 | public byte[] getHmacKey() { 80 | return hmacKey.clone(); 81 | } 82 | 83 | /** 84 | * Get AES Key. 85 | * @return the AES key of the session ticket key 86 | */ 87 | public byte[] getAesKey() { 88 | return aesKey.clone(); 89 | } 90 | } 91 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/io/netty/internal/tcnative/SniHostNameMatcher.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | public interface SniHostNameMatcher { 19 | 20 | /** 21 | * Returns {@code true} if the hostname was matched and so SNI should be allowed. 22 | * @param ssl the SSL instance 23 | * @param hostname the hostname to match. 24 | * @return {@code true} if the hostname was matched 25 | */ 26 | boolean match(long ssl, String hostname); 27 | } 28 | -------------------------------------------------------------------------------- /openssl-classes/src/main/java/module-info.yml: -------------------------------------------------------------------------------- 1 | exports: 2 | - package: io.netty.internal.tcnative 3 | -------------------------------------------------------------------------------- /openssl-dynamic/src/main/c/bb.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2016 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | /* Licensed to the Apache Software Foundation (ASF) under one or more 17 | * contributor license agreements. See the NOTICE file distributed with 18 | * this work for additional information regarding copyright ownership. 19 | * The ASF licenses this file to You under the Apache License, Version 2.0 20 | * (the "License"); you may not use this file except in compliance with 21 | * the License. You may obtain a copy of the License at 22 | * 23 | * http://www.apache.org/licenses/LICENSE-2.0 24 | * 25 | * Unless required by applicable law or agreed to in writing, software 26 | * distributed under the License is distributed on an "AS IS" BASIS, 27 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 28 | * See the License for the specific language governing permissions and 29 | * limitations under the License. 30 | */ 31 | 32 | #include "tcn.h" 33 | #include "bb.h" 34 | 35 | #define BUFFER_CLASSNAME "io/netty/internal/tcnative/Buffer" 36 | 37 | TCN_IMPLEMENT_CALL(jlong, Buffer, address)(TCN_STDARGS, jobject bb) 38 | { 39 | return P2J((*e)->GetDirectBufferAddress(e, bb)); 40 | } 41 | 42 | TCN_IMPLEMENT_CALL(jlong, Buffer, size)(TCN_STDARGS, jobject bb) 43 | { 44 | return (*e)->GetDirectBufferCapacity(e, bb); 45 | } 46 | 47 | // JNI Method Registration Table Begin 48 | static const JNINativeMethod method_table[] = { 49 | { TCN_METHOD_TABLE_ENTRY(address, (Ljava/nio/ByteBuffer;)J, Buffer) }, 50 | { TCN_METHOD_TABLE_ENTRY(size, (Ljava/nio/ByteBuffer;)J, Buffer) } 51 | }; 52 | 53 | static const jint method_table_size = sizeof(method_table) / sizeof(method_table[0]); 54 | // JNI Method Registration Table End 55 | 56 | // IMPORTANT: If you add any NETTY_JNI_UTIL_LOAD_CLASS or NETTY_JNI_UTIL_FIND_CLASS calls you also need to update 57 | // Library to reflect that. 58 | jint netty_internal_tcnative_Buffer_JNI_OnLoad(JNIEnv* env, const char* packagePrefix) { 59 | if (netty_jni_util_register_natives(env, packagePrefix, BUFFER_CLASSNAME, method_table, method_table_size) != 0) { 60 | return JNI_ERR; 61 | } 62 | return NETTY_JNI_UTIL_JNI_VERSION; 63 | } 64 | 65 | void netty_internal_tcnative_Buffer_JNI_OnUnLoad(JNIEnv* env, const char* packagePrefix) { 66 | netty_jni_util_unregister_natives(env, packagePrefix, BUFFER_CLASSNAME); 67 | } 68 | -------------------------------------------------------------------------------- /openssl-dynamic/src/main/c/bb.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | #ifndef NETTY_TCNATIVE_BB_H_ 17 | #define NETTY_TCNATIVE_BB_H_ 18 | 19 | // JNI initialization hooks. Users of this file are responsible for calling these in the JNI_OnLoad and JNI_OnUnload methods. 20 | jint netty_internal_tcnative_Buffer_JNI_OnLoad(JNIEnv* env, const char* packagePrefix); 21 | void netty_internal_tcnative_Buffer_JNI_OnUnLoad(JNIEnv* env, const char* packagePrefix); 22 | #endif /* NETTY_TCNATIVE_BB_H_ */ 23 | -------------------------------------------------------------------------------- /openssl-dynamic/src/main/c/cert_compress.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2022 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | 17 | #include "tcn.h" 18 | #include "ssl_private.h" 19 | #ifdef OPENSSL_IS_BORINGSSL 20 | #include "cert_compress.h" 21 | 22 | static int compress(jobject compression_algorithm, jmethodID compress_method, SSL* ssl, CBB* out, 23 | const uint8_t* in, size_t in_len) { 24 | 25 | JNIEnv *e = NULL; 26 | jbyteArray inputArray = NULL; 27 | 28 | if (compression_algorithm == NULL || compress_method == NULL) { 29 | return 0; 30 | } 31 | if (tcn_get_java_env(&e) != JNI_OK) { 32 | return 0; 33 | } 34 | if ((inputArray = (*e)->NewByteArray(e, in_len)) == NULL) { 35 | return 0; 36 | } 37 | 38 | (*e)->SetByteArrayRegion(e, inputArray, 0, in_len, (jbyte*) in); 39 | 40 | jbyteArray resultArray = (*e)->CallObjectMethod(e, compression_algorithm, compress_method, 41 | P2J(ssl), inputArray); 42 | 43 | if ((*e)->ExceptionCheck(e) != JNI_FALSE) { 44 | (*e)->ExceptionClear(e); 45 | return 0; // Exception while calling into Java 46 | } 47 | if (resultArray == NULL) { 48 | return 0; // Received NULL array from call to Java 49 | } 50 | 51 | int resultLen = (*e)->GetArrayLength(e, resultArray); 52 | uint8_t* outData = NULL; 53 | if (!CBB_reserve(out, &outData, resultLen)) { 54 | return 0; // Unable to reserve space for compressed data 55 | } 56 | jbyte* resultData = (*e)->GetByteArrayElements(e, resultArray, NULL); 57 | if (resultData == NULL) { 58 | return 0; 59 | } 60 | memcpy(outData, resultData, resultLen); 61 | (*e)->ReleaseByteArrayElements(e, resultArray, resultData, JNI_ABORT); 62 | if (!CBB_did_write(out, resultLen)) { 63 | return 0; // Unable to advance bytes written to CBB 64 | } 65 | return 1; // Success 66 | } 67 | 68 | static int decompress(jobject compression_algorithm, jmethodID decompress_method, SSL* ssl, CRYPTO_BUFFER** out, 69 | size_t uncompressed_len, const uint8_t* in, size_t in_len) { 70 | 71 | JNIEnv* e = NULL; 72 | jbyteArray inputArray = NULL; 73 | 74 | if (compression_algorithm == NULL || decompress_method == NULL) { 75 | return 0; 76 | } 77 | if (tcn_get_java_env(&e) != JNI_OK) { 78 | return 0; 79 | } 80 | if ((inputArray = (*e)->NewByteArray(e, in_len)) == NULL) { 81 | return 0; 82 | } 83 | 84 | (*e)->SetByteArrayRegion(e, inputArray, 0, in_len, (jbyte*) in); 85 | 86 | // BoringSSL checks that `uncompressed_len <= ssl->max_cert_list` before calling `ssl_cert_decompression_func_t` 87 | // `max_cert_list` contains the max cert size, avoiding excessive allocations. 88 | jbyteArray resultArray = (*e)->CallObjectMethod(e, compression_algorithm, decompress_method, 89 | P2J(ssl), uncompressed_len, inputArray); 90 | 91 | if ((*e)->ExceptionCheck(e) != JNI_FALSE) { 92 | (*e)->ExceptionClear(e); 93 | return 0; // Exception while calling into Java 94 | } 95 | if (resultArray == NULL) { 96 | return 0; // Received NULL array from call to Java 97 | } 98 | 99 | int resultLen = (*e)->GetArrayLength(e, resultArray); 100 | if (uncompressed_len != resultLen) { 101 | return 0; // Unexpected uncompressed length 102 | } 103 | uint8_t* outData; 104 | if (!((*out) = CRYPTO_BUFFER_alloc(&outData, uncompressed_len))) { 105 | return 0; // Unable to allocate certificate decompression buffer 106 | } 107 | jbyte* resultData = (*e)->GetByteArrayElements(e, resultArray, NULL); 108 | if (resultData == NULL) { 109 | return 0; 110 | } 111 | memcpy(outData, resultData, uncompressed_len); 112 | (*e)->ReleaseByteArrayElements(e, resultArray, resultData, JNI_ABORT); 113 | return 1; // Success 114 | 115 | } 116 | 117 | int zlib_compress_java(SSL* ssl, CBB* out, const uint8_t* in, size_t in_len) 118 | { 119 | tcn_ssl_ctxt_t* c = NULL; 120 | TCN_GET_SSL_CTX(ssl, c); 121 | TCN_ASSERT(c != NULL); 122 | return compress(c->ssl_cert_compression_zlib_algorithm, c->ssl_cert_compression_zlib_compress_method, 123 | ssl, out, in, in_len); 124 | } 125 | 126 | int zlib_decompress_java(SSL* ssl, CRYPTO_BUFFER** out, size_t uncompressed_len, const uint8_t* in, size_t in_len) 127 | { 128 | tcn_ssl_ctxt_t* c = NULL; 129 | TCN_GET_SSL_CTX(ssl, c); 130 | TCN_ASSERT(c != NULL); 131 | return decompress(c->ssl_cert_compression_zlib_algorithm, c->ssl_cert_compression_zlib_decompress_method, 132 | ssl, out, uncompressed_len, in, in_len); 133 | } 134 | 135 | int brotli_compress_java(SSL* ssl, CBB* out, const uint8_t* in, size_t in_len) 136 | { 137 | tcn_ssl_ctxt_t* c = NULL; 138 | TCN_GET_SSL_CTX(ssl, c); 139 | TCN_ASSERT(c != NULL); 140 | return compress(c->ssl_cert_compression_brotli_algorithm, c->ssl_cert_compression_brotli_compress_method, 141 | ssl, out, in, in_len); 142 | } 143 | 144 | int brotli_decompress_java(SSL* ssl, CRYPTO_BUFFER** out, size_t uncompressed_len, const uint8_t* in, size_t in_len) 145 | { 146 | tcn_ssl_ctxt_t* c = NULL; 147 | TCN_GET_SSL_CTX(ssl, c); 148 | TCN_ASSERT(c != NULL); 149 | return decompress(c->ssl_cert_compression_brotli_algorithm, c->ssl_cert_compression_brotli_decompress_method, 150 | ssl, out, uncompressed_len, in, in_len); 151 | } 152 | 153 | int zstd_compress_java(SSL* ssl, CBB* out, const uint8_t* in, size_t in_len) 154 | { 155 | tcn_ssl_ctxt_t* c = NULL; 156 | TCN_GET_SSL_CTX(ssl, c); 157 | TCN_ASSERT(c != NULL); 158 | return compress(c->ssl_cert_compression_zstd_algorithm, c->ssl_cert_compression_zstd_compress_method, 159 | ssl, out, in, in_len); 160 | } 161 | 162 | int zstd_decompress_java(SSL* ssl, CRYPTO_BUFFER** out, size_t uncompressed_len, const uint8_t* in, size_t in_len) 163 | { 164 | tcn_ssl_ctxt_t* c = NULL; 165 | TCN_GET_SSL_CTX(ssl, c); 166 | TCN_ASSERT(c != NULL); 167 | return decompress(c->ssl_cert_compression_zstd_algorithm, c->ssl_cert_compression_zstd_decompress_method, 168 | ssl, out, uncompressed_len, in, in_len); 169 | } 170 | 171 | #endif // OPENSSL_IS_BORINGSSL -------------------------------------------------------------------------------- /openssl-dynamic/src/main/c/cert_compress.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2022 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | 17 | #ifndef NETTY_TCNATIVE_CERT_COMPRESS_H_ 18 | #define NETTY_TCNATIVE_CERT_COMPRESS_H_ 19 | 20 | #ifdef OPENSSL_IS_BORINGSSL 21 | 22 | int zlib_decompress_java(SSL* ssl, CRYPTO_BUFFER** out, size_t uncompressed_len, const uint8_t* in, size_t in_len); 23 | int zlib_compress_java(SSL* ssl, CBB* out, const uint8_t* in, size_t in_len); 24 | 25 | int brotli_decompress_java(SSL* ssl, CRYPTO_BUFFER** out, size_t uncompressed_len, const uint8_t* in, size_t in_len); 26 | int brotli_compress_java(SSL* ssl, CBB* out, const uint8_t* in, size_t in_len); 27 | 28 | int zstd_decompress_java(SSL* ssl, CRYPTO_BUFFER** out, size_t uncompressed_len, const uint8_t* in, size_t in_len); 29 | int zstd_compress_java(SSL* ssl, CBB* out, const uint8_t* in, size_t in_len); 30 | 31 | #endif // OPENSSL_IS_BORINGSSL 32 | 33 | #endif /* NETTY_TCNATIVE_CERT_COMPRESS_H_ */ -------------------------------------------------------------------------------- /openssl-dynamic/src/main/c/error.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2016 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | /* Licensed to the Apache Software Foundation (ASF) under one or more 17 | * contributor license agreements. See the NOTICE file distributed with 18 | * this work for additional information regarding copyright ownership. 19 | * The ASF licenses this file to You under the Apache License, Version 2.0 20 | * (the "License"); you may not use this file except in compliance with 21 | * the License. You may obtain a copy of the License at 22 | * 23 | * http://www.apache.org/licenses/LICENSE-2.0 24 | * 25 | * Unless required by applicable law or agreed to in writing, software 26 | * distributed under the License is distributed on an "AS IS" BASIS, 27 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 28 | * See the License for the specific language governing permissions and 29 | * limitations under the License. 30 | */ 31 | 32 | #include "tcn.h" 33 | #include "apr_strings.h" 34 | 35 | static jclass exceptionClass; 36 | static jclass nullPointerExceptionClass; 37 | static jclass illegalArgumentExceptionClass; 38 | static jclass oomeClass; 39 | 40 | 41 | /* 42 | * Convenience function to help throw an java.lang.Exception. 43 | */ 44 | void tcn_ThrowException(JNIEnv *env, const char *msg) 45 | { 46 | (*env)->ThrowNew(env, exceptionClass, msg); 47 | } 48 | 49 | void tcn_ThrowNullPointerException(JNIEnv *env, const char *msg) 50 | { 51 | (*env)->ThrowNew(env, nullPointerExceptionClass, msg); 52 | } 53 | 54 | void tcn_ThrowIllegalArgumentException(JNIEnv *env, const char *msg) 55 | { 56 | (*env)->ThrowNew(env, illegalArgumentExceptionClass, msg); 57 | } 58 | 59 | void tcn_Throw(JNIEnv *env, const char *fmt, ...) 60 | { 61 | char msg[TCN_BUFFER_SZ] = {'\0'}; 62 | va_list ap; 63 | 64 | va_start(ap, fmt); 65 | apr_vsnprintf(msg, TCN_BUFFER_SZ, fmt, ap); 66 | tcn_ThrowException(env, msg); 67 | va_end(ap); 68 | } 69 | 70 | void tcn_ThrowAPRException(JNIEnv *e, apr_status_t err) 71 | { 72 | char serr[512] = {0}; 73 | 74 | apr_strerror(err, serr, 512); 75 | tcn_ThrowException(e, serr); 76 | } 77 | 78 | void tcn_throwOutOfMemoryError(JNIEnv* env, const char *msg) 79 | { 80 | (*env)->ThrowNew(env, oomeClass, msg); 81 | } 82 | 83 | // IMPORTANT: If you add any NETTY_JNI_UTIL_LOAD_CLASS or NETTY_JNI_UTIL_FIND_CLASS calls you also need to update 84 | // Library to reflect that. 85 | jint netty_internal_tcnative_Error_JNI_OnLoad(JNIEnv* env, const char* packagePrefix) { 86 | NETTY_JNI_UTIL_LOAD_CLASS(env, exceptionClass, "java/lang/Exception", error); 87 | NETTY_JNI_UTIL_LOAD_CLASS(env, nullPointerExceptionClass, "java/lang/NullPointerException", error); 88 | NETTY_JNI_UTIL_LOAD_CLASS(env, illegalArgumentExceptionClass, "java/lang/IllegalArgumentException", error); 89 | NETTY_JNI_UTIL_LOAD_CLASS(env, oomeClass, "java/lang/OutOfMemoryError", error); 90 | return NETTY_JNI_UTIL_JNI_VERSION; 91 | error: 92 | return JNI_ERR; 93 | } 94 | 95 | void netty_internal_tcnative_Error_JNI_OnUnLoad(JNIEnv* env, const char* packagePrefix) { 96 | NETTY_JNI_UTIL_UNLOAD_CLASS(env, exceptionClass); 97 | NETTY_JNI_UTIL_UNLOAD_CLASS(env, nullPointerExceptionClass); 98 | NETTY_JNI_UTIL_UNLOAD_CLASS(env, illegalArgumentExceptionClass); 99 | NETTY_JNI_UTIL_UNLOAD_CLASS(env, oomeClass); 100 | } 101 | -------------------------------------------------------------------------------- /openssl-dynamic/src/main/c/error.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | #ifndef NETTY_TCNATIVE_ERROR_H_ 17 | #define NETTY_TCNATIVE_ERROR_H_ 18 | 19 | // JNI initialization hooks. Users of this file are responsible for calling these in the JNI_OnLoad and JNI_OnUnload methods. 20 | jint netty_internal_tcnative_Error_JNI_OnLoad(JNIEnv* env, const char* packagePrefix); 21 | void netty_internal_tcnative_Error_JNI_OnUnLoad(JNIEnv* env, const char* packagePrefix); 22 | #endif /* NETTY_TCNATIVE_ERROR_H_ */ 23 | -------------------------------------------------------------------------------- /openssl-dynamic/src/main/c/jnilib.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2016 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | /* Licensed to the Apache Software Foundation (ASF) under one or more 17 | * contributor license agreements. See the NOTICE file distributed with 18 | * this work for additional information regarding copyright ownership. 19 | * The ASF licenses this file to You under the Apache License, Version 2.0 20 | * (the "License"); you may not use this file except in compliance with 21 | * the License. You may obtain a copy of the License at 22 | * 23 | * http://www.apache.org/licenses/LICENSE-2.0 24 | * 25 | * Unless required by applicable law or agreed to in writing, software 26 | * distributed under the License is distributed on an "AS IS" BASIS, 27 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 28 | * See the License for the specific language governing permissions and 29 | * limitations under the License. 30 | */ 31 | 32 | #define LIBRARY_CLASSNAME "io/netty/internal/tcnative/Library" 33 | 34 | #ifdef _WIN32 35 | #define MAX_DLL_PATH_LEN 2048 36 | #endif 37 | 38 | #ifdef TCN_BUILD_STATIC 39 | #define NETTY_JNI_UTIL_BUILD_STATIC 40 | #endif 41 | 42 | #include "tcn.h" 43 | #include "apr_version.h" 44 | #include "apr_atomic.h" 45 | #include "apr_strings.h" 46 | #include "bb.h" 47 | #include "native_constants.h" 48 | #include "ssl.h" 49 | #include "sslcontext.h" 50 | #include "sslsession.h" 51 | #include "error.h" 52 | 53 | apr_pool_t *tcn_global_pool = NULL; 54 | static JavaVM *tcn_global_vm = NULL; 55 | 56 | static jclass jString_class; 57 | static jmethodID jString_init; 58 | static jmethodID jString_getBytes; 59 | static jclass byteArrayClass; 60 | static char const* staticPackagePrefix = NULL; 61 | 62 | jstring tcn_new_stringn(JNIEnv *env, const char *str, size_t l) 63 | { 64 | jstring result = NULL; 65 | jbyteArray bytes = 0; 66 | 67 | if (!str) { 68 | return NULL; 69 | } 70 | if ((*env)->EnsureLocalCapacity(env, 2) < 0) { 71 | return NULL; /* out of memory error */ 72 | } 73 | bytes = (*env)->NewByteArray(env, l); 74 | if (bytes != NULL) { 75 | (*env)->SetByteArrayRegion(env, bytes, 0, l, (jbyte *)str); 76 | result = (*env)->NewObject(env, jString_class, jString_init, bytes); 77 | NETTY_JNI_UTIL_DELETE_LOCAL(env, bytes); 78 | return result; 79 | } /* else fall through */ 80 | return NULL; 81 | } 82 | 83 | jstring tcn_new_string(JNIEnv *env, const char *str) 84 | { 85 | if (!str) { 86 | return NULL; 87 | } 88 | return (*env)->NewStringUTF(env, str); 89 | } 90 | 91 | TCN_IMPLEMENT_CALL(jboolean, Library, initialize0)(TCN_STDARGS) 92 | { 93 | 94 | if (!tcn_global_pool) { 95 | apr_initialize(); 96 | if (apr_pool_create(&tcn_global_pool, NULL) != APR_SUCCESS) { 97 | return JNI_FALSE; 98 | } 99 | apr_atomic_init(tcn_global_pool); 100 | } 101 | return JNI_TRUE; 102 | } 103 | 104 | TCN_IMPLEMENT_CALL(jint, Library, aprMajorVersion)(TCN_STDARGS) 105 | { 106 | apr_version_t apv; 107 | 108 | apr_version(&apv); 109 | return apv.major; 110 | } 111 | 112 | TCN_IMPLEMENT_CALL(jstring, Library, aprVersionString)(TCN_STDARGS) 113 | { 114 | return AJP_TO_JSTRING(apr_version_string()); 115 | } 116 | 117 | TCN_IMPLEMENT_CALL(jboolean, Library, aprHasThreads)(TCN_STDARGS) 118 | { 119 | #if APR_HAS_THREADS 120 | return JNI_TRUE; 121 | #else 122 | return JNI_FALSE; 123 | #endif 124 | } 125 | 126 | jclass tcn_get_string_class() 127 | { 128 | return jString_class; 129 | } 130 | 131 | jclass tcn_get_byte_array_class() 132 | { 133 | return byteArrayClass; 134 | } 135 | 136 | jint tcn_get_java_env(JNIEnv **env) 137 | { 138 | return (*tcn_global_vm)->GetEnv(tcn_global_vm, (void **)env, NETTY_JNI_UTIL_JNI_VERSION); 139 | } 140 | 141 | // JNI Method Registration Table Begin 142 | static const JNINativeMethod method_table[] = { 143 | { TCN_METHOD_TABLE_ENTRY(initialize0, ()Z, Library) }, 144 | { TCN_METHOD_TABLE_ENTRY(aprMajorVersion, ()I, Library) }, 145 | { TCN_METHOD_TABLE_ENTRY(aprVersionString, ()Ljava/lang/String;, Library) }, 146 | { TCN_METHOD_TABLE_ENTRY(aprHasThreads, ()Z, Library) }, 147 | }; 148 | 149 | static const jint method_table_size = sizeof(method_table) / sizeof(method_table[0]); 150 | // JNI Method Registration Table End 151 | 152 | // IMPORTANT: If you add any NETTY_JNI_UTIL_LOAD_CLASS or NETTY_JNI_UTIL_FIND_CLASS calls you also need to update 153 | // Library to reflect that. 154 | static jint netty_internal_tcnative_Library_JNI_OnLoad(JNIEnv* env, char const* packagePrefix) { 155 | int errorOnLoadCalled = 0; 156 | int bufferOnLoadCalled = 0; 157 | int jniMethodsOnLoadCalled = 0; 158 | int sessionOnLoadCalled = 0; 159 | int sslOnLoadCalled = 0; 160 | int contextOnLoadCalled = 0; 161 | 162 | if (netty_jni_util_register_natives(env, packagePrefix, LIBRARY_CLASSNAME, method_table, method_table_size) != 0) { 163 | goto error; 164 | } 165 | 166 | // Load all c modules that we depend upon 167 | if (netty_internal_tcnative_Error_JNI_OnLoad(env, packagePrefix) == JNI_ERR) { 168 | goto error; 169 | } 170 | errorOnLoadCalled = 1; 171 | 172 | if (netty_internal_tcnative_Buffer_JNI_OnLoad(env, packagePrefix) == JNI_ERR) { 173 | goto error; 174 | } 175 | bufferOnLoadCalled = 1; 176 | 177 | if (netty_internal_tcnative_NativeStaticallyReferencedJniMethods_JNI_OnLoad(env, packagePrefix) == JNI_ERR) { 178 | goto error; 179 | } 180 | jniMethodsOnLoadCalled = 1; 181 | 182 | if (netty_internal_tcnative_SSL_JNI_OnLoad(env, packagePrefix) == JNI_ERR) { 183 | goto error; 184 | } 185 | sslOnLoadCalled = 1; 186 | 187 | if (netty_internal_tcnative_SSLContext_JNI_OnLoad(env, packagePrefix) == JNI_ERR) { 188 | goto error; 189 | } 190 | contextOnLoadCalled = 1; 191 | 192 | if (netty_internal_tcnative_SSLSession_JNI_OnLoad(env, packagePrefix) == JNI_ERR) { 193 | goto error; 194 | } 195 | sessionOnLoadCalled = 1; 196 | 197 | apr_version_t apv; 198 | int apvn; 199 | 200 | /* Before doing anything else check if we have a valid 201 | * APR version. 202 | */ 203 | apr_version(&apv); 204 | apvn = apv.major * 1000 + apv.minor * 100 + apv.patch; 205 | if (apvn < 1201) { 206 | tcn_Throw(env, "Unsupported APR version (%s)", 207 | apr_version_string()); 208 | goto error; 209 | } 210 | 211 | 212 | /* Initialize global java.lang.String class */ 213 | NETTY_JNI_UTIL_LOAD_CLASS(env, jString_class, "java/lang/String", error); 214 | 215 | NETTY_JNI_UTIL_GET_METHOD(env, jString_class, jString_init, 216 | "", "([B)V", error); 217 | NETTY_JNI_UTIL_GET_METHOD(env, jString_class, jString_getBytes, 218 | "getBytes", "()[B", error); 219 | 220 | NETTY_JNI_UTIL_LOAD_CLASS(env, byteArrayClass, "[B", error); 221 | staticPackagePrefix = packagePrefix; 222 | return NETTY_JNI_UTIL_JNI_VERSION; 223 | error: 224 | if (tcn_global_pool != NULL) { 225 | NETTY_JNI_UTIL_UNLOAD_CLASS(env, jString_class); 226 | apr_terminate(); 227 | tcn_global_pool = NULL; 228 | } 229 | 230 | NETTY_JNI_UTIL_UNLOAD_CLASS(env, byteArrayClass); 231 | 232 | netty_jni_util_unregister_natives(env, packagePrefix, LIBRARY_CLASSNAME); 233 | 234 | // Call unload methods if needed to ensure we correctly release any resources. 235 | if (errorOnLoadCalled == 1) { 236 | netty_internal_tcnative_Error_JNI_OnUnLoad(env, packagePrefix); 237 | } 238 | if (bufferOnLoadCalled == 1) { 239 | netty_internal_tcnative_Buffer_JNI_OnUnLoad(env, packagePrefix); 240 | } 241 | if (jniMethodsOnLoadCalled == 1) { 242 | netty_internal_tcnative_NativeStaticallyReferencedJniMethods_JNI_OnUnLoad(env, packagePrefix); 243 | } 244 | if (sslOnLoadCalled == 1) { 245 | netty_internal_tcnative_SSL_JNI_OnUnLoad(env, packagePrefix); 246 | } 247 | if (contextOnLoadCalled == 1) { 248 | netty_internal_tcnative_SSLContext_JNI_OnUnLoad(env, packagePrefix); 249 | } 250 | if (sessionOnLoadCalled == 1) { 251 | netty_internal_tcnative_SSLSession_JNI_OnUnLoad(env, packagePrefix); 252 | } 253 | return JNI_ERR; 254 | } 255 | 256 | static void netty_internal_tcnative_Library_JNI_OnUnload(JNIEnv* env) { 257 | if (tcn_global_pool != NULL) { 258 | NETTY_JNI_UTIL_UNLOAD_CLASS(env, jString_class); 259 | apr_terminate(); 260 | tcn_global_pool = NULL; 261 | } 262 | 263 | NETTY_JNI_UTIL_UNLOAD_CLASS(env, byteArrayClass); 264 | netty_internal_tcnative_Error_JNI_OnUnLoad(env, staticPackagePrefix); 265 | netty_internal_tcnative_Buffer_JNI_OnUnLoad(env, staticPackagePrefix); 266 | netty_internal_tcnative_NativeStaticallyReferencedJniMethods_JNI_OnUnLoad(env, staticPackagePrefix); 267 | netty_internal_tcnative_SSL_JNI_OnUnLoad(env, staticPackagePrefix); 268 | netty_internal_tcnative_SSLContext_JNI_OnUnLoad(env, staticPackagePrefix); 269 | netty_internal_tcnative_SSLSession_JNI_OnUnLoad(env, staticPackagePrefix); 270 | free((void *) staticPackagePrefix); 271 | staticPackagePrefix = NULL; 272 | } 273 | 274 | // As we build with -fvisibility=hidden we need to ensure we mark the entry load and unload functions used by the 275 | // JVM as visible. 276 | // 277 | // It's important to note that we will only export functions that are prefixed with JNI_ so if we ever need to export 278 | // more we need to ensure we add the prefix. This is enforced by the TCN_CHECK_STATIC function in tcnative.m4. 279 | 280 | // Invoked by the JVM when statically linked 281 | JNIEXPORT jint JNI_OnLoad_netty_tcnative(JavaVM* vm, void* reserved) { 282 | tcn_global_vm = vm; 283 | jint ret = netty_jni_util_JNI_OnLoad(vm, reserved, "netty_tcnative", netty_internal_tcnative_Library_JNI_OnLoad); 284 | if (ret == JNI_ERR) { 285 | tcn_global_vm = NULL; 286 | } 287 | return ret; 288 | } 289 | 290 | // Invoked by the JVM when statically linked 291 | JNIEXPORT void JNI_OnUnload_netty_tcnative(JavaVM* vm, void* reserved) { 292 | netty_jni_util_JNI_OnUnload(vm, reserved, netty_internal_tcnative_Library_JNI_OnUnload); 293 | tcn_global_vm = NULL; 294 | } 295 | 296 | #ifndef TCN_BUILD_STATIC 297 | JNIEXPORT jint JNI_OnLoad(JavaVM* vm, void* reserved) { 298 | tcn_global_vm = vm; 299 | jint ret = netty_jni_util_JNI_OnLoad(vm, reserved, "netty_tcnative", netty_internal_tcnative_Library_JNI_OnLoad); 300 | if (ret == JNI_ERR) { 301 | tcn_global_vm = NULL; 302 | } 303 | return ret; 304 | } 305 | 306 | JNIEXPORT void JNI_OnUnload(JavaVM* vm, void* reserved) { 307 | netty_jni_util_JNI_OnUnload(vm, reserved, netty_internal_tcnative_Library_JNI_OnUnload); 308 | tcn_global_vm = NULL; 309 | } 310 | #endif /* TCN_BUILD_STATIC */ 311 | -------------------------------------------------------------------------------- /openssl-dynamic/src/main/c/native_constants.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | #ifndef NETTY_TCNATIVE_NATIVE_CONSTANTS_H_ 17 | #define NETTY_TCNATIVE_NATIVE_CONSTANTS_H_ 18 | 19 | // JNI initialization hooks. Users of this file are responsible for calling these in the JNI_OnLoad and JNI_OnUnload methods. 20 | jint netty_internal_tcnative_NativeStaticallyReferencedJniMethods_JNI_OnLoad(JNIEnv* env, const char* packagePrefix); 21 | void netty_internal_tcnative_NativeStaticallyReferencedJniMethods_JNI_OnUnLoad(JNIEnv* env, const char* packagePrefix); 22 | #endif /* NETTY_TCNATIVE_NATIVE_CONSTANTS_H_ */ 23 | -------------------------------------------------------------------------------- /openssl-dynamic/src/main/c/ssl.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | #ifndef NETTY_TCNATIVE_SSL_H_ 17 | #define NETTY_TCNATIVE_SSL_H_ 18 | 19 | // JNI initialization hooks. Users of this file are responsible for calling these in the JNI_OnLoad and JNI_OnUnload methods. 20 | jint netty_internal_tcnative_SSL_JNI_OnLoad(JNIEnv* env, const char* packagePrefix); 21 | void netty_internal_tcnative_SSL_JNI_OnUnLoad(JNIEnv* env, const char* packagePrefix); 22 | #endif /* NETTY_TCNATIVE_SSL_H_ */ 23 | -------------------------------------------------------------------------------- /openssl-dynamic/src/main/c/sslcontext.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | #ifndef NETTY_TCNATIVE_SSLCONTEXT_H_ 17 | #define NETTY_TCNATIVE_SSLCONTEXT_H_ 18 | 19 | // JNI initialization hooks. Users of this file are responsible for calling these in the JNI_OnLoad and JNI_OnUnload methods. 20 | jint netty_internal_tcnative_SSLContext_JNI_OnLoad(JNIEnv* env, const char* packagePrefix); 21 | void netty_internal_tcnative_SSLContext_JNI_OnUnLoad(JNIEnv* env, const char* packagePrefix); 22 | #endif /* NETTY_TCNATIVE_SSLCONTEXT_H_ */ 23 | -------------------------------------------------------------------------------- /openssl-dynamic/src/main/c/sslsession.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | #include "tcn.h" 17 | #include "ssl_private.h" 18 | #include "sslsession.h" 19 | 20 | #define SSLSESSION_CLASSNAME "io/netty/internal/tcnative/SSLSession" 21 | 22 | 23 | TCN_IMPLEMENT_CALL(jlong, SSLSession, getTime)(TCN_STDARGS, jlong session) 24 | { 25 | SSL_SESSION *session_ = J2P(session, SSL_SESSION *); 26 | 27 | TCN_CHECK_NULL(session_, session, 0); 28 | 29 | return SSL_SESSION_get_time(session_); 30 | } 31 | 32 | TCN_IMPLEMENT_CALL(jlong, SSLSession, getTimeout)(TCN_STDARGS, jlong session) 33 | { 34 | SSL_SESSION *session_ = J2P(session, SSL_SESSION *); 35 | 36 | TCN_CHECK_NULL(session_, session, 0); 37 | 38 | return SSL_SESSION_get_timeout(session_); 39 | } 40 | 41 | TCN_IMPLEMENT_CALL(jlong, SSLSession, setTimeout)(TCN_STDARGS, jlong session, jlong seconds) 42 | { 43 | SSL_SESSION *session_ = J2P(session, SSL_SESSION *); 44 | 45 | TCN_CHECK_NULL(session_, session, 0); 46 | 47 | return SSL_SESSION_set_timeout(session_, seconds); 48 | } 49 | 50 | TCN_IMPLEMENT_CALL(jbyteArray, SSLSession, getSessionId)(TCN_STDARGS, jlong session) 51 | { 52 | unsigned int len; 53 | const unsigned char *session_id = NULL; 54 | jbyteArray bArray = NULL; 55 | SSL_SESSION *session_ = J2P(session, SSL_SESSION *); 56 | 57 | TCN_CHECK_NULL(session_, session, NULL); 58 | 59 | session_id = SSL_SESSION_get_id(session_, &len); 60 | if (len == 0 || session_id == NULL) { 61 | return NULL; 62 | } 63 | 64 | if ((bArray = (*e)->NewByteArray(e, len)) == NULL) { 65 | return NULL; 66 | } 67 | (*e)->SetByteArrayRegion(e, bArray, 0, len, (jbyte*) session_id); 68 | return bArray; 69 | } 70 | 71 | TCN_IMPLEMENT_CALL(jboolean, SSLSession, upRef)(TCN_STDARGS, jlong session) { 72 | SSL_SESSION *session_ = J2P(session, SSL_SESSION *); 73 | 74 | TCN_CHECK_NULL(session_, session, JNI_FALSE); 75 | 76 | // Only supported with GCC 77 | #if !defined(OPENSSL_IS_BORINGSSL) && (defined(__GNUC__) || defined(__GNUG__)) 78 | if (!SSL_SESSION_up_ref) { 79 | return JNI_FALSE; 80 | } 81 | #endif 82 | 83 | // We can only support it when either use openssl version >= 1.1.0 or GCC as this way we can use weak linking 84 | #if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(__GNUC__) || defined(__GNUG__) 85 | return SSL_SESSION_up_ref(session_) == 1 ? JNI_TRUE : JNI_FALSE; 86 | #else 87 | return JNI_FALSE; 88 | #endif // OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(__GNUC__) || defined(__GNUG__) 89 | } 90 | 91 | TCN_IMPLEMENT_CALL(void, SSLSession, free)(TCN_STDARGS, jlong session) { 92 | SSL_SESSION *session_ = J2P(session, SSL_SESSION *); 93 | 94 | TCN_CHECK_NULL(session_, session, /* void */); 95 | 96 | SSL_SESSION_free(session_); 97 | } 98 | 99 | TCN_IMPLEMENT_CALL(jboolean, SSLSession, shouldBeSingleUse)(TCN_STDARGS, jlong session) { 100 | // Only supported by BoringSSL atm 101 | #ifdef OPENSSL_IS_BORINGSSL 102 | SSL_SESSION *session_ = J2P(session, SSL_SESSION *); 103 | TCN_CHECK_NULL(session_, session, JNI_FALSE); 104 | return SSL_SESSION_should_be_single_use(session_) == 0 ? JNI_FALSE : JNI_TRUE; 105 | #else 106 | return JNI_FALSE; 107 | #endif // OPENSSL_IS_BORINGSSL 108 | } 109 | 110 | // JNI Method Registration Table Begin 111 | static const JNINativeMethod method_table[] = { 112 | { TCN_METHOD_TABLE_ENTRY(getTime, (J)J, SSLSession) }, 113 | { TCN_METHOD_TABLE_ENTRY(getTimeout, (J)J, SSLSession) }, 114 | { TCN_METHOD_TABLE_ENTRY(setTimeout, (JJ)J, SSLSession) }, 115 | { TCN_METHOD_TABLE_ENTRY(getSessionId, (J)[B, SSLSession) }, 116 | { TCN_METHOD_TABLE_ENTRY(free, (J)V, SSLSession) }, 117 | { TCN_METHOD_TABLE_ENTRY(upRef, (J)Z, SSLSession) }, 118 | { TCN_METHOD_TABLE_ENTRY(shouldBeSingleUse, (J)Z, SSLSession) } 119 | }; 120 | 121 | static const jint method_table_size = sizeof(method_table) / sizeof(method_table[0]); 122 | 123 | // JNI Method Registration Table End 124 | 125 | // IMPORTANT: If you add any NETTY_JNI_UTIL_LOAD_CLASS or NETTY_JNI_UTIL_FIND_CLASS calls you also need to update 126 | // Library to reflect that. 127 | jint netty_internal_tcnative_SSLSession_JNI_OnLoad(JNIEnv* env, const char* packagePrefix) { 128 | if (netty_jni_util_register_natives(env, 129 | packagePrefix, 130 | SSLSESSION_CLASSNAME, 131 | method_table, method_table_size) != 0) { 132 | return JNI_ERR; 133 | } 134 | return NETTY_JNI_UTIL_JNI_VERSION; 135 | } 136 | 137 | void netty_internal_tcnative_SSLSession_JNI_OnUnLoad(JNIEnv* env, const char* packagePrefix) { 138 | netty_jni_util_unregister_natives(env,packagePrefix, SSLSESSION_CLASSNAME); 139 | } 140 | -------------------------------------------------------------------------------- /openssl-dynamic/src/main/c/sslsession.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | #ifndef NETTY_TCNATIVE_SSLSESSION_H_ 17 | #define NETTY_TCNATIVE_SSLSESSION_H_ 18 | 19 | // JNI initialization hooks. Users of this file are responsible for calling these in the JNI_OnLoad and JNI_OnUnload methods. 20 | jint netty_internal_tcnative_SSLSession_JNI_OnLoad(JNIEnv* env, const char* packagePrefix); 21 | void netty_internal_tcnative_SSLSession_JNI_OnUnLoad(JNIEnv* env, const char* packagePrefix); 22 | #endif /* NETTY_TCNATIVE_SSLSESSION_H_ */ 23 | -------------------------------------------------------------------------------- /openssl-dynamic/src/main/c/tcn.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2016 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | /* Licensed to the Apache Software Foundation (ASF) under one or more 17 | * contributor license agreements. See the NOTICE file distributed with 18 | * this work for additional information regarding copyright ownership. 19 | * The ASF licenses this file to You under the Apache License, Version 2.0 20 | * (the "License"); you may not use this file except in compliance with 21 | * the License. You may obtain a copy of the License at 22 | * 23 | * http://www.apache.org/licenses/LICENSE-2.0 24 | * 25 | * Unless required by applicable law or agreed to in writing, software 26 | * distributed under the License is distributed on an "AS IS" BASIS, 27 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 28 | * See the License for the specific language governing permissions and 29 | * limitations under the License. 30 | */ 31 | 32 | #ifndef TCN_H 33 | #define TCN_H 34 | 35 | // Start includes 36 | #include 37 | #include "netty_jni_util.h" 38 | 39 | #include "apr.h" 40 | #include "apr_pools.h" 41 | 42 | #ifndef APR_HAS_THREADS 43 | #error "Missing APR_HAS_THREADS support from APR." 44 | #endif 45 | 46 | #include 47 | #include 48 | #if defined(_WIN32) && !defined(__CYGWIN__) 49 | #include 50 | #else 51 | #include 52 | #endif 53 | 54 | #if defined(_DEBUG) || defined(DEBUG) 55 | #include 56 | #define TCN_ASSERT(x) assert((x)) 57 | #else 58 | #define TCN_ASSERT(x) (void)0 59 | #endif 60 | // End includes 61 | 62 | #ifdef _WIN32 63 | #define LLT(X) (X) 64 | #else 65 | #define LLT(X) ((long)(X)) 66 | #endif 67 | #define P2J(P) ((jlong)LLT(P)) 68 | #define J2P(P, T) ((T)LLT((jlong)P)) 69 | /* On stack buffer size */ 70 | #define TCN_BUFFER_SZ 8192 71 | #define TCN_STDARGS JNIEnv *e, jobject o 72 | 73 | #define STR(V) #V 74 | 75 | #define TCN_FUNCTION_NAME(CL, FN) \ 76 | netty_internal_tcnative_##CL##_##FN 77 | 78 | #define TCN_IMPLEMENT_CALL(RT, CL, FN) \ 79 | static RT TCN_FUNCTION_NAME(CL, FN) 80 | 81 | #define TCN_METHOD_TABLE_ENTRY(ME, SI, CL) \ 82 | STR(ME), STR(SI), (void *) TCN_FUNCTION_NAME(CL, ME) 83 | 84 | /* Private helper functions */ 85 | void tcn_Throw(JNIEnv *, const char *, ...); 86 | void tcn_ThrowException(JNIEnv *, const char *); 87 | void tcn_ThrowNullPointerException(JNIEnv *, const char *); 88 | void tcn_ThrowIllegalArgumentException(JNIEnv *, const char *); 89 | void tcn_ThrowAPRException(JNIEnv *, apr_status_t); 90 | void tcn_throwOutOfMemoryError(JNIEnv *, const char *); 91 | 92 | jstring tcn_new_string(JNIEnv *, const char *); 93 | jstring tcn_new_stringn(JNIEnv *, const char *, size_t); 94 | 95 | #define J2S(V) c##V 96 | #define J2L(V) p##V 97 | 98 | #define TCN_ALLOC_CSTRING(V) \ 99 | const char *c##V = V ? (const char *)((*e)->GetStringUTFChars(e, V, JNI_FALSE)) : NULL 100 | 101 | #define TCN_FREE_CSTRING(V) \ 102 | if (c##V) (*e)->ReleaseStringUTFChars(e, V, c##V) 103 | 104 | #define AJP_TO_JSTRING(V) (*e)->NewStringUTF((e), (V)) 105 | 106 | #define TCN_CHECK_NULL(V, M, R) \ 107 | NETTY_JNI_UTIL_BEGIN_MACRO \ 108 | if (V == NULL) { \ 109 | tcn_ThrowNullPointerException(e, #M); \ 110 | return R; \ 111 | } \ 112 | NETTY_JNI_UTIL_END_MACRO 113 | 114 | #define TCN_CHECK_POSITIVE_OR_ZERO(V, M, R) \ 115 | NETTY_JNI_UTIL_BEGIN_MACRO \ 116 | if (V < 0) { \ 117 | tcn_ThrowIllegalArgumentException(e, #M); \ 118 | return R; \ 119 | } \ 120 | NETTY_JNI_UTIL_END_MACRO 121 | 122 | #define TCN_CHECK_POSITIVE(V, M, R) \ 123 | NETTY_JNI_UTIL_BEGIN_MACRO \ 124 | if (V <= 0) { \ 125 | tcn_ThrowIllegalArgumentException(e, #M); \ 126 | return R; \ 127 | } \ 128 | NETTY_JNI_UTIL_END_MACRO 129 | 130 | #define TCN_FREE_JSTRING(V) \ 131 | NETTY_JNI_UTIL_BEGIN_MACRO \ 132 | if (c##V) \ 133 | free(c##V); \ 134 | NETTY_JNI_UTIL_END_MACRO 135 | 136 | #define TCN_THROW_IF_ERR(x, r) \ 137 | NETTY_JNI_UTIL_BEGIN_MACRO \ 138 | apr_status_t R = (x); \ 139 | if (R != APR_SUCCESS) { \ 140 | tcn_ThrowAPRException(e, R); \ 141 | (r) = 0; \ 142 | goto cleanup; \ 143 | } \ 144 | NETTY_JNI_UTIL_END_MACRO 145 | 146 | #define TCN_MIN(a, b) ((a) < (b) ? (a) : (b)) 147 | 148 | #define TCN_REASSIGN(V1, V2) \ 149 | NETTY_JNI_UTIL_BEGIN_MACRO \ 150 | free(V1); \ 151 | V1 = V2; \ 152 | V2 = NULL; \ 153 | NETTY_JNI_UTIL_END_MACRO 154 | 155 | 156 | /* Return global String class 157 | */ 158 | jclass tcn_get_string_class(void); 159 | 160 | jclass tcn_get_byte_array_class(); 161 | 162 | /* Get current thread JNIEnv 163 | */ 164 | jint tcn_get_java_env(JNIEnv **); 165 | 166 | #endif /* TCN_H */ 167 | -------------------------------------------------------------------------------- /openssl-dynamic/src/main/native-package/configure.ac: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------- 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # --------------------------------------------------------------------------- 17 | 18 | ## -------------------------------- 19 | ## Initialization macros. 20 | ## -------------------------------- 21 | AC_PREREQ([2.61]) 22 | AC_INIT([@PROJECT_NAME@], [@VERSION@]) 23 | AC_CONFIG_AUX_DIR([autotools]) 24 | AC_CONFIG_MACRO_DIR([m4]) 25 | AC_CONFIG_SRCDIR([src/error.c]) 26 | #AC_CONFIG_SRCDIR([@FIRST_SOURCE_FILE@]) 27 | AC_CONFIG_HEADERS([src/config.h]) 28 | AC_CANONICAL_HOST 29 | AC_CANONICAL_SYSTEM 30 | 31 | ${CFLAGS="-O3 -Werror -fno-omit-frame-pointer -fvisibility=hidden -Wunused -Wno-unused-value -Wno-deprecated-declarations"} 32 | ${CXXFLAGS="-O3 -Werror -fno-omit-frame-pointer -fvisibility=hidden -Wunused -Wno-unused-value"} 33 | 34 | ## ----------------------------------------------- 35 | ## Application Checks 36 | ## ----------------------------------------------- 37 | AC_PROG_CC 38 | AC_PROG_INSTALL 39 | # Make AM_PROG_AR work before automake 1.12 40 | m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) 41 | AC_PROG_LIBTOOL([disable-static]) 42 | 43 | ## ----------------------------------------------- 44 | ## API Checks 45 | ## ----------------------------------------------- 46 | WITH_JNI_JDK 47 | 48 | CUSTOM_M4_SETUP 49 | 50 | WITH_OSX_UNIVERSAL 51 | 52 | CFLAGS="$CFLAGS $JNI_EXTRA_CFLAGS" 53 | AC_SUBST(CFLAGS) 54 | CXXFLAGS="$CXXFLAGS $JNI_EXTRA_CFLAGS" 55 | AC_SUBST(CXXFLAGS) 56 | LDFLAGS="$LDFLAGS $JNI_EXTRA_LDFLAGS -release @VERSION@" 57 | AC_SUBST(LDFLAGS) 58 | 59 | ## ----------------------------------------------------- 60 | ## Generate the files 61 | ## ----------------------------------------------------- 62 | AM_INIT_AUTOMAKE([subdir-objects no-dependencies -Wall foreign]) 63 | AC_CONFIG_FILES([Makefile]) 64 | AC_OUTPUT 65 | 66 | echo " 67 | ($PACKAGE_NAME) version $PACKAGE_VERSION 68 | Prefix.........: $prefix 69 | C Compiler.....: $CC $CFLAGS 70 | Linker.........: $LD $LDFLAGS $LIBS 71 | " 72 | -------------------------------------------------------------------------------- /openssl-dynamic/src/main/native-package/m4/custom.m4: -------------------------------------------------------------------------------- 1 | dnl --------------------------------------------------------------------------- 2 | dnl Copyright 2014 The Netty Project 3 | dnl 4 | dnl Licensed under the Apache License, Version 2.0 (the "License"); 5 | dnl you may not use this file except in compliance with the License. 6 | dnl You may obtain a copy of the License at 7 | dnl 8 | dnl http://www.apache.org/licenses/LICENSE-2.0 9 | dnl 10 | dnl Unless required by applicable law or agreed to in writing, software 11 | dnl distributed under the License is distributed on an "AS IS" BASIS, 12 | dnl WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | dnl See the License for the specific language governing permissions and 14 | dnl limitations under the License. 15 | dnl --------------------------------------------------------------------------- 16 | 17 | AC_DEFUN([CUSTOM_M4_SETUP], 18 | [ 19 | dnl These macros were copied from tomcat-native/jni/native/build/ 20 | sinclude(m4/apr_common.m4) 21 | sinclude(m4/find_apr.m4) 22 | 23 | dnl This macro was copied from tomcat-native/jni/native/build with slight modifications 24 | dnl - Fix autoconf warnings 25 | dnl - Make TCN_FIND_APR try the system's APR installation 26 | sinclude(m4/tcnative.m4) 27 | 28 | dnl Make sure Apache Portable Runtime is available in the system. 29 | APR_PARSE_ARGUMENTS 30 | TCN_FIND_APR 31 | 32 | dnl Enable OpenSSL OCSP verification support. 33 | AC_ARG_ENABLE(ocsp, 34 | [AS_HELP_STRING([--enable-ocsp],[Turn on OpenSSL OCSP verification support])], 35 | [ 36 | case "${enableval}" in 37 | yes) 38 | APR_ADDTO(CFLAGS, [-DHAVE_OPENSSL_OCSP]) 39 | AC_MSG_RESULT([Enabling OCSP verification support...]) 40 | ;; 41 | esac 42 | ]) 43 | 44 | dnl Check if the libs we link against are static 45 | TCN_CHECK_STATIC 46 | 47 | dnl Make sure OpenSSL is available in the system and set extra flags if we compile against a static version. 48 | if $use_openssl ; then 49 | TCN_CHECK_SSL_TOOLKIT 50 | fi 51 | 52 | dnl Update the compiler/linker flags to add APR and OpenSSL to the build path. 53 | CFLAGS="$CFLAGS $TCN_OPENSSL_INC $APR_INCLUDES -D_LARGEFILE64_SOURCE" 54 | CXXFLAGS="$CXXFLAGS $TCN_OPENSSL_INC $APR_INCLUDES" 55 | LDFLAGS="$LDFLAGS $TCN_OPENSSL_LIBS $APR_LIBS" 56 | AC_SUBST(CFLAGS) 57 | AC_SUBST(CXXFLAGS) 58 | AC_SUBST(LDFLAGS) 59 | ]) 60 | 61 | -------------------------------------------------------------------------------- /openssl-dynamic/src/main/native-package/m4/find_apr.m4: -------------------------------------------------------------------------------- 1 | dnl -------------------------------------------------------- -*- autoconf -*- 2 | dnl Licensed to the Apache Software Foundation (ASF) under one or more 3 | dnl contributor license agreements. See the NOTICE file distributed with 4 | dnl this work for additional information regarding copyright ownership. 5 | dnl The ASF licenses this file to You under the Apache License, Version 2.0 6 | dnl (the "License"); you may not use this file except in compliance with 7 | dnl the License. You may obtain a copy of the License at 8 | dnl 9 | dnl http://www.apache.org/licenses/LICENSE-2.0 10 | dnl 11 | dnl Unless required by applicable law or agreed to in writing, software 12 | dnl distributed under the License is distributed on an "AS IS" BASIS, 13 | dnl WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | dnl See the License for the specific language governing permissions and 15 | dnl limitations under the License. 16 | 17 | dnl 18 | dnl find_apr.m4 : locate the APR include files and libraries 19 | dnl 20 | dnl This macro file can be used by applications to find and use the APR 21 | dnl library. It provides a standardized mechanism for using APR. It supports 22 | dnl embedding APR into the application source, or locating an installed 23 | dnl copy of APR. 24 | dnl 25 | dnl APR_FIND_APR(srcdir, builddir, implicit-install-check, acceptable-majors, 26 | dnl detailed-check) 27 | dnl 28 | dnl where srcdir is the location of the bundled APR source directory, or 29 | dnl empty if source is not bundled. 30 | dnl 31 | dnl where builddir is the location where the bundled APR will will be built, 32 | dnl or empty if the build will occur in the srcdir. 33 | dnl 34 | dnl where implicit-install-check set to 1 indicates if there is no 35 | dnl --with-apr option specified, we will look for installed copies. 36 | dnl 37 | dnl where acceptable-majors is a space separated list of acceptable major 38 | dnl version numbers. Often only a single major version will be acceptable. 39 | dnl If multiple versions are specified, and --with-apr=PREFIX or the 40 | dnl implicit installed search are used, then the first (leftmost) version 41 | dnl in the list that is found will be used. Currently defaults to [0 1]. 42 | dnl 43 | dnl where detailed-check is an M4 macro which sets the apr_acceptable to 44 | dnl either "yes" or "no". The macro will be invoked for each installed 45 | dnl copy of APR found, with the apr_config variable set appropriately. 46 | dnl Only installed copies of APR which are considered acceptable by 47 | dnl this macro will be considered found. If no installed copies are 48 | dnl considered acceptable by this macro, apr_found will be set to either 49 | dnl either "no" or "reconfig". 50 | dnl 51 | dnl Sets the following variables on exit: 52 | dnl 53 | dnl apr_found : "yes", "no", "reconfig" 54 | dnl 55 | dnl apr_config : If the apr-config tool exists, this refers to it. If 56 | dnl apr_found is "reconfig", then the bundled directory 57 | dnl should be reconfigured *before* using apr_config. 58 | dnl 59 | dnl Note: this macro file assumes that apr-config has been installed; it 60 | dnl is normally considered a required part of an APR installation. 61 | dnl 62 | dnl If a bundled source directory is available and needs to be (re)configured, 63 | dnl then apr_found is set to "reconfig". The caller should reconfigure the 64 | dnl (passed-in) source directory, placing the result in the build directory, 65 | dnl as appropriate. 66 | dnl 67 | dnl If apr_found is "yes" or "reconfig", then the caller should use the 68 | dnl value of apr_config to fetch any necessary build/link information. 69 | dnl 70 | 71 | AC_DEFUN([APR_FIND_APR], [ 72 | apr_found="no" 73 | 74 | if test "$target_os" = "os2-emx"; then 75 | # Scripts don't pass test -x on OS/2 76 | TEST_X="test -f" 77 | else 78 | TEST_X="test -x" 79 | fi 80 | 81 | ifelse([$4], [], [ 82 | ifdef(AC_WARNING,AC_WARNING([$0: missing argument 4 (acceptable-majors): Defaulting to APR 0.x then APR 1.x])) 83 | acceptable_majors="0 1"], 84 | [acceptable_majors="$4"]) 85 | 86 | apr_temp_acceptable_apr_config="" 87 | for apr_temp_major in $acceptable_majors 88 | do 89 | case $apr_temp_major in 90 | 0) 91 | apr_temp_acceptable_apr_config="$apr_temp_acceptable_apr_config apr-config" 92 | ;; 93 | *) 94 | apr_temp_acceptable_apr_config="$apr_temp_acceptable_apr_config apr-$apr_temp_major-config" 95 | ;; 96 | esac 97 | done 98 | 99 | AC_MSG_CHECKING(for APR) 100 | AC_ARG_WITH(apr, 101 | [ --with-apr=PATH prefix for installed APR or the full path to 102 | apr-config], 103 | [ 104 | if test "$withval" = "no" || test "$withval" = "yes"; then 105 | AC_MSG_ERROR([--with-apr requires a directory or file to be provided]) 106 | fi 107 | 108 | for apr_temp_apr_config_file in $apr_temp_acceptable_apr_config 109 | do 110 | for lookdir in "$withval/bin" "$withval" 111 | do 112 | if $TEST_X "$lookdir/$apr_temp_apr_config_file"; then 113 | apr_config="$lookdir/$apr_temp_apr_config_file" 114 | ifelse([$5], [], [], [ 115 | apr_acceptable="yes" 116 | $5 117 | if test "$apr_acceptable" != "yes"; then 118 | AC_MSG_WARN([Found APR in $apr_config, but we think it is considered unacceptable]) 119 | continue 120 | fi]) 121 | apr_found="yes" 122 | break 2 123 | fi 124 | done 125 | done 126 | 127 | if test "$apr_found" != "yes" && $TEST_X "$withval" && $withval --help > /dev/null 2>&1 ; then 128 | apr_config="$withval" 129 | ifelse([$5], [], [apr_found="yes"], [ 130 | apr_acceptable="yes" 131 | $5 132 | if test "$apr_acceptable" = "yes"; then 133 | apr_found="yes" 134 | fi]) 135 | fi 136 | 137 | dnl if --with-apr is used, it is a fatal error for its argument 138 | dnl to be invalid 139 | if test "$apr_found" != "yes"; then 140 | AC_MSG_ERROR([the --with-apr parameter is incorrect. It must specify an install prefix, a build directory, or an apr-config file.]) 141 | fi 142 | ],[ 143 | dnl If we allow installed copies, check those before using bundled copy. 144 | if test -n "$3" && test "$3" = "1"; then 145 | for apr_temp_apr_config_file in $apr_temp_acceptable_apr_config 146 | do 147 | if $apr_temp_apr_config_file --help > /dev/null 2>&1 ; then 148 | apr_config="$apr_temp_apr_config_file" 149 | ifelse([$5], [], [], [ 150 | apr_acceptable="yes" 151 | $5 152 | if test "$apr_acceptable" != "yes"; then 153 | AC_MSG_WARN([skipped APR at $apr_config, version not acceptable]) 154 | continue 155 | fi]) 156 | apr_found="yes" 157 | break 158 | else 159 | dnl look in some standard places 160 | for lookdir in /usr /usr/local /usr/local/apr /opt/apr; do 161 | if $TEST_X "$lookdir/bin/$apr_temp_apr_config_file"; then 162 | apr_config="$lookdir/bin/$apr_temp_apr_config_file" 163 | ifelse([$5], [], [], [ 164 | apr_acceptable="yes" 165 | $5 166 | if test "$apr_acceptable" != "yes"; then 167 | AC_MSG_WARN([skipped APR at $apr_config, version not acceptable]) 168 | continue 169 | fi]) 170 | apr_found="yes" 171 | break 2 172 | fi 173 | done 174 | fi 175 | done 176 | fi 177 | dnl if we have not found anything yet and have bundled source, use that 178 | if test "$apr_found" = "no" && test -d "$1"; then 179 | apr_temp_abs_srcdir="`cd \"$1\" && pwd`" 180 | apr_found="reconfig" 181 | apr_bundled_major="`sed -n '/#define.*APR_MAJOR_VERSION/s/^[^0-9]*\([0-9]*\).*$/\1/p' \"$1/include/apr_version.h\"`" 182 | case $apr_bundled_major in 183 | "") 184 | AC_MSG_ERROR([failed to find major version of bundled APR]) 185 | ;; 186 | 0) 187 | apr_temp_apr_config_file="apr-config" 188 | ;; 189 | *) 190 | apr_temp_apr_config_file="apr-$apr_bundled_major-config" 191 | ;; 192 | esac 193 | if test -n "$2"; then 194 | apr_config="$2/$apr_temp_apr_config_file" 195 | else 196 | apr_config="$1/$apr_temp_apr_config_file" 197 | fi 198 | fi 199 | ]) 200 | 201 | AC_MSG_RESULT($apr_found) 202 | ]) 203 | -------------------------------------------------------------------------------- /openssl-dynamic/src/test/java/io/netty/internal/tcnative/AbstractNativeTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | 19 | import org.junit.jupiter.api.BeforeAll; 20 | 21 | import java.io.File; 22 | 23 | /** 24 | * All unit-tests MUST extend this base class, otherwise the native library may not be correctly 25 | * loaded. 26 | */ 27 | public abstract class AbstractNativeTest { 28 | 29 | @BeforeAll 30 | public static void loadNativeLib() throws Exception { 31 | String testClassesRoot = AbstractNativeTest.class.getProtectionDomain().getCodeSource().getLocation().getFile(); 32 | File[] directories = new File(testClassesRoot + File.separator + "META-INF" + File.separator + "native") 33 | .listFiles(); 34 | if (directories == null || directories.length != 1) { 35 | throw new IllegalStateException("Could not find platform specific native directory"); 36 | } 37 | String libName = System.mapLibraryName("netty_tcnative") 38 | // Fix the filename (this is needed for macOS). 39 | .replace(".dylib", ".jnilib"); 40 | String libPath = directories[0].getAbsoluteFile() + File.separator + libName; 41 | System.load(libPath); 42 | Library.initialize(); 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /openssl-dynamic/src/test/java/io/netty/internal/tcnative/CertificateVerifierTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 The Netty Project 3 | * 4 | * The Netty Project licenses this file to you under the Apache License, 5 | * version 2.0 (the "License"); you may not use this file except in compliance 6 | * with the License. You may obtain a copy of the License at: 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | * License for the specific language governing permissions and limitations 14 | * under the License. 15 | */ 16 | package io.netty.internal.tcnative; 17 | 18 | 19 | import org.junit.jupiter.api.Test; 20 | 21 | import java.lang.reflect.Field; 22 | 23 | import static org.junit.jupiter.api.Assertions.assertFalse; 24 | import static org.junit.jupiter.api.Assertions.assertTrue; 25 | 26 | public class CertificateVerifierTest extends AbstractNativeTest { 27 | 28 | @Test 29 | public void testValidErrorCode() throws Exception { 30 | Field[] fields = CertificateVerifier.class.getFields(); 31 | for (Field field : fields) { 32 | if (field.isAccessible()) { 33 | int errorCode = field.getInt(null); 34 | assertTrue(CertificateVerifier.isValid(errorCode), "errorCode '" + errorCode + "' must be valid"); 35 | } 36 | } 37 | } 38 | 39 | @Test 40 | public void testNonValidErrorCode() { 41 | assertFalse(CertificateVerifier.isValid(Integer.MIN_VALUE)); 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /patches/apr_crypt.patch: -------------------------------------------------------------------------------- 1 | --- configure.in.old 2023-01-09 14:22:19 2 | +++ configure.in 2023-01-09 14:22:43 3 | @@ -729,7 +729,6 @@ 4 | AC_SEARCH_LIBS(gethostbyname, nsl) 5 | AC_SEARCH_LIBS(gethostname, nsl) 6 | AC_SEARCH_LIBS(socket, socket) 7 | - AC_SEARCH_LIBS(crypt, crypt ufc) 8 | AC_CHECK_LIB(truerand, main) 9 | AC_SEARCH_LIBS(modf, m) 10 | ;; 11 | -------------------------------------------------------------------------------- /scripts/finish_release.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | if [ "$#" -ne 2 ]; then 5 | echo "Expected staging profile id and tag, login into oss.sonatype.org to retrieve it" 6 | exit 1 7 | fi 8 | 9 | OS=$(uname) 10 | ARCH=$(uname -p) 11 | 12 | if [ "$OS" != "Darwin" ]; then 13 | echo "Needs to be executed on macOS" 14 | exit 1 15 | fi 16 | 17 | BRANCH=$(git branch --show-current) 18 | 19 | if git tag | grep -q "$2" ; then 20 | echo "Tag $2 already exists" 21 | exit 1 22 | fi 23 | 24 | CROSS_COMPILE_PROFILE="mac-m1-cross-compile" 25 | if [ "$ARCH" == "arm" ]; then 26 | CROSS_COMPILE_PROFILE="mac-intel-cross-compile" 27 | fi 28 | 29 | 30 | git fetch 31 | git checkout "$2" 32 | 33 | export JAVA_HOME="$JAVA8_HOME" 34 | 35 | ./mvnw -Psonatype-oss-release -am -pl openssl-dynamic,boringssl-static clean package gpg:sign org.sonatype.plugins:nexus-staging-maven-plugin:deploy -DstagingRepositoryId="$1" -DnexusUrl=https://oss.sonatype.org -DserverId=sonatype-nexus-staging -DskipTests=true 36 | ./mvnw -Psonatype-oss-release,"$CROSS_COMPILE_PROFILE" -am -pl boringssl-static clean package gpg:sign org.sonatype.plugins:nexus-staging-maven-plugin:deploy -DstagingRepositoryId="$1" -DnexusUrl=https://oss.sonatype.org -DserverId=sonatype-nexus-staging -DskipTests=true 37 | ./mvnw -Psonatype-oss-release,uber-staging -pl boringssl-static clean package gpg:sign org.sonatype.plugins:nexus-staging-maven-plugin:deploy -DstagingRepositoryId="$1" -DnexusUrl=https://oss.sonatype.org -DserverId=sonatype-nexus-staging -DskipTests=true 38 | ./mvnw org.sonatype.plugins:nexus-staging-maven-plugin:rc-close org.sonatype.plugins:nexus-staging-maven-plugin:rc-release -DstagingRepositoryId="$1" -DnexusUrl=https://oss.sonatype.org -DserverId=sonatype-nexus-staging -DskipTests=true -DstagingProgressTimeoutMinutes=10 39 | 40 | git checkout "$BRANCH" 41 | -------------------------------------------------------------------------------- /scripts/list_staged_release.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | RC_LIST=$(mvn org.sonatype.plugins:nexus-staging-maven-plugin:rc-list -DserverId=sonatype-nexus-staging -DnexusUrl=https://oss.sonatype.org | grep -A 2 "\[INFO\] ID State Description") 5 | STAGED=$(echo "$RC_LIST" | grep 'OPEN' | cut -f 2 -d ' ') 6 | echo "$STAGED" 7 | --------------------------------------------------------------------------------