From 31376f953583c99215d491a6aaae6bb6c7622e66 Mon Sep 17 00:00:00 2001 From: Clement Escoffier Date: Tue, 20 Sep 2022 08:28:13 +0200 Subject: [PATCH] Update to Netty 4.1.82 and Brotli4J 1.8.0 - Add a substitution to avoid using the BouncyCastle (BC) PEM reader when BC is unavailable. --- bom/application/pom.xml | 4 +- .../runtime/graal/NettySubstitutions.java | 76 +++++++++++++++++++ 2 files changed, 78 insertions(+), 2 deletions(-) diff --git a/bom/application/pom.xml b/bom/application/pom.xml index dd3fb2c75300c..945643edfee8e 100644 --- a/bom/application/pom.xml +++ b/bom/application/pom.xml @@ -133,8 +133,8 @@ 13.0.10.Final 4.4.3.Final 2.9.3 - 4.1.79.Final - 1.7.1 + 4.1.82.Final + 1.8.0 1.0.3 3.5.0.Final 1.7.0 diff --git a/extensions/netty/runtime/src/main/java/io/quarkus/netty/runtime/graal/NettySubstitutions.java b/extensions/netty/runtime/src/main/java/io/quarkus/netty/runtime/graal/NettySubstitutions.java index 760a4fc0ad4af..392f64a240d93 100644 --- a/extensions/netty/runtime/src/main/java/io/quarkus/netty/runtime/graal/NettySubstitutions.java +++ b/extensions/netty/runtime/src/main/java/io/quarkus/netty/runtime/graal/NettySubstitutions.java @@ -5,17 +5,26 @@ import static io.netty.handler.codec.http.HttpHeaderValues.X_DEFLATE; import static io.netty.handler.codec.http.HttpHeaderValues.X_GZIP; +import java.io.File; +import java.io.IOException; +import java.io.InputStream; import java.nio.ByteBuffer; +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyException; +import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.Provider; import java.security.cert.X509Certificate; +import java.security.spec.InvalidKeySpecException; import java.util.Collections; import java.util.List; import java.util.Map; import java.util.Queue; import java.util.Set; import java.util.concurrent.LinkedBlockingDeque; +import java.util.function.BooleanSupplier; +import javax.crypto.NoSuchPaddingException; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLException; @@ -29,6 +38,7 @@ import io.netty.bootstrap.AbstractBootstrapConfig; import io.netty.bootstrap.ChannelFactory; +import io.netty.buffer.ByteBuf; import io.netty.buffer.ByteBufAllocator; import io.netty.channel.Channel; import io.netty.channel.ChannelFuture; @@ -549,6 +559,72 @@ private void setOpensslEngineSocketFd(Channel c) { } } +@TargetClass(className = "io.netty.handler.ssl.PemReader") +final class Alias_PemReader { + + @Alias + public static ByteBuf readPrivateKey(File keyFile) { + return null; + } + + @Alias + public static ByteBuf readPrivateKey(InputStream in) throws KeyException { + return null; + } +} + +/** + * If BouncyCastle is not on the classpath, we must not try to read the PEM file using the BouncyCatle PEM reader. + */ +@TargetClass(className = "io.netty.handler.ssl.SslContext", onlyWith = IsBouncyNotThere.class) +final class Target_SslContext { + + @Substitute + protected static PrivateKey toPrivateKey(File keyFile, String keyPassword) throws NoSuchAlgorithmException, + NoSuchPaddingException, InvalidKeySpecException, + InvalidAlgorithmParameterException, + KeyException, IOException { + if (keyFile == null) { + return null; + } + + return getPrivateKeyFromByteBuffer(Alias_PemReader.readPrivateKey(keyFile), keyPassword); + } + + @Substitute + protected static PrivateKey toPrivateKey(InputStream keyInputStream, String keyPassword) + throws NoSuchAlgorithmException, + NoSuchPaddingException, InvalidKeySpecException, + InvalidAlgorithmParameterException, + KeyException, IOException { + if (keyInputStream == null) { + return null; + } + + return getPrivateKeyFromByteBuffer(Alias_PemReader.readPrivateKey(keyInputStream), keyPassword); + } + + @Alias + private static PrivateKey getPrivateKeyFromByteBuffer(ByteBuf encodedKeyBuf, String keyPassword) + throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, + InvalidAlgorithmParameterException, KeyException, IOException { + return null; + } +} + +class IsBouncyNotThere implements BooleanSupplier { + + @Override + public boolean getAsBoolean() { + try { + NettySubstitutions.class.getClassLoader().loadClass("org.bouncycastle.openssl.PEMParser"); + return false; + } catch (Exception e) { + return true; + } + } +} + class NettySubstitutions { }