diff --git a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/pom.xml b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/pom.xml
index 955c5218fb4d..148269bea357 100644
--- a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/pom.xml
+++ b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/pom.xml
@@ -6,7 +6,7 @@
org.eclipse.jetty
jetty-alpn
- 12.0.16-SNAPSHOT
+ 12.0.17-SNAPSHOT
jetty-alpn-bouncycastle-client
Core :: ALPN :: Bouncy Castle Client
diff --git a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/main/java/module-info.java b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/main/java/module-info.java
index 910ab12cacf5..e53031e3753c 100644
--- a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/main/java/module-info.java
+++ b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/main/java/module-info.java
@@ -11,13 +11,16 @@
// ========================================================================
//
+import org.eclipse.jetty.alpn.bouncycastle.client.BouncyCastleClientALPNProcessor;
+
module org.eclipse.jetty.alpn.bouncycastle.client
{
requires org.slf4j;
requires transitive org.eclipse.jetty.alpn.client;
+ requires org.bouncycastle.fips.core;
requires org.bouncycastle.fips.tls;
provides org.eclipse.jetty.io.ssl.ALPNProcessor.Client with
- org.eclipse.jetty.alpn.bouncycastle.client.BouncycastleClientALPNProcessor;
+ BouncyCastleClientALPNProcessor;
}
diff --git a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/main/java/org/eclipse/jetty/alpn/bouncycastle/client/BouncycastleClientALPNProcessor.java b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/main/java/org/eclipse/jetty/alpn/bouncycastle/client/BouncyCastleClientALPNProcessor.java
similarity index 83%
rename from jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/main/java/org/eclipse/jetty/alpn/bouncycastle/client/BouncycastleClientALPNProcessor.java
rename to jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/main/java/org/eclipse/jetty/alpn/bouncycastle/client/BouncyCastleClientALPNProcessor.java
index 55b1fbf2d34c..558e4a61e63d 100644
--- a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/main/java/org/eclipse/jetty/alpn/bouncycastle/client/BouncycastleClientALPNProcessor.java
+++ b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/main/java/org/eclipse/jetty/alpn/bouncycastle/client/BouncyCastleClientALPNProcessor.java
@@ -17,6 +17,8 @@
import java.util.List;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
+
+import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import org.eclipse.jetty.alpn.client.ALPNClientConnection;
import org.eclipse.jetty.io.Connection;
@@ -26,14 +28,21 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public class BouncycastleClientALPNProcessor implements ALPNProcessor.Client
+public class BouncyCastleClientALPNProcessor implements ALPNProcessor.Client
{
- private static final Logger LOG = LoggerFactory.getLogger(BouncycastleClientALPNProcessor.class);
+ private static final Logger LOG = LoggerFactory.getLogger(BouncyCastleClientALPNProcessor.class);
@Override
public void init()
{
- if (Security.getProvider("BCJSSE") == null)
+ /* Required to instantiate a DEFAULT SecureRandom */
+ if (Security.getProvider(BouncyCastleFipsProvider.PROVIDER_NAME) == null)
+ {
+ Security.addProvider(new BouncyCastleFipsProvider());
+ if (LOG.isDebugEnabled())
+ LOG.debug("Added BouncyCastle FIPS provider");
+ }
+ if (Security.getProvider(BouncyCastleJsseProvider.PROVIDER_NAME) == null)
{
Security.addProvider(new BouncyCastleJsseProvider());
if (LOG.isDebugEnabled())
@@ -92,7 +101,7 @@ public void handshakeSucceeded(Event event)
}
catch (Throwable e)
{
- LOG.warn("Unable to process Bouncycastle ApplicationProtocol for {}", alpnConnection, e);
+ LOG.warn("Unable to process BouncyCastle ApplicationProtocol for {}", alpnConnection, e);
alpnConnection.selected(null);
}
}
diff --git a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/main/resources/META-INF/services/org.eclipse.jetty.io.ssl.ALPNProcessor$Client b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/main/resources/META-INF/services/org.eclipse.jetty.io.ssl.ALPNProcessor$Client
index af7cfc2b9312..30838a1a343a 100644
--- a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/main/resources/META-INF/services/org.eclipse.jetty.io.ssl.ALPNProcessor$Client
+++ b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/main/resources/META-INF/services/org.eclipse.jetty.io.ssl.ALPNProcessor$Client
@@ -1 +1 @@
-org.eclipse.jetty.alpn.bouncycastle.client.BouncycastleClientALPNProcessor
+org.eclipse.jetty.alpn.bouncycastle.client.BouncyCastleClientALPNProcessor
diff --git a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/test/java/org/eclipse/jetty/alpn/java/client/BouncycastleHTTP2ClientTest.java b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/test/java/org/eclipse/jetty/alpn/bouncycastle/client/BouncyCastleHTTP2ClientTest.java
similarity index 89%
rename from jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/test/java/org/eclipse/jetty/alpn/java/client/BouncycastleHTTP2ClientTest.java
rename to jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/test/java/org/eclipse/jetty/alpn/bouncycastle/client/BouncyCastleHTTP2ClientTest.java
index e6500b9d42d2..0074c5c831ae 100644
--- a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/test/java/org/eclipse/jetty/alpn/java/client/BouncycastleHTTP2ClientTest.java
+++ b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-client/src/test/java/org/eclipse/jetty/alpn/bouncycastle/client/BouncyCastleHTTP2ClientTest.java
@@ -11,15 +11,15 @@
// ========================================================================
//
-package org.eclipse.jetty.alpn.java.client;
-
-import static org.junit.jupiter.api.Assertions.assertTrue;
+package org.eclipse.jetty.alpn.bouncycastle.client;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.Security;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
+
+import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import org.eclipse.jetty.http.HttpFields;
import org.eclipse.jetty.http.HttpURI;
@@ -37,20 +37,24 @@
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
-public class BouncycastleHTTP2ClientTest
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+public class BouncyCastleHTTP2ClientTest
{
@Tag("external")
@Test
- public void testBouncycastleHTTP2Client() throws Exception
+ public void testBouncyCastleHTTP2Client() throws Exception
{
String host = "webtide.com";
int port = 443;
Assumptions.assumeTrue(canConnectTo(host, port));
- Security.insertProviderAt(new BouncyCastleJsseProvider(), 1);
+ /* Required to instantiate a DEFAULT SecureRandom */
+ Security.insertProviderAt(new BouncyCastleFipsProvider(), 1);
+ Security.insertProviderAt(new BouncyCastleJsseProvider(), 2);
SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
- sslContextFactory.setProvider("BCJSSE");
+ sslContextFactory.setProvider(BouncyCastleJsseProvider.PROVIDER_NAME);
try (HTTP2Client client = new HTTP2Client())
{
diff --git a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/pom.xml b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/pom.xml
index a6f488e39058..b812c7ea493b 100644
--- a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/pom.xml
+++ b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/pom.xml
@@ -5,7 +5,7 @@
org.eclipse.jetty
jetty-alpn
- 12.0.16-SNAPSHOT
+ 12.0.17-SNAPSHOT
jetty-alpn-bouncycastle-server
Core :: ALPN :: Bouncy Castle Server
@@ -33,7 +33,7 @@
org.eclipse.jetty
- jetty-alpn-conscrypt-client
+ jetty-alpn-bouncycastle-client
test
diff --git a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/main/java/module-info.java b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/main/java/module-info.java
index 14353f4aecc6..4798969ccb22 100644
--- a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/main/java/module-info.java
+++ b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/main/java/module-info.java
@@ -11,15 +11,16 @@
// ========================================================================
//
-import org.eclipse.jetty.alpn.bouncycastle.server.BouncycastleServerALPNProcessor;
+import org.eclipse.jetty.alpn.bouncycastle.server.BouncyCastleServerALPNProcessor;
-module org.eclipse.jetty.alpn.conscrypt.server
+module org.eclipse.jetty.alpn.bouncycastle.server
{
requires org.slf4j;
requires transitive org.eclipse.jetty.alpn.server;
+ requires org.bouncycastle.fips.core;
requires org.bouncycastle.fips.tls;
provides org.eclipse.jetty.io.ssl.ALPNProcessor.Server with
- BouncycastleServerALPNProcessor;
+ BouncyCastleServerALPNProcessor;
}
diff --git a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/main/java/org/eclipse/jetty/alpn/bouncycastle/server/BouncycastleServerALPNProcessor.java b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/main/java/org/eclipse/jetty/alpn/bouncycastle/server/BouncyCastleServerALPNProcessor.java
similarity index 96%
rename from jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/main/java/org/eclipse/jetty/alpn/bouncycastle/server/BouncycastleServerALPNProcessor.java
rename to jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/main/java/org/eclipse/jetty/alpn/bouncycastle/server/BouncyCastleServerALPNProcessor.java
index 38277a393175..7cb6894deeb7 100644
--- a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/main/java/org/eclipse/jetty/alpn/bouncycastle/server/BouncycastleServerALPNProcessor.java
+++ b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/main/java/org/eclipse/jetty/alpn/bouncycastle/server/BouncyCastleServerALPNProcessor.java
@@ -16,6 +16,7 @@
import java.util.List;
import java.util.function.BiFunction;
import javax.net.ssl.SSLEngine;
+
import org.eclipse.jetty.alpn.server.ALPNServerConnection;
import org.eclipse.jetty.io.Connection;
import org.eclipse.jetty.io.ssl.ALPNProcessor;
@@ -24,9 +25,9 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public class BouncycastleServerALPNProcessor implements ALPNProcessor.Server
+public class BouncyCastleServerALPNProcessor implements ALPNProcessor.Server
{
- private static final Logger LOG = LoggerFactory.getLogger(BouncycastleServerALPNProcessor.class);
+ private static final Logger LOG = LoggerFactory.getLogger(BouncyCastleServerALPNProcessor.class);
@Override
public boolean appliesTo(SSLEngine sslEngine)
diff --git a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/main/resources/META-INF/services/org.eclipse.jetty.io.ssl.ALPNProcessor$Server b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/main/resources/META-INF/services/org.eclipse.jetty.io.ssl.ALPNProcessor$Server
index 242bac9dde9d..be3c9738e7df 100644
--- a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/main/resources/META-INF/services/org.eclipse.jetty.io.ssl.ALPNProcessor$Server
+++ b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/main/resources/META-INF/services/org.eclipse.jetty.io.ssl.ALPNProcessor$Server
@@ -1 +1 @@
-org.eclipse.jetty.alpn.bouncycastle.server.BouncycastleServerALPNProcessor
+org.eclipse.jetty.alpn.bouncycastle.server.BouncyCastleServerALPNProcessor
diff --git a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/test/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptHTTP2ServerTest.java b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/test/java/org/eclipse/jetty/alpn/bouncycastle/server/BouncyCastleHTTP2ServerTest.java
similarity index 80%
rename from jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/test/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptHTTP2ServerTest.java
rename to jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/test/java/org/eclipse/jetty/alpn/bouncycastle/server/BouncyCastleHTTP2ServerTest.java
index 576efa632b95..338722541302 100644
--- a/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/test/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptHTTP2ServerTest.java
+++ b/jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/src/test/java/org/eclipse/jetty/alpn/bouncycastle/server/BouncyCastleHTTP2ServerTest.java
@@ -11,14 +11,15 @@
// ========================================================================
//
-package org.eclipse.jetty.alpn.conscrypt.server;
+package org.eclipse.jetty.alpn.bouncycastle.server;
import java.io.File;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.Security;
-import org.conscrypt.OpenSSLProvider;
+import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;
+import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
import org.eclipse.jetty.client.ContentResponse;
import org.eclipse.jetty.client.HttpClient;
@@ -36,24 +37,20 @@
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.Callback;
-import org.eclipse.jetty.util.JavaVersion;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.condition.DisabledOnOs;
import static org.junit.jupiter.api.Assertions.assertEquals;
-/**
- * Test server that verifies that the Conscrypt ALPN mechanism works for both server and client side
- */
-@DisabledOnOs(architectures = "aarch64", disabledReason = "Conscrypt does not provide aarch64 native libs as of version 2.5.2")
-public class ConscryptHTTP2ServerTest
+public class BouncyCastleHTTP2ServerTest
{
static
{
- Security.addProvider(new OpenSSLProvider());
+ /* Required to instantiate a DEFAULT SecureRandom */
+ Security.insertProviderAt(new BouncyCastleFipsProvider(), 1);
+ Security.insertProviderAt(new BouncyCastleJsseProvider(), 2);
}
private final HttpConfiguration httpsConfig = new HttpConfiguration();
@@ -80,12 +77,7 @@ private void configureSslContextFactory(SslContextFactory sslContextFactory)
File keys = path.resolve("keystore.p12").toFile();
sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
sslContextFactory.setKeyStorePassword("storepwd");
- sslContextFactory.setProvider("Conscrypt");
- if (JavaVersion.VERSION.getPlatform() < 9)
- {
- // Conscrypt enables TLSv1.3 by default but it's not supported in Java 8.
- sslContextFactory.addExcludeProtocols("TLSv1.3");
- }
+ sslContextFactory.setProvider(BouncyCastleJsseProvider.PROVIDER_NAME);
}
@BeforeEach
@@ -94,7 +86,7 @@ public void startServer() throws Exception
httpsConfig.setSecureScheme("https");
httpsConfig.setSendXPoweredBy(true);
httpsConfig.setSendServerVersion(true);
- httpsConfig.addCustomizer(new SecureRequestCustomizer());
+ httpsConfig.addCustomizer(new SecureRequestCustomizer(false));
HttpConnectionFactory http = new HttpConnectionFactory(httpsConfig);
HTTP2ServerConnectionFactory h2 = new HTTP2ServerConnectionFactory(httpsConfig);
@@ -140,11 +132,4 @@ public void testSimpleRequest() throws Exception
}
}
- @Test
- public void testSNIRequired() throws Exception
- {
- // The KeyStore contains 1 certificate with two DNS names.
- httpsConfig.getCustomizer(SecureRequestCustomizer.class).setSniRequired(true);
- testSimpleRequest();
- }
}
diff --git a/pom.xml b/pom.xml
index 44d384d257d7..49ca3f7c50ff 100644
--- a/pom.xml
+++ b/pom.xml
@@ -645,6 +645,16 @@
ecj
${eclipse.jdt.ecj.version}
+
+ org.eclipse.jetty
+ jetty-alpn-bouncycastle-client
+ ${project.version}
+
+
+ org.eclipse.jetty
+ jetty-alpn-bouncycastle-server
+ ${project.version}
+
org.eclipse.jetty
jetty-alpn-client