AGentooCat/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix eepsite jetty.xml and jetty-ssl.xml files

Browse Source 
Migration script for eepsite jetty.xml and jetty-ssl.xml files
Add exclude protocols
This commit is contained in:
zzz
2017-03-01 16:42:57 +00:00
parent 3631efa567
commit d3abbe86e9
3 changed files with 410 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

165
installer/resources/eepsite/jetty-ssl.xml
View File

@@ -175,87 +175,108 @@
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<!-- if NIO is not available, use org.eclipse.jetty.server.ssl.SslSocketConnector -->
<New id="sslContextFactory" class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="KeyStore">./eepsite/etc/keystore.ks</Set>
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="KeyStorePath">./eepsite/etc/keystore.ks</Set>
<Set name="KeyStorePassword">changeit</Set>
<Set name="KeyManagerPassword">myKeyPassword</Set>
<Set name="TrustStore">./eepsite/etc/keystore.ks</Set>
<Set name="TrustStorePath">./eepsite/etc/keystore.ks</Set>
<Set name="TrustStorePassword">changeit</Set>
<Set name="ExcludeCipherSuites">
<Array type="java.lang.String">
<Item>SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DH_anon_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_DH_anon_WITH_3DES_EDE_CBC_SHA</Item>
<Item>SSL_DH_anon_WITH_DES_CBC_SHA</Item>
<Item>SSL_DH_anon_WITH_RC4_128_MD5</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_WITH_NULL_MD5</Item>
<Item>SSL_RSA_WITH_NULL_SHA</Item>
<Item>TLS_DH_anon_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DH_anon_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_DH_anon_WITH_AES_128_GCM_SHA256</Item>
<Item>TLS_DH_anon_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_DH_anon_WITH_AES_256_CBC_SHA256</Item>
<Item>TLS_DH_anon_WITH_AES_256_GCM_SHA384</Item>
<Item>TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_ECDH_anon_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_ECDH_anon_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_ECDH_anon_WITH_NULL_SHA</Item>
<Item>TLS_ECDH_anon_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDH_ECDSA_WITH_NULL_SHA</Item>
<Item>TLS_ECDHE_ECDSA_WITH_NULL_SHA</Item>
<Item>TLS_ECDHE_RSA_WITH_NULL_SHA</Item>
<Item>TLS_ECDH_RSA_WITH_NULL_SHA</Item>
<Item>TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5</Item>
<Item>TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA</Item>
<Item>TLS_KRB5_EXPORT_WITH_RC4_40_MD5</Item>
<Item>TLS_KRB5_EXPORT_WITH_RC4_40_SHA</Item>
<Item>TLS_KRB5_WITH_3DES_EDE_CBC_MD5</Item>
<Item>TLS_KRB5_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_KRB5_WITH_DES_CBC_MD5</Item>
<Item>TLS_KRB5_WITH_DES_CBC_SHA</Item>
<Item>TLS_KRB5_WITH_RC4_128_MD5</Item>
<Item>TLS_KRB5_WITH_RC4_128_SHA</Item>
<Item>TLS_RSA_WITH_NULL_SHA256</Item>
<Item>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>SSL_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>SSL_RSA_WITH_RC4_128_MD5</Item>
<Item>SSL_RSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDH_ECDSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDH_RSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDHE_ECDSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDHE_RSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
<!-- Please keep this list in sync with the one in I2PSSLSocketFactory -->
</Array>
</Set>
<Set name="ExcludeProtocols">
<Array type="java.lang.String">
<Item>SSLv2Hello</Item>
<Item>SSLv3</Item>
</Array>
</Set>
</New>
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Arg><Ref id="sslContextFactory" /></Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg><Ref id="Server" /></Arg>
<Arg type="int">1</Arg> <!-- number of acceptors -->
<Arg type="int">0</Arg> <!-- default number of selectors -->
<Arg>
<Array type="org.eclipse.jetty.server.ConnectionFactory"> <!-- varargs so we need an array -->
<Item>
<New class="org.eclipse.jetty.server.SslConnectionFactory">
<Arg><Ref id="sslContextFactory" /></Arg>
<Arg>http/1.1</Arg>
</New>
</Item>
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg>
<New class="org.eclipse.jetty.server.HttpConfiguration">
<Set name="sendServerVersion">false</Set>
<Set name="sendDateHeader">true</Set>
</New>
</Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="host">127.0.0.1</Set>
<Set name="port">7668</Set>
<Set name="maxIdleTime">600000</Set>
<Set name="useDirectBuffers">false</Set>
<Set name="acceptors">1</Set>
<Set name="statsOn">false</Set>
<Set name="lowResourcesConnections">5000</Set>
<Set name="lowResourcesMaxIdleTime">5000</Set>
<Set name="ExcludeCipherSuites">
<Array type="java.lang.String">
<Item>SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DH_anon_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_DH_anon_WITH_3DES_EDE_CBC_SHA</Item>
<Item>SSL_DH_anon_WITH_DES_CBC_SHA</Item>
<Item>SSL_DH_anon_WITH_RC4_128_MD5</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_WITH_NULL_MD5</Item>
<Item>SSL_RSA_WITH_NULL_SHA</Item>
<Item>TLS_DH_anon_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DH_anon_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_DH_anon_WITH_AES_128_GCM_SHA256</Item>
<Item>TLS_DH_anon_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_DH_anon_WITH_AES_256_CBC_SHA256</Item>
<Item>TLS_DH_anon_WITH_AES_256_GCM_SHA384</Item>
<Item>TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_ECDH_anon_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_ECDH_anon_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_ECDH_anon_WITH_NULL_SHA</Item>
<Item>TLS_ECDH_anon_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDH_ECDSA_WITH_NULL_SHA</Item>
<Item>TLS_ECDHE_ECDSA_WITH_NULL_SHA</Item>
<Item>TLS_ECDHE_RSA_WITH_NULL_SHA</Item>
<Item>TLS_ECDH_RSA_WITH_NULL_SHA</Item>
<Item>TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5</Item>
<Item>TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA</Item>
<Item>TLS_KRB5_EXPORT_WITH_RC4_40_MD5</Item>
<Item>TLS_KRB5_EXPORT_WITH_RC4_40_SHA</Item>
<Item>TLS_KRB5_WITH_3DES_EDE_CBC_MD5</Item>
<Item>TLS_KRB5_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_KRB5_WITH_DES_CBC_MD5</Item>
<Item>TLS_KRB5_WITH_DES_CBC_SHA</Item>
<Item>TLS_KRB5_WITH_RC4_128_MD5</Item>
<Item>TLS_KRB5_WITH_RC4_128_SHA</Item>
<Item>TLS_RSA_WITH_NULL_SHA256</Item>
<Item>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>SSL_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>SSL_RSA_WITH_RC4_128_MD5</Item>
<Item>SSL_RSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDH_ECDSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDH_RSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDHE_ECDSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDHE_RSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
<!-- Please keep this list in sync with the one in I2PSSLSocketFactory -->
</Array>
</Set>
<Set name="idleTimeout">600000</Set>
</New>
</Arg>
</Call>

112
installer/resources/eepsite/jetty.xml
View File

@@ -12,16 +12,16 @@
<!-- * port: Default 7658 in the addConnector section -->
<!-- * docroot: Change the ResourceBase in the contexts/base-context.xml file -->
<!-- to serve files from a different location. -->
<!-- * threads: Raise maximumPoolSize in the ThreadPool section -->
<!-- * threads: Raise maxThreads in the ThreadPool section -->
<!-- if you have a high-traffic site and get a lot of warnings. -->
<!-- * Uncomment the addWebApplications section to use to enable -->
<!-- war files placed in the webapps/ dir. -->
<!-- * Uncomment the line to allow Jetty to follow symlinks -->
<!-- -->
<!-- I2P uses Jetty 7. If you need web server features not found -->
<!-- in Jetty 7, you may install and run Jetty 7 or 8 in a different JVM -->
<!-- I2P uses Jetty 9. If you need web server features not found -->
<!-- in Jetty 9, you may install and run Jetty 7 or 8 in a different JVM -->
<!-- or run any other web server such as Apache. If you do run another web -->
<!-- server instead, be sure and disable the Jetty 6 server for your -->
<!-- server instead, be sure and disable the Jetty 9 server for your -->
<!-- eepsite on http://127.0.0.1:7657/configclients.jsp . -->
<!-- -->
<!-- Jetty now uses the I2P logging system rather than wrapper.log. -->
@@ -41,13 +41,13 @@
<!-- -->
<!-- ========================================================================= -->
<!-- =============================================================== -->
<!-- Configure the Jetty Server -->
<!-- -->
<!-- Documentation of this file format can be found at: -->
<!-- http://docs.codehaus.org/display/JETTY/jetty.xml -->
<!-- -->
<!-- =============================================================== -->
<!-- ========================================================================= -->
<!-- Configure the Jetty Server -->
<!-- -->
<!-- Documentation of this file format can be found at: -->
<!-- http://www.eclipse.org/jetty/documentation/current/jetty-xml-config.html -->
<!-- -->
<!-- ========================================================================= -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">
@@ -55,7 +55,7 @@
<!-- =========================================================== -->
<!-- Server Thread Pool -->
<!-- =========================================================== -->
<Set name="ThreadPool">
<Arg>
<!-- PICK ONE -->
@@ -71,6 +71,9 @@
http://trac.i2p2.i2p/ticket/1395
-->
<New class="org.eclipse.jetty.util.thread.QueuedThreadPool">
<Arg type="int">20</Arg> <!-- maxThreads, overridden below -->
<Arg type="int">3</Arg> <!-- minThreads, overridden below -->
<Arg type="int">60000</Arg> <!-- maxIdleTimeMs, overridden below -->
<Arg>
<New class="java.util.concurrent.LinkedBlockingQueue">
<Arg type="int">40</Arg>
@@ -78,43 +81,11 @@
</Arg>
<Set name="minThreads">3</Set>
<Set name="maxThreads">20</Set>
<Set name="maxIdleTimeMs">60000</Set>
<Set name="idleTimeout">60000</Set>
<Set name="daemon">true</Set>
<Set name="name">Eepsite Jetty</Set>
</New>
<!-- Optional Java 5 bounded threadpool with job queue
Requests above the max will be rejected and logged.
High-traffic sites should increase maximumPoolSize.
Args are:
corePoolSize (should be at least 3)
maximumPoolSize
keepAliveTime (milliseconds)
timeout (TimeUnit)
queue (BlockingQueue)
Not recommended.
ref:
http://trac.i2p2.i2p/ticket/1395
http://docs.oracle.com/javase/6/docs/api/java/util/concurrent/ThreadPoolExecutor.html
-->
<!--
<New class="org.eclipse.jetty.util.thread.ExecutorThreadPool">
<Arg type="int">3</Arg>
<Arg type="int">20</Arg>
<Arg type="long">60000</Arg>
<Arg>
<Call class="java.util.concurrent.TimeUnit" name="valueOf" >
<Arg>MILLISECONDS</Arg>
</Call>
</Arg>
<Arg>
<New class="java.util.concurrent.SynchronousQueue" />
</Arg>
</New>
-->
</Set>
</Arg>
@@ -133,36 +104,31 @@
-->
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg><Ref id="Server" /></Arg>
<Arg type="int">1</Arg> <!-- number of acceptors -->
<Arg type="int">0</Arg> <!-- default number of selectors -->
<Arg>
<Array type="org.eclipse.jetty.server.ConnectionFactory"> <!-- varargs so we need an array -->
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg>
<New class="org.eclipse.jetty.server.HttpConfiguration">
<Set name="sendServerVersion">false</Set>
<Set name="sendDateHeader">true</Set>
</New>
</Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="host">127.0.0.1</Set>
<Set name="port">7658</Set>
<Set name="maxIdleTime">600000</Set>
<Set name="Acceptors">1</Set>
<Set name="statsOn">false</Set>
<Set name="lowResourcesConnections">5000</Set>
<Set name="lowResourcesMaxIdleTime">5000</Set>
<Set name="useDirectBuffers">false</Set>
<Set name="idleTimeout">600000</Set>
</New>
</Arg>
</Call>
<!-- Recommended to use this connector on Java 5, as
Jetty 6 and Java 5 NIO don't play well together.
-->
<!--
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.bio.SocketConnector">
<Set name="host">127.0.0.1</Set>
<Set name="port">7658</Set>
<Set name="maxIdleTime">600000</Set>
<Set name="Acceptors">1</Set>
<Set name="statsOn">false</Set>
</New>
</Arg>
</Call>
-->
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<!-- To add a HTTPS SSL listener -->
<!-- see jetty-ssl.xml to add an ssl connector. use -->
@@ -242,7 +208,7 @@
<Ref id="DeploymentManager">
<Call name="addAppProvider">
<Arg>
<New class="org.eclipse.jetty.deploy.providers.ContextProvider">
<New class="org.eclipse.jetty.deploy.providers.WebAppProvider">
<Set name="monitoredDirName">./eepsite/contexts</Set>
<Set name="scanInterval">120</Set>
</New>
@@ -332,8 +298,6 @@
<!-- extra options -->
<!-- =========================================================== -->
<Set name="stopAtShutdown">true</Set>
<Set name="sendServerVersion">false</Set>
<Set name="sendDateHeader">true</Set>
<Set name="gracefulShutdown">1000</Set>
<Set name="stopTimeout">1000</Set>
</Configure>

287
router/java/src/net/i2p/router/startup/MigrateJetty.java
View File

@@ -6,13 +6,25 @@ package net.i2p.router.startup;
*/
import java.io.File;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileInputStream;
import java.io.OutputStreamWriter;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.List;
import net.i2p.data.DataHelper;
import net.i2p.router.RouterContext;
import net.i2p.util.FileUtil;
import net.i2p.util.I2PSSLSocketFactory;
import net.i2p.util.SecureFileOutputStream;
import net.i2p.util.VersionComparator;
/**
* Migrate the clients.config and jetty.xml files
* from Jetty 5/6 to Jetty 7.
* from Jetty 5/6 to Jetty 7/8.
* Also migrate jetty.xml from Jetty 7/8 to Jetty 9.
*
* For each client for class org.mortbay.jetty.Server:
*<pre>
@@ -29,7 +41,8 @@ import net.i2p.router.RouterContext;
* Copies clients.config to clients.config.jetty6;
* Saves new clients.config.
*
* Does NOT preserve port number, thread counts, etc.
* Does NOT preserve port number, thread counts, etc. in the migration to 7/8.
* DOES preserve everything in the migration to 9.
*
* @since Jetty 6
*/
@@ -42,24 +55,43 @@ abstract class MigrateJetty {
private static final String NEW_CLASS = "net.i2p.jetty.JettyStart";
private static final String TEST_CLASS = "org.eclipse.jetty.server.Server";
private static final String BACKUP_SUFFIX = ".jetty6";
private static final String BACKUP_SUFFIX_8 = ".jetty8";
private static final String JETTY_TEMPLATE_DIR = "eepsite-jetty7";
private static final String JETTY_TEMPLATE_PKGDIR = "eepsite";
private static final String BASE_CONTEXT = "contexts/base-context.xml";
private static final String CGI_CONTEXT = "contexts/cgi-context.xml";
private static final String PROP_JETTY9_MIGRATED = "router.startup.jetty9.migrated";
/**
* For each entry in apps, if the main class is an old Jetty class,
* migrate it to the new Jetty class, and update the Jetty config files.
*/
public static void migrate(RouterContext ctx, List<ClientAppConfig> apps) {
if (ctx.getBooleanProperty(PROP_JETTY9_MIGRATED))
return;
String installed = ctx.getProperty("router.firstVersion");
if (installed != null && VersionComparator.comp(installed, "0.9.30") >= 0) {
ctx.router().saveConfig(PROP_JETTY9_MIGRATED, "true");
return;
}
boolean shouldSave = false;
boolean jetty9success = false;
for (int i = 0; i < apps.size(); i++) {
ClientAppConfig app = apps.get(i);
if (!(app.className.equals(OLD_CLASS) || app.className.equals(OLD_CLASS_6)))
String client;
String backupSuffix;
if (app.className.equals(NEW_CLASS)) {
client = "client application " + i + " [" + app.clientName +
"] from Jetty 7/8 to Jetty 9";
backupSuffix = BACKUP_SUFFIX_8;
} else if (app.className.equals(OLD_CLASS) || app.className.equals(OLD_CLASS_6)) {
client = "client application " + i + " [" + app.clientName +
"] from Jetty 5/6 " + app.className +
" to Jetty 7 " + NEW_CLASS;
backupSuffix = BACKUP_SUFFIX;
} else {
continue;
String client = "client application " + i + " [" + app.clientName +
"] from Jetty 5/6 " + app.className +
" to Jetty 7 " + NEW_CLASS;
}
if (!hasLatestJetty()) {
System.err.println("WARNING: Jetty 7 unavailable, cannot migrate " + client);
continue;
@@ -80,12 +112,38 @@ abstract class MigrateJetty {
continue;
}
File eepsite = xmlFile.getParentFile();
boolean ok = backupFile(xmlFile);
boolean ok = backupFile(xmlFile, backupSuffix);
if (!ok) {
System.err.println("WARNING: Failed to backup up XML file " + xmlFile +
", cannot migrate " + client);
continue;
}
if (app.className.equals(NEW_CLASS)) {
// Do the migration of 8 to 9, handle additional command-line xml files too
for (int j = 0; j < args.length; j++) {
if (j > 0) {
// probably jetty-ssl.xml
xmlFile = new File(args[j]);
ok = backupFile(xmlFile, backupSuffix);
if (!ok) {
System.err.println("WARNING: Failed to backup up XML file " + xmlFile +
", cannot migrate " + client);
continue;
}
}
boolean ok9 = migrateToJetty9(xmlFile);
if (ok9) {
System.err.println("WARNING: Migrated " + client + ".\n" +
"Check the " + xmlFile.getName() + " file in " + eepsite + ".\n" +
"Your old " + xmlFile.getName() + " file was backed up to " + xmlFile.getAbsolutePath() + BACKUP_SUFFIX_8);
jetty9success = true;
}
}
continue;
}
// Below here is migration of 5/6 to 7/8
File baseEep = new File(ctx.getBaseDir(), JETTY_TEMPLATE_DIR);
// in packages, or perhaps on an uninstall/reinstall, the files are in eepsite/
if (!baseEep.exists())
@@ -144,8 +202,212 @@ abstract class MigrateJetty {
" to Jetty 7 " + NEW_CLASS);
}
}
if (jetty9success)
ctx.router().saveConfig(PROP_JETTY9_MIGRATED, "true");
}
/**
* Migrate a jetty.xml file to Jetty 9.
* Unlike above, where we just migrate the new install file over for Jetty 7/8,
* here we modify the xml file in-place to preserve settings where possible.
*
* @return success
* @since Jetty 9
*/
private static boolean migrateToJetty9(File xmlFile) {
// we don't re-migrate from the template, we just add the
// necessary args for the QueuedThreadPool constructor in-place
// and fixup the renamed set call
boolean modified = false;
File eepsite = xmlFile.getParentFile();
File newFile = new File(eepsite, xmlFile.getName() + System.currentTimeMillis() + ".tmp");
FileInputStream in = null;
PrintWriter out = null;
try {
in = new FileInputStream(xmlFile);
out = new PrintWriter(new BufferedWriter(new OutputStreamWriter(new SecureFileOutputStream(newFile), "UTF-8")));
String s;
boolean foundQTP = false;
boolean foundSTP = false;
boolean foundETP = false;
boolean foundSCC = false;
boolean foundHC = false;
boolean foundSSCC = false;
while ((s = DataHelper.readLine(in)) != null) {
// readLine() doesn't strip \r
if (s.endsWith("\r"))
s = s.substring(0, s.length() - 1);
if (s.contains("org.eclipse.jetty.util.thread.QueuedThreadPool")) {
foundQTP = true;
} else if (foundQTP) {
if (!(s.contains("Modified by") || s.contains("<Arg type=\"int\">"))) {
out.println(" <!-- Modified by I2P migration script for Jetty 9. Do not remove this line -->");
out.println(" <Arg type=\"int\">20</Arg> <!-- maxThreads, overridden below -->");
out.println(" <Arg type=\"int\">3</Arg> <!-- minThreads, overridden below -->");
out.println(" <Arg type=\"int\">60000</Arg> <!-- maxIdleTimeMs, overridden below -->");
modified = true;
}
foundQTP = false;
}
if (s.contains("<Set name=\"maxIdleTimeMs\">")) {
// <Set name="maxIdleTimeMs">60000</Set>
s = s.replace("<Set name=\"maxIdleTimeMs\">", "<Set name=\"idleTimeout\">");
modified = true;
} else if (s.contains("<Set name=\"ThreadPool\">")) {
// <Set name="ThreadPool">, must be changed to constructor arg
out.println(" <!-- Modified by I2P migration script for Jetty 9. Do not remove this line -->");
s = s.replace("<Set name=\"ThreadPool\">", "<Arg>");
foundSTP = true;
modified = true;
} else if (foundSTP && !foundETP && s.contains("</Set>") && !s.contains("<Set")) {
// </Set> (close of <Set name="ThreadPool">)
// All the lines above have <Set>...</Set> on the same line, if they don't, this will break.
s = s.replace("</Set>", "</Arg>");
foundETP = true;
} else if (s.contains("org.eclipse.jetty.server.nio.SelectChannelConnector")) {
s = s.replace("org.eclipse.jetty.server.nio.SelectChannelConnector", "org.eclipse.jetty.server.ServerConnector");
out.println(" <!-- Modified by I2P migration script for Jetty 9. Do not remove this line -->");
out.println(s);
out.println(" <Arg><Ref id=\"Server\" /></Arg>");
out.println(" <Arg type=\"int\">1</Arg> <!-- number of acceptors -->");
out.println(" <Arg type=\"int\">0</Arg> <!-- default number of selectors -->");
out.println(" <Arg>");
out.println(" <Array type=\"org.eclipse.jetty.server.ConnectionFactory\"> <!-- varargs so we need an array -->");
out.println(" <Item>");
out.println(" <New class=\"org.eclipse.jetty.server.HttpConnectionFactory\">");
out.println(" <Arg>");
out.println(" <New class=\"org.eclipse.jetty.server.HttpConfiguration\">");
out.println(" <Set name=\"sendServerVersion\">false</Set>");
out.println(" <Set name=\"sendDateHeader\">true</Set>");
out.println(" </New>");
out.println(" </Arg>");
out.println(" </New>");
out.println(" </Item>");
out.println(" </Array>");
out.println(" </Arg>");
modified = true;
continue;
// SSL starts here
} else if (s.contains("org.eclipse.jetty.http.ssl.SslContextFactory")) {
s = s.replace("org.eclipse.jetty.http.ssl.SslContextFactory", "org.eclipse.jetty.util.ssl.SslContextFactory");
out.println(" <!-- Modified by I2P migration script for Jetty 9. Do not remove this line -->");
out.println(s);
// don't try to migrate from below, just generate a new list
out.println(" <Set name=\"ExcludeCipherSuites\">");
out.println(" <Array type=\"java.lang.String\">");
for (String ss : I2PSSLSocketFactory.EXCLUDE_CIPHERS) {
out.println(" <Item>" + ss + "</Item>");
}
out.println(" </Array>");
out.println(" </Set>");
out.println(" <Set name=\"ExcludeProtocols\">");
out.println(" <Array type=\"java.lang.String\">");
for (String ss : I2PSSLSocketFactory.EXCLUDE_PROTOCOLS) {
out.println(" <Item>" + ss + "</Item>");
}
out.println(" </Array>");
out.println(" </Set>");
modified = true;
continue;
} else if (s.contains("org.eclipse.jetty.server.ssl.SslSelectChannelConnector")) {
s = s.replace("org.eclipse.jetty.server.ssl.SslSelectChannelConnector", "org.eclipse.jetty.server.ServerConnector");
out.println(" <!-- Modified by I2P migration script for Jetty 9. Do not remove this line -->");
out.println(s);
out.println(" <Arg><Ref id=\"Server\" /></Arg>");
out.println(" <Arg type=\"int\">1</Arg> <!-- number of acceptors -->");
out.println(" <Arg type=\"int\">0</Arg> <!-- default number of selectors -->");
out.println(" <Arg>");
out.println(" <Array type=\"org.eclipse.jetty.server.ConnectionFactory\"> <!-- varargs so we need an array -->");
out.println(" <Item>");
out.println(" <New class=\"org.eclipse.jetty.server.SslConnectionFactory\">");
out.println(" <Arg><Ref id=\"sslContextFactory\" /></Arg>");
out.println(" <Arg>http/1.1</Arg>");
out.println(" </New>");
out.println(" </Item>");
out.println(" <Item>");
out.println(" <New class=\"org.eclipse.jetty.server.HttpConnectionFactory\">");
out.println(" <Arg>");
out.println(" <New class=\"org.eclipse.jetty.server.HttpConfiguration\">");
out.println(" <Set name=\"sendServerVersion\">false</Set>");
out.println(" <Set name=\"sendDateHeader\">true</Set>");
out.println(" </New>");
out.println(" </Arg>");
out.println(" </New>");
out.println(" </Item>");
out.println(" </Array>");
out.println(" </Arg>");
foundSSCC = true;
modified = true;
continue;
} else if (foundSSCC && s.contains("<Set name=\"ExcludeCipherSuites\">")) {
// delete the old ExcludeCipherSuites in this section
do {
s = DataHelper.readLine(in);
} while(s != null && !s.contains("</Set>"));
modified = true;
continue;
} else if (foundSSCC &&
s.contains("<Ref id=\"sslContextFactory\"")) {
// delete old one in this section, replaced above
modified = true;
continue;
} else if (s.contains("<Set name=\"KeyStore\">")) {
s = s.replace("<Set name=\"KeyStore\">", "<Set name=\"KeyStorePath\">");
modified = true;
} else if (s.contains("<Set name=\"TrustStore\">")) {
s = s.replace("<Set name=\"TrustStore\">", "<Set name=\"TrustStorePath\">");
modified = true;
// SSL ends here
} else if (s.contains("class=\"org.eclipse.jetty.deploy.providers.ContextProvider\">")) {
// WebAppProvider now also does what ContextProvider used to do
out.println(" <!-- Modified by I2P migration script for Jetty 9. Do not remove this line -->");
s = s.replace("class=\"org.eclipse.jetty.deploy.providers.ContextProvider\">", "class=\"org.eclipse.jetty.deploy.providers.WebAppProvider\">");
modified = true;
} else if (s.contains("<Set name=\"maxIdleTime\">")) {
s = s.replace("<Set name=\"maxIdleTime\">", "<Set name=\"idleTimeout\">");
modified = true;
} else if (s.contains("<Set name=\"gracefulShutdown\">")) {
s = s.replace("<Set name=\"gracefulShutdown\">", "<Set name=\"stopTimeout\">");
modified = true;
} else if (s.contains("org.eclipse.jetty.server.HttpConfiguration")) {
foundHC = true;
} else if (!foundHC &&
(s.contains("<Set name=\"sendServerVersion\">") ||
s.contains("<Set name=\"sendDateHeader\">"))) {
// old ones for Server, not in HTTPConfiguration section, delete
modified = true;
continue;
} else if (s.contains("<Set name=\"Acceptors\">") ||
s.contains("<Set name=\"acceptors\">") ||
s.contains("<Set name=\"statsOn\">") ||
s.contains("<Set name=\"confidentialPort\">") ||
s.contains("<Set name=\"lowResourcesConnections\">") ||
s.contains("<Set name=\"lowResourcesMaxIdleTime\">") ||
s.contains("<Set name=\"useDirectBuffers\">")) {
// delete
modified = true;
continue;
}
out.println(s);
}
} catch (IOException ioe) {
if (in != null) {
System.err.println("FAILED migration of " + xmlFile + ": " + ioe);
}
return false;
} finally {
if (in != null) try { in.close(); } catch (IOException ioe) {}
if (out != null) out.close();
}
if (modified) {
return FileUtil.rename(newFile, xmlFile);
} else {
newFile.delete();
return true;
}
}
/** do we have Jetty 7? */
private static boolean hasLatestJetty() {
if (!_wasChecked) {
@@ -164,9 +426,18 @@ abstract class MigrateJetty {
* @since Jetty 7
*/
private static boolean backupFile(File from) {
return backupFile(from, BACKUP_SUFFIX);
}
/**
* Backup a file with given suffix
* @return success
* @since Jetty 9
*/
private static boolean backupFile(File from, String suffix) {
if (!from.exists())
return true;
File to = new File(from.getAbsolutePath() + BACKUP_SUFFIX);
File to = new File(from.getAbsolutePath() + suffix);
if (to.exists())
to = new File(to.getAbsolutePath() + "." + System.currentTimeMillis());
boolean rv = WorkingDir.copyFile(from, to);