Upgrading jetty from 9.2.18 to 9.4.9

agent/build.gradle

@@ -32,7 +32,10 @@ dependencies {
   compile group: 'org.objenesis', name: 'objenesis', version: project.versions.objenesis
   compile group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.47'
   compile group: 'commons-configuration', name: 'commons-configuration', version: '1.10'
-  compile group: 'org.eclipse.jetty.websocket', name: 'websocket-client', version: versions.jetty
+  compile(group: 'org.eclipse.jetty.websocket', name: 'websocket-client', version: versions.jetty){
+    exclude module: 'jetty-xml'
+  }
+
   compile group: 'org.nanohttpd', name: 'nanohttpd', version: versions.nanohttpd
 
   testCompile project(path: ':common', configuration: 'testOutput')
@@ -128,6 +131,8 @@ task verifyJar(type: VerifyJarTask) {
       "jdom-2.0.2.jar",
       "jetty-io-${versions.jetty}.jar",
       "jetty-util-${versions.jetty}.jar",
+      "jetty-client-${versions.jetty}.jar",
+      "jetty-http-${versions.jetty}.jar",
       "joda-time-2.3.jar",
       "jolt-core-0.1.0.jar",
       "json-utils-0.1.0.jar",

base/src/main/java/com/thoughtworks/go/util/SystemEnvironment.java

@@ -166,7 +166,7 @@ public class SystemEnvironment implements Serializable, ConfigDirProvider {
     public static GoSystemProperty<String> GO_SSL_TRANSPORT_PROTOCOL_TO_BE_USED_BY_AGENT = new GoStringSystemProperty("go.ssl.agent.protocol", "TLSv1.2");
     public static GoSystemProperty<String> GO_SSL_CERTS_ALGORITHM = new GoStringSystemProperty("go.ssl.cert.algorithm", "SHA512WITHRSA");
     public static GoSystemProperty<String> GO_SSL_CERTS_PUBLIC_KEY_ALGORITHM = new GoStringSystemProperty("go.ssl.cert.public-key.algorithm", "SHA256WithRSAEncryption");
-    public static GoSystemProperty<Boolean> GO_SSL_CONFIG_ALLOW = new GoBooleanSystemProperty("go.ssl.config.allow", true);
+    public static GoSystemProperty<Boolean> GO_SSL_CONFIG_CLEAR_JETTY_DEFAULT_EXCLUSIONS = new GoBooleanSystemProperty("go.ssl.config.clear.default.exclusions", true);
     public static GoSystemProperty<String[]> GO_SSL_INCLUDE_CIPHERS = new GoStringArraySystemProperty("go.ssl.ciphers.include", null);
     public static GoSystemProperty<String[]> GO_SSL_EXCLUDE_CIPHERS = new GoStringArraySystemProperty("go.ssl.ciphers.exclude", null);
     public static GoSystemProperty<String[]> GO_SSL_INCLUDE_PROTOCOLS = new GoStringArraySystemProperty("go.ssl.protocols.include", null);

build.gradle

@@ -157,7 +157,7 @@ rootProject.ext.versions = [
   gson                : '2.8.2',
   hamcrest            : '1.3',
   jcommander          : '1.72',
-  jetty               : '9.2.18.v20160721',
+  jetty               : '9.4.8.v20171121',
   jgit                : '4.9.0.201710071750-r',
   jsonAssert          : '1.5.0',
   jsonUnit            : '1.28.1',

common/src/test/java/com/thoughtworks/go/util/SystemEnvironmentTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2017 ThoughtWorks, Inc.
+ * Copyright 2018 ThoughtWorks, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -353,14 +353,6 @@ public void shouldAbleToOverrideDefaultLandingPageAsPipelines() throws Exception
         }
     }
 
-    @Test
-    public void shouldAllowSSLConfigurationByDefault() {
-        assertThat(SystemEnvironment.GO_SSL_CONFIG_ALLOW.propertyName(), is("go.ssl.config.allow"));
-        assertThat(systemEnvironment.get(SystemEnvironment.GO_SSL_CONFIG_ALLOW), is(true));
-        System.setProperty(SystemEnvironment.GO_SSL_CONFIG_ALLOW.propertyName(), "false");
-        assertThat(systemEnvironment.get(SystemEnvironment.GO_SSL_CONFIG_ALLOW), is(false));
-    }
-
     @Test
     public void shouldSetTLS1Dot2AsDefaultTransportProtocolForAgent() {
         assertThat(SystemEnvironment.GO_SSL_TRANSPORT_PROTOCOL_TO_BE_USED_BY_AGENT.propertyName(), is("go.ssl.agent.protocol"));

jetty9/src/main/java/com/thoughtworks/go/server/AssetsContextHandler.java

@@ -59,6 +59,12 @@ private AssetsHandler() {
             resourceHandler.setEtags(false);
         }
 
+        @Override
+        protected void doStart() throws Exception {
+            resourceHandler.doStart();
+            super.doStart();
+        }
+
         public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
             if (shouldNotHandle()) return;
             this.resourceHandler.handle(target, baseRequest, request, response);

jetty9/src/main/java/com/thoughtworks/go/server/Jetty9Server.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2017 ThoughtWorks, Inc.
+ * Copyright 2018 ThoughtWorks, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -28,7 +28,8 @@
 import org.eclipse.jetty.server.handler.AbstractHandler;
 import org.eclipse.jetty.server.handler.ContextHandler;
 import org.eclipse.jetty.server.handler.HandlerCollection;
-import org.eclipse.jetty.servlets.gzip.GzipHandler;
+import org.eclipse.jetty.server.handler.gzip.GzipHandler;
+import org.eclipse.jetty.server.session.SessionHandler;
 import org.eclipse.jetty.webapp.JettyWebXmlConfiguration;
 import org.eclipse.jetty.webapp.WebAppContext;
 import org.eclipse.jetty.webapp.WebInfConfiguration;
@@ -54,7 +55,7 @@
 public class Jetty9Server extends AppServer {
     protected static String JETTY_XML_LOCATION_IN_JAR = "/defaultFiles/config";
     private static final String JETTY_XML = "jetty.xml";
-    private static final String JETTY_VERSION = "jetty-v9.2.3";
+    private static final String JETTY_VERSION = "jetty-v9.4.8.v20171121";
     private Server server;
     private WebAppContext webAppContext;
     private static final Logger LOG = LoggerFactory.getLogger(Jetty9Server.class);
@@ -68,7 +69,7 @@ public Jetty9Server(SystemEnvironment systemEnvironment, String password, SSLSoc
         super(systemEnvironment, password, sslSocketFactory);
         systemEnvironment.set(SystemEnvironment.JETTY_XML_FILE_NAME, JETTY_XML);
         this.server = server;
-        goSSLConfig = new GoSSLConfig(sslSocketFactory, systemEnvironment);
+        goSSLConfig = new GoSSLConfig(systemEnvironment);
     }
 
     @Override
@@ -139,12 +140,12 @@ public void addExtraJarsToClasspath(String extraClasspath) {
 
     @Override
     public void setSessionConfig() {
-        SessionManager sessionManager = webAppContext.getSessionHandler().getSessionManager();
-        SessionCookieConfig sessionCookieConfig = sessionManager.getSessionCookieConfig();
+        SessionHandler sessionHandler = webAppContext.getSessionHandler();
+        SessionCookieConfig sessionCookieConfig = sessionHandler.getSessionCookieConfig();
         sessionCookieConfig.setHttpOnly(true);
         sessionCookieConfig.setSecure(systemEnvironment.isSessionCookieSecure());
         sessionCookieConfig.setMaxAge(systemEnvironment.sessionCookieMaxAgeInSeconds());
-        sessionManager.setMaxInactiveInterval(systemEnvironment.sessionTimeoutInSeconds());
+        sessionHandler.setMaxInactiveInterval(systemEnvironment.sessionTimeoutInSeconds());
     }
 
     @Override

jetty9/src/main/java/com/thoughtworks/go/server/config/GoSSLConfig.java

@@ -1,18 +1,18 @@
-/*************************GO-LICENSE-START*********************************
- * Copyright 2015 ThoughtWorks, Inc.
+/*
+ * Copyright 2018 ThoughtWorks, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *    http://www.apache.org/licenses/LICENSE-2.0
+ *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- *************************GO-LICENSE-END***********************************/
+ */
 
 package com.thoughtworks.go.server.config;
 
@@ -21,39 +21,36 @@
 import javax.net.ssl.SSLSocketFactory;
 
 public class GoSSLConfig implements SSLConfig {
-    private final SSLConfig config;
-
-    public GoSSLConfig(SSLSocketFactory socketFactory, SystemEnvironment systemEnvironment) {
-        if (systemEnvironment.get(SystemEnvironment.GO_SSL_CONFIG_ALLOW)) {
-            config = new ConfigurableSSLSettings(systemEnvironment);
-        } else {
-            config = new WeakSSLConfig(socketFactory);
-        }
+    private SystemEnvironment systemEnvironment;
+
+    public GoSSLConfig(SystemEnvironment systemEnvironment) {
+        this.systemEnvironment = systemEnvironment;
     }
 
     @Override
     public String[] getCipherSuitesToBeIncluded() {
-        return config.getCipherSuitesToBeIncluded();
+        return systemEnvironment.get(SystemEnvironment.GO_SSL_INCLUDE_CIPHERS);
     }
 
     @Override
     public String[] getCipherSuitesToBeExcluded() {
-        return config.getCipherSuitesToBeExcluded();
+        return systemEnvironment.get(SystemEnvironment.GO_SSL_EXCLUDE_CIPHERS);
     }
 
     @Override
     public String[] getProtocolsToBeExcluded() {
-        return config.getProtocolsToBeExcluded();
+        return systemEnvironment.get(SystemEnvironment.GO_SSL_EXCLUDE_PROTOCOLS);
+
     }
 
     @Override
     public String[] getProtocolsToBeIncluded() {
-        return config.getProtocolsToBeIncluded();
+        return systemEnvironment.get(SystemEnvironment.GO_SSL_INCLUDE_PROTOCOLS);
     }
 
     @Override
     public boolean isRenegotiationAllowed() {
-        return config.isRenegotiationAllowed();
+        return systemEnvironment.get(SystemEnvironment.GO_SSL_RENEGOTIATION_ALLOWED);
     }
 }
 

jetty9/src/main/java/com/thoughtworks/go/server/util/GoSslSocketConnector.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2017 ThoughtWorks, Inc.
+ * Copyright 2018 ThoughtWorks, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -62,6 +62,10 @@ private Connector sslConnector(Server server) {
         httpsConfig.addCustomizer(new ForwardedRequestCustomizer());
 
         SslContextFactory sslContextFactory = new SslContextFactory();
+        if(systemEnvironment.get(SystemEnvironment.GO_SSL_CONFIG_CLEAR_JETTY_DEFAULT_EXCLUSIONS)){
+            sslContextFactory.setExcludeProtocols();
+            sslContextFactory.setExcludeCipherSuites();
+        }
         sslContextFactory.setKeyStorePath(keystore.getPath());
         sslContextFactory.setKeyStorePassword(password);
         sslContextFactory.setKeyManagerPassword(password);

jetty9/src/main/java/com/thoughtworks/go/server/util/Jetty9Request.java

@@ -1,21 +1,22 @@
-/*************************GO-LICENSE-START*********************************
- * Copyright 2015 ThoughtWorks, Inc.
+/*
+ * Copyright 2018 ThoughtWorks, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *    http://www.apache.org/licenses/LICENSE-2.0
+ *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- *************************GO-LICENSE-END***********************************/
+ */
 
 package com.thoughtworks.go.server.util;
 
+import org.eclipse.jetty.http.HttpURI;
 import org.eclipse.jetty.server.Request;
 
 public class Jetty9Request implements ServletRequest {
@@ -32,17 +33,17 @@ public String getUrl() {
 
     @Override
     public String getUriPath() {
-        return request.getUri().getPath();
+        return request.getHttpURI().getPath();
     }
 
     @Override
     public String getUriAsString() {
-        return request.getUri().toString();
+        return request.getHttpURI().getPathQuery();
     }
 
     @Override
     public void setRequestURI(String uri) {
-        request.setRequestURI(uri);
+        request.getHttpURI().setPath(uri);
     }
 
     @Override