less netty is always a good day

Author: MrNavaStar

build.gradle

@@ -22,10 +22,12 @@ allprojects {
         maven { url "https://repo.papermc.io/repository/maven-public/" }    // Paper + Velocity
         maven { url "https://api.modrinth.com/maven/" }                     // Modrinth
     }
-    
-    tasks.withType(JavaCompile) {
-        options.encoding = "UTF-8"
-        options.release = project.javaVersion as Integer
+
+    tasks.withType(JavaCompile).tap {
+        configureEach {
+            options.encoding = "UTF-8"
+            options.release = project.javaVersion as Integer
+        }
     }
 }
 
@@ -39,16 +41,14 @@ subprojects {
         compileOnly "io.netty:netty-buffer:${project.netty_version}"
         compileOnly "io.netty:netty-transport:${project.netty_version}"
         compileOnly "io.netty:netty-handler:${project.netty_version}"
-        compileOnly "io.netty:netty-codec-http:${project.netty_version}"
-        compileOnly "io.netty:netty-codec-http2:${project.netty_version}"
         compileOnly "org.bouncycastle:bcpkix-jdk18on:${project.bouncy_version}"
         compileOnly "me.mrnavastar:r:${project.r_version}"
 
         compileOnly "org.projectlombok:lombok:${project.lombok_version}"
 	    annotationProcessor "org.projectlombok:lombok:${project.lombok_version}"
     }
 
-    task jarSources(type:Jar){
+    tasks.register('jarSources', Jar) {
         archiveBaseName.set("protoweaver")
         archiveClassifier.set("sources")
         exclude {

fabric/build.gradle

@@ -30,7 +30,6 @@ dependencies {
     include implementation("org.bouncycastle:bcpkix-jdk18on:${project.bouncy_version}")
     include implementation("org.bouncycastle:bcprov-jdk18on:${project.bouncy_version}")
     include implementation("org.bouncycastle:bcutil-jdk18on:${project.bouncy_version}")
-    include implementation("io.netty:netty-codec-http2:${project.netty_version}")
     include implementation("me.mrnavastar:r:${project.r_version}")
 
     // Mod Compat

forge/build.gradle

@@ -33,7 +33,6 @@ dependencies {
     include forgeRuntimeLibrary(implementation("org.bouncycastle:bcpkix-jdk18on:${project.bouncy_version}"))
     include forgeRuntimeLibrary(implementation("org.bouncycastle:bcprov-jdk18on:${project.bouncy_version}"))
     include forgeRuntimeLibrary(implementation("org.bouncycastle:bcutil-jdk18on:${project.bouncy_version}"))
-    include forgeRuntimeLibrary(implementation("io.netty:netty-codec-http2:${project.netty_version}"))
     include forgeRuntimeLibrary(implementation("me.mrnavastar:r:${project.r_version}"))
 
     // Mod Compat

loader-common/build.gradle

@@ -1,7 +1,7 @@
 apply plugin: "dev.architectury.loom"
 
 architectury {
-    common("fabric", "forge")
+    common("fabric")
 }
 
 loom {

loader-common/src/main/java/me/mrnavastar/protoweaver/loader/netty/Http2ServerResponseHandler.java

@@ -1,6 +1,5 @@
 package me.mrnavastar.protoweaver.loader.netty;
 
-import io.netty.handler.codec.http2.Http2SecurityUtil;
 import io.netty.handler.ssl.*;
 import lombok.Cleanup;
 import lombok.Getter;
@@ -23,30 +22,41 @@
 import java.security.*;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
-import java.util.Calendar;
-import java.util.Date;
-import java.util.Optional;
+import java.util.*;
 
 public class SSLContext {
 
     @Getter
     private static io.netty.handler.ssl.SslContext context;
     private static InputStream privateKey;
     private static InputStream cert;
+    private static final Provider provider = new BouncyCastleProvider();
+
+    // These https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
+    // Minus These https://datatracker.ietf.org/doc/html/rfc7540#appendix-A
+    private static final List<String> CIPHERS = List.of(
+            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+            "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+            "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+            "TLS_AES_128_GCM_SHA256",
+            "TLS_AES_256_GCM_SHA384",
+            "TLS_CHACHA20_POLY1305_SHA256"
+    );
 
     @SneakyThrows
     public static void init(String dir) {
-
-
-        Security.addProvider(new BouncyCastleProvider());
+        Security.addProvider(provider);
 
         Optional.ofNullable(System.getenv("PROTOWEAVER_PRIVATE_KEY")).ifPresent(value -> privateKey = new ByteArrayInputStream(value.getBytes(StandardCharsets.UTF_8)));
         Optional.ofNullable(System.getenv("PROTOWEAVER_CERT")).ifPresent(value -> cert = new ByteArrayInputStream(value.getBytes(StandardCharsets.UTF_8)));
 
         genKeys(dir);
         context = SslContextBuilder.forServer(cert, privateKey)
                 .sslProvider(OpenSsl.isAvailable() ? SslProvider.OPENSSL : SslProvider.JDK)
-                .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
+                .ciphers(CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
                 .applicationProtocolConfig(new ApplicationProtocolConfig(
                         ApplicationProtocolConfig.Protocol.ALPN,
                         ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
@@ -82,22 +92,18 @@ private static void genKeys(String dir) throws NoSuchAlgorithmException, Certifi
 
     // From https://stackoverflow.com/questions/29852290/self-signed-x509-certificate-with-bouncy-castle-in-java
     private static X509Certificate genCert(KeyPair keyPair) throws OperatorCreationException, CertificateException, IOException {
-        Provider bcProvider = new BouncyCastleProvider();
-        Security.addProvider(bcProvider);
-        X500Name dnName = new X500Name("CN=PROTOWEAVER");
-
         long now = System.currentTimeMillis();
         Date startDate = new Date(now);
         Calendar calendar = Calendar.getInstance();
         calendar.setTime(startDate);
         calendar.add(Calendar.YEAR, 999);
         Date endDate = calendar.getTime();
 
+        X500Name dnName = new X500Name("CN=PROTOWEAVER");
         ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
         JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(dnName, new BigInteger(Long.toString(now)), startDate, endDate, dnName, keyPair.getPublic());
-        BasicConstraints basicConstraints = new BasicConstraints(true);
-        certBuilder.addExtension(new ASN1ObjectIdentifier("2.5.29.19"), true, basicConstraints);
+        certBuilder.addExtension(new ASN1ObjectIdentifier("2.5.29.19"), true, new BasicConstraints(true));
 
-        return new JcaX509CertificateConverter().setProvider(bcProvider).getCertificate(certBuilder.build(contentSigner));
+        return new JcaX509CertificateConverter().setProvider(provider).getCertificate(certBuilder.build(contentSigner));
     }
 }

loader-common/src/main/java/me/mrnavastar/protoweaver/loader/netty/Http2Util.java

@@ -30,7 +30,6 @@ dependencies {
     jarJar implementation("org.bouncycastle:bcpkix-jdk18on:${project.bouncy_version}")
     jarJar implementation("org.bouncycastle:bcprov-jdk18on:${project.bouncy_version}")
     jarJar implementation("org.bouncycastle:bcutil-jdk18on:${project.bouncy_version}")
-    jarJar implementation("io.netty:netty-codec-http2:${project.netty_version}")
     jarJar implementation("me.mrnavastar:r:${project.r_version}")
 
     // Mod Compat

loader-common/src/main/java/me/mrnavastar/protoweaver/loader/netty/HttpHandler.java

@@ -13,7 +13,6 @@ dependencies {
     shadow implementation("org.bouncycastle:bcpkix-jdk18on:${project.bouncy_version}")
     shadow implementation("org.bouncycastle:bcprov-jdk18on:${project.bouncy_version}")
     shadow implementation("org.bouncycastle:bcutil-jdk18on:${project.bouncy_version}")
-    shadow implementation("io.netty:netty-codec-http2:${project.netty_version}")
 }
 
 shadowJar {
@@ -27,7 +26,6 @@ shadowJar {
     relocate 'me.mrnavastar.r', 'me.mrnavastar.protoweaver.libs.me.mrnavastar.r'
     relocate 'org.apache.fory', 'me.mrnavastar.protoweaver.libs.org.apache.fory'
     relocate 'org.bouncycastle', 'me.mrnavastar.protoweaver.libs.org.bouncycastle'
-    relocate 'io.netty', "me.mrnavastar.protoweaver.libs.io.netty"
 }
 
 jar.finalizedBy(shadowJar)