Merge branch 'eclipse-vertx:master' into cidr-change

Author: AyanKoche

pom.xml

@@ -94,12 +94,24 @@
       <classifier>linux-x86_64</classifier>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>io.netty</groupId>
+      <artifactId>netty-transport-native-epoll</artifactId>
+      <classifier>linux-aarch_64</classifier>
+      <scope>test</scope>
+    </dependency>
     <dependency>
       <groupId>io.netty</groupId>
       <artifactId>netty-transport-native-kqueue</artifactId>
       <classifier>osx-x86_64</classifier>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>io.netty</groupId>
+      <artifactId>netty-transport-native-kqueue</artifactId>
+      <classifier>osx-aarch_64</classifier>
+      <scope>test</scope>
+    </dependency>
   </dependencies>
 
   <profiles>

vertx-mssql-client/src/main/java/io/vertx/mssqlclient/impl/MSSQLSocketConnection.java

@@ -21,10 +21,7 @@
 import io.vertx.core.impl.future.PromiseInternal;
 import io.vertx.core.net.ClientSSLOptions;
 import io.vertx.core.net.HostAndPort;
-import io.vertx.core.net.impl.NetSocketInternal;
-import io.vertx.core.net.impl.SSLHelper;
-import io.vertx.core.net.impl.SslChannelProvider;
-import io.vertx.core.net.impl.SslHandshakeCompletionHandler;
+import io.vertx.core.net.impl.*;
 import io.vertx.core.spi.metrics.ClientMetrics;
 import io.vertx.mssqlclient.MSSQLConnectOptions;
 import io.vertx.mssqlclient.MSSQLInfo;
@@ -116,7 +113,7 @@ Future<Void> enableSsl(boolean clientConfigSsl, byte encryptionLevel, MSSQLConne
     // options.getApplicationLayerProtocols()
     Future<SslChannelProvider> f = sslHelper.resolveSslChannelProvider(sslOptions, "", false, null, null, context);
     return f.compose(provider -> {
-      SslHandler sslHandler = provider.createClientSslHandler(socket.remoteAddress(), null, sslOptions.isUseAlpn(), sslOptions.isTrustAll(), sslOptions.getSslHandshakeTimeout(), sslOptions.getSslHandshakeTimeoutUnit());
+      SslHandler sslHandler = provider.createClientSslHandler(socket.remoteAddress(), null, sslOptions.isUseAlpn(), sslOptions.getSslHandshakeTimeout(), sslOptions.getSslHandshakeTimeoutUnit());
 
       // 3. TdsSslHandshakeCodec manages SSL payload encapsulated in TDS packets
       TdsSslHandshakeCodec tdsSslHandshakeCodec = new TdsSslHandshakeCodec();

vertx-mysql-client/src/main/java/io/vertx/mysqlclient/impl/MySQLSocketConnection.java

@@ -30,6 +30,7 @@
 import io.vertx.mysqlclient.MySQLAuthenticationPlugin;
 import io.vertx.mysqlclient.MySQLConnectOptions;
 import io.vertx.mysqlclient.SslMode;
+import io.vertx.mysqlclient.impl.codec.ClearCachedStatementsEvent;
 import io.vertx.mysqlclient.impl.codec.MySQLCodec;
 import io.vertx.mysqlclient.impl.codec.MySQLPacketDecoder;
 import io.vertx.mysqlclient.impl.command.InitialHandshakeCommand;
@@ -114,6 +115,21 @@ protected <R> void doSchedule(CommandBase<R> cmd, Handler<AsyncResult<R>> handle
     }
   }
 
+  @Override
+  protected void handleMessage(Object msg) {
+    if (msg == ClearCachedStatementsEvent.INSTANCE) {
+      clearCachedStatements();
+    } else {
+      super.handleMessage(msg);
+    }
+  }
+
+  private void clearCachedStatements() {
+    if (this.psCache != null) {
+      this.psCache.clear();
+    }
+  }
+
   public Future<Void> upgradeToSsl(ClientSSLOptions sslOptions) {
     return socket.upgradeToSsl(sslOptions);
   }

vertx-mysql-client/src/main/java/io/vertx/mysqlclient/impl/codec/ClearCachedStatementsEvent.java

@@ -0,0 +1,13 @@
+package io.vertx.mysqlclient.impl.codec;
+
+/**
+ * An event that signals all cached statements must be cleared from the cache.
+ */
+public class ClearCachedStatementsEvent {
+
+  public static final ClearCachedStatementsEvent INSTANCE = new ClearCachedStatementsEvent();
+
+  private ClearCachedStatementsEvent() {
+    // Singleton
+  }
+}

vertx-mysql-client/src/main/java/io/vertx/mysqlclient/impl/codec/ResetConnectionCommandCodec.java

@@ -30,6 +30,7 @@ void encode(MySQLEncoder encoder) {
 
   @Override
   void decodePayload(ByteBuf payload, int payloadLength) {
+    encoder.chctx.fireChannelRead(ClearCachedStatementsEvent.INSTANCE);
     handleOkPacketOrErrorPacketPayload(payload);
   }
 

vertx-mysql-client/src/test/java/io/vertx/mysqlclient/MySQLTLSTest.java

@@ -13,6 +13,9 @@
 
 import io.vertx.core.Future;
 import io.vertx.core.Vertx;
+import io.vertx.core.VertxOptions;
+import io.vertx.core.buffer.Buffer;
+import io.vertx.core.dns.AddressResolverOptions;
 import io.vertx.core.net.ClientSSLOptions;
 import io.vertx.core.net.PemKeyCertOptions;
 import io.vertx.core.net.PemTrustOptions;
@@ -295,6 +298,49 @@ public void testConnFailWithVerifyIdentitySslMode(TestContext ctx) {
     }));
   }
 
+  @Test
+  public void testVerifyIdentityInvalidHostname(TestContext ctx) {
+    options.setSslMode(SslMode.VERIFY_IDENTITY);
+    options.getSslOptions()
+      .setHostnameVerificationAlgorithm("HTTPS")
+      .setTrustOptions(new PemTrustOptions().addCertPath("tls/files/ca.pem"))
+      .setKeyCertOptions(new PemKeyCertOptions()
+        .setCertPath("tls/files/client-cert.pem")
+        .setKeyPath("tls/files/client-key.pem"));
+    // The hostname in the test certificate is mysql.vertx.test, so 'localhost' should make for a failed connection
+    options.setHost("localhost");
+
+    MySQLConnection.connect(vertx, options).onComplete( ctx.asyncAssertFailure(err -> {
+      ctx.assertEquals(err.getMessage(), "No name matching localhost found");
+    }));
+  }
+
+  @Test
+  public void testVerifyIdentityCorrectHostname(TestContext ctx) {
+    Vertx vertxWithHosts = Vertx.vertx(
+      new VertxOptions()
+        .setAddressResolverOptions(
+          new AddressResolverOptions()
+            .setHostsValue(Buffer.buffer("127.0.0.1 mysql.vertx.test\n"))
+        )
+    );
+
+    options.setSslMode(SslMode.VERIFY_IDENTITY);
+    options.getSslOptions()
+      .setHostnameVerificationAlgorithm("HTTPS")
+      .setTrustOptions(new PemTrustOptions().addCertPath("tls/files/ca.pem"))
+      .setKeyCertOptions(new PemKeyCertOptions()
+        .setCertPath("tls/files/client-cert.pem")
+        .setKeyPath("tls/files/client-key.pem"));
+    // The hostname in the test certificate is mysql.vertx.test
+    options.setHost("mysql.vertx.test");
+
+    MySQLConnection.connect(vertxWithHosts, options).onComplete( ctx.asyncAssertSuccess(conn -> {
+      ctx.assertTrue(conn.isSSL());
+      vertxWithHosts.close();
+    }));
+  }
+
   @Test
   public void testConnFail(TestContext ctx) {
     options.setSslMode(SslMode.REQUIRED);

vertx-mysql-client/src/test/java/io/vertx/mysqlclient/MySQLUtilityCommandTest.java

@@ -17,6 +17,7 @@
 import io.vertx.ext.unit.junit.VertxUnitRunner;
 import io.vertx.sqlclient.Row;
 import io.vertx.sqlclient.RowSet;
+import io.vertx.sqlclient.Tuple;
 import org.junit.After;
 import org.junit.Assume;
 import org.junit.Before;
@@ -160,6 +161,19 @@ public void testResetConnection(TestContext ctx) {
     }));
   }
 
+  @Test
+  public void testResetConnectionClearsPreparedStatementCache(TestContext ctx) {
+    Assume.assumeFalse(rule.isUsingMySQL5_6());
+    MySQLConnectOptions connectOptions = new MySQLConnectOptions(options).setCachePreparedStatements(true);
+    MySQLConnection.connect(vertx, connectOptions).onComplete(ctx.asyncAssertSuccess(conn -> {
+      conn.preparedQuery("SELECT 1").execute(Tuple.tuple()).onComplete(ctx.asyncAssertSuccess(res1 -> {
+        conn.resetConnection().onComplete(ctx.asyncAssertSuccess(rst -> {
+          conn.preparedQuery("SELECT 1").execute(Tuple.tuple()).onComplete(ctx.asyncAssertSuccess());
+        }));
+      }));
+    }));
+  }
+
   @Test
   public void testChangeUser(TestContext ctx) {
     MySQLConnection.connect(vertx, options).onComplete( ctx.asyncAssertSuccess(conn -> {

vertx-mysql-client/src/test/resources/tls/files/server-cert.pem

@@ -1,19 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIDBDCCAeygAwIBAgIBAjANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE3X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTE5MDkwMjAzMjc1MVoXDTI5MDgzMDAzMjc1MVowQDE+MDwGA1UEAww1TXlTUUxf
-U2VydmVyXzguMC4xN19BdXRvX0dlbmVyYXRlZF9TZXJ2ZXJfQ2VydGlmaWNhdGUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDg00pPuJv078OExAy7wfx/
-YsPiukl+OpyQAuF/45La5yDIwx3v55MxYqkX9TCuAIZUprWVllf51sOkNHsB/skC
-ZCYiXFlPmi9nCiK4TAuqN5c0rdjVdn8eFt4/CeAzHDC2bvoKbnOwDLKtponqbW8u
-nYkXWQDAxYyojxIUc3wNuyPkefFTkEjuIl3DyhyKZhfFPg0mbDB8t91gSB6oBrEa
-K9LMHJ4fWDsOSRLru8wUXPdstMD8zqKQjVfvG/4U5gb+dYycaZ+cRmPgHjarI+St
-R2ZG9wXs/J1wllciz4fr0je7+R2j7HHKqTY6JqSz0hZjd1Hej2zWAho1K5KqkDbt
-AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAAb0+bViRmYt
-Enm/jDGyGFCUGCbh8xnxREBLe3SZZTaJ8mVJOZ9wsC7NBCEqkgt6FzcSxIftF0Iz
-ppYpL0XqyYRMHnrtWZBzgkflhTltdNhVTl4sdfrYxJ7kAJ//WSk/wGsa6U7jD5SW
-I3rWfGOcVbnRA+rBDxslg7hSbnoIH19FUBqiIsAMQgSm1/6zlOsA7VPFvSVojSI8
-oGbOOmFsX/Jm793TJvT5ly8ZOCF/EMD+QnK/pS8BiDbTYauvU5Rzfl4fEQVW55YL
-YQAdSj/sUYAcv47Qlx7hp1GrLWHgVynTIC+kwEWKczNQofhL6Ewh3QutiwwD39+K
-KmqT2KQLyKA=
+MIIDZDCCAkygAwIBAgIUfAA0jelPI0Xwr+tkPO8Oz7OnNZkwDQYJKoZIhvcNAQEN
+BQAwPDE6MDgGA1UEAwwxTXlTUUxfU2VydmVyXzguMC4xN19BdXRvX0dlbmVyYXRl
+ZF9DQV9DZXJ0aWZpY2F0ZTAeFw0yNDAzMTExNTE2MDVaFw00NDAzMDYxNTE2MDVa
+MBsxGTAXBgNVBAMMEG15c3FsLnZlcnR4LnRlc3QwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDg00pPuJv078OExAy7wfx/YsPiukl+OpyQAuF/45La5yDI
+wx3v55MxYqkX9TCuAIZUprWVllf51sOkNHsB/skCZCYiXFlPmi9nCiK4TAuqN5c0
+rdjVdn8eFt4/CeAzHDC2bvoKbnOwDLKtponqbW8unYkXWQDAxYyojxIUc3wNuyPk
+efFTkEjuIl3DyhyKZhfFPg0mbDB8t91gSB6oBrEaK9LMHJ4fWDsOSRLru8wUXPds
+tMD8zqKQjVfvG/4U5gb+dYycaZ+cRmPgHjarI+StR2ZG9wXs/J1wllciz4fr0je7
++R2j7HHKqTY6JqSz0hZjd1Hej2zWAho1K5KqkDbtAgMBAAGjfzB9MAwGA1UdEwEB
+/wQCMAAwHQYDVR0OBBYEFIiHxyASKXMPzKI/uDEi36Afv6ExME4GA1UdIwRHMEWh
+QKQ+MDwxOjA4BgNVBAMMMU15U1FMX1NlcnZlcl84LjAuMTdfQXV0b19HZW5lcmF0
+ZWRfQ0FfQ2VydGlmaWNhdGWCAQEwDQYJKoZIhvcNAQENBQADggEBAAPIZqs8818j
+7+J6W7WDYlmVRyDK1BH/16/tAAUGSo7IJt09bSp6bm2eAlEp9nDgLLTQSPjfGz+f
+Zp1OIdeeKouOFeZfZ5924n7RS1eP49PGD2ZTpk551Rnthni7isL8fOwBx+kZzUIM
+7AQaEi8By5wpwcfNowSMlKR/Wm9OTGqZmmHSixK3HrI6yvHDJwe7fZ6dAl9DDViX
+j0hAQnuROsWz3aZkTF3DJ+CGlYjdQvArrazNgsrBbRvAH7VoGYICxahEYMRenXxz
+1Y1ITH7Mi/+53HQge/RoMCVSNQuyVgr3i5fgz5P+GFxdFc0HCC9uanD/PcObOhBs
+38m1J0pH5Q4=
 -----END CERTIFICATE-----

vertx-pg-client/README.adoc

@@ -311,7 +311,7 @@ mvn test -DcontainerFixedPort
 You can run tests with an external database:
 
 - the script `src/test/resources/create-postgres.sql` creates the test data
-- the `TLSTest` expects the database to be configured with SSL with `src/test/resources/tls/server.key` / `src/test/resources/tls/server.cert``
+- the `TLSTest` expects the database to be configured with SSL with `src/test/resources/tls/server.key` / `src/test/resources/tls/server.cert` `src/test/resources/tls/pg_hba.conf` as an example how to force SSL
 
 You need to add some properties for testing:
 
@@ -321,6 +321,7 @@ You need to add some properties for testing:
 
 - connection.uri(mandatory): configure the client to connect the specified database
 - tls.connection.uri(mandatory): configure the client to run `TLSTest` with the specified Postgres with SSL enabled
+- tls.force.connection.uri(mandatory): configure the client to run `TLSTest` with the specified Postgres with SSL forced (only option)
 - unix.socket.directory(optional): the single unix socket directory(multiple socket directories are not supported) to test Unix domain socket with a specified database, domain socket tests will be skipped if this property is not specified
 (Note: Make sure you can access the unix domain socket with this directory under your host machine)
 - unix.socket.port(optional): unix socket file is named `.s.PGSQL.nnnn` and `nnnn` is the server's port number,
@@ -339,5 +340,5 @@ Run the Postgres containers with `docker compose`:
 Run tests:
 
 ```
-> mvn test -Dconnection.uri=postgres://$username:$password@$host:$port/$database -Dtls.connection.uri=postgres://$username:$password@$host:$port/$database -Dunix.socket.directory=$path -Dunix.socket.port=$port
+> mvn test -Dconnection.uri=postgres://$username:$password@$host:$port/$database -Dtls.connection.uri=postgres://$username:$password@$host:$port/$database -Dtls.force.connection.uri=postgres://$username:$password@$host:$port/$database -Dunix.socket.directory=$path -Dunix.socket.port=$port
 ```

vertx-pg-client/src/main/java/io/vertx/pgclient/impl/PgConnectionFactory.java

@@ -70,56 +70,61 @@ protected Future<Connection> doConnectInternal(PgConnectOptions options, Context
     } catch (Exception e) {
       return context.failedFuture(e);
     }
-    String username = options.getUser();
-    String password = options.getPassword();
-    String database = options.getDatabase();
     SocketAddress server = options.getSocketAddress();
-    Map<String, String> properties = options.getProperties() != null ? Collections.unmodifiableMap(options.getProperties()) : null;
-    return doConnect(server, context, options).flatMap(conn -> {
-      PgSocketConnection socket = (PgSocketConnection) conn;
-      socket.init();
-      return Future.<Connection>future(p -> socket.sendStartupMessage(username, password, database, properties, p))
-        .map(conn);
-    });
+    return connect(server, context, true, options);
   }
 
-  public void cancelRequest(PgConnectOptions options, int processId, int secretKey, Handler<AsyncResult<Void>> handler) {
-    doConnect(options.getSocketAddress(), vertx.createEventLoopContext(), options).onComplete(ar -> {
-      if (ar.succeeded()) {
-        PgSocketConnection conn = (PgSocketConnection) ar.result();
-        conn.sendCancelRequestMessage(processId, secretKey, handler);
-      } else {
-        handler.handle(Future.failedFuture(ar.cause()));
-      }
-    });
+  public Future<Void> cancelRequest(PgConnectOptions options, int processId, int secretKey) {
+    return connect(options.getSocketAddress(), vertx.createEventLoopContext(), false, options)
+      .compose(conn -> {
+        PgSocketConnection socket = (PgSocketConnection) conn;
+        return socket.sendCancelRequestMessage(processId, secretKey);
+      });
   }
 
-  private Future<Connection> doConnect(SocketAddress server, ContextInternal context, PgConnectOptions options) {
+  private Future<Connection> connect(SocketAddress server, ContextInternal context, boolean sendStartupMessage, PgConnectOptions options) {
     SslMode sslMode = options.isUsingDomainSocket() ? SslMode.DISABLE : options.getSslMode();
     ConnectOptions connectOptions = new ConnectOptions()
       .setRemoteAddress(server);
     Future<Connection> connFuture;
     switch (sslMode) {
       case DISABLE:
-        connFuture = doConnect(connectOptions, context, false, options);
+        connFuture = connect(connectOptions, context, false, sendStartupMessage, options);
         break;
       case ALLOW:
-        connFuture = doConnect(connectOptions, context, false, options).recover(err -> doConnect(connectOptions, context, true, options));
+        connFuture = connect(connectOptions, context, false, sendStartupMessage, options).recover(err -> connect(connectOptions, context, true, sendStartupMessage, options));
         break;
       case PREFER:
-        connFuture = doConnect(connectOptions, context, true, options).recover(err -> doConnect(connectOptions, context, false, options));
+        connFuture = connect(connectOptions, context, true, sendStartupMessage, options).recover(err -> connect(connectOptions, context, false, sendStartupMessage, options));
         break;
       case REQUIRE:
       case VERIFY_CA:
       case VERIFY_FULL:
-        connFuture = doConnect(connectOptions, context, true, options);
+        connFuture = connect(connectOptions, context, true, sendStartupMessage, options);
         break;
       default:
         return context.failedFuture(new IllegalArgumentException("Unsupported SSL mode"));
     }
     return connFuture;
   }
 
+  private Future<Connection> connect(ConnectOptions connectOptions, ContextInternal context, boolean ssl, boolean sendStartupMessage, PgConnectOptions options) {
+    Future<Connection> res = doConnect(connectOptions, context, ssl, options);
+    if (sendStartupMessage) {
+      return res.flatMap(conn -> {
+        PgSocketConnection socket = (PgSocketConnection) conn;
+        socket.init();
+        String username = options.getUser();
+        String password = options.getPassword();
+        String database = options.getDatabase();
+        Map<String, String> properties = options.getProperties() != null ? Collections.unmodifiableMap(options.getProperties()) : null;
+        return socket.sendStartupMessage(username, password, database, properties);
+      });
+    } else {
+      return res;
+    }
+  }
+
   private Future<Connection> doConnect(ConnectOptions connectOptions, ContextInternal context, boolean ssl, PgConnectOptions options) {
     Future<NetSocket> soFut;
     try {