Switched to new versions of netty and tcnative

Related CLs:
https://codereview.chromium.org/2842333002/
https://codereview.chromium.org/2843223002/

BUG=712738
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.android:android_cronet_tester

Review-Url: https://codereview.chromium.org/2843293002
Cr-Commit-Position: refs/heads/master@{#467848}

DEPS

@@ -481,10 +481,10 @@ deps_os = {
       Var('chromium_git') + '/external/mockito/mockito.git' + '@' + 'de83ad4598ad4cf5ea53c69a8a8053780b04b850',
 
     'src/third_party/netty-tcnative/src':
-      Var('chromium_git') + '/external/netty-tcnative.git' + '@' + '2a25ec75d6889d32594a6f8b4d42962c15255d76',
+      Var('chromium_git') + '/external/netty-tcnative.git' + '@' + '5b46a8ef4a39c39c576fcdaaf718b585d75df463',
 
     'src/third_party/netty4/src':
-      Var('chromium_git') + '/external/netty4.git' + '@' + 'e0f26303b4ce635365be19414d0ac81f2ef6ba3c',
+      Var('chromium_git') + '/external/netty4.git' + '@' + 'cc4420b13bb4eeea5b1cf4f93b2755644cd3b120',
 
     'src/third_party/robolectric/robolectric':
       Var('chromium_git') + '/external/robolectric.git' + '@' + '2a0b6ba221c14f3371813a676ce06143353e448d',

components/cronet/android/BUILD.gn

@@ -587,7 +587,6 @@ android_library("cronet_test_apk_java") {
     "//base:base_java",
     "//base:base_java_test_support",
     "//net/android:net_java_test_support",
-    "//third_party/netty-tcnative:netty-tcnative_java",
     "//third_party/netty4:netty_all_java",
   ]
 
@@ -1024,7 +1023,6 @@ action("extract_cronet_test_jars") {
     "$root_out_dir/lib.java/components/cronet/android/cronet_test_apk_java.jar",
     "$root_out_dir/lib.java/net/android/net_java.jar",
     "$root_out_dir/lib.java/net/android/net_java_test_support.jar",
-    "$root_out_dir/lib.java/third_party/netty-tcnative/netty-tcnative_java.jar",
     "$root_out_dir/lib.java/url/url_java.jar",
     NETTY4_JAR_FILE,
   ]
@@ -1053,7 +1051,6 @@ action("extract_cronet_test_jars") {
     "//base:base_java_test_support",
     "//net/android:net_java",
     "//net/android:net_java_test_support",
-    "//third_party/netty-tcnative:netty-tcnative_java",
     "//third_party/netty4:netty_all_java",
     "//url:url_java",
   ]

components/cronet/android/test/javatests/src/org/chromium/net/BidirectionalStreamTest.java

@@ -46,7 +46,7 @@ public class BidirectionalStreamTest extends CronetTestBase {
 
         mTestFramework = startCronetTestFrameworkWithUrlAndCronetEngineBuilder(null, builder);
         assertTrue(Http2TestServer.startHttp2TestServer(
-                getContext(), QuicTestServer.getServerCert(), QuicTestServer.getServerCertKey()));
+                getContext(), SERVER_CERT_PEM, SERVER_KEY_PKCS8_PEM));
     }
 
     @Override

components/cronet/android/test/javatests/src/org/chromium/net/BrotliTest.java

@@ -20,7 +20,7 @@ public class BrotliTest extends CronetTestBase {
         // Load library first to create MockCertVerifier.
         System.loadLibrary("cronet_tests");
         assertTrue(Http2TestServer.startHttp2TestServer(
-                getContext(), QuicTestServer.getServerCert(), QuicTestServer.getServerCertKey()));
+                getContext(), SERVER_CERT_PEM, SERVER_KEY_PKCS8_PEM));
     }
 
     @Override

components/cronet/android/test/javatests/src/org/chromium/net/CronetTestBase.java

@@ -24,6 +24,16 @@ import java.net.URL;
  * Base test class for all CronetTest based tests.
  */
 public class CronetTestBase extends AndroidTestCase {
+    /**
+     * Name of the file that contains the test server certificate in PEM format.
+     */
+    static final String SERVER_CERT_PEM = "quic_test.example.com.crt";
+
+    /**
+     * Name of the file that contains the test server private key in PKCS8 PEM format.
+     */
+    static final String SERVER_KEY_PKCS8_PEM = "quic_test.example.com.key.pkcs8.pem";
+
     private static final String PRIVATE_DATA_DIRECTORY_SUFFIX = "cronet_test";
     private static final String LOOPBACK_ADDRESS = "127.0.0.1";
 

components/cronet/android/test/javatests/src/org/chromium/net/ExperimentalOptionsTest.java

@@ -32,7 +32,7 @@ public class ExperimentalOptionsTest extends CronetTestBase {
         CronetTestUtil.setMockCertVerifierForTesting(
                 mBuilder, QuicTestServer.createMockCertVerifier());
         assertTrue(Http2TestServer.startHttp2TestServer(
-                getContext(), QuicTestServer.getServerCert(), QuicTestServer.getServerCertKey()));
+                getContext(), SERVER_CERT_PEM, SERVER_KEY_PKCS8_PEM));
     }
 
     @Override

components/cronet/android/test/smoketests/src/org/chromium/net/smoke/ChromiumNativeTestSupport.java

@@ -18,6 +18,16 @@ import org.chromium.net.ExperimentalCronetEngine;
 class ChromiumNativeTestSupport extends ChromiumPlatformOnlyTestSupport {
     private static final String TAG = ChromiumNativeTestSupport.class.getSimpleName();
 
+    /**
+     * Name of the file that contains the test server certificate in PEM format.
+     */
+    private static final String SERVER_CERT_PEM = "quic_test.example.com.crt";
+
+    /**
+     * Name of the file that contains the test server private key in PKCS8 PEM format.
+     */
+    private static final String SERVER_KEY_PKCS8_PEM = "quic_test.example.com.key.pkcs8.pem";
+
     @Override
     public TestServer createTestServer(Context context, Protocol protocol) {
         switch (protocol) {
@@ -87,9 +97,8 @@ class ChromiumNativeTestSupport extends ChromiumPlatformOnlyTestSupport {
         @Override
         public boolean start() {
             try {
-                return org.chromium.net.Http2TestServer.startHttp2TestServer(mContext,
-                        org.chromium.net.QuicTestServer.getServerCert(),
-                        org.chromium.net.QuicTestServer.getServerCertKey());
+                return org.chromium.net.Http2TestServer.startHttp2TestServer(
+                        mContext, SERVER_CERT_PEM, SERVER_KEY_PKCS8_PEM);
             } catch (Exception e) {
                 Log.e(TAG, "Exception during Http2TestServer start", e);
                 return false;

net/data/ssl/certificates/quic_test.example.com.key.pkcs8.pem

+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVyhl5jqmrRvBO
+t1hts6OaaBBSr/AAlK40vbRQH6MmpJ4ckDdbPejXO7yT+wD7x0lUm/HQmvJRhHtZ
+i71m866SWrljjGSn0J7jDFDSz5Od6UoRV5PB3q97WkQdCowiph3GremPFo1OkfHT
+8fOC/vZV3HLxEQd17LvpOjWHQ4Fe3ENKt3yhGtXSwUA5aX2JrWQbMTSo6p5eJvxx
+0sZr5cJzMD9ZpzWNqaXpPUNBvVTyKuEVDDUwa4vyd8pcB49Y9FR3Xq/OscErp7vA
+6X3vGtcD7o9nrcbmHannkT9B59aGIIxTs9h5CeJLFVrYkjtiT2jky9CkTrZ9Pl+w
+JOpiYc97AgMBAAECggEAEjCHylfhB7mZaJkg5PSLzu9btC1T9jiwObyKQubuMrN+
+4F9E1naGAQoMGWsZwlJKYvCBuoX0aAslk5DYJJJHIByn+VhQmBaf7iF2HvmaTa0z
+qBYTdENGGvCrKu1izu/jSKwzWwFINI8mTCoh1dtrihKflPMl91qVAlr5gvCzaSac
+ovZwe8cm51rN5XclJx+o6SONhPUdlUWJ5yEpA4mjV3eC6/IvPOoMmr8GRS9oBB6k
+m7yhcaGrSUClc+K3lpFF+3gXD57ABtT23usrNGnti6xnURDYDm+fUX2j8kZEREvj
+YGrCNGp+EecrTzhjgaFukysyRXRp7mLvGEqekodcgQKBgQDm1bmKZmE+0FZJIDXD
+4xMiipc+srd6KuaCYdJ5i0xt9xTC5KJA5eSmoQn0+hWa8065A91tHiR8u49Ql5xP
+6oQw8kA3dpZliZJSL/o7V+aXoMO9/R3H8tbiZn0y7cMYaYr7PGmXC/giSQ5Yi7qE
++yKjKgx35DGEiTajt4FWJ6/siQKBgQDtGKlPyT/k8XGz305qw2W7d8nFFsR4kSJl
+pbbWBwrfouiw0hOARCzevZDq6zSGx9QK8Sv5ACM06TrOxSVNsljKayFK0E+Hc5N/
+bNjCDxJd+4CgUNhM2Ta4wvZqW8FGQgphJVUnYu/YahjETWhMiAEOPcm/j7E9k/HQ
+BiZixroC4wKBgB3zBuKtC9rxfvB37GHg+V+W6a6p02JXZJbwCDXa2+y8jQYIUgDn
+kvYHmNofBGSZQtKAbN82dPd2Ak8rjI1V2Rbcp3ZKvZKo+cIOFYJTkkiEBEGHMLD7
+kePH9mCANrrZHr4gBXcih2wzXFgisO2GA+V1lC6N/dq7TsqJCY/bEFk5AoGBAMAI
+nnHCBd9P85EFiAUPGCHb5u+b/ivNGXgM3WbCs3ro/uDgde0IyvLpxSuQr62Owl7O
+cZgvFVTwprH8mbcxgZsJZCCtUgzafpfRuEqNXIoEf2zZrieoMxs4xc7lXEikirWe
+QDczeiHl5QNx0s1RxtEbGIHwR1Uhs9SSdprAbL6TAoGBAMT3QpWdPNlDoPbSkAC9
+hoUIaRZS8rN/8Ls1lwYf5RxaiTcEKuQ2IYphMRsSzqHbpDxLtWbsWJGd9VARbgc8
+W5DzCmditgUlt9FsawbxqDGO7bkqD4QEkZS67zehDzM2Ir8sy00QZxCi1dJXEBR2
+DUChLmnVRf1yCYz0xmGSRskj
+-----END PRIVATE KEY-----

third_party/netty-tcnative/BUILD.gn

@@ -11,37 +11,15 @@ import("//build/config/android/rules.gni")
 shared_library("netty-tcnative-so") {
   output_name = "netty-tcnative"
   sources = [
-    "src/c/address.c",
     "src/c/bb.c",
-    "src/c/dir.c",
     "src/c/error.c",
-    "src/c/file.c",
-    "src/c/info.c",
     "src/c/jnilib.c",
-    "src/c/lock.c",
-    "src/c/misc.c",
-    "src/c/mmap.c",
-    "src/c/multicast.c",
-    "src/c/network.c",
-    "src/c/os.c",
-    "src/c/os_unix_system.c",
-    "src/c/os_unix_uxpipe.c",
-    "src/c/poll.c",
-    "src/c/pool.c",
-    "src/c/proc.c",
-    "src/c/shm.c",
+    "src/c/native_constants.c",
     "src/c/ssl.c",
     "src/c/ssl_private.h",
     "src/c/sslcontext.c",
-    "src/c/sslinfo.c",
-    "src/c/sslnetwork.c",
     "src/c/sslutils.c",
-    "src/c/stdlib.c",
     "src/c/tcn.h",
-    "src/c/tcn_api.h",
-    "src/c/tcn_version.h",
-    "src/c/thread.c",
-    "src/c/user.c",
   ]
   include_dirs = [ "../apache-portable-runtime/src/include" ]
   defines = [ "HAVE_OPENSSL" ]
@@ -56,47 +34,14 @@ shared_library("netty-tcnative-so") {
 # Builds the Java part of netty-tcnative library.
 android_library("netty-tcnative_java") {
   java_files = [
-    "src/java/src/org/apache/tomcat/Apr.java",
-    "src/java/src/org/apache/tomcat/jni/Address.java",
-    "src/java/src/org/apache/tomcat/jni/BIOCallback.java",
-    "src/java/src/org/apache/tomcat/jni/Buffer.java",
-    "src/java/src/org/apache/tomcat/jni/CertificateVerifier.java",
-    "src/java/src/org/apache/tomcat/jni/Directory.java",
-    "src/java/src/org/apache/tomcat/jni/Error.java",
-    "src/java/src/org/apache/tomcat/jni/FileInfo.java",
-    "src/java/src/org/apache/tomcat/jni/File.java",
-    "src/java/src/org/apache/tomcat/jni/Global.java",
-    "src/java/src/org/apache/tomcat/jni/Library.java",
-    "src/java/src/org/apache/tomcat/jni/LibraryNotFoundError.java",
-    "src/java/src/org/apache/tomcat/jni/Local.java",
-    "src/java/src/org/apache/tomcat/jni/Lock.java",
-    "src/java/src/org/apache/tomcat/jni/Mmap.java",
-    "src/java/src/org/apache/tomcat/jni/Multicast.java",
-    "src/java/src/org/apache/tomcat/jni/OS.java",
-    "src/java/src/org/apache/tomcat/jni/PasswordCallback.java",
-    "src/java/src/org/apache/tomcat/jni/Poll.java",
-    "src/java/src/org/apache/tomcat/jni/PoolCallback.java",
-    "src/java/src/org/apache/tomcat/jni/Pool.java",
-    "src/java/src/org/apache/tomcat/jni/Procattr.java",
-    "src/java/src/org/apache/tomcat/jni/ProcErrorCallback.java",
-    "src/java/src/org/apache/tomcat/jni/Proc.java",
-    "src/java/src/org/apache/tomcat/jni/Registry.java",
-    "src/java/src/org/apache/tomcat/jni/SessionTicketKey.java",
-    "src/java/src/org/apache/tomcat/jni/Shm.java",
-    "src/java/src/org/apache/tomcat/jni/Sockaddr.java",
-    "src/java/src/org/apache/tomcat/jni/socket/AprSocketContext.java",
-    "src/java/src/org/apache/tomcat/jni/socket/AprSocket.java",
-    "src/java/src/org/apache/tomcat/jni/socket/HostInfo.java",
-    "src/java/src/org/apache/tomcat/jni/Socket.java",
-    "src/java/src/org/apache/tomcat/jni/SSLContext.java",
-    "src/java/src/org/apache/tomcat/jni/SSLExt.java",
-    "src/java/src/org/apache/tomcat/jni/SSL.java",
-    "src/java/src/org/apache/tomcat/jni/SSLSocket.java",
-    "src/java/src/org/apache/tomcat/jni/Status.java",
-    "src/java/src/org/apache/tomcat/jni/Stdlib.java",
-    "src/java/src/org/apache/tomcat/jni/Thread.java",
-    "src/java/src/org/apache/tomcat/jni/Time.java",
-    "src/java/src/org/apache/tomcat/jni/User.java",
+    "src/java/io/netty/internal/tcnative/Buffer.java",
+    "src/java/io/netty/internal/tcnative/CertificateRequestedCallback.java",
+    "src/java/io/netty/internal/tcnative/CertificateVerifier.java",
+    "src/java/io/netty/internal/tcnative/Library.java",
+    "src/java/io/netty/internal/tcnative/NativeStaticallyReferencedJniMethods.java",
+    "src/java/io/netty/internal/tcnative/SessionTicketKey.java",
+    "src/java/io/netty/internal/tcnative/SSL.java",
+    "src/java/io/netty/internal/tcnative/SSLContext.java",
   ]
   run_findbugs_override = false
   deps = [

third_party/netty-tcnative/README.chromium

 Name: Tomcat Native Fork for Netty
 Short Name: netty-tcnative
-URL: https://github.com/netty/netty-tcnative
-SHA: 856865181ca38c07b7d2be619903ee98f6f77a23 netty-tcnative-1.1.33.zip
-Version: 1.1.33
-Date: October 13, 2015
-Revision: 2aa47be27783ec31086ca9881402f845543de4e6
+URL: https://github.com/netty/netty-tcnative.git
+Version: 2.0.0.Final
+Date: March 9, 2017
+Revision: 28d9d70090f1b18927f4554621648cc1922d6e05
 License: Apache 2.0
 License File: NOT_SHIPPED
 Security Critical: no
@@ -21,161 +20,16 @@ Description:
 
 Local Modifications:
 
-diff -ruN ./original/src/main/c/ssl.c ./src/third_party/netty-tcnative/src/c/ssl.c
---- ./original/src/main/c/ssl.c	2015-10-13 08:36:59.000000000 -0400
-+++ ./src/third_party/netty-tcnative/src/c/ssl.c	2016-01-04 10:18:31.729765992 -0500
-@@ -1821,7 +1821,7 @@
-     verify = SSL_VERIFY_NONE;
-
-     UNREFERENCED(o);
--    TCN_ASSERT(ctx != 0);
-+    TCN_ASSERT(c->ctx != 0);
-     c->verify_mode = level;
-
-     if (c->verify_mode == SSL_CVERIFY_UNSET)
-
-diff --git a/c/ssl.c b/c/ssl.c
-index 89e6cad..97c7982 100644
---- a/c/ssl.c
-+++ b/c/ssl.c
-@@ -231,26 +231,38 @@ static const jint supported_ssl_opts = 0
-
- static int ssl_tmp_key_init_rsa(int bits, int idx)
- {
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(OPENSSL_USE_DEPRECATED)
--    if (!(SSL_temp_keys[idx] =
--          RSA_generate_key(bits, RSA_F4, NULL, NULL))) {
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
-+    return 0;
-+#else
-+
- #ifdef OPENSSL_FIPS
--        /**
--         * With FIPS mode short RSA keys cannot be
--         * generated.
--         */
--        if (bits < 1024)
--            return 0;
--        else
--#endif
--        return 1;
--    }
--    else {
-+    /**
-+     * Short RSA keys cannot be generated in FIPS mode.
-+     */
-+    if (bits < 1024)
-         return 0;
--    }
--#else
--    return 0;
- #endif
-+
-+    BIGNUM *e = BN_new();
-+    RSA *rsa = RSA_new();
-+    int ret = 1;
-+
-+    if (e == NULL ||
-+        rsa == NULL ||
-+        !BN_set_word(e, RSA_F4) ||
-+        RSA_generate_key_ex(rsa, bits, e, NULL) != 1) {
-+        goto err;
-+    }
-+
-+    SSL_temp_keys[idx] = rsa;
-+    rsa = NULL;
-+    ret = 0;
-+
-+err:
-+    BN_free(e);
-+    RSA_free(rsa);
-+    return ret;
-+#endif  /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
- }
-
- static int ssl_tmp_key_init_dh(int bits, int idx)
-@@ -610,45 +622,6 @@ int SSL_rand_seed(const char *file)
-     return RAND_status();
- }
-
--static int ssl_rand_make(const char *file, int len, int base64)
--{
--    int r;
--    int num = len;
--    BIO *out = NULL;
--
--    out = BIO_new(BIO_s_file());
--    if (out == NULL)
--        return 0;
--    if ((r = BIO_write_filename(out, (char *)file)) < 0) {
--        BIO_free_all(out);
--        return 0;
--    }
--    if (base64) {
--        BIO *b64 = BIO_new(BIO_f_base64());
--        if (b64 == NULL) {
--            BIO_free_all(out);
--            return 0;
--        }
--        out = BIO_push(b64, out);
--    }
--    while (num > 0) {
--        unsigned char buf[4096];
--        int len = num;
--        if (len > sizeof(buf))
--            len = sizeof(buf);
--        r = RAND_bytes(buf, len);
--        if (r <= 0) {
--            BIO_free_all(out);
--            return 0;
--        }
--        BIO_write(out, buf, len);
--        num -= len;
--    }
--    r = BIO_flush(out);
--    BIO_free_all(out);
--    return r > 0 ? 1 : 0;
--}
--
- TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine)
- {
-     int r = 0;
-@@ -785,17 +758,6 @@ TCN_IMPLEMENT_CALL(jboolean, SSL, randSave)(TCN_STDARGS, jstring file)
-     return r ? JNI_TRUE : JNI_FALSE;
- }
-
--TCN_IMPLEMENT_CALL(jboolean, SSL, randMake)(TCN_STDARGS, jstring file,
--                                            jint length, jboolean base64)
--{
--    TCN_ALLOC_CSTRING(file);
--    int r;
--    UNREFERENCED(o);
--    r = ssl_rand_make(J2S(file), length, base64);
--    TCN_FREE_CSTRING(file);
--    return r ? JNI_TRUE : JNI_FALSE;
--}
--
- TCN_IMPLEMENT_CALL(void, SSL, randSet)(TCN_STDARGS, jstring file)
- {
-     TCN_ALLOC_CSTRING(file);
-
 diff --git a/c/sslcontext.c b/c/sslcontext.c
-index 925ca2a..78afe61 100644
+index 5668298..25bfb6e 100644
 --- a/c/sslcontext.c
 +++ b/c/sslcontext.c
-@@ -1464,7 +1464,11 @@ static const char* authentication_method(const SSL* ssl) {
-         case SSL2_VERSION:
-             return SSL_TXT_RSA;
-         default:
-+#if defined(OPENSSL_IS_BORINGSSL)
-+            return cipher_authentication_method(SSL_get_pending_cipher(ssl));
-+#else
-             return cipher_authentication_method(ssl->s3->tmp.new_cipher);
-+#endif
-         }
-     }
- }
-
-
-025da0aad4f9c2fdeebb64bcebf11bbf2c12a2bd and
-fd68c837b156ddb4b054e03d99a401e93068b34d were backported from upstream.
+@@ -1178,7 +1178,7 @@ static int SSL_cert_verify(X509_STORE_CTX *ctx, void *arg) {
+     tcn_ssl_ctxt_t *c = SSL_get_app_data2(ssl);
+     TCN_ASSERT(c != NULL);
+     tcn_ssl_verify_config_t* verify_config = SSL_get_app_data4(ssl);
+-    TCN_ASSERT(verify_confg != NULL);
++    TCN_ASSERT(verify_config != NULL);
+
+     // Get a stack of all certs in the chain
+     STACK_OF(X509) *sk = ctx->untrusted;

third_party/netty4/README.chromium

 Name: Netty
 Short Name: netty
 URL: http://netty.io/
-SHA: f40598a04aae5fa4b24810f30aaaf4a61c9c4385  netty-4.1.0.Beta8.tar.bz2
-Version: 4.1.0.Beta8
-Date: November 10, 2015
+SHA: 3b0025e08168eebc97b232fef333a716dc4d42bd  netty-4.1.9.Final.tar.bz2
+Version: 4.1.9.Final
+Date: March 10, 2017
 License: Apache 2.0
 License File: NOT_SHIPPED
 Security Critical: no
@@ -16,13 +16,4 @@ of network applications such as protocol servers and clients. It greatly
 simplifies and streamlines network programming such as TCP and UDP socket server.
 
 Local Modifications:
-Replaced netty-all jar files with the nightly build version
-and deleted all 4.1.0.Beta8 version jars.
-
-URL: https://oss.sonatype.org/content/repositories/snapshots/io/netty/netty-all/4.1.0.CR1-SNAPSHOT/
-SHA: 2748f46eca4216a08e75dd9ce618f61ed067c4f5 netty-all-4.1.0.CR1-20160111.120759-50-sources.jar
-Date: January 11, 2016
-
-URL: https://oss.sonatype.org/content/repositories/snapshots/io/netty/netty-all/4.1.0.CR1-SNAPSHOT/
-SHA: 16cc4addd84c7fb3444e6d79f7d8cef74adefc7d netty-all-4.1.0.CR1-20160111.120759-50.jar
-Date: January 11, 2016
+None

third_party/netty4/netty4.gni

@@ -4,4 +4,5 @@
 
 # Defines location of netty4 jar file.
 
-NETTY4_JAR_FILE = "//third_party/netty4/src/jar/all-in-one/netty-all-4.1.0.CR1-20160111.120759-50.jar"
+NETTY4_JAR_FILE =
+    "//third_party/netty4/src/jar/all-in-one/netty-all-4.1.9.Final.jar"