From 32173975e003474ea11d7ad840abc49d0782051a Mon Sep 17 00:00:00 2001 From: Chengyuan Zhang Date: Fri, 8 Jan 2021 15:45:58 -0800 Subject: [PATCH] Revert "netty: add exporting SSL/TLS master key log feature (#7724)" (#7792) This reverts commit 9bc05fba67b709d1e816f47c462b22d976194cca. --- .../io/grpc/netty/ProtocolNegotiators.java | 17 ------ .../grpc/netty/ProtocolNegotiatorsTest.java | 52 ------------------- 2 files changed, 69 deletions(-) diff --git a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java index 6a4daaa6482..3779d050095 100644 --- a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java +++ b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java @@ -64,7 +64,6 @@ import io.netty.handler.ssl.SslContextBuilder; import io.netty.handler.ssl.SslHandler; import io.netty.handler.ssl.SslHandshakeCompletionEvent; -import io.netty.handler.ssl.SslMasterKeyHandler; import io.netty.handler.ssl.SslProvider; import io.netty.util.AsciiString; import io.netty.util.Attribute; @@ -397,14 +396,6 @@ public void handlerAdded(ChannelHandlerContext ctx) throws Exception { ctx.pipeline().addBefore(ctx.name(), /* name= */ null, this.executor != null ? new SslHandler(sslEngine, false, this.executor) : new SslHandler(sslEngine, false)); - - // Support exporting the key and session identifier to the log named - // "io.netty.wireshark" when the system property named "io.netty.ssl.masterKeyHandler" - // is "true". This feature is used to analyze gRPC traffic with Wireshark. - if (Boolean.getBoolean(SslMasterKeyHandler.SYSTEM_PROP_KEY)) { - ctx.pipeline().addBefore(ctx.name(), null, - SslMasterKeyHandler.newWireSharkSslMasterKeyHandler()); - } } @Override @@ -581,14 +572,6 @@ protected void handlerAdded0(ChannelHandlerContext ctx) { ctx.pipeline().addBefore(ctx.name(), /* name= */ null, this.executor != null ? new SslHandler(sslEngine, false, this.executor) : new SslHandler(sslEngine, false)); - - // Support exporting the key and session identifier to the log named - // "io.netty.wireshark" when the system property named "io.netty.ssl.masterKeyHandler" - // is "true". This feature is used to analyze gRPC traffic with Wireshark. - if (Boolean.getBoolean(SslMasterKeyHandler.SYSTEM_PROP_KEY)) { - ctx.pipeline().addBefore(ctx.name(), null, - SslMasterKeyHandler.newWireSharkSslMasterKeyHandler()); - } } @Override diff --git a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java index a1625338857..1fc420b519a 100644 --- a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java +++ b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java @@ -94,20 +94,17 @@ import io.netty.handler.ssl.SslContextBuilder; import io.netty.handler.ssl.SslHandler; import io.netty.handler.ssl.SslHandshakeCompletionEvent; -import io.netty.handler.ssl.SslMasterKeyHandler; import io.netty.handler.ssl.SupportedCipherSuiteFilter; import io.netty.handler.ssl.util.SelfSignedCertificate; import java.io.File; import java.net.InetSocketAddress; import java.net.SocketAddress; -import java.util.ArrayList; import java.util.Arrays; import java.util.List; import java.util.concurrent.CountDownLatch; import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicReference; import java.util.logging.Filter; -import java.util.logging.Handler; import java.util.logging.Level; import java.util.logging.LogRecord; import java.util.logging.Logger; @@ -1213,53 +1210,4 @@ public void handlerAdded(ChannelHandlerContext ctx) throws Exception { ctx.pipeline().fireUserEventTriggered(ProtocolNegotiationEvent.DEFAULT); } } - - @Test - public void clientTlsHandler_serverTlsHandler_sslMasterKeyLog() throws Exception { - final List logs = new ArrayList<>(); - Handler handler = new Handler() { - @Override public void publish(LogRecord record) { - logs.add(record); - } - - @Override public void flush() {} - - @Override public void close() {} - }; - - Logger logger = Logger.getLogger("io.netty.wireshark"); - logger.addHandler(handler); - - String oldPropValue = System.getProperty(SslMasterKeyHandler.SYSTEM_PROP_KEY); - try { - // The master key log feature should be disabled - // when the "io.netty.ssl.masterKeyHandler" property is missing. - System.clearProperty(SslMasterKeyHandler.SYSTEM_PROP_KEY); - clientTlsHandler_firesNegotiation(); - assertThat(logs).isEmpty(); - - // The master key log feature should be disabled - // when the value of "io.netty.ssl.masterKeyHandler" property is not "true". - System.setProperty(SslMasterKeyHandler.SYSTEM_PROP_KEY, "false"); - clientTlsHandler_firesNegotiation(); - assertThat(logs).isEmpty(); - - // The master key log feature should be enabled - // when the value of "io.netty.ssl.masterKeyHandler" property is "true". - System.setProperty(SslMasterKeyHandler.SYSTEM_PROP_KEY, "true"); - clientTlsHandler_firesNegotiation(); - - // writing key twice because both client and server will enable key log feature - assertThat(logs.size()).isEqualTo(2); - assertThat(logs.get(0).getMessage()).containsMatch("^RSA Session-ID:.+ Master-Key:"); - assertThat(logs.get(1).getMessage()).containsMatch("^RSA Session-ID:.+ Master-Key:"); - } finally { - logger.removeHandler(handler); - if (oldPropValue != null) { - System.setProperty(SslMasterKeyHandler.SYSTEM_PROP_KEY, oldPropValue); - } else { - System.clearProperty(SslMasterKeyHandler.SYSTEM_PROP_KEY); - } - } - } }