Run CircleCI with multiple platforms (#4864)

Run in CircleCI.
Also conditionally disables tests that show issues with Conscrypt/OkHttp (client auth etc).

.circleci/config.yml

@@ -5,8 +5,6 @@ jobs:
     docker:
       - image: circleci/openjdk:8u171-jdk
 
-    working_directory: ~/repo
-
     environment:
       JVM_OPTS: -Xmx768m
       TERM: dumb
@@ -36,8 +34,6 @@ jobs:
     docker:
       - image: circleci/openjdk:8u171-jdk
 
-    working_directory: ~/repo
-
     environment:
       JVM_OPTS: -Xmx1g
       TERM: dumb
@@ -72,8 +68,6 @@ jobs:
     docker:
       - image: circleci/openjdk:8u171-jdk
 
-    working_directory: ~/testrepo
-
     environment:
       JVM_OPTS: -Xmx1g
       TERM: dumb
@@ -126,8 +120,6 @@ jobs:
     docker:
       - image: circleci/openjdk:11.0.2-jdk
 
-    working_directory: ~/testrepo11
-
     environment:
       JVM_OPTS: -Xmx1g
       TERM: dumb
@@ -146,7 +138,7 @@ jobs:
           name: Run tests
           command: ./gradlew --build-cache --parallel test
           environment:
-            GRADLE_OPTS: -Dorg.gradle.daemon=false -Dorg.gradle.workers.max=3 -Xmx1G
+            GRADLE_OPTS: -Dorg.gradle.daemon=false -Dokhttp.platform=jdk9 -Dorg.gradle.workers.max=3 -Xmx1G
 
       - save_cache:
           paths:
@@ -157,24 +149,76 @@ jobs:
       - run:
           name: Save test results
           command: |
-            mkdir -p ~/testrepo11/test-results/junit/
-            find . -type f -regex ".*/build/test-results/.*xml" -exec cp {} ~/testrepo11/test-results/junit/ \;
+            mkdir -p ~/test-results/junit/
+            find . -type f -regex ".*/build/test-results/.*xml" -exec cp {} ~/test-results/junit/ \;
           when: always
 
       - store_test_results:
           name: Store test results
-          path: ~/testrepo11/test-results
+          path: ~/test-results
 
       - run:
           name: Save gradle reports
           command: |
-            mkdir -p ~/testrepo11/reports/
-            tar cf - */build/reports | (cd ~/testrepo11/reports/; tar xf -)
+            mkdir -p ~/reports/
+            tar cf - */build/reports | (cd ~/reports/; tar xf -)
           when: always
 
       - store_artifacts:
           name: Store gradle reports
-          path: ~/testrepo11/reports
+          path: ~/reports
+
+  testconscrypt:
+    docker:
+      - image: circleci/openjdk:11.0.2-jdk
+
+    environment:
+      JVM_OPTS: -Xmx1g
+      TERM: dumb
+
+    steps:
+      - checkout
+
+      - restore_cache:
+          keys:
+            - v3-{{ checksum "build.gradle" }}-{{ .Branch }}-testconscrypt
+            - v3-{{ checksum "build.gradle" }}-{{ .Branch }}
+            - v3-{{ checksum "build.gradle" }}-master
+            - v3-{{ checksum "build.gradle" }}
+
+      - run:
+          name: Run tests
+          command: ./gradlew --build-cache --parallel test
+          environment:
+            GRADLE_OPTS: -Dorg.gradle.daemon=false -Dokhttp.platform=conscrypt -Dorg.gradle.workers.max=3 -Xmx1G
+
+      - save_cache:
+          paths:
+            - ~/.gradle/caches
+            - ~/.gradle/wrapper
+          key: v3-{{ checksum "build.gradle" }}-{{ .Branch }}-testconscrypt
+
+      - run:
+          name: Save test results
+          command: |
+            mkdir -p ~/test-results/junit/
+            find . -type f -regex ".*/build/test-results/.*xml" -exec cp {} ~/test-results/junit/ \;
+          when: always
+
+      - store_test_results:
+          name: Store test results
+          path: ~/test-results
+
+      - run:
+          name: Save gradle reports
+          command: |
+            mkdir -p ~/reports/
+            tar cf - */build/reports | (cd ~/reports/; tar xf -)
+          when: always
+
+      - store_artifacts:
+          name: Store gradle reports
+          path: ~/reports
 
 workflows:
   version: 2
@@ -196,6 +240,12 @@ workflows:
           filters:
             branches:
               only: master
+      - testconscrypt:
+          requires:
+            - compile
+          filters:
+            branches:
+              only: master
   nightly:
     triggers:
       - schedule:
@@ -214,3 +264,6 @@ workflows:
       - testjdk11:
           requires:
             - compile
+      - testconscrypt:
+          requires:
+            - compile

build.gradle

@@ -103,15 +103,18 @@ subprojects { project ->
     signature 'org.codehaus.mojo.signature:java18:1.0@signature'
   }
 
+  def platform = System.getProperty("okhttp.platform", "platform")
+
   test {
     jvmArgs += "-Dlistener=okhttp3.testing.InstallUncaughtExceptionHandlerListener"
-    jvmArgs += "-Dokhttp.platform=platform"
+    jvmArgs += "-Dokhttp.platform=$platform"
 
     testLogging {
       exceptionFormat = 'full'
     }
   }
 
+  if (platform == "platform") {
     // Add alpn-boot on Java 8 so we can use HTTP/2 without a stable API.
     def alpnBootVersion = alpnBootVersion()
     if (alpnBootVersion != null) {
@@ -123,6 +126,11 @@ subprojects { project ->
         jvmArgs += "-Xbootclasspath/p:${alpnBootJar}"
       }
     }
+  } else if (platform == "conscrypt") {
+    dependencies {
+      testRuntime "org.conscrypt:conscrypt-openjdk-uber:${versions.conscrypt}"
+    }
+  }
 
   apply plugin: 'net.ltgt.errorprone'
   dependencies {

mockwebserver/src/test/java/okhttp3/mockwebserver/MockWebServerTest.java

@@ -53,6 +53,7 @@ import static okhttp3.tls.internal.TlsUtil.localhost;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.data.Offset.offset;
 import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeFalse;
 
 public final class MockWebServerTest {
   @Rule public final MockWebServer server = new MockWebServer();
@@ -533,6 +534,8 @@ public final class MockWebServerTest {
   }
 
   @Test public void httpsWithClientAuth() throws Exception {
+    assumeFalse(getPlatform().equals("conscrypt"));
+
     HeldCertificate clientCa = new HeldCertificate.Builder()
         .certificateAuthority(0)
         .build();
@@ -579,4 +582,8 @@ public final class MockWebServerTest {
     assertThat(handshake.peerPrincipal()).isNotNull();
     assertThat(handshake.peerCertificates().size()).isEqualTo(1);
   }
+
+  public static String getPlatform() {
+    return System.getProperty("okhttp.platform", "platform");
+  }
 }

okhttp-logging-interceptor/src/test/java/okhttp3/logging/HttpLoggingInterceptorTest.java

@@ -19,6 +19,7 @@ import java.io.IOException;
 import java.net.UnknownHostException;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.regex.Pattern;
 import javax.annotation.Nullable;
 import javax.net.ssl.HostnameVerifier;
 import okhttp3.HttpUrl;
@@ -853,7 +854,7 @@ public final class HttpLoggingInterceptorTest {
     LogRecorder assertLogMatch(String pattern) {
       assertThat(index).overridingErrorMessage("No more messages found").isLessThan(logs.size());
       String actual = logs.get(index++);
-      assertThat(actual).matches(pattern);
+      assertThat(actual).matches(Pattern.compile(pattern, Pattern.DOTALL));
       return this;
     }
 

okhttp-logging-interceptor/src/test/java/okhttp3/logging/LoggingEventListenerTest.java

@@ -209,9 +209,9 @@ public final class LoggingEventListenerTest {
         .assertLogMatch("connectStart: " + url.host() + "/.+ DIRECT")
         .assertLogMatch("secureConnectStart")
         .assertLogMatch(
-            "connectFailed: null javax\\.net\\.ssl\\.SSLProtocolException: (?:Unexpected handshake message: client_hello|Handshake message sequence violation, 1)")
+            "connectFailed: null javax\\.net\\.ssl\\.(?:SSLProtocolException|SSLHandshakeException): (?:Unexpected handshake message: client_hello|Handshake message sequence violation, 1|Read error).*")
         .assertLogMatch(
-            "callFailed: javax\\.net\\.ssl\\.SSLProtocolException: (?:Unexpected handshake message: client_hello|Handshake message sequence violation, 1)")
+            "callFailed: javax\\.net\\.ssl\\.(?:SSLProtocolException|SSLHandshakeException): (?:Unexpected handshake message: client_hello|Handshake message sequence violation, 1|Read error).*")
         .assertNoMoreLogs();
   }
 

okhttp-tls/src/test/java/okhttp3/tls/HandshakeCertificatesTest.java

@@ -22,7 +22,6 @@ import java.net.ServerSocket;
 import java.net.Socket;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
-import java.util.Arrays;
 import java.util.LinkedHashSet;
 import java.util.Set;
 import java.util.concurrent.ExecutorService;
@@ -40,6 +39,7 @@ import org.junit.Test;
 import static java.util.Arrays.asList;
 import static okhttp3.internal.Util.closeQuietly;
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.Assume.assumeFalse;
 
 public final class HandshakeCertificatesTest {
   private ExecutorService executorService;
@@ -55,6 +55,8 @@ public final class HandshakeCertificatesTest {
   }
 
   @Test public void clientAndServer() throws Exception {
+    assumeFalse(getPlatform().equals("conscrypt"));
+
     HeldCertificate clientRoot = new HeldCertificate.Builder()
         .certificateAuthority(1)
         .build();
@@ -188,4 +190,8 @@ public final class HandshakeCertificatesTest {
     assertThat(ByteString.of(actual.getEncoded())).isEqualTo(
         ByteString.of(expected.getEncoded()));
   }
+
+  public static String getPlatform() {
+    return System.getProperty("okhttp.platform", "platform");
+  }
 }

okhttp/src/test/java/okhttp3/CallTest.java

@@ -93,6 +93,7 @@ import static okhttp3.CipherSuite.TLS_DH_anon_WITH_AES_128_GCM_SHA256;
 import static okhttp3.TestUtil.awaitGarbageCollection;
 import static okhttp3.internal.InternalKtKt.addHeaderLenient;
 import static okhttp3.internal.platform.PlatformTest.getJvmSpecVersion;
+import static okhttp3.internal.platform.PlatformTest.getPlatform;
 import static okhttp3.tls.internal.TlsUtil.localhost;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.data.Offset.offset;
@@ -1142,6 +1143,8 @@ public final class CallTest {
   }
 
   @Test public void recoverFromTlsHandshakeFailure_tlsFallbackScsvEnabled() throws Exception {
+    assumeFalse(getPlatform().equals("conscrypt"));
+
     final String tlsFallbackScsv = "TLS_FALLBACK_SCSV";
     List<String> supportedCiphers =
         asList(handshakeCertificates.sslSocketFactory().getSupportedCipherSuites());
@@ -1253,6 +1256,8 @@ public final class CallTest {
    * man-in-the-middle attacks. https://bugs.openjdk.java.net/browse/JDK-8212823
    */
   @Test public void anonCipherSuiteUnsupported() throws Exception {
+    assumeFalse(getPlatform().equals("conscrypt"));
+
     // The _anon_ suites became unsupported in "1.8.0_201" and "11.0.2".
     assumeFalse(System.getProperty("java.version", "unknown").matches("1\\.8\\.0_1\\d\\d"));
     assumeFalse(System.getProperty("java.version", "unknown").matches("11"));

okhttp/src/test/java/okhttp3/ConnectionCoalescingTest.java

@@ -34,8 +34,10 @@ import org.junit.Rule;
 import org.junit.Test;
 
 import static java.util.Arrays.asList;
+import static okhttp3.internal.platform.PlatformTest.getPlatform;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeFalse;
 
 public final class ConnectionCoalescingTest {
   @Rule public final MockWebServer server = new MockWebServer();
@@ -50,6 +52,8 @@ public final class ConnectionCoalescingTest {
   private List<InetAddress> serverIps;
 
   @Before public void setUp() throws Exception {
+    assumeFalse(getPlatform().equals("conscrypt"));
+
     rootCa = new HeldCertificate.Builder()
         .serialNumber(1L)
         .certificateAuthority(0)

okhttp/src/test/java/okhttp3/internal/tls/ClientAuthTest.java

@@ -19,7 +19,6 @@ import java.net.SocketException;
 import java.security.GeneralSecurityException;
 import java.security.SecureRandom;
 import java.security.cert.X509Certificate;
-import java.util.Arrays;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLException;
@@ -64,6 +63,8 @@ public final class ClientAuthTest {
 
   @Before
   public void setUp() {
+    assumeFalse(getPlatform().equals("conscrypt"));
+
     serverRootCa = new HeldCertificate.Builder()
         .serialNumber(1L)
         .certificateAuthority(1)