Fix LSP/Micronaut tests + don't ignore exception in gradle spi

[mbien]

targets delivery

This attempts to fix the failing LSP and Micronaut jobs.

This took a while to find due to several reasons (not going to write everything down here), two of them being that a key gradle exception was swallowed deep in setup code and that this wasn't reproducible locally unless the .gradle cache was cleared - which lead me to the wrong paths during investigation. (also the tests are difficult to work with since they throw exceptions even when green!)

Initially it wasn't even clear that this was a gradle issue, but after trying other JDK vendors, reverting commits until the last green master build and double checking that nothing else changed in the CI environment, this was the only path left.

tested locally. lets see if CI is ok with it

swallowed Exception during test data setup (gradle project used as test for IDE features):

Details

org.gradle.tooling.GradleConnectionException: Could not install Gradle distribution from 'https://services.gradle.org/distributions/gradle-8.4-bin.zip'.
	at org.gradle.tooling.internal.consumer.DistributionFactory$ZippedDistribution.getToolingImplementationClasspath(DistributionFactory.java:135)
	at org.gradle.tooling.internal.consumer.loader.CachingToolingImplementationLoader.create(CachingToolingImplementationLoader.java:41)
	at org.gradle.tooling.internal.consumer.loader.SynchronizedToolingImplementationLoader.create(SynchronizedToolingImplementationLoader.java:44)
	at org.gradle.tooling.internal.consumer.connection.LazyConsumerActionExecutor.onStartAction(LazyConsumerActionExecutor.java:160)
	at org.gradle.tooling.internal.consumer.connection.LazyConsumerActionExecutor.run(LazyConsumerActionExecutor.java:142)
	at org.gradle.tooling.internal.consumer.connection.CancellableConsumerActionExecutor.run(CancellableConsumerActionExecutor.java:45)
	at org.gradle.tooling.internal.consumer.connection.ProgressLoggingConsumerActionExecutor.run(ProgressLoggingConsumerActionExecutor.java:61)
	at org.gradle.tooling.internal.consumer.connection.RethrowingErrorsConsumerActionExecutor.run(RethrowingErrorsConsumerActionExecutor.java:38)
	at org.gradle.tooling.internal.consumer.async.DefaultAsyncConsumerActionExecutor$1$1.run(DefaultAsyncConsumerActionExecutor.java:67)
	at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:64)
	at org.gradle.internal.concurrent.AbstractManagedExecutor$1.run(AbstractManagedExecutor.java:47)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:829)
	at org.gradle.tooling.internal.consumer.BlockingResultHandler.getResult(BlockingResultHandler.java:46)
	at org.gradle.tooling.internal.consumer.DefaultBuildLauncher.run(DefaultBuildLauncher.java:83)
	at org.netbeans.modules.gradle.spi.newproject.TemplateOperation$InitStep.execute(TemplateOperation.java:317)
	at org.netbeans.modules.gradle.spi.newproject.TemplateOperation.run(TemplateOperation.java:116)
	at org.netbeans.modules.gradle.newproject.GradleProjectFromTemplateHandler.createFromTemplate(GradleProjectFromTemplateHandler.java:62)
	at org.netbeans.api.templates.CreateFromTemplateImpl.build(CreateFromTemplateImpl.java:146)
	at org.netbeans.api.templates.CreateFromTemplateImpl.lambda$build$0(CreateFromTemplateImpl.java:86)
	at org.openide.filesystems.EventControl.runAtomicAction(EventControl.java:102)
	at org.openide.filesystems.FileSystem.runAtomicAction(FileSystem.java:494)
	at org.netbeans.api.templates.CreateFromTemplateImpl.build(CreateFromTemplateImpl.java:84)
	at org.netbeans.api.templates.FileBuilder.build(FileBuilder.java:267)
	at org.netbeans.modules.java.lsp.server.explorer.ProjectViewTest.createSimpleProject(ProjectViewTest.java:325)
	at org.netbeans.modules.java.lsp.server.explorer.ProjectViewTest.createAndFindProjectNode(ProjectViewTest.java:361)
	at org.netbeans.modules.java.lsp.server.explorer.ProjectViewTest.testEmptyInterimPackageRemoved(ProjectViewTest.java:578)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at junit.framework.TestCase.runTest(TestCase.java:177)
	at org.netbeans.junit.NbTestCase.access$200(NbTestCase.java:79)
	at org.netbeans.junit.NbTestCase$2.doSomething(NbTestCase.java:484)
	at org.netbeans.junit.NbTestCase$1Guard.run(NbTestCase.java:405)
	at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:347)
	at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:186)
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1511)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:456)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:427)
	at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:580)
	at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:201)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.followRedirect0(HttpURLConnection.java:2830)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.followRedirect(HttpURLConnection.java:2742)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1869)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1525)
	at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:250)
	at org.gradle.wrapper.Download.downloadInternal(Download.java:129)
	at org.gradle.wrapper.Download.download(Download.java:109)

[mbien]

webserver does not support TLS 1.3:
https://www.ssllabs.com/ssltest/analyze.html?d=services.gradle.org&s=2606%3a4700%3a0%3a0%3a0%3a0%3a6811%3a8125

but it appears as if the download tries it anyway and that is when the failure happens or there is some other bug in protocol negotiations

[sdedic]

It's strange because even java.gradle module contains wrapper instructions to download gradle 7.5 .... do those tests pass ?

[mbien]

you can see what tests pass here for example:
https://github.com/apache/netbeans/actions/runs/6789437471

[sdedic]

Interesting. MN tests fail me even locally, while Gradle Java test did download gradle 7.5 distribution even though it has the same server in its wrapper.properties (https://services.gradle.org/distributions/gradle-7.5-bin.zip vs. https://services.gradle.org/distributions/gradle-7.6.2-bin.zip).

[mbien]

yeah its easily reproducible locally. All I had to do is to clear my .gradle folder (I kept the properties file).

[mbien]

someone pressed the wrong button in the admin console, even my raspi runs better cipher suites, more than half of them on the gradle server use weak key length / algo combinations

[sdedic]

BTW I wireshark-captured the communication; what's funny is that the client (that is my laptop) reports different set of available cipher suites when connecting for gradle 7.5 download (from java.gradle test suite) than when connecting for gradle 7.6.2 (micronaut test suite).

[mbien]

well the cert is from cloudflare, the rest of the infra probably too (I haven't checked). So all machines are going to be virtual, load balanced and ddos mitigated. So file A can be on the other side of the world than file B.

Do I interpret this as go-ahead with merge?

[sdedic]

Probably yes. I'd suggest to document the requirement to set that property in gradle's arch.xml or somewhere, since any testsuite that uses gradle project as test data may suffer from the same mystery.

Re. cipher suites: according to the capture, the client (that is: our CI machine) started the handshake by offering different set of capabilities - there was no message whatsoever from the server before that (all payloads before Client Hello were zero length). The certificate is sent after server hello (which happens after client hello).

So the difference was IMHO not caused by potentially load-balanced server sending something.

[mbien]

I am not planning to document this since this is a hack and has to be removed asap.

We can't lock the test JVM to outdated TLS modes.

edit: filed an issue #6680

[neilcsmith-net]

Well, tests are green! I'll merge tomorrow and then sync direct to master unless anyone says to hold off before then.

Looks like we'll have a 20-rc4 so be good to have tests clean for anything coming in to delivery. Thanks!

[lahodaj]

Thanks for fixing this, Michael!