added signal handler to native executable

- improved documentation
- closed memcache client's thread pools

.gitea/workflows/build.yaml

@@ -57,6 +57,18 @@ jobs:
           target: release-memcache
           cache-from: type=registry,ref=gitea.woggioni.net/woggioni/rbcs:buildx
           cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/rbcs:buildx
+      -
+        name: Build rbcs memcache Docker image
+        uses: docker/build-push-action@v5.3.0
+        with:
+          context: "docker/build/docker"
+          platforms: linux/amd64
+          push: true
+          pull: true
+          tags: |
+            gitea.woggioni.net/woggioni/rbcs:native
+            gitea.woggioni.net/woggioni/rbcs:native-${{ steps.retrieve-version.outputs.VERSION }}
+          target: release-native
       - name: Publish artifacts
         env:
           PUBLISHER_TOKEN: ${{ secrets.PUBLISHER_TOKEN }}

LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Y. T. CHUNG <zonyitoo@gmail.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,209 @@
+# Remote Build Cache Server
+Remote Build Cache Server (shortened to RBCS) allows you to share and reuse unchanged build 
+and test outputs across the team. This speeds up local and CI builds since cycles are not wasted
+re-building components that are unaffected by new code changes. RBCS supports both Gradle and
+Maven build tool environments.
+
+It comes with pluggable storage backends, the core application offers in-memory storage or disk-backed storage,
+in addition to this there is an official plugin to use memcached as the storage backend.
+
+It supports HTTP basic authentication or, alternatively, TLS certificate authentication, role-based access control (RBAC),
+and throttling.
+
+## Quickstart
+
+### Downloading the jar file 
+You can download the latest version from [this link](https://gitea.woggioni.net/woggioni/-/packages/maven/net.woggioni:rbcs-cli/)
+
+Assuming you have Java 21 or later installed, you can launch the server directly with
+
+```bash
+java -jar rbcs-cli.jar server
+```
+
+By default it will start an HTTP server bound to localhost and listening on port 8080 with no authentication,
+writing data to the disk, that you can use for testing
+
+### Using the Docker image
+You can pull the latest Docker image with
+```bash
+docker pull gitea.woggioni.net/woggioni/rbcs:latest
+```
+
+By default it will start an HTTP server bound to localhost and listening on port 8080 with no authentication,
+writing data to the disk, that you can use for testing
+
+## Usage
+
+### Configuration
+The location of the `rbcs.xml` configuration file depends on the operating system, 
+Alternatively it can be changed setting the `RBCS_CONFIGURATION_DIR` environmental variable or `net.woggioni.rbcs.conf.dir` Java system property
+to the directory that contain the `rbcs.xml` file.
+
+The server configuration file follows the XML format and uses XML schema for validation
+(you can find the schema for the main configuration file [here](https://gitea.woggioni.net/woggioni/rbcs/src/branch/master/rbcs-server/src/main/resources/net/woggioni/rbcs/server/schema/rbcs.xsd)).
+
+The configuration values are enclosed inside XML attribute and support system property / environmental variable interpolation.
+As an example, you can configure RBCS to read the server port number from the `RBCS_SERVER_PORT` environmental variable
+and the bind address from the `rbc.bind.address` JVM system property with.
+
+Full documentation for all tags and attributes is available [here](doc/server_configuration.md).
+
+### Plugins
+If you want to use memcache as a storage backend you'll also need to download [the memcache plugin](https://gitea.woggioni.net/woggioni/-/packages/maven/net.woggioni:rbcs-server-memcache/)
+
+Plugins need to be stored in a folder named `plugins` in the located server's working directory
+(the directory where the server process is started). They are shipped as TAR archives, so you need to extract
+the content of the archive into the `plugins` directory for the server to pick them up.
+
+### Using RBCS with Gradle 
+
+Add this to the `settings.gradle` file of your project
+
+```groovy
+buildCache {
+    remote(HttpBuildCache) {
+        url = 'https://rbcs.example.com/'
+        push = true
+        allowInsecureProtocol = false
+        // The credentials block is only required if you enable 
+        // HTTP basic authentication on RBCS
+        credentials {
+            username = 'build-cache-user'
+            password = 'some-complicated-password'
+        }
+    }
+}
+```
+
+alternatively you can add this to `${GRADLE_HOME}/init.gradle` to configure the remote cache
+at the system level
+
+```groovy
+gradle.settingsEvaluated { settings ->
+    settings.buildCache {
+        remote(HttpBuildCache) {
+            url = 'https://rbcs.example.com/'
+            push = true
+            allowInsecureProtocol = false
+            // The credentials block is only required if you enable 
+            // HTTP basic authentication on RBCS
+            credentials {
+                username = 'build-cache-user'
+                password = 'some-complicated-password'
+            }
+        }
+    }
+}
+```
+
+add `org.gradle.caching=true` to your `<project>/gradle.properties` or run gradle with `--build-cache`.
+
+Read [Gradle documentation](https://docs.gradle.org/current/userguide/build_cache.html) for more detailed information.
+
+### Using RBCS with Maven
+
+1. Create an `extensions.xml` in `<project>/.mvn/extensions.xml` with the following content
+  ```xml
+  <extensions xmlns="http://maven.apache.org/EXTENSIONS/1.1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xsi:schemaLocation="http://maven.apache.org/EXTENSIONS/1.1.0 https://maven.apache.org/xsd/core-extensions-1.0.0.xsd">
+      <extension>
+          <groupId>org.apache.maven.extensions</groupId>
+          <artifactId>maven-build-cache-extension</artifactId>
+          <version>1.2.0</version>
+      </extension>
+  </extensions>
+  ```
+2. Copy [maven-build-cache-config.xml](https://maven.apache.org/extensions/maven-build-cache-extension/maven-build-cache-config.xml) into `<project>/.mvn/` folder
+3. Edit the `cache/configuration/remote` element
+  ```xml
+    <remote enabled="true" id="rbcs">
+        <url>https://rbcs.example.com/</url>
+    </remote>
+  ```
+4. Run maven with
+  ```bash
+    mvn -Dmaven.build.cache.enabled=true -Dmaven.build.cache.debugOutput=true -Dmaven.build.cache.remote.save.enabled=true package
+  ```
+
+Alternatively you can set those properties in your `<project>/pom.xml`
+
+
+Read [here](https://maven.apache.org/extensions/maven-build-cache-extension/remote-cache.html)
+for more informations
+
+## FAQ
+### Why should I use a build cache?
+
+#### Build Caches Improve Build & Test Performance
+
+Building software consists of a number of steps, like compiling sources, executing tests, and linking binaries. We’ve seen that a binary artifact repository helps when such a step requires an external component by downloading the artifact from the repository rather than building it locally.
+However, there are many additional steps in this build process which can be optimized to reduce the build time. An obvious strategy is to avoid executing build steps which dominate the total build time when these build steps are not needed.
+Most build times are dominated by the testing step. 
+
+While binary repositories cannot capture the outcome of a test build step (only the test reports 
+when included in binary artifacts), build caches are designed to eliminate redundant executions 
+for every build step. Moreover, it generalizes the concept of avoiding work associated with any 
+incremental step of the build, including test execution, compilation and resource processing. 
+The mechanism itself is comparable to a pure function. That is, given some inputs such as source 
+files and  environment parameters we know that the output is always going to be the same. 
+As a result, we can cache it and retrieve it based on a simple cryptographic hash of the inputs.
+Build caching is supported natively by some build tools. 
+
+#### Improve CI builds with a remote build cache
+
+When analyzing the role of a build cache it is important to take into account the granularity 
+of the changes that it caches. Imagine a full build for a project with 40 to 50 modules 
+which fails at the last step (deployment) because the staging environment is temporarily unavailable.
+Although the vast majority of the build steps (potentially thousands) succeed, 
+the change can not be deployed to the staging environment. 
+Without a build cache one typically relies on a very complex CI configuration to reuse build step outputs
+or would have to repeat the full build once the environment is available.
+
+Some build tools don’t support incremental builds properly. For example, outputs of a build started
+from scratch may vary when compared to subsequent builds that rely on the initial build’s output.
+As a result, to preserve build integrity, it’s crucial to rebuild from scratch, or ‘cleanly,’ in this
+scenario.
+
+With a build cache, only the last step needs to be executed and the build can be re-triggered 
+when the environment is back online. This automatically saves all of the time and 
+resources required across the different build steps which were successfully executed. 
+Instead of executing the intermediate steps, the build tool pulls the outputs from the build cache,
+avoiding a lot of redundant work
+
+#### Share outputs with a remote build cache
+
+One of the most important advantages of a remote build cache is the ability to share build outputs. 
+In most CI configurations, for example, a number of pipelines are created.
+These may include one for building the sources, one for testing, one for publishing the outcomes 
+to a remote repository, and other pipelines to test on different platforms. 
+There are even situations where CI builds partially build a project (i.e. some modules and not others).
+
+Most of those pipelines share a lot of intermediate build steps. All builds which perform testing
+require the binaries to be ready. All publishing builds require all previous steps to be executed.
+And because modern CI infrastructure means executing everything in containerized (isolated) environments,
+significant resources are wasted by repeatedly building the same intermediate artifacts.
+
+A remote build cache greatly reduces this overhead by orders of magnitudes because it provides a way
+for all those pipelines to share their outputs. After all, there is no point recreating an output that
+is already available in the cache.
+
+Because there are inherent dependencies between software components of a build,
+introducing a build cache dramatically reduces the impact of exploding a component into multiple pieces,
+allowing for increased modularity without increased overhead.
+
+#### Make local developers more efficient with remote build caches
+
+It is common for different teams within a company to work on different modules of a single large
+application. In this case, most teams don’t care about building the other parts of the software.
+By introducing a remote cache developers immediately benefit from pre-built artifacts when checking out code. 
+Because it has already been built on CI, they don’t have to do it locally.
+
+Introducing a remote cache is a huge benefit for those developers. Consider that a typical developer’s
+day begins by performing a code checkout. Most likely the checked out code has already been built on CI.
+Therefore, no time is wasted running the first build of the day. The remote cache provides all of the
+intermediate artifacts needed. And, in the event local changes are made, the remote cache still leverages
+partial cache hits for projects which are independent. As other developers in the organization request 
+CI builds, the remote cache continues to populate, increasing the likelihood of these remote cache hits
+across team members.
+

build.gradle

@@ -14,9 +14,7 @@ allprojects { subproject ->
         if(project.currentTag.isPresent()) {
             version = project.currentTag.map { it[0] }.get()
         } else {
-            version = project.gitRevision.map { gitRevision ->
+            version = "${getProperty('rbcs.version')}-SNAPSHOT"
-                "${getProperty('rbcs.version')}.${gitRevision[0..10]}"
-            }.get()
         }
 
     repositories {
@@ -24,7 +22,6 @@ allprojects { subproject ->
             url = getProperty('gitea.maven.url')
             content {
                 includeModule 'net.woggioni', 'jwo'
-                includeModule 'net.woggioni', 'xmemcached'
                 includeGroup 'com.lys'
             }
         }
@@ -41,7 +38,7 @@ allprojects { subproject ->
             withSourcesJar()
             modularity.inferModulePath = true
             toolchain {
-                languageVersion = JavaLanguageVersion.of(21)
+                languageVersion = JavaLanguageVersion.of(23)
                 vendor = JvmVendorSpec.ORACLE
             }
         }

doc/server_configuration.md

@@ -0,0 +1,178 @@
+
+### RBCS server configuration file elements and attributes
+
+#### Root Element: `server`
+The root element that contains all server configuration.
+
+**Attributes:**
+- `path` (optional): URI path prefix for cache requests. Example: if set to "cache", requests would be made to "http://www.example.com/cache/KEY"
+
+#### Child Elements
+
+#### `<bind>`
+Configures server socket settings.
+
+**Attributes:**
+- `host` (required): Server bind address
+- `port` (required): Server port number
+- `incoming-connections-backlog-size` (optional, default: 1024): Maximum queue length for incoming connection indications
+
+#### `<connection>`
+Configures connection handling parameters.
+
+**Attributes:**
+- `idle-timeout` (optional, default: PT30S): Connection timeout when no activity
+- `read-idle-timeout` (optional, default: PT60S): Connection timeout when no reads
+- `write-idle-timeout` (optional, default: PT60S): Connection timeout when no writes
+- `max-request-size` (optional, default: 0x4000000): Maximum allowed request body size
+
+#### `<event-executor>`
+Configures event execution settings.
+
+**Attributes:**
+- `use-virtual-threads` (optional, default: true): Whether to use virtual threads for the server handler
+
+#### `<cache>`
+Defines cache storage implementation. Two types are available:
+
+##### InMemory Cache
+
+A simple storage backend that uses an hash map to store data in memory
+
+**Attributes:**
+- `max-age` (default: P1D): Cache entry lifetime
+- `max-size` (default: 0x1000000): Maximum cache size in bytes
+- `digest` (default: MD5): Key hashing algorithm
+- `enable-compression` (default: true): Enable deflate compression
+- `compression-level` (default: -1): Compression level (-1 to 9)
+- `chunk-size` (default: 0x10000): Maximum socket write size
+
+##### FileSystem Cache
+
+A storage backend that stores data in a folder on the disk
+
+**Attributes:**
+- `path`: Storage directory path
+- `max-age` (default: P1D): Cache entry lifetime
+- `digest` (default: MD5): Key hashing algorithm
+- `enable-compression` (default: true): Enable deflate compression
+- `compression-level` (default: -1): Compression level
+- `chunk-size` (default: 0x10000): Maximum in-memory cache value size
+
+#### `<authorization>`
+Configures user and group-based access control.
+
+##### `<users>`
+List of registered users.
+- Contains `<user>` elements:
+
+  **Attributes:**
+    - `name` (required): Username
+    - `password` (optional): For basic authentication
+- Can contain an `anonymous` element to allow for unauthenticated access
+
+##### `<groups>`
+List of user groups.
+- Contains `<group>` elements:
+
+    **Attributes:**
+    - `name`: Group name
+    - Can contain:
+        - `users`: List of user references
+        - `roles`: List of roles (READER/WRITER)
+        - `user-quota`: Per-user quota
+        - `group-quota`: Group-wide quota
+
+#### `<authentication>`
+Configures authentication mechanism. Options:
+- `<basic>`: HTTP basic authentication
+- `<client-certificate>`: TLS certificate authentication, it uses attributes of the subject's X.500 name
+  to extract the username and group of the client.
+
+  Example:
+  ```xml
+    <client-certificate>
+        <user-extractor attribute-name="CN" pattern="(.*)"/>
+        <group-extractor attribute-name="O" pattern="(.*)"/>
+    </client-certificate>
+  ```
+- `<none>`: No authentication
+
+#### `<tls>`
+Configures TLS encryption.
+
+**Child Elements:**
+- `<keystore>`: Server certificate configuration
+
+    **Attributes:**
+    - `file` (required): Keystore file path
+    - `password`: Keystore password
+    - `key-alias` (required): Private key alias
+    - `key-password`: Private key password
+- `<truststore>`: Client certificate verification
+
+    **Attributes:**  
+    - `file` (required): Truststore file path
+    - `password`: Truststore password
+    - `check-certificate-status`: Enable CRL/OCSP checking
+    - `require-client-certificate` (default: false): Require client certificates
+
+
+----------------------------
+
+# Complete configuration example
+
+```xml
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<rbcs:server xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:rbcs="urn:net.woggioni.rbcs.server"
+             xs:schemaLocation="urn:net.woggioni.rbcs.server jpms://net.woggioni.rbcs.server/net/woggioni/rbcs/server/schema/rbcs.xsd"
+>
+    <bind host="0.0.0.0" port="8080" incoming-connections-backlog-size="1024"/>
+    <connection
+            max-request-size="67108864"
+            idle-timeout="PT10S"
+            read-idle-timeout="PT20S"
+            write-idle-timeout="PT20S"
+            read-timeout="PT5S"
+            write-timeout="PT5S"/>
+    <event-executor use-virtual-threads="true"/>
+    <cache xs:type="rbcs:inMemoryCacheType" max-age="P7D" enable-compression="false" max-size="0x10000000" />
+    <!--cache xs:type="rbcs:fileSystemCacheType" max-age="P7D" enable-compression="false" path="${sys:java.io.tmpdir}/rbcs"/-->
+    <authorization>
+        <users>
+            <user name="user1" password="II+qeNLft2pZ/JVNo9F7jpjM/BqEcfsJW27NZ6dPVs8tAwHbxrJppKYsbL7J/SMl">
+                <quota calls="100" period="PT1S"/>
+            </user>
+            <user name="user2" password="v6T9+q6/VNpvLknji3ixPiyz2YZCQMXj2FN7hvzbfc2Ig+IzAHO0iiBCH9oWuBDq"/>
+            <anonymous>
+                <quota calls="10" period="PT60S" initial-available-calls="10" max-available-calls="10"/>
+            </anonymous>
+        </users>
+        <groups>
+            <group name="readers">
+                <users>
+                    <anonymous/>
+                </users>
+                <roles>
+                    <reader/>
+                </roles>
+            </group>
+            <group name="writers">
+                <users>
+                    <user ref="user1"/>
+                    <user ref="user2"/>
+                </users>
+                <roles>
+                    <reader/>
+                    <writer/>
+                </roles>
+            </group>
+        </groups>
+    </authorization>
+    <authentication>
+      <basic/>
+    </authentication>
+</rbcs:server>
+
+```

docker/Dockerfile

@@ -13,4 +13,9 @@ RUN mkdir plugins
 WORKDIR /home/luser/plugins
 RUN --mount=type=bind,source=.,target=/build/distributions tar -xf /build/distributions/rbcs-server-memcache*.tar
 WORKDIR /home/luser
-ENTRYPOINT ["java", "-XX:+UseSerialGC", "-XX:GCTimeRatio=24", "-jar", "/home/luser/rbcs.jar", "server"]
+ADD logback.xml .
+ENTRYPOINT ["java", "-Dlogback.configurationFile=logback.xml", "-XX:+UseSerialGC", "-XX:GCTimeRatio=24", "-jar", "/home/luser/rbcs.jar", "server"]
+
+FROM scratch AS release-native
+ADD rbcs-cli.upx rbcs-cli
+ENTRYPOINT ["./rbcs-cli"]

docker/build.gradle

@@ -30,6 +30,9 @@ Provider<Copy> prepareDockerBuild = tasks.register('prepareDockerBuild', Copy) {
     into project.layout.buildDirectory.file('docker')
     from(configurations.docker)
     from(file('Dockerfile'))
+    from(rootProject.file('conf')) {
+        include 'logback.xml'
+    }
 }
 
 Provider<DockerBuildImage> dockerBuild = tasks.register('dockerBuildImage', DockerBuildImage) {
@@ -63,5 +66,3 @@ Provider<DockerPushImage> dockerPush = tasks.register('dockerPushImage', DockerP
     }
     images = [dockerTag.flatMap{ it.tag }, dockerTagMemcache.flatMap{ it.tag }]
 }
-
-

gradle.properties

@@ -4,7 +4,7 @@ org.gradle.caching=true
 
 rbcs.version = 0.2.0
 
-lys.version = 2025.02.08
+lys.version = 2025.02.25
 
 gitea.maven.url = https://gitea.woggioni.net/api/packages/woggioni/maven
 docker.registry.url=gitea.woggioni.net

rbcs-api/build.gradle

@@ -5,6 +5,7 @@ plugins {
 }
 
 dependencies {
+    api catalog.netty.common
     api catalog.netty.buffer
     api catalog.netty.handler
 }

rbcs-api/src/main/java/module-info.java

@@ -4,6 +4,7 @@ module net.woggioni.rbcs.api {
     requires io.netty.buffer;
     requires io.netty.handler;
     requires io.netty.transport;
+    requires io.netty.common;
     exports net.woggioni.rbcs.api;
     exports net.woggioni.rbcs.api.exception;
     exports net.woggioni.rbcs.api.message;

rbcs-api/src/main/java/net/woggioni/rbcs/api/AsyncCloseable.java

@@ -0,0 +1,13 @@
+package net.woggioni.rbcs.api;
+
+import java.util.concurrent.CompletableFuture;
+
+public interface AsyncCloseable extends AutoCloseable {
+
+    CompletableFuture<Void> asyncClose();
+
+    @Override
+    default void close() throws Exception {
+        asyncClose().get();
+    }
+}

rbcs-api/src/main/java/net/woggioni/rbcs/api/CacheHandlerFactory.java

@@ -1,7 +1,15 @@
 package net.woggioni.rbcs.api;
 
+import io.netty.channel.ChannelFactory;
 import io.netty.channel.ChannelHandler;
+import io.netty.channel.EventLoopGroup;
+import io.netty.channel.socket.DatagramChannel;
+import io.netty.channel.socket.SocketChannel;
 
-public interface CacheHandlerFactory extends AutoCloseable {
+public interface CacheHandlerFactory extends AsyncCloseable {
-    ChannelHandler newHandler();
+    ChannelHandler newHandler(
+            EventLoopGroup eventLoopGroup,
+            ChannelFactory<SocketChannel> socketChannelFactory,
+            ChannelFactory<DatagramChannel> datagramChannelFactory
+    );
 }

rbcs-api/src/main/java/net/woggioni/rbcs/api/Configuration.java

@@ -35,8 +35,6 @@ public class Configuration {
 
     @Value
     public static class Connection {
-        Duration readTimeout;
-        Duration writeTimeout;
         Duration idleTimeout;
         Duration readIdleTimeout;
         Duration writeIdleTimeout;
@@ -85,17 +83,6 @@ public class Configuration {
         Group extract(X509Certificate cert);
     }
 
-    @Value
-    public static class Throttling {
-        KeyStore keyStore;
-        TrustStore trustStore;
-        boolean verifyClients;
-    }
-
-    public enum ClientCertificate {
-        REQUIRED, OPTIONAL
-    }
-
     @Value
     public static class Tls {
         KeyStore keyStore;

rbcs-cli/build.gradle

@@ -9,20 +9,22 @@ plugins {
     id 'maven-publish'
 }
 
+import net.woggioni.gradle.envelope.EnvelopePlugin
 import net.woggioni.gradle.envelope.EnvelopeJarTask
 import net.woggioni.gradle.graalvm.NativeImageConfigurationTask
 import net.woggioni.gradle.graalvm.NativeImagePlugin
-import net.woggioni.gradle.graalvm.NativeImageTask
+import net.woggioni.gradle.graalvm.UpxTask
 import net.woggioni.gradle.graalvm.JlinkPlugin
 import net.woggioni.gradle.graalvm.JlinkTask
 
-Property<String> mainModuleName = objects.property(String.class)
+sourceSets {
-mainModuleName.set('net.woggioni.rbcs.cli')
+    configureNativeImage {
-Property<String> mainClassName = objects.property(String.class)
+        java {
-mainClassName.set('net.woggioni.rbcs.cli.RemoteBuildCacheServerCli')
+        }
+        kotlin {
 
-tasks.named(JavaPlugin.COMPILE_JAVA_TASK_NAME, JavaCompile) {
+        }
-    options.javaModuleMainClass = mainClassName
+    }
 }
 
 configurations {
@@ -32,16 +34,25 @@ configurations {
         canBeResolved = true
         visible = true
     }
-}
 
-envelopeJar {
+    configureNativeImageImplementation {
-    mainModule = mainModuleName
+        extendsFrom implementation
-    mainClass = mainClassName
+    }
+
+    configureNativeImageRuntimeOnly {
+        extendsFrom runtimeOnly
+    }
+
+    nativeImage {
+        extendsFrom runtimeClasspath
+    }
 
-    extraClasspath = ["plugins"]
 }
 
 dependencies {
+    configureNativeImageImplementation project
+    configureNativeImageImplementation project(':rbcs-server-memcache')
+
     implementation catalog.jwo
     implementation catalog.slf4j.api
     implementation catalog.picocli
@@ -52,32 +63,55 @@ dependencies {
 //    runtimeOnly catalog.slf4j.jdk14
     runtimeOnly catalog.logback.classic
 //    runtimeOnly catalog.slf4j.simple
+    nativeImage project(':rbcs-server-memcache')
+
 }
 
-Provider<EnvelopeJarTask> envelopeJarTaskProvider = tasks.named('envelopeJar', EnvelopeJarTask.class) {
+
-//    systemProperties['java.util.logging.config.class'] = 'net.woggioni.rbcs.LoggingConfig'
+Property<String> mainModuleName = objects.property(String.class)
-//    systemProperties['log.config.source'] = 'net/woggioni/rbcs/cli/logging.properties'
+mainModuleName.set('net.woggioni.rbcs.cli')
-//    systemProperties['java.util.logging.config.file'] = 'classpath:net/woggioni/rbcs/cli/logging.properties'
+Property<String> mainClassName = objects.property(String.class)
+mainClassName.set('net.woggioni.rbcs.cli.RemoteBuildCacheServerCli')
+
+tasks.named(JavaPlugin.COMPILE_JAVA_TASK_NAME, JavaCompile) {
+    options.javaModuleMainClass = mainClassName
+}
+
+Provider<Jar> jarTaskProvider = tasks.named(JavaPlugin.JAR_TASK_NAME, Jar)
+
+Provider<EnvelopeJarTask> envelopeJarTaskProvider = tasks.named(EnvelopePlugin.ENVELOPE_JAR_TASK_NAME, EnvelopeJarTask.class) {
+    mainModule = mainModuleName
+    mainClass = mainClassName
+
+    extraClasspath = ["plugins"]
+
     systemProperties['logback.configurationFile'] = 'classpath:net/woggioni/rbcs/cli/logback.xml'
     systemProperties['io.netty.leakDetectionLevel'] = 'DISABLED'
-
-//    systemProperties['org.slf4j.simpleLogger.showDateTime'] = 'true'
-//    systemProperties['org.slf4j.simpleLogger.defaultLogLevel'] = 'debug'
-//    systemProperties['org.slf4j.simpleLogger.log.com.google.code.yanf4j'] = 'warn'
-//    systemProperties['org.slf4j.simpleLogger.log.net.rubyeye.xmemcached'] = 'warn'
-//    systemProperties['org.slf4j.simpleLogger.dateTimeFormat'] = 'yyyy-MM-dd\'T\'HH:mm:ss.SSSZ'
 }
 
 tasks.named(NativeImagePlugin.CONFIGURE_NATIVE_IMAGE_TASK_NAME, NativeImageConfigurationTask) {
-    mainClass = mainClassName
+    mainClass = "net.woggioni.rbcs.cli.graal.GraalNativeImageConfiguration"
-    mainModule = mainModuleName
+    setClasspath(configurations.configureNativeImageRuntimeClasspath + sourceSets.graal.output.classesDirs)
+    mergeConfiguration = false
+    systemProperty('logback.configurationFile', 'classpath:net/woggioni/rbcs/cli/logback.xml')
+    systemProperty('io.netty.leakDetectionLevel', 'DISABLED')
+    modularity.inferModulePath = false
+    enabled = false
 }
 
-tasks.named(NativeImagePlugin.NATIVE_IMAGE_TASK_NAME, NativeImageTask) {
+nativeImage {
     mainClass = mainClassName
-    mainModule = mainModuleName
+//    mainModule = mainModuleName
     useMusl = true
     buildStaticImage = true
+    linkAtBuildTime = false
+    classpath = project.files(jarTaskProvider, configurations.nativeImage)
+    compressExecutable = true
+    compressionLevel = 10
+    useLZMA = false
+}
+
+Provider<UpxTask> upxTaskProvider = tasks.named(NativeImagePlugin.UPX_TASK_NAME, UpxTask) {
 }
 
 tasks.named(JlinkPlugin.JLINK_TASK_NAME, JlinkTask) {
@@ -85,16 +119,30 @@ tasks.named(JlinkPlugin.JLINK_TASK_NAME, JlinkTask) {
     mainModule = 'net.woggioni.rbcs.cli'
 }
 
+tasks.named(JavaPlugin.PROCESS_RESOURCES_TASK_NAME, ProcessResources) {
+    from(rootProject.file('conf')) {
+        into('net/woggioni/rbcs/cli')
+        include 'logback.xml'
+        include 'logging.properties'
+    }
+}
+
 artifacts {
     release(envelopeJarTaskProvider)
+    release(upxTaskProvider)
 }
 
 publishing {
     publications {
         maven(MavenPublication) {
             artifact envelopeJar
+            artifact(upxTaskProvider) {
+                classifier = "linux-x86_64"
+                extension = "exe"
+            }
         }
     }
 }
 
 
+

rbcs-cli/native-image/jni-config.json

@@ -0,0 +1,6 @@
+[
+{
+  "name":"java.lang.Boolean",
+  "methods":[{"name":"getBoolean","parameterTypes":["java.lang.String"] }]
+}
+]

rbcs-cli/native-image/native-image.properties

@@ -1,2 +1,2 @@
-Args=-H:Optimize=3 --gc=serial --initialize-at-run-time=io.netty
+Args=-O3 --gc=serial --install-exit-handlers --initialize-at-run-time=io.netty --enable-url-protocols=jpms --initialize-at-build-time=net.woggioni.rbcs.common.RbcsUrlStreamHandlerFactory,net.woggioni.rbcs.common.RbcsUrlStreamHandlerFactory$JpmsHandler
 #-H:TraceClassInitialization=io.netty.handler.ssl.BouncyCastleAlpnSslUtils

rbcs-cli/native-image/predefined-classes-config.json

@@ -0,0 +1,8 @@
+[
+  {
+    "type":"agent-extracted",
+    "classes":[
+    ]
+  }
+]
+

rbcs-cli/native-image/proxy-config.json

@@ -0,0 +1,2 @@
+[
+]

rbcs-cli/native-image/reflect-config.json

@@ -0,0 +1,756 @@
+[
+{
+  "name":"android.os.Build$VERSION"
+},
+{
+  "name":"ch.qos.logback.classic.encoder.PatternLayoutEncoder",
+  "queryAllPublicMethods":true,
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"ch.qos.logback.classic.joran.SerializedModelConfigurator",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"ch.qos.logback.classic.util.DefaultJoranConfigurator",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"ch.qos.logback.core.ConsoleAppender",
+  "queryAllPublicMethods":true,
+  "methods":[{"name":"<init>","parameterTypes":[] }, {"name":"setTarget","parameterTypes":["java.lang.String"] }]
+},
+{
+  "name":"ch.qos.logback.core.OutputStreamAppender",
+  "methods":[{"name":"setEncoder","parameterTypes":["ch.qos.logback.core.encoder.Encoder"] }]
+},
+{
+  "name":"ch.qos.logback.core.encoder.Encoder",
+  "methods":[{"name":"valueOf","parameterTypes":["java.lang.String"] }]
+},
+{
+  "name":"ch.qos.logback.core.encoder.LayoutWrappingEncoder",
+  "methods":[{"name":"setParent","parameterTypes":["ch.qos.logback.core.spi.ContextAware"] }]
+},
+{
+  "name":"ch.qos.logback.core.pattern.PatternLayoutEncoderBase",
+  "methods":[{"name":"setPattern","parameterTypes":["java.lang.String"] }]
+},
+{
+  "name":"ch.qos.logback.core.spi.ContextAware",
+  "methods":[{"name":"valueOf","parameterTypes":["java.lang.String"] }]
+},
+{
+  "name":"com.aayushatharva.brotli4j.Brotli4jLoader"
+},
+{
+  "name":"com.github.luben.zstd.Zstd"
+},
+{
+  "name":"com.sun.crypto.provider.AESCipher$General",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"com.sun.crypto.provider.ARCFOURCipher",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"com.sun.crypto.provider.DESCipher",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"com.sun.crypto.provider.DESedeCipher",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"com.sun.crypto.provider.DHParameters",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"com.sun.crypto.provider.GaloisCounterMode$AESGCM",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"com.sun.crypto.provider.HmacCore$HmacSHA512",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"com.sun.crypto.provider.PBKDF2Core$HmacSHA512",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"com.sun.crypto.provider.TlsMasterSecretGenerator",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"com.sun.org.apache.xerces.internal.impl.dv.xs.ExtendedSchemaDVFactoryImpl",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"com.sun.org.apache.xerces.internal.impl.dv.xs.SchemaDVFactoryImpl",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"groovy.lang.Closure"
+},
+{
+  "name":"io.netty.bootstrap.ServerBootstrap$1"
+},
+{
+  "name":"io.netty.bootstrap.ServerBootstrap$ServerBootstrapAcceptor",
+  "methods":[{"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }, {"name":"exceptionCaught","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Throwable"] }]
+},
+{
+  "name":"io.netty.buffer.AbstractByteBufAllocator",
+  "queryAllDeclaredMethods":true
+},
+{
+  "name":"io.netty.buffer.AbstractReferenceCountedByteBuf",
+  "fields":[{"name":"refCnt"}]
+},
+{
+  "name":"io.netty.channel.AbstractChannelHandlerContext",
+  "fields":[{"name":"handlerState"}]
+},
+{
+  "name":"io.netty.channel.ChannelDuplexHandler",
+  "methods":[{"name":"bind","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.net.SocketAddress","io.netty.channel.ChannelPromise"] }, {"name":"close","parameterTypes":["io.netty.channel.ChannelHandlerContext","io.netty.channel.ChannelPromise"] }, {"name":"connect","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.net.SocketAddress","java.net.SocketAddress","io.netty.channel.ChannelPromise"] }, {"name":"deregister","parameterTypes":["io.netty.channel.ChannelHandlerContext","io.netty.channel.ChannelPromise"] }, {"name":"disconnect","parameterTypes":["io.netty.channel.ChannelHandlerContext","io.netty.channel.ChannelPromise"] }, {"name":"flush","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"read","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"write","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object","io.netty.channel.ChannelPromise"] }]
+},
+{
+  "name":"io.netty.channel.ChannelHandlerAdapter",
+  "methods":[{"name":"exceptionCaught","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Throwable"] }]
+},
+{
+  "name":"io.netty.channel.ChannelInboundHandlerAdapter",
+  "methods":[{"name":"channelActive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelInactive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }, {"name":"channelReadComplete","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelRegistered","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelUnregistered","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelWritabilityChanged","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"exceptionCaught","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Throwable"] }, {"name":"userEventTriggered","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }]
+},
+{
+  "name":"io.netty.channel.ChannelInitializer",
+  "methods":[{"name":"channelRegistered","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"exceptionCaught","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Throwable"] }]
+},
+{
+  "name":"io.netty.channel.ChannelOutboundBuffer",
+  "fields":[{"name":"totalPendingSize"}, {"name":"unwritable"}]
+},
+{
+  "name":"io.netty.channel.ChannelOutboundHandlerAdapter",
+  "methods":[{"name":"bind","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.net.SocketAddress","io.netty.channel.ChannelPromise"] }, {"name":"connect","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.net.SocketAddress","java.net.SocketAddress","io.netty.channel.ChannelPromise"] }, {"name":"deregister","parameterTypes":["io.netty.channel.ChannelHandlerContext","io.netty.channel.ChannelPromise"] }, {"name":"disconnect","parameterTypes":["io.netty.channel.ChannelHandlerContext","io.netty.channel.ChannelPromise"] }, {"name":"flush","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"read","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }]
+},
+{
+  "name":"io.netty.channel.CombinedChannelDuplexHandler",
+  "methods":[{"name":"bind","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.net.SocketAddress","io.netty.channel.ChannelPromise"] }, {"name":"channelActive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelInactive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }, {"name":"channelReadComplete","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelRegistered","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelUnregistered","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelWritabilityChanged","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"close","parameterTypes":["io.netty.channel.ChannelHandlerContext","io.netty.channel.ChannelPromise"] }, {"name":"connect","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.net.SocketAddress","java.net.SocketAddress","io.netty.channel.ChannelPromise"] }, {"name":"deregister","parameterTypes":["io.netty.channel.ChannelHandlerContext","io.netty.channel.ChannelPromise"] }, {"name":"disconnect","parameterTypes":["io.netty.channel.ChannelHandlerContext","io.netty.channel.ChannelPromise"] }, {"name":"exceptionCaught","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Throwable"] }, {"name":"flush","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"read","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"userEventTriggered","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }, {"name":"write","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object","io.netty.channel.ChannelPromise"] }]
+},
+{
+  "name":"io.netty.channel.DefaultChannelConfig",
+  "fields":[{"name":"autoRead"}, {"name":"writeBufferWaterMark"}]
+},
+{
+  "name":"io.netty.channel.DefaultChannelPipeline",
+  "fields":[{"name":"estimatorHandle"}]
+},
+{
+  "name":"io.netty.channel.DefaultChannelPipeline$HeadContext",
+  "methods":[{"name":"bind","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.net.SocketAddress","io.netty.channel.ChannelPromise"] }, {"name":"channelActive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelInactive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }, {"name":"channelReadComplete","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelRegistered","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelUnregistered","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelWritabilityChanged","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"close","parameterTypes":["io.netty.channel.ChannelHandlerContext","io.netty.channel.ChannelPromise"] }, {"name":"connect","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.net.SocketAddress","java.net.SocketAddress","io.netty.channel.ChannelPromise"] }, {"name":"deregister","parameterTypes":["io.netty.channel.ChannelHandlerContext","io.netty.channel.ChannelPromise"] }, {"name":"disconnect","parameterTypes":["io.netty.channel.ChannelHandlerContext","io.netty.channel.ChannelPromise"] }, {"name":"exceptionCaught","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Throwable"] }, {"name":"flush","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"read","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"userEventTriggered","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }, {"name":"write","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object","io.netty.channel.ChannelPromise"] }]
+},
+{
+  "name":"io.netty.channel.DefaultChannelPipeline$TailContext",
+  "methods":[{"name":"channelActive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelInactive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }, {"name":"channelReadComplete","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelRegistered","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelUnregistered","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelWritabilityChanged","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"exceptionCaught","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Throwable"] }, {"name":"userEventTriggered","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }]
+},
+{
+  "name":"io.netty.channel.SimpleChannelInboundHandler",
+  "methods":[{"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }]
+},
+{
+  "name":"io.netty.channel.embedded.EmbeddedChannel$2"
+},
+{
+  "name":"io.netty.channel.pool.SimpleChannelPool$1"
+},
+{
+  "name":"io.netty.channel.socket.nio.NioSocketChannel",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"io.netty.handler.codec.ByteToMessageDecoder",
+  "methods":[{"name":"channelInactive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }, {"name":"channelReadComplete","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"userEventTriggered","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }]
+},
+{
+  "name":"io.netty.handler.codec.MessageAggregator",
+  "methods":[{"name":"channelInactive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelReadComplete","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }]
+},
+{
+  "name":"io.netty.handler.codec.MessageToByteEncoder",
+  "methods":[{"name":"write","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object","io.netty.channel.ChannelPromise"] }]
+},
+{
+  "name":"io.netty.handler.codec.MessageToMessageCodec",
+  "methods":[{"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }, {"name":"channelReadComplete","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }]
+},
+{
+  "name":"io.netty.handler.codec.MessageToMessageDecoder",
+  "methods":[{"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }]
+},
+{
+  "name":"io.netty.handler.codec.compression.JdkZlibDecoder"
+},
+{
+  "name":"io.netty.handler.codec.compression.JdkZlibEncoder",
+  "methods":[{"name":"close","parameterTypes":["io.netty.channel.ChannelHandlerContext","io.netty.channel.ChannelPromise"] }]
+},
+{
+  "name":"io.netty.handler.codec.http.HttpClientCodec"
+},
+{
+  "name":"io.netty.handler.codec.http.HttpContentDecoder",
+  "methods":[{"name":"channelInactive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelReadComplete","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }]
+},
+{
+  "name":"io.netty.handler.codec.http.HttpContentDecompressor"
+},
+{
+  "name":"io.netty.handler.codec.http.HttpContentEncoder",
+  "methods":[{"name":"channelInactive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }]
+},
+{
+  "name":"io.netty.handler.codec.http.HttpObjectAggregator"
+},
+{
+  "name":"io.netty.handler.codec.http.HttpServerCodec"
+},
+{
+  "name":"io.netty.handler.codec.memcache.binary.BinaryMemcacheClientCodec"
+},
+{
+  "name":"io.netty.handler.stream.ChunkedWriteHandler",
+  "methods":[{"name":"channelInactive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelWritabilityChanged","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"flush","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"write","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object","io.netty.channel.ChannelPromise"] }]
+},
+{
+  "name":"io.netty.handler.timeout.IdleStateHandler",
+  "methods":[{"name":"channelActive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelInactive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }, {"name":"channelReadComplete","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelRegistered","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"write","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object","io.netty.channel.ChannelPromise"] }]
+},
+{
+  "name":"io.netty.internal.tcnative.SSLContext"
+},
+{
+  "name":"io.netty.util.AbstractReferenceCounted",
+  "fields":[{"name":"refCnt"}]
+},
+{
+  "name":"io.netty.util.DefaultAttributeMap",
+  "fields":[{"name":"attributes"}]
+},
+{
+  "name":"io.netty.util.DefaultAttributeMap$DefaultAttribute",
+  "fields":[{"name":"attributeMap"}]
+},
+{
+  "name":"io.netty.util.Recycler$DefaultHandle",
+  "fields":[{"name":"state"}]
+},
+{
+  "name":"io.netty.util.ReferenceCountUtil",
+  "queryAllDeclaredMethods":true
+},
+{
+  "name":"io.netty.util.concurrent.DefaultPromise",
+  "fields":[{"name":"result"}]
+},
+{
+  "name":"io.netty.util.concurrent.SingleThreadEventExecutor",
+  "fields":[{"name":"state"}, {"name":"threadProperties"}]
+},
+{
+  "name":"io.netty.util.internal.shaded.org.jctools.queues.BaseMpscLinkedArrayQueueColdProducerFields",
+  "fields":[{"name":"producerLimit"}]
+},
+{
+  "name":"io.netty.util.internal.shaded.org.jctools.queues.BaseMpscLinkedArrayQueueConsumerFields",
+  "fields":[{"name":"consumerIndex"}]
+},
+{
+  "name":"io.netty.util.internal.shaded.org.jctools.queues.BaseMpscLinkedArrayQueueProducerFields",
+  "fields":[{"name":"producerIndex"}]
+},
+{
+  "name":"io.netty.util.internal.shaded.org.jctools.queues.unpadded.MpscUnpaddedArrayQueueConsumerIndexField",
+  "fields":[{"name":"consumerIndex"}]
+},
+{
+  "name":"io.netty.util.internal.shaded.org.jctools.queues.unpadded.MpscUnpaddedArrayQueueProducerIndexField",
+  "fields":[{"name":"producerIndex"}]
+},
+{
+  "name":"io.netty.util.internal.shaded.org.jctools.queues.unpadded.MpscUnpaddedArrayQueueProducerLimitField",
+  "fields":[{"name":"producerLimit"}]
+},
+{
+  "name":"java.io.FilePermission"
+},
+{
+  "name":"java.lang.Object",
+  "allDeclaredFields":true,
+  "queryAllDeclaredMethods":true
+},
+{
+  "name":"java.lang.ProcessHandle",
+  "methods":[{"name":"current","parameterTypes":[] }, {"name":"pid","parameterTypes":[] }]
+},
+{
+  "name":"java.lang.RuntimePermission"
+},
+{
+  "name":"java.lang.System",
+  "methods":[{"name":"console","parameterTypes":[] }]
+},
+{
+  "name":"java.lang.Thread",
+  "fields":[{"name":"threadLocalRandomProbe"}]
+},
+{
+  "name":"java.net.NetPermission"
+},
+{
+  "name":"java.net.SocketPermission"
+},
+{
+  "name":"java.net.URLPermission",
+  "methods":[{"name":"<init>","parameterTypes":["java.lang.String","java.lang.String"] }]
+},
+{
+  "name":"java.nio.Bits",
+  "fields":[{"name":"MAX_MEMORY"}, {"name":"UNALIGNED"}]
+},
+{
+  "name":"java.nio.Buffer",
+  "fields":[{"name":"address"}]
+},
+{
+  "name":"java.nio.ByteBuffer",
+  "methods":[{"name":"alignedSlice","parameterTypes":["int"] }]
+},
+{
+  "name":"java.nio.DirectByteBuffer",
+  "methods":[{"name":"<init>","parameterTypes":["long","long"] }]
+},
+{
+  "name":"java.nio.channels.spi.SelectorProvider",
+  "methods":[{"name":"openServerSocketChannel","parameterTypes":["java.net.ProtocolFamily"] }, {"name":"openSocketChannel","parameterTypes":["java.net.ProtocolFamily"] }]
+},
+{
+  "name":"java.nio.file.Path"
+},
+{
+  "name":"java.nio.file.Paths",
+  "methods":[{"name":"get","parameterTypes":["java.lang.String","java.lang.String[]"] }]
+},
+{
+  "name":"java.security.AlgorithmParametersSpi"
+},
+{
+  "name":"java.security.AllPermission"
+},
+{
+  "name":"java.security.KeyStoreSpi"
+},
+{
+  "name":"java.security.SecureRandomParameters"
+},
+{
+  "name":"java.security.SecurityPermission"
+},
+{
+  "name":"java.sql.Connection"
+},
+{
+  "name":"java.sql.Driver"
+},
+{
+  "name":"java.sql.DriverManager",
+  "methods":[{"name":"getConnection","parameterTypes":["java.lang.String"] }, {"name":"getDriver","parameterTypes":["java.lang.String"] }]
+},
+{
+  "name":"java.sql.Time",
+  "methods":[{"name":"<init>","parameterTypes":["long"] }]
+},
+{
+  "name":"java.sql.Timestamp",
+  "methods":[{"name":"valueOf","parameterTypes":["java.lang.String"] }]
+},
+{
+  "name":"java.time.Duration",
+  "methods":[{"name":"parse","parameterTypes":["java.lang.CharSequence"] }]
+},
+{
+  "name":"java.time.Instant",
+  "methods":[{"name":"parse","parameterTypes":["java.lang.CharSequence"] }]
+},
+{
+  "name":"java.time.LocalDate",
+  "methods":[{"name":"parse","parameterTypes":["java.lang.CharSequence"] }]
+},
+{
+  "name":"java.time.LocalDateTime",
+  "methods":[{"name":"parse","parameterTypes":["java.lang.CharSequence"] }]
+},
+{
+  "name":"java.time.LocalTime",
+  "methods":[{"name":"parse","parameterTypes":["java.lang.CharSequence"] }]
+},
+{
+  "name":"java.time.MonthDay",
+  "methods":[{"name":"parse","parameterTypes":["java.lang.CharSequence"] }]
+},
+{
+  "name":"java.time.OffsetDateTime",
+  "methods":[{"name":"parse","parameterTypes":["java.lang.CharSequence"] }]
+},
+{
+  "name":"java.time.OffsetTime",
+  "methods":[{"name":"parse","parameterTypes":["java.lang.CharSequence"] }]
+},
+{
+  "name":"java.time.Period",
+  "methods":[{"name":"parse","parameterTypes":["java.lang.CharSequence"] }]
+},
+{
+  "name":"java.time.Year",
+  "methods":[{"name":"parse","parameterTypes":["java.lang.CharSequence"] }]
+},
+{
+  "name":"java.time.YearMonth",
+  "methods":[{"name":"parse","parameterTypes":["java.lang.CharSequence"] }]
+},
+{
+  "name":"java.time.ZoneId",
+  "methods":[{"name":"of","parameterTypes":["java.lang.String"] }]
+},
+{
+  "name":"java.time.ZoneOffset",
+  "methods":[{"name":"of","parameterTypes":["java.lang.String"] }]
+},
+{
+  "name":"java.time.ZonedDateTime",
+  "methods":[{"name":"parse","parameterTypes":["java.lang.CharSequence"] }]
+},
+{
+  "name":"java.util.PropertyPermission"
+},
+{
+  "name":"java.util.concurrent.ForkJoinTask",
+  "fields":[{"name":"aux"}, {"name":"status"}]
+},
+{
+  "name":"java.util.concurrent.atomic.AtomicBoolean",
+  "fields":[{"name":"value"}]
+},
+{
+  "name":"java.util.concurrent.atomic.AtomicReference",
+  "fields":[{"name":"value"}]
+},
+{
+  "name":"java.util.concurrent.atomic.Striped64",
+  "fields":[{"name":"base"}, {"name":"cellsBusy"}]
+},
+{
+  "name":"java.util.concurrent.atomic.Striped64$Cell",
+  "fields":[{"name":"value"}]
+},
+{
+  "name":"java.util.zip.Adler32",
+  "methods":[{"name":"update","parameterTypes":["java.nio.ByteBuffer"] }]
+},
+{
+  "name":"java.util.zip.CRC32",
+  "methods":[{"name":"update","parameterTypes":["java.nio.ByteBuffer"] }]
+},
+{
+  "name":"javax.security.auth.x500.X500Principal",
+  "fields":[{"name":"thisX500Name"}],
+  "methods":[{"name":"<init>","parameterTypes":["sun.security.x509.X500Name"] }]
+},
+{
+  "name":"javax.smartcardio.CardPermission"
+},
+{
+  "name":"jdk.internal.misc.Unsafe",
+  "methods":[{"name":"getUnsafe","parameterTypes":[] }]
+},
+{
+  "name":"net.woggioni.rbcs.cli.RemoteBuildCacheServerCli",
+  "allDeclaredFields":true,
+  "queryAllDeclaredMethods":true
+},
+{
+  "name":"net.woggioni.rbcs.cli.RemoteBuildCacheServerCli$VersionProvider",
+  "allDeclaredFields":true,
+  "queryAllDeclaredMethods":true,
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"net.woggioni.rbcs.cli.impl.RbcsCommand",
+  "allDeclaredFields":true,
+  "queryAllDeclaredMethods":true
+},
+{
+  "name":"net.woggioni.rbcs.cli.impl.commands.BenchmarkCommand",
+  "allDeclaredFields":true,
+  "queryAllDeclaredMethods":true
+},
+{
+  "name":"net.woggioni.rbcs.cli.impl.commands.ClientCommand",
+  "allDeclaredFields":true,
+  "queryAllDeclaredMethods":true
+},
+{
+  "name":"net.woggioni.rbcs.cli.impl.commands.GetCommand",
+  "allDeclaredFields":true,
+  "queryAllDeclaredMethods":true
+},
+{
+  "name":"net.woggioni.rbcs.cli.impl.commands.HealthCheckCommand",
+  "allDeclaredFields":true,
+  "queryAllDeclaredMethods":true
+},
+{
+  "name":"net.woggioni.rbcs.cli.impl.commands.PasswordHashCommand",
+  "allDeclaredFields":true,
+  "queryAllDeclaredMethods":true
+},
+{
+  "name":"net.woggioni.rbcs.cli.impl.commands.PutCommand",
+  "allDeclaredFields":true,
+  "queryAllDeclaredMethods":true
+},
+{
+  "name":"net.woggioni.rbcs.cli.impl.commands.ServerCommand",
+  "allDeclaredFields":true,
+  "queryAllDeclaredMethods":true
+},
+{
+  "name":"net.woggioni.rbcs.cli.impl.converters.ByteSizeConverter",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"net.woggioni.rbcs.cli.impl.converters.DurationConverter",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"net.woggioni.rbcs.cli.impl.converters.OutputStreamConverter",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"net.woggioni.rbcs.client.RemoteBuildCacheClient$sendRequest$1$operationComplete$responseHandler$1",
+  "methods":[{"name":"channelInactive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"exceptionCaught","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Throwable"] }]
+},
+{
+  "name":"net.woggioni.rbcs.client.RemoteBuildCacheClient$sendRequest$1$operationComplete$timeoutHandler$1",
+  "methods":[{"name":"userEventTriggered","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }]
+},
+{
+  "name":"net.woggioni.rbcs.server.RemoteBuildCacheServer$HttpChunkContentCompressor",
+  "methods":[{"name":"write","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object","io.netty.channel.ChannelPromise"] }]
+},
+{
+  "name":"net.woggioni.rbcs.server.RemoteBuildCacheServer$NettyHttpBasicAuthenticator"
+},
+{
+  "name":"net.woggioni.rbcs.server.RemoteBuildCacheServer$ServerInitializer"
+},
+{
+  "name":"net.woggioni.rbcs.server.RemoteBuildCacheServer$ServerInitializer$initChannel$4",
+  "methods":[{"name":"userEventTriggered","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }]
+},
+{
+  "name":"net.woggioni.rbcs.server.auth.AbstractNettyHttpAuthenticator",
+  "methods":[{"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }]
+},
+{
+  "name":"net.woggioni.rbcs.server.cache.FileSystemCacheHandler",
+  "methods":[{"name":"exceptionCaught","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Throwable"] }]
+},
+{
+  "name":"net.woggioni.rbcs.server.cache.InMemoryCacheHandler",
+  "methods":[{"name":"exceptionCaught","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Throwable"] }]
+},
+{
+  "name":"net.woggioni.rbcs.server.exception.ExceptionHandler",
+  "methods":[{"name":"exceptionCaught","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Throwable"] }]
+},
+{
+  "name":"net.woggioni.rbcs.server.handler.CacheContentHandler",
+  "methods":[{"name":"exceptionCaught","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Throwable"] }]
+},
+{
+  "name":"net.woggioni.rbcs.server.handler.MaxRequestSizeHandler",
+  "methods":[{"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }]
+},
+{
+  "name":"net.woggioni.rbcs.server.handler.ServerHandler",
+  "methods":[{"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }, {"name":"exceptionCaught","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Throwable"] }, {"name":"write","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object","io.netty.channel.ChannelPromise"] }]
+},
+{
+  "name":"net.woggioni.rbcs.server.handler.TraceHandler",
+  "methods":[{"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }, {"name":"exceptionCaught","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Throwable"] }]
+},
+{
+  "name":"net.woggioni.rbcs.server.memcache.MemcacheCacheHandler",
+  "methods":[{"name":"exceptionCaught","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Throwable"] }]
+},
+{
+  "name":"net.woggioni.rbcs.server.memcache.client.MemcacheClient$sendRequest$1$operationComplete$handler$1",
+  "methods":[{"name":"channelInactive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"exceptionCaught","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Throwable"] }]
+},
+{
+  "name":"net.woggioni.rbcs.server.throttling.ThrottlingHandler",
+  "methods":[{"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }]
+},
+{
+  "name":"sun.misc.Unsafe",
+  "fields":[{"name":"theUnsafe"}],
+  "methods":[{"name":"copyMemory","parameterTypes":["java.lang.Object","long","java.lang.Object","long","long"] }, {"name":"getAndAddLong","parameterTypes":["java.lang.Object","long","long"] }, {"name":"getAndSetObject","parameterTypes":["java.lang.Object","long","java.lang.Object"] }, {"name":"invokeCleaner","parameterTypes":["java.nio.ByteBuffer"] }, {"name":"storeFence","parameterTypes":[] }]
+},
+{
+  "name":"sun.nio.ch.SelectorImpl",
+  "fields":[{"name":"publicSelectedKeys"}, {"name":"selectedKeys"}]
+},
+{
+  "name":"sun.security.pkcs12.PKCS12KeyStore",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.pkcs12.PKCS12KeyStore$DualFormatPKCS12",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.provider.DSA$SHA224withDSA",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.provider.DSA$SHA256withDSA",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.provider.JavaKeyStore$JKS",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.provider.MD5",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.provider.NativePRNG",
+  "methods":[{"name":"<init>","parameterTypes":[] }, {"name":"<init>","parameterTypes":["java.security.SecureRandomParameters"] }]
+},
+{
+  "name":"sun.security.provider.NativePRNG$NonBlocking",
+  "methods":[{"name":"<init>","parameterTypes":[] }, {"name":"<init>","parameterTypes":["java.security.SecureRandomParameters"] }]
+},
+{
+  "name":"sun.security.provider.SHA",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.provider.SHA2$SHA224",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.provider.SHA2$SHA256",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.provider.SHA5$SHA384",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.provider.SHA5$SHA512",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.provider.X509Factory",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.rsa.PSSParameters",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.rsa.RSAKeyFactory$Legacy",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.rsa.RSAPSSSignature",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.rsa.RSASignature$SHA224withRSA",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.ssl.KeyManagerFactoryImpl$SunX509",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.ssl.SSLContextImpl$DefaultSSLContext",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.ssl.SSLContextImpl$TLSContext",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
+{
+  "name":"sun.security.x509.AuthorityInfoAccessExtension",
+  "methods":[{"name":"<init>","parameterTypes":["java.lang.Boolean","java.lang.Object"] }]
+},
+{
+  "name":"sun.security.x509.AuthorityKeyIdentifierExtension",
+  "methods":[{"name":"<init>","parameterTypes":["java.lang.Boolean","java.lang.Object"] }]
+},
+{
+  "name":"sun.security.x509.BasicConstraintsExtension",
+  "methods":[{"name":"<init>","parameterTypes":["java.lang.Boolean","java.lang.Object"] }]
+},
+{
+  "name":"sun.security.x509.CRLDistributionPointsExtension",
+  "methods":[{"name":"<init>","parameterTypes":["java.lang.Boolean","java.lang.Object"] }]
+},
+{
+  "name":"sun.security.x509.CertificatePoliciesExtension",
+  "methods":[{"name":"<init>","parameterTypes":["java.lang.Boolean","java.lang.Object"] }]
+},
+{
+  "name":"sun.security.x509.KeyUsageExtension",
+  "methods":[{"name":"<init>","parameterTypes":["java.lang.Boolean","java.lang.Object"] }]
+},
+{
+  "name":"sun.security.x509.NetscapeCertTypeExtension",
+  "methods":[{"name":"<init>","parameterTypes":["java.lang.Boolean","java.lang.Object"] }]
+},
+{
+  "name":"sun.security.x509.PrivateKeyUsageExtension",
+  "methods":[{"name":"<init>","parameterTypes":["java.lang.Boolean","java.lang.Object"] }]
+},
+{
+  "name":"sun.security.x509.SubjectAlternativeNameExtension",
+  "methods":[{"name":"<init>","parameterTypes":["java.lang.Boolean","java.lang.Object"] }]
+},
+{
+  "name":"sun.security.x509.SubjectKeyIdentifierExtension",
+  "methods":[{"name":"<init>","parameterTypes":["java.lang.Boolean","java.lang.Object"] }]
+}
+]

rbcs-cli/native-image/resource-config.json

@@ -0,0 +1,74 @@
+{
+  "resources": {
+    "includes": [
+      {
+        "pattern": "\\QMETA-INF/MANIFEST.MF\\E"
+      },
+      {
+        "pattern": "\\QMETA-INF/services/ch.qos.logback.classic.spi.Configurator\\E"
+      },
+      {
+        "pattern": "\\QMETA-INF/services/java.lang.System$LoggerFinder\\E"
+      },
+      {
+        "pattern": "\\QMETA-INF/services/java.net.spi.InetAddressResolverProvider\\E"
+      },
+      {
+        "pattern": "\\QMETA-INF/services/java.net.spi.URLStreamHandlerProvider\\E"
+      },
+      {
+        "pattern": "\\QMETA-INF/services/java.nio.channels.spi.SelectorProvider\\E"
+      },
+      {
+        "pattern": "\\QMETA-INF/services/java.time.zone.ZoneRulesProvider\\E"
+      },
+      {
+        "pattern": "\\QMETA-INF/services/javax.xml.parsers.DocumentBuilderFactory\\E"
+      },
+      {
+        "pattern": "\\QMETA-INF/services/javax.xml.parsers.SAXParserFactory\\E"
+      },
+      {
+        "pattern": "\\QMETA-INF/services/net.woggioni.rbcs.api.CacheProvider\\E"
+      },
+      {
+        "pattern": "\\QMETA-INF/services/org.slf4j.spi.SLF4JServiceProvider\\E"
+      },
+      {
+        "pattern": "\\Qclasspath:net/woggioni/rbcs/cli/logback.xml\\E"
+      },
+      {
+        "pattern": "\\Qlogback-test.scmo\\E"
+      },
+      {
+        "pattern": "\\Qlogback.scmo\\E"
+      },
+      {
+        "pattern": "\\Qnet/woggioni/rbcs/cli/logback.xml\\E"
+      },
+      {
+        "pattern": "\\Qnet/woggioni/rbcs/server/rbcs-default.xml\\E"
+      },
+      {
+        "pattern": "\\Qnet/woggioni/rbcs/server/schema/rbcs.xsd\\E"
+      },
+      {
+        "pattern": "\\Qnet/woggioni/rbcs/client/schema/rbcs-client.xsd\\E"
+      },
+      {
+        "pattern": "\\Q/net/woggioni/rbcs/server/memcache/schema/rbcs-memcache.xsd\\E"
+      },
+      {
+        "pattern": "java.base:\\Qsun/text/resources/LineBreakIteratorData\\E"
+      }
+    ]
+  },
+  "bundles": [
+    {
+      "name": "com.sun.org.apache.xerces.internal.impl.xpath.regex.message",
+      "locales": [
+        ""
+      ]
+    }
+  ]
+}

rbcs-cli/native-image/serialization-config.json

@@ -0,0 +1,11 @@
+{
+  "types":[
+    {
+      "name":"net.woggioni.rbcs.api.CacheValueMetadata"
+    }
+  ],
+  "lambdaCapturingTypes":[
+  ],
+  "proxies":[
+  ]
+}

rbcs-cli/src/graal/kotlin/net/woggioni/rbcs/cli/graal/GraalNativeImageConfiguration.kt

@@ -0,0 +1,161 @@
+package net.woggioni.rbcs.cli.graal
+
+import net.woggioni.rbcs.api.Configuration
+import net.woggioni.rbcs.api.Configuration.User
+import net.woggioni.rbcs.api.Role
+import net.woggioni.rbcs.cli.RemoteBuildCacheServerCli
+import net.woggioni.rbcs.cli.impl.commands.BenchmarkCommand
+import net.woggioni.rbcs.cli.impl.commands.HealthCheckCommand
+import net.woggioni.rbcs.client.RemoteBuildCacheClient
+import net.woggioni.rbcs.common.HostAndPort
+import net.woggioni.rbcs.common.PasswordSecurity.hashPassword
+import net.woggioni.rbcs.common.RBCS
+import net.woggioni.rbcs.common.Xml
+import net.woggioni.rbcs.server.RemoteBuildCacheServer
+import net.woggioni.rbcs.server.cache.FileSystemCacheConfiguration
+import net.woggioni.rbcs.server.cache.InMemoryCacheConfiguration
+import net.woggioni.rbcs.server.configuration.Parser
+import net.woggioni.rbcs.server.memcache.MemcacheCacheConfiguration
+import java.net.URI
+import java.nio.file.Path
+import java.time.Duration
+import java.time.temporal.ChronoUnit
+import java.util.concurrent.ExecutionException
+import java.util.zip.Deflater
+
+object GraalNativeImageConfiguration {
+    @JvmStatic
+    fun main(vararg args : String) {
+
+        val serverDoc = RemoteBuildCacheServer.DEFAULT_CONFIGURATION_URL.openStream().use {
+            Xml.parseXml(RemoteBuildCacheServer.DEFAULT_CONFIGURATION_URL, it)
+        }
+        Parser.parse(doc)
+
+        val clientDoc = RemoteBuildCacheClient.Configuration.openStream().use {
+            Xml.parseXml(RemoteBuildCacheServer.DEFAULT_CONFIGURATION_URL, it)
+        }
+        Parser.parse(doc)
+
+        val PASSWORD = "password"
+        val readersGroup = Configuration.Group("readers", setOf(Role.Reader), null, null)
+        val writersGroup = Configuration.Group("writers", setOf(Role.Writer), null, null)
+
+
+        val users = listOf(
+            User("user1", hashPassword(PASSWORD), setOf(readersGroup), null),
+            User("user2", hashPassword(PASSWORD), setOf(writersGroup), null),
+            User("user3", hashPassword(PASSWORD), setOf(readersGroup, writersGroup), null),
+            User("", null, setOf(readersGroup), null),
+            User("user4", hashPassword(PASSWORD), setOf(readersGroup),
+                Configuration.Quota(1, Duration.of(1, ChronoUnit.DAYS), 0, 1)
+            ),
+            User("user5", hashPassword(PASSWORD), setOf(readersGroup),
+                Configuration.Quota(1, Duration.of(5, ChronoUnit.SECONDS), 0, 1)
+            )
+        )
+
+        val serverPort = RBCS.getFreePort()
+
+        val caches = listOf<Configuration.Cache>(
+            InMemoryCacheConfiguration(
+                maxAge = Duration.ofSeconds(3600),
+                digestAlgorithm = "MD5",
+                compressionLevel = Deflater.DEFAULT_COMPRESSION,
+                compressionEnabled = false,
+                maxSize = 0x1000000,
+                chunkSize = 0x1000
+            ),
+            FileSystemCacheConfiguration(
+                Path.of(System.getProperty("java.io.tmpdir")).resolve("rbcs"),
+                maxAge = Duration.ofSeconds(3600),
+                digestAlgorithm = "MD5",
+                compressionLevel = Deflater.DEFAULT_COMPRESSION,
+                compressionEnabled = false,
+                chunkSize = 0x1000
+            ),
+            MemcacheCacheConfiguration(
+                listOf(MemcacheCacheConfiguration.Server(
+                    HostAndPort("127.0.0.1", 11211),
+                    1000,
+                    4)
+                ),
+                Duration.ofSeconds(60),
+                "MD5",
+                null,
+                1,
+                0x1000
+            )
+        )
+
+        for (cache in caches) {
+            val serverConfiguration = Configuration(
+                "127.0.0.1",
+                serverPort,
+                100,
+                null,
+                Configuration.EventExecutor(true),
+                Configuration.Connection(
+                    Duration.ofSeconds(10),
+                    Duration.ofSeconds(15),
+                    Duration.ofSeconds(15),
+                    0x10000,
+                ),
+                users.asSequence().map { it.name to it }.toMap(),
+                sequenceOf(writersGroup, readersGroup).map { it.name to it }.toMap(),
+                cache,
+                Configuration.BasicAuthentication(),
+                null,
+            )
+
+            MemcacheCacheConfiguration(
+                listOf(
+                    MemcacheCacheConfiguration.Server(
+                        HostAndPort("127.0.0.1", 11211),
+                        1000,
+                        4
+                    )
+                ),
+                Duration.ofSeconds(60),
+                "MD5",
+                null,
+                1,
+                0x1000
+            )
+
+            val serverHandle = RemoteBuildCacheServer(serverConfiguration).run()
+
+
+            val clientProfile = RemoteBuildCacheClient.Configuration.Profile(
+                URI.create("http://127.0.0.1:$serverPort/"),
+                null,
+                RemoteBuildCacheClient.Configuration.Authentication.BasicAuthenticationCredentials("user3", PASSWORD),
+                Duration.ofSeconds(3),
+                10,
+                true,
+                RemoteBuildCacheClient.Configuration.RetryPolicy(
+                    3,
+                    1000,
+                    1.2
+                ),
+                RemoteBuildCacheClient.Configuration.TrustStore(null, null, false, false)
+            )
+
+            HealthCheckCommand.run(clientProfile)
+
+            BenchmarkCommand.run(
+                clientProfile,
+                1000,
+                0x100,
+                true
+            )
+
+            serverHandle.sendShutdownSignal()
+            try {
+                serverHandle.get()
+            } catch (ee : ExecutionException) {
+            }
+        }
+        RemoteBuildCacheServerCli.main("--help")
+    }
+}

rbcs-cli/src/main/kotlin/net/woggioni/rbcs/cli/RemoteBuildCacheServerCli.kt

@@ -23,8 +23,13 @@ class RemoteBuildCacheServerCli : RbcsCommand() {
 
     class VersionProvider : AbstractVersionProvider()
     companion object {
+        private fun setPropertyIfNotPresent(key: String, value: String) {
+            System.getProperty(key) ?: System.setProperty(key, value)
+        }
         @JvmStatic
         fun main(vararg args: String) {
+            setPropertyIfNotPresent("logback.configurationFile", "net/woggioni/rbcs/cli/logback.xml")
+            setPropertyIfNotPresent("io.netty.leakDetectionLevel", "DISABLED")
             val currentClassLoader = RemoteBuildCacheServerCli::class.java.classLoader
             Thread.currentThread().contextClassLoader = currentClassLoader
             if(currentClassLoader.javaClass.name == "net.woggioni.envelope.loader.ModuleClassLoader") {

rbcs-cli/src/main/kotlin/net/woggioni/rbcs/cli/impl/commands/BenchmarkCommand.kt

@@ -26,8 +26,123 @@ import kotlin.random.Random
     showDefaultValues = true
 )
 class BenchmarkCommand : RbcsCommand() {
-    companion object{
+    companion object {
         private val log = createLogger<BenchmarkCommand>()
+
+        fun run(profile : RemoteBuildCacheClient.Configuration.Profile,
+                numberOfEntries : Int,
+                entrySize : Int,
+                useRandomValue : Boolean,
+        ) {
+            val progressThreshold = LongMath.ceilDiv(numberOfEntries.toLong(), 20)
+            RemoteBuildCacheClient(profile).use { client ->
+                val entryGenerator = sequence {
+                    val random = Random(SecureRandom.getInstance("NativePRNGNonBlocking").nextLong())
+                    while (true) {
+                        val key = JWO.bytesToHex(random.nextBytes(16))
+                        val value = if (useRandomValue) {
+                            random.nextBytes(entrySize)
+                        } else {
+                            val byteValue = random.nextInt().toByte()
+                            ByteArray(entrySize) { _ -> byteValue }
+                        }
+                        yield(key to value)
+                    }
+                }
+
+                log.info {
+                    "Starting insertion"
+                }
+                val entries = let {
+                    val completionCounter = AtomicLong(0)
+                    val completionQueue = LinkedBlockingQueue<Pair<String, ByteArray>>(numberOfEntries)
+                    val start = Instant.now()
+                    val semaphore = Semaphore(profile.maxConnections * 5)
+                    val iterator = entryGenerator.take(numberOfEntries).iterator()
+                    while (completionCounter.get() < numberOfEntries) {
+                        if (iterator.hasNext()) {
+                            val entry = iterator.next()
+                            semaphore.acquire()
+                            val future =
+                                client.put(entry.first, entry.second, CacheValueMetadata(null, null)).thenApply { entry }
+                            future.whenComplete { result, ex ->
+                                if (ex != null) {
+                                    log.error(ex.message, ex)
+                                } else {
+                                    completionQueue.put(result)
+                                }
+                                semaphore.release()
+                                val completed = completionCounter.incrementAndGet()
+                                if (completed.mod(progressThreshold) == 0L) {
+                                    log.debug {
+                                        "Inserted $completed / $numberOfEntries"
+                                    }
+                                }
+                            }
+                        } else {
+                            Thread.sleep(Duration.of(500, ChronoUnit.MILLIS))
+                        }
+                    }
+
+                    val inserted = completionQueue.toList()
+                    val end = Instant.now()
+                    log.info {
+                        val elapsed = Duration.between(start, end).toMillis()
+                        val opsPerSecond = String.format("%.2f", numberOfEntries.toDouble() / elapsed * 1000)
+                        "Insertion rate: $opsPerSecond ops/s"
+                    }
+                    inserted
+                }
+                log.info {
+                    "Inserted ${entries.size} entries"
+                }
+                log.info {
+                    "Starting retrieval"
+                }
+                if (entries.isNotEmpty()) {
+                    val completionCounter = AtomicLong(0)
+                    val semaphore = Semaphore(profile.maxConnections * 5)
+                    val start = Instant.now()
+                    val it = entries.iterator()
+                    while (completionCounter.get() < entries.size) {
+                        if (it.hasNext()) {
+                            val entry = it.next()
+                            semaphore.acquire()
+                            val future = client.get(entry.first).thenApply {
+                                if (it == null) {
+                                    log.error {
+                                        "Missing entry for key '${entry.first}'"
+                                    }
+                                } else if (!entry.second.contentEquals(it)) {
+                                    log.error {
+                                        "Retrieved a value different from what was inserted for key '${entry.first}'"
+                                    }
+                                }
+                            }
+                            future.whenComplete { _, _ ->
+                                val completed = completionCounter.incrementAndGet()
+                                if (completed.mod(progressThreshold) == 0L) {
+                                    log.debug {
+                                        "Retrieved $completed / ${entries.size}"
+                                    }
+                                }
+                                semaphore.release()
+                            }
+                        } else {
+                            Thread.sleep(Duration.of(500, ChronoUnit.MILLIS))
+                        }
+                    }
+                    val end = Instant.now()
+                    log.info {
+                        val elapsed = Duration.between(start, end).toMillis()
+                        val opsPerSecond = String.format("%.2f", entries.size.toDouble() / elapsed * 1000)
+                        "Retrieval rate: $opsPerSecond ops/s"
+                    }
+                } else {
+                    log.error("Skipping retrieval benchmark as it was not possible to insert any entry in the cache")
+                }
+            }
+        }
     }
 
     @CommandLine.Spec
@@ -60,113 +175,11 @@ class BenchmarkCommand : RbcsCommand() {
             clientCommand.configuration.profiles[profileName]
                 ?: throw IllegalArgumentException("Profile $profileName does not exist in configuration")
         }
-        val progressThreshold = LongMath.ceilDiv(numberOfEntries.toLong(), 20)
+        run(
-        RemoteBuildCacheClient(profile).use { client ->
+            profile,
-
+            numberOfEntries,
-            val entryGenerator = sequence {
+            size,
-                val random = Random(SecureRandom.getInstance("NativePRNGNonBlocking").nextLong())
+            randomValues
-                while (true) {
+        )
-                    val key = JWO.bytesToHex(random.nextBytes(16))
-                    val value = if(randomValues) {
-                        random.nextBytes(size)
-                    } else {
-                        val byteValue = random.nextInt().toByte()
-                        ByteArray(size) {_ -> byteValue}
-                    }
-                    yield(key to value)
-                }
-            }
-
-            log.info {
-                "Starting insertion"
-            }
-            val entries = let {
-                val completionCounter = AtomicLong(0)
-                val completionQueue = LinkedBlockingQueue<Pair<String, ByteArray>>(numberOfEntries)
-                val start = Instant.now()
-                val semaphore = Semaphore(profile.maxConnections * 5)
-                val iterator = entryGenerator.take(numberOfEntries).iterator()
-                while (completionCounter.get() < numberOfEntries) {
-                    if (iterator.hasNext()) {
-                        val entry = iterator.next()
-                        semaphore.acquire()
-                        val future = client.put(entry.first, entry.second, CacheValueMetadata(null, null)).thenApply { entry }
-                        future.whenComplete { result, ex ->
-                            if (ex != null) {
-                                log.error(ex.message, ex)
-                            } else {
-                                completionQueue.put(result)
-                            }
-                            semaphore.release()
-                            val completed = completionCounter.incrementAndGet()
-                            if(completed.mod(progressThreshold) == 0L) {
-                                log.debug {
-                                    "Inserted $completed / $numberOfEntries"
-                                }
-                            }
-                        }
-                    } else {
-                        Thread.sleep(Duration.of(500, ChronoUnit.MILLIS))
-                    }
-                }
-
-                val inserted = completionQueue.toList()
-                val end = Instant.now()
-                log.info {
-                    val elapsed = Duration.between(start, end).toMillis()
-                    val opsPerSecond = String.format("%.2f", numberOfEntries.toDouble() / elapsed * 1000)
-                    "Insertion rate: $opsPerSecond ops/s"
-                }
-                inserted
-            }
-            log.info {
-                "Inserted ${entries.size} entries"
-            }
-            log.info {
-                "Starting retrieval"
-            }
-            if (entries.isNotEmpty()) {
-                val completionCounter = AtomicLong(0)
-                val semaphore = Semaphore(profile.maxConnections * 5)
-                val start = Instant.now()
-                val it = entries.iterator()
-                while (completionCounter.get() < entries.size) {
-                    if (it.hasNext()) {
-                        val entry = it.next()
-                        semaphore.acquire()
-                        val future = client.get(entry.first).thenApply {
-                            if (it == null) {
-                                log.error {
-                                    "Missing entry for key '${entry.first}'"
-                                }
-                            } else if (!entry.second.contentEquals(it)) {
-                                log.error {
-                                    "Retrieved a value different from what was inserted for key '${entry.first}'"
-                                }
-                            }
-                        }
-                        future.whenComplete { _, _ ->
-                            val completed = completionCounter.incrementAndGet()
-                            if(completed.mod(progressThreshold) == 0L) {
-                                log.debug {
-                                    "Retrieved $completed / ${entries.size}"
-                                }
-                            }
-                            semaphore.release()
-                        }
-                    } else {
-                        Thread.sleep(Duration.of(500, ChronoUnit.MILLIS))
-                    }
-                }
-                val end = Instant.now()
-                log.info {
-                    val elapsed = Duration.between(start, end).toMillis()
-                    val opsPerSecond = String.format("%.2f", entries.size.toDouble() / elapsed * 1000)
-                    "Retrieval rate: $opsPerSecond ops/s"
-                }
-            } else {
-                log.error("Skipping retrieval benchmark as it was not possible to insert any entry in the cache")
-            }
-        }
     }
 }

rbcs-cli/src/main/kotlin/net/woggioni/rbcs/cli/impl/commands/HealthCheckCommand.kt

@@ -15,6 +15,27 @@ import kotlin.random.Random
 class HealthCheckCommand : RbcsCommand() {
     companion object{
         private val log = createLogger<HealthCheckCommand>()
+
+        fun run(profile : RemoteBuildCacheClient.Configuration.Profile) {
+            RemoteBuildCacheClient(profile).use { client ->
+                val random = Random(SecureRandom.getInstance("NativePRNGNonBlocking").nextLong())
+                val nonce = ByteArray(0xa0)
+                random.nextBytes(nonce)
+                client.healthCheck(nonce).thenApply { value ->
+                    if(value == null) {
+                        throw IllegalStateException("Empty response from server")
+                    }
+                    val offset = value.size - nonce.size
+                    for(i in 0 until nonce.size) {
+                        val a = nonce[i]
+                        val b = value[offset + i]
+                        if(a != b) {
+                            throw IllegalStateException("Server nonce does not match")
+                        }
+                    }
+                }.get()
+            }
+        }
     }
 
     @CommandLine.Spec
@@ -26,23 +47,6 @@ class HealthCheckCommand : RbcsCommand() {
             clientCommand.configuration.profiles[profileName]
                 ?: throw IllegalArgumentException("Profile $profileName does not exist in configuration")
         }
-        RemoteBuildCacheClient(profile).use { client ->
+        run(profile)
-            val random = Random(SecureRandom.getInstance("NativePRNGNonBlocking").nextLong())
-            val nonce = ByteArray(0xa0)
-            random.nextBytes(nonce)
-            client.healthCheck(nonce).thenApply { value ->
-                if(value == null) {
-                    throw IllegalStateException("Empty response from server")
-                }
-                val offset = value.size - nonce.size
-                for(i in 0 until nonce.size) {
-                    val a = nonce[i]
-                    val b = value[offset + i]
-                    if(a != b) {
-                        throw IllegalStateException("Server nonce does not match")
-                    }
-                }
-            }.get()
-        }
     }
 }

rbcs-cli/src/main/kotlin/net/woggioni/rbcs/cli/impl/commands/ServerCommand.kt

@@ -59,6 +59,9 @@ class ServerCommand(app : Application) : RbcsCommand() {
             createDefaultConfigurationFile(configurationFile)
         }
 
+        log.debug {
+            "Using configuration file '$configurationFile'"
+        }
         val configuration = RemoteBuildCacheServer.loadConfiguration(configurationFile)
         log.debug {
             ByteArrayOutputStream().also {

rbcs-client/src/main/kotlin/net/woggioni/rbcs/client/Client.kt

@@ -37,6 +37,7 @@ import io.netty.util.concurrent.Future
 import io.netty.util.concurrent.GenericFutureListener
 import net.woggioni.rbcs.api.CacheValueMetadata
 import net.woggioni.rbcs.client.impl.Parser
+import net.woggioni.rbcs.common.RBCS.loadKeystore
 import net.woggioni.rbcs.common.Xml
 import net.woggioni.rbcs.common.createLogger
 import net.woggioni.rbcs.common.debug
@@ -54,6 +55,8 @@ import java.util.concurrent.CompletableFuture
 import java.util.concurrent.TimeUnit
 import java.util.concurrent.TimeoutException
 import java.util.concurrent.atomic.AtomicInteger
+import javax.net.ssl.TrustManagerFactory
+import javax.net.ssl.X509TrustManager
 import kotlin.random.Random
 import io.netty.util.concurrent.Future as NettyFuture
 
@@ -63,7 +66,7 @@ class RemoteBuildCacheClient(private val profile: Configuration.Profile) : AutoC
     }
 
     private val group: NioEventLoopGroup
-    private var sslContext: SslContext
+    private val sslContext: SslContext
     private val pool: ChannelPool
 
     data class Configuration(
@@ -78,6 +81,13 @@ class RemoteBuildCacheClient(private val profile: Configuration.Profile) : AutoC
             data class BasicAuthenticationCredentials(val username: String, val password: String) : Authentication()
         }
 
+        class TrustStore (
+            var file: Path?,
+            var password: String?,
+            var checkCertificateStatus: Boolean = false,
+            var verifyServerCertificate: Boolean = true,
+        )
+
         class RetryPolicy(
             val maxAttempts: Int,
             val initialDelayMillis: Long,
@@ -100,6 +110,7 @@ class RemoteBuildCacheClient(private val profile: Configuration.Profile) : AutoC
             val maxConnections: Int,
             val compressionEnabled: Boolean,
             val retryPolicy: RetryPolicy?,
+            val tlsTruststore : TrustStore?
         )
 
         companion object {
@@ -115,10 +126,33 @@ class RemoteBuildCacheClient(private val profile: Configuration.Profile) : AutoC
         group = NioEventLoopGroup()
         sslContext = SslContextBuilder.forClient().also { builder ->
             (profile.authentication as? Configuration.Authentication.TlsClientAuthenticationCredentials)?.let { tlsClientAuthenticationCredentials ->
-                builder.keyManager(
+                builder.apply {
-                    tlsClientAuthenticationCredentials.key,
+                    keyManager(
-                    *tlsClientAuthenticationCredentials.certificateChain
+                        tlsClientAuthenticationCredentials.key,
-                )
+                        *tlsClientAuthenticationCredentials.certificateChain
+                    )
+                    profile.tlsTruststore?.let { trustStore ->
+                        if(!trustStore.verifyServerCertificate) {
+                            trustManager(object : X509TrustManager {
+                                override fun checkClientTrusted(certChain: Array<out X509Certificate>, p1: String?) {
+                                }
+
+                                override fun checkServerTrusted(certChain: Array<out X509Certificate>, p1: String?) {
+                                }
+
+                                override fun getAcceptedIssuers() = null
+                            })
+                        } else {
+                            trustStore.file?.let {
+                                val ts = loadKeystore(it, trustStore.password)
+                                val trustManagerFactory: TrustManagerFactory =
+                                    TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
+                                trustManagerFactory.init(ts)
+                                trustManager(trustManagerFactory)
+                            }
+                        }
+                    }
+                }
             }
         }.build()
 

rbcs-client/src/main/kotlin/net/woggioni/rbcs/client/impl/Parser.kt

@@ -31,6 +31,7 @@ object Parser {
                     var authentication: RemoteBuildCacheClient.Configuration.Authentication? = null
                     var retryPolicy: RemoteBuildCacheClient.Configuration.RetryPolicy? = null
                     var connection : RemoteBuildCacheClient.Configuration.Connection? = null
+                    var trustStore : RemoteBuildCacheClient.Configuration.TrustStore? = null
                     for (gchild in child.asIterable()) {
                         when (gchild.localName) {
                             "tls-client-auth" -> {
@@ -108,6 +109,17 @@ object Parser {
                                     writeIdleTimeout,
                                 )
                             }
+
+                            "tls-trust-store" -> {
+                                val file = gchild.renderAttribute("file")
+                                    ?.let(Path::of)
+                                val password = gchild.renderAttribute("password")
+                                val checkCertificateStatus = gchild.renderAttribute("check-certificate-status")
+                                    ?.let(String::toBoolean) ?: false
+                                val verifyServerCertificate = gchild.renderAttribute("verify-server-certificate")
+                                    ?.let(String::toBoolean) ?: true
+                                trustStore = RemoteBuildCacheClient.Configuration.TrustStore(file, password, checkCertificateStatus, verifyServerCertificate)
+                            }
                         }
                     }
                     val maxConnections = child.renderAttribute("max-connections")
@@ -126,7 +138,8 @@ object Parser {
                         connectionTimeout,
                         maxConnections,
                         compressionEnabled,
-                        retryPolicy
+                        retryPolicy,
+                        trustStore
                     )
                 }
             }

rbcs-client/src/main/resources/net/woggioni/rbcs/client/schema/rbcs-client.xsd

@@ -21,6 +21,7 @@
             </xs:choice>
             <xs:element name="connection" type="rbcs-client:connectionType" minOccurs="0" />
             <xs:element name="retry-policy" type="rbcs-client:retryType" minOccurs="0"/>
+            <xs:element name="tls-trust-store" type="rbcs-client:trustStoreType" minOccurs="0"/>
         </xs:sequence>
         <xs:attribute name="name" type="xs:token" use="required"/>
         <xs:attribute name="base-url" type="xs:anyURI" use="required"/>
@@ -57,4 +58,34 @@
         <xs:attribute name="exp" type="xs:double" default="2.0"/>
     </xs:complexType>
 
+    <xs:complexType name="trustStoreType">
+        <xs:attribute name="file" type="xs:string" use="required">
+            <xs:annotation>
+                <xs:documentation>
+                    Path to the trustore file
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="password" type="xs:string">
+            <xs:annotation>
+                <xs:documentation>
+                    Trustore file password
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="check-certificate-status" type="xs:boolean">
+            <xs:annotation>
+                <xs:documentation>
+                    Whether or not check the certificate validity using CRL/OCSP
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="verify-server-certificate" type="xs:boolean" use="optional" default="true">
+            <xs:annotation>
+                <xs:documentation>
+                    If false, the client will blindly trust the provided server certificate
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+    </xs:complexType>
 </xs:schema>

rbcs-client/src/test/resources/net/woggioni/rbcs/client/test/rbcs-client.xml

@@ -9,6 +9,8 @@
                 key-store-password="password"
                 key-alias="woggioni@c962475fa38"
                 key-password="key-password"/>
+        <connection write-idle-timeout="PT60S" read-idle-timeout="PT60S" write-timeout="PT0S" read-timeout="PT0S" idle-timeout="PT30S" />
+        <tls-trust-store file="file.pfx" password="password" check-certificate-status="false" verify-server-certificate="true"/>
     </profile>
     <profile name="profile2" base-url="https://rbcs2.example.com/">
         <basic-auth user="user" password="password"/>

rbcs-common/src/main/kotlin/net/woggioni/rbcs/common/PasswordSecurity.kt

@@ -7,7 +7,18 @@ import javax.crypto.SecretKeyFactory
 import javax.crypto.spec.PBEKeySpec
 
 object PasswordSecurity {
-    private const val KEY_LENGTH = 256
+
+    enum class Algorithm(
+        val codeName : String,
+        val keyLength : Int,
+        val iterations : Int) {
+        PBEWithHmacSHA512_224AndAES_256("PBEWithHmacSHA512/224AndAES_256", 64, 1),
+        PBEWithHmacSHA1AndAES_256("PBEWithHmacSHA1AndAES_256",64, 1),
+        PBEWithHmacSHA384AndAES_128("PBEWithHmacSHA384AndAES_128", 64,1),
+        PBEWithHmacSHA384AndAES_256("PBEWithHmacSHA384AndAES_256",64,1),
+        PBKDF2WithHmacSHA512("PBKDF2WithHmacSHA512",512, 1),
+        PBKDF2WithHmacSHA384("PBKDF2WithHmacSHA384",384, 1);
+    }
 
     private fun concat(arr1: ByteArray, arr2: ByteArray): ByteArray {
         val result = ByteArray(arr1.size + arr2.size)
@@ -23,22 +34,22 @@ object PasswordSecurity {
         return result
     }
 
-    fun hashPassword(password : String, salt : String? = null) : String {
+    fun hashPassword(password : String, salt : String? = null, algorithm : Algorithm = Algorithm.PBKDF2WithHmacSHA512) : String {
         val actualSalt = salt?.let(Base64.getDecoder()::decode) ?: SecureRandom().run {
             val result = ByteArray(16)
             nextBytes(result)
             result
         }
-        val spec: KeySpec = PBEKeySpec(password.toCharArray(), actualSalt, 10, KEY_LENGTH)
+        val spec: KeySpec = PBEKeySpec(password.toCharArray(), actualSalt, algorithm.iterations, algorithm.keyLength)
-        val factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1")
+        val factory = SecretKeyFactory.getInstance(algorithm.codeName)
         val hash = factory.generateSecret(spec).encoded
         return String(Base64.getEncoder().encode(concat(hash, actualSalt)))
     }
 
-    fun decodePasswordHash(passwordHash : String) : Pair<ByteArray, ByteArray> {
+    fun decodePasswordHash(encodedPasswordHash : String, algorithm: Algorithm = Algorithm.PBKDF2WithHmacSHA512) : Pair<ByteArray, ByteArray> {
-        val decoded = Base64.getDecoder().decode(passwordHash)
+        val decoded = Base64.getDecoder().decode(encodedPasswordHash)
-        val hash = ByteArray(KEY_LENGTH / 8)
+        val hash = ByteArray(algorithm.keyLength / 8)
-        val salt = ByteArray(decoded.size - KEY_LENGTH / 8)
+        val salt = ByteArray(decoded.size - algorithm.keyLength / 8)
         System.arraycopy(decoded, 0, hash, 0, hash.size)
         System.arraycopy(decoded, hash.size, salt, 0, salt.size)
         return hash to salt

rbcs-common/src/main/kotlin/net/woggioni/rbcs/common/RBCS.kt

@@ -1,9 +1,26 @@
 package net.woggioni.rbcs.common
 
 import net.woggioni.jwo.JWO
+import net.woggioni.jwo.Tuple2
+import java.io.IOException
+import java.net.InetAddress
+import java.net.ServerSocket
 import java.net.URI
 import java.net.URL
+import java.nio.file.Files
+import java.nio.file.Path
+import java.security.KeyStore
 import java.security.MessageDigest
+import java.security.cert.CertPathValidator
+import java.security.cert.CertPathValidatorException
+import java.security.cert.CertificateException
+import java.security.cert.CertificateFactory
+import java.security.cert.PKIXParameters
+import java.security.cert.PKIXRevocationChecker
+import java.security.cert.X509Certificate
+import java.util.EnumSet
+import javax.net.ssl.TrustManagerFactory
+import javax.net.ssl.X509TrustManager
 
 object RBCS {
     fun String.toUrl() : URL = URL.of(URI(this), null)
@@ -32,7 +49,7 @@ object RBCS {
 
     fun digest(
         data: ByteArray,
-        md: MessageDigest = MessageDigest.getInstance("MD5")
+        md: MessageDigest
     ): ByteArray {
         md.update(data)
         return md.digest()
@@ -40,7 +57,7 @@ object RBCS {
 
     fun digestString(
         data: ByteArray,
-        md: MessageDigest = MessageDigest.getInstance("MD5")
+        md: MessageDigest
     ): String {
         return JWO.bytesToHex(digest(data, md))
     }
@@ -58,4 +75,86 @@ object RBCS {
             null
         }
     }
+
+    fun getFreePort(): Int {
+        var count = 0
+        while (count < 50) {
+            try {
+                ServerSocket(0, 50, InetAddress.getLocalHost()).use { serverSocket ->
+                    val candidate = serverSocket.localPort
+                    if (candidate > 0) {
+                        return candidate
+                    } else {
+                        throw RuntimeException("Got invalid port number: $candidate")
+                    }
+                }
+            } catch (ignored: IOException) {
+                ++count
+            }
+        }
+        throw RuntimeException("Error trying to find an open port")
+    }
+
+    fun loadKeystore(file: Path, password: String?): KeyStore {
+        val ext = JWO.splitExtension(file)
+            .map(Tuple2<String, String>::get_2)
+            .orElseThrow {
+                IllegalArgumentException(
+                    "Keystore file '${file}' must have .jks, .p12, .pfx extension"
+                )
+            }
+        val keystore = when (ext.substring(1).lowercase()) {
+            "jks" -> KeyStore.getInstance("JKS")
+            "p12", "pfx" -> KeyStore.getInstance("PKCS12")
+            else -> throw IllegalArgumentException(
+                "Keystore file '${file}' must have .jks, .p12, .pfx extension"
+            )
+        }
+        Files.newInputStream(file).use {
+            keystore.load(it, password?.let(String::toCharArray))
+        }
+        return keystore
+    }
+
+    fun getTrustManager(trustStore: KeyStore?, certificateRevocationEnabled: Boolean): X509TrustManager {
+        return if (trustStore != null) {
+            val certificateFactory = CertificateFactory.getInstance("X.509")
+            val validator = CertPathValidator.getInstance("PKIX").apply {
+                val rc = revocationChecker as PKIXRevocationChecker
+                rc.options = EnumSet.of(
+                    PKIXRevocationChecker.Option.NO_FALLBACK
+                )
+            }
+            val params = PKIXParameters(trustStore).apply {
+                isRevocationEnabled = certificateRevocationEnabled
+            }
+            object : X509TrustManager {
+                override fun checkClientTrusted(chain: Array<out X509Certificate>, authType: String) {
+                    val clientCertificateChain = certificateFactory.generateCertPath(chain.toList())
+                    try {
+                        validator.validate(clientCertificateChain, params)
+                    } catch (ex: CertPathValidatorException) {
+                        throw CertificateException(ex)
+                    }
+                }
+
+                override fun checkServerTrusted(chain: Array<out X509Certificate>, authType: String) {
+                    throw NotImplementedError()
+                }
+
+                private val acceptedIssuers = trustStore.aliases().asSequence()
+                    .filter(trustStore::isCertificateEntry)
+                    .map(trustStore::getCertificate)
+                    .map { it as X509Certificate }
+                    .toList()
+                    .toTypedArray()
+
+                override fun getAcceptedIssuers() = acceptedIssuers
+            }
+        } else {
+            val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
+            trustManagerFactory.trustManagers.asSequence().filter { it is X509TrustManager }
+                .single() as X509TrustManager
+        }
+    }
 }

rbcs-common/src/test/kotlin/net/woggioni/rbcs/common/PasswordHashingTest.kt

@@ -0,0 +1,38 @@
+package net.woggioni.rbcs.common
+
+import net.woggioni.rbcs.common.PasswordSecurity.decodePasswordHash
+import net.woggioni.rbcs.common.PasswordSecurity.hashPassword
+import org.junit.jupiter.api.Assertions
+import org.junit.jupiter.api.Test
+import org.junit.jupiter.params.ParameterizedTest
+import org.junit.jupiter.params.provider.EnumSource
+import java.security.Provider
+import java.security.Security
+import java.util.Base64
+
+
+class PasswordHashingTest {
+
+    @EnumSource(PasswordSecurity.Algorithm::class)
+    @ParameterizedTest
+    fun test(algo: PasswordSecurity.Algorithm) {
+        val password = "password"
+        val encoded = hashPassword(password, algorithm = algo)
+        val (_, salt) = decodePasswordHash(encoded, algo)
+        Assertions.assertEquals(encoded,
+            hashPassword(password, salt = salt.let(Base64.getEncoder()::encodeToString), algorithm = algo)
+        )
+    }
+
+    @Test
+    fun listAvailableAlgorithms() {
+        Security.getProviders().asSequence()
+            .flatMap { provider: Provider -> provider.services.asSequence() }
+            .filter { service: Provider.Service -> "SecretKeyFactory" == service.type }
+            .map(Provider.Service::getAlgorithm)
+            .forEach {
+                println(it)
+            }
+
+    }
+}

rbcs-server-memcache/README.md

@@ -0,0 +1,46 @@
+# RBCS Memcache plugins
+
+This plugins allows RBCs to store and retrieve data from a memcache cluster.
+The memcache server selection is simply based on the hash of the key, 
+deflate compression is also supported and performed by the RBCS server
+
+## Quickstart
+The plugin can be built with
+```bash
+./gradlew rbcs-server-memcache:bundle
+```
+which creates a `.tar` archive in the `build/distributions` folder. 
+The archive is supposed to be extracted inside the RBCS server's `plugins` directory.
+
+## Configuration
+
+The plugin can be enabled setting the `xs:type` attribute of the `cache` element
+to `memcacheCacheType`.
+
+The plugins currently supports the following configuration attributes:
+- `max-age`: the amount of time cache entries will be retained on memcache
+- `digest`: digest algorithm to use on the key before submission 
+  to memcache (optional, no digest is applied if omitted)
+- `compression`: compression algorithm to apply to cache values before, 
+  currently only `deflate` is supported (optionla, if omitted compression is disabled)
+- `compression-level`: compression level to use, deflate supports compression levels from 1 to 9, 
+  where 1 is for fast compression at the expense of speed (optional, 6 is used if omitted)
+```xml
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<rbcs:server xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:rbcs="urn:net.woggioni.rbcs.server"
+             xmlns:rbcs-memcache="urn:net.woggioni.rbcs.server.memcache"
+             xs:schemaLocation="urn:net.woggioni.rbcs.server.memcache jpms://net.woggioni.rbcs.server.memcache/net/woggioni/rbcs/server/memcache/schema/rbcs-memcache.xsd urn:net.woggioni.rbcs.server jpms://net.woggioni.rbcs.server/net/woggioni/rbcs/server/schema/rbcs.xsd"
+>
+    ...
+    <cache xs:type="rbcs-memcache:memcacheCacheType" 
+           max-age="P7D"
+           digest="SHA-256"
+           compression-mode="deflate"
+           compression-level="6"
+           chunk-size="0x10000">
+        <server host="127.0.0.1" port="11211" max-connections="256"/>
+        <server host="127.0.0.1" port="11212" max-connections="256"/>
+    </cache>
+    ...
+```

rbcs-server-memcache/src/main/kotlin/net/woggioni/rbcs/server/memcache/MemcacheCacheConfiguration.kt

@@ -1,10 +1,20 @@
 package net.woggioni.rbcs.server.memcache
 
+import io.netty.channel.ChannelFactory
+import io.netty.channel.ChannelHandler
+import io.netty.channel.EventLoopGroup
+import io.netty.channel.pool.FixedChannelPool
+import io.netty.channel.socket.DatagramChannel
+import io.netty.channel.socket.SocketChannel
 import net.woggioni.rbcs.api.CacheHandlerFactory
 import net.woggioni.rbcs.api.Configuration
 import net.woggioni.rbcs.common.HostAndPort
 import net.woggioni.rbcs.server.memcache.client.MemcacheClient
 import java.time.Duration
+import java.util.concurrent.CompletableFuture
+import java.util.concurrent.ConcurrentHashMap
+import java.util.concurrent.atomic.AtomicInteger
+import java.util.concurrent.atomic.AtomicReference
 
 data class MemcacheCacheConfiguration(
     val servers: List<Server>,
@@ -12,7 +22,7 @@ data class MemcacheCacheConfiguration(
     val digestAlgorithm: String? = null,
     val compressionMode: CompressionMode? = null,
     val compressionLevel: Int,
-    val chunkSize : Int
+    val chunkSize: Int
 ) : Configuration.Cache {
 
     enum class CompressionMode {
@@ -23,19 +33,58 @@ data class MemcacheCacheConfiguration(
     }
 
     data class Server(
-        val endpoint : HostAndPort,
+        val endpoint: HostAndPort,
-        val connectionTimeoutMillis : Int?,
+        val connectionTimeoutMillis: Int?,
-        val maxConnections : Int
+        val maxConnections: Int
     )
 
-
     override fun materialize() = object : CacheHandlerFactory {
-        private val client = MemcacheClient(this@MemcacheCacheConfiguration.servers, chunkSize)
+
-        override fun close() {
+        private val connectionPoolMap = ConcurrentHashMap<HostAndPort, FixedChannelPool>()
-            client.close()
+
+        override fun newHandler(
+            eventLoop: EventLoopGroup,
+            socketChannelFactory: ChannelFactory<SocketChannel>,
+            datagramChannelFactory: ChannelFactory<DatagramChannel>
+        ): ChannelHandler {
+            return MemcacheCacheHandler(
+                MemcacheClient(
+                    this@MemcacheCacheConfiguration.servers,
+                    chunkSize,
+                    eventLoop,
+                    socketChannelFactory,
+                    connectionPoolMap
+                ),
+                digestAlgorithm,
+                compressionMode != null,
+                compressionLevel,
+                chunkSize,
+                maxAge
+            )
+        }
+
+        override fun asyncClose() = object : CompletableFuture<Void>() {
+            init {
+                val failure = AtomicReference<Throwable>(null)
+                val pools = connectionPoolMap.values.toList()
+                val npools = pools.size
+                val finished = AtomicInteger(0)
+                pools.forEach { pool ->
+                    pool.closeAsync().addListener {
+                        if (!it.isSuccess) {
+                            failure.compareAndSet(null, it.cause())
+                        }
+                        if(finished.incrementAndGet() == npools) {
+                            when(val ex = failure.get()) {
+                                null -> complete(null)
+                                else -> completeExceptionally(ex)
+                            }
+                        }
+                    }
+                }
+            }
         }
 
-        override fun newHandler() = MemcacheCacheHandler(client, digestAlgorithm, compressionMode != null, compressionLevel, chunkSize, maxAge)
     }
 
     override fun getNamespaceURI() = "urn:net.woggioni.rbcs.server.memcache"

rbcs-server-memcache/src/main/kotlin/net/woggioni/rbcs/server/memcache/client/MemcacheClient.kt

@@ -4,16 +4,17 @@ package net.woggioni.rbcs.server.memcache.client
 import io.netty.bootstrap.Bootstrap
 import io.netty.buffer.ByteBuf
 import io.netty.channel.Channel
+import io.netty.channel.ChannelFactory
 import io.netty.channel.ChannelFutureListener
 import io.netty.channel.ChannelHandlerContext
 import io.netty.channel.ChannelOption
 import io.netty.channel.ChannelPipeline
+import io.netty.channel.EventLoopGroup
 import io.netty.channel.SimpleChannelInboundHandler
-import io.netty.channel.nio.NioEventLoopGroup
 import io.netty.channel.pool.AbstractChannelPoolHandler
 import io.netty.channel.pool.ChannelPool
 import io.netty.channel.pool.FixedChannelPool
-import io.netty.channel.socket.nio.NioSocketChannel
+import io.netty.channel.socket.SocketChannel
 import io.netty.handler.codec.memcache.LastMemcacheContent
 import io.netty.handler.codec.memcache.MemcacheContent
 import io.netty.handler.codec.memcache.MemcacheObject
@@ -33,23 +34,22 @@ import java.util.concurrent.ConcurrentHashMap
 import io.netty.util.concurrent.Future as NettyFuture
 
 
-class MemcacheClient(private val servers: List<MemcacheCacheConfiguration.Server>, private val chunkSize : Int) : AutoCloseable {
+class MemcacheClient(
+    private val servers: List<MemcacheCacheConfiguration.Server>,
+    private val chunkSize : Int,
+    private val group: EventLoopGroup,
+    private val channelFactory: ChannelFactory<SocketChannel>,
+    private val connectionPool: ConcurrentHashMap<HostAndPort, FixedChannelPool>
+) : AutoCloseable {
 
     private companion object {
         private val log = createLogger<MemcacheCacheHandler>()
     }
 
-    private val group: NioEventLoopGroup
-    private val connectionPool: MutableMap<HostAndPort, ChannelPool> = ConcurrentHashMap()
-
-    init {
-        group = NioEventLoopGroup()
-    }
-
     private fun newConnectionPool(server: MemcacheCacheConfiguration.Server): FixedChannelPool {
         val bootstrap = Bootstrap().apply {
             group(group)
-            channel(NioSocketChannel::class.java)
+            channelFactory(channelFactory)
             option(ChannelOption.SO_KEEPALIVE, true)
             remoteAddress(InetSocketAddress(server.endpoint.host, server.endpoint.port))
             server.connectionTimeoutMillis?.let {

rbcs-server-memcache/src/main/resources/net/woggioni/rbcs/server/memcache/schema/rbcs-memcache.xsd

@@ -21,7 +21,7 @@
                 </xs:sequence>
                 <xs:attribute name="max-age" type="xs:duration" default="P1D"/>
                 <xs:attribute name="chunk-size" type="rbcs:byteSizeType" default="0x10000"/>
-                <xs:attribute name="digest" type="xs:token" />
+                <xs:attribute name="digest" type="xs:token"/>
                 <xs:attribute name="compression-mode" type="rbcs-memcache:compressionType"/>
                 <xs:attribute name="compression-level" type="rbcs:compressionLevelType" default="-1"/>
             </xs:extension>

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/RemoteBuildCacheServer.kt

@@ -3,6 +3,7 @@ package net.woggioni.rbcs.server
 import io.netty.bootstrap.ServerBootstrap
 import io.netty.buffer.ByteBuf
 import io.netty.channel.Channel
+import io.netty.channel.ChannelFactory
 import io.netty.channel.ChannelFuture
 import io.netty.channel.ChannelHandler.Sharable
 import io.netty.channel.ChannelHandlerContext
@@ -11,7 +12,12 @@ import io.netty.channel.ChannelInitializer
 import io.netty.channel.ChannelOption
 import io.netty.channel.ChannelPromise
 import io.netty.channel.nio.NioEventLoopGroup
+import io.netty.channel.socket.DatagramChannel
+import io.netty.channel.socket.ServerSocketChannel
+import io.netty.channel.socket.SocketChannel
+import io.netty.channel.socket.nio.NioDatagramChannel
 import io.netty.channel.socket.nio.NioServerSocketChannel
+import io.netty.channel.socket.nio.NioSocketChannel
 import io.netty.handler.codec.compression.CompressionOptions
 import io.netty.handler.codec.http.DefaultHttpContent
 import io.netty.handler.codec.http.HttpContentCompressor
@@ -29,12 +35,13 @@ import io.netty.handler.timeout.IdleStateHandler
 import io.netty.util.AttributeKey
 import io.netty.util.concurrent.DefaultEventExecutorGroup
 import io.netty.util.concurrent.EventExecutorGroup
-import net.woggioni.jwo.JWO
+import net.woggioni.rbcs.api.AsyncCloseable
-import net.woggioni.jwo.Tuple2
 import net.woggioni.rbcs.api.Configuration
 import net.woggioni.rbcs.api.exception.ConfigurationException
 import net.woggioni.rbcs.common.PasswordSecurity.decodePasswordHash
 import net.woggioni.rbcs.common.PasswordSecurity.hashPassword
+import net.woggioni.rbcs.common.RBCS.getTrustManager
+import net.woggioni.rbcs.common.RBCS.loadKeystore
 import net.woggioni.rbcs.common.RBCS.toUrl
 import net.woggioni.rbcs.common.Xml
 import net.woggioni.rbcs.common.createLogger
@@ -42,7 +49,6 @@ import net.woggioni.rbcs.common.debug
 import net.woggioni.rbcs.common.info
 import net.woggioni.rbcs.server.auth.AbstractNettyHttpAuthenticator
 import net.woggioni.rbcs.server.auth.Authorizer
-import net.woggioni.rbcs.server.auth.ClientCertificateValidator
 import net.woggioni.rbcs.server.auth.RoleAuthorizer
 import net.woggioni.rbcs.server.configuration.Parser
 import net.woggioni.rbcs.server.configuration.Serializer
@@ -56,7 +62,6 @@ import java.io.OutputStream
 import java.net.InetSocketAddress
 import java.nio.file.Files
 import java.nio.file.Path
-import java.security.KeyStore
 import java.security.PrivateKey
 import java.security.cert.X509Certificate
 import java.time.Duration
@@ -80,7 +85,7 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
         val userAttribute: AttributeKey<Configuration.User> = AttributeKey.valueOf("user")
         val groupAttribute: AttributeKey<Set<Configuration.Group>> = AttributeKey.valueOf("group")
 
-        val DEFAULT_CONFIGURATION_URL by lazy { "classpath:net/woggioni/rbcs/server/rbcs-default.xml".toUrl() }
+        val DEFAULT_CONFIGURATION_URL by lazy { "jpms://net.woggioni.rbcs.server/net/woggioni/rbcs/server/rbcs-default.xml".toUrl() }
         private const val SSL_HANDLER_NAME = "sslHandler"
 
         fun loadConfiguration(configurationFile: Path): Configuration {
@@ -200,8 +205,10 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
 
     private class ServerInitializer(
         private val cfg: Configuration,
+        private val channelFactory : ChannelFactory<SocketChannel>,
+        private val datagramChannelFactory : ChannelFactory<DatagramChannel>,
         private val eventExecutorGroup: EventExecutorGroup
-    ) : ChannelInitializer<Channel>(), AutoCloseable {
+    ) : ChannelInitializer<Channel>(), AsyncCloseable {
 
         companion object {
             private fun createSslCtx(tls: Configuration.Tls): SslContext {
@@ -221,7 +228,7 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
                         val clientAuth = tls.trustStore?.let { trustStore ->
                             val ts = loadKeystore(trustStore.file, trustStore.password)
                             trustManager(
-                                ClientCertificateValidator.getTrustManager(ts, trustStore.isCheckCertificateStatus)
+                                getTrustManager(ts, trustStore.isCheckCertificateStatus)
                             )
                             if (trustStore.isRequireClientCertificate) ClientAuth.REQUIRE
                             else ClientAuth.OPTIONAL
@@ -231,27 +238,6 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
                 }
             }
 
-            fun loadKeystore(file: Path, password: String?): KeyStore {
-                val ext = JWO.splitExtension(file)
-                    .map(Tuple2<String, String>::get_2)
-                    .orElseThrow {
-                        IllegalArgumentException(
-                            "Keystore file '${file}' must have .jks, .p12, .pfx extension"
-                        )
-                    }
-                val keystore = when (ext.substring(1).lowercase()) {
-                    "jks" -> KeyStore.getInstance("JKS")
-                    "p12", "pfx" -> KeyStore.getInstance("PKCS12")
-                    else -> throw IllegalArgumentException(
-                        "Keystore file '${file}' must have .jks, .p12, .pfx extension"
-                    )
-                }
-                Files.newInputStream(file).use {
-                    keystore.load(it, password?.let(String::toCharArray))
-                }
-                return keystore
-            }
-
             private val log = createLogger<ServerInitializer>()
         }
 
@@ -314,19 +300,6 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
             }
             val pipeline = ch.pipeline()
             cfg.connection.also { conn ->
-                val readTimeout = conn.readTimeout.toMillis()
-                val writeTimeout = conn.writeTimeout.toMillis()
-                if (readTimeout > 0 || writeTimeout > 0) {
-                    pipeline.addLast(
-                        IdleStateHandler(
-                            false,
-                            readTimeout,
-                            writeTimeout,
-                            0,
-                            TimeUnit.MILLISECONDS
-                        )
-                    )
-                }
                 val readIdleTimeout = conn.readIdleTimeout.toMillis()
                 val writeIdleTimeout = conn.writeIdleTimeout.toMillis()
                 val idleTimeout = conn.idleTimeout.toMillis()
@@ -381,21 +354,20 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
                 ServerHandler(prefix)
             }
             pipeline.addLast(eventExecutorGroup, ServerHandler.NAME, serverHandler)
-            pipeline.addLast(cacheHandlerFactory.newHandler())
+
+            pipeline.addLast(cacheHandlerFactory.newHandler(ch.eventLoop(), channelFactory, datagramChannelFactory))
             pipeline.addLast(TraceHandler)
             pipeline.addLast(ExceptionHandler)
         }
 
-        override fun close() {
+        override fun asyncClose() = cacheHandlerFactory.asyncClose()
-            cacheHandlerFactory.close()
-        }
     }
 
     class ServerHandle(
         closeFuture: ChannelFuture,
         private val bossGroup: EventExecutorGroup,
         private val executorGroups: Iterable<EventExecutorGroup>,
-        private val serverInitializer: AutoCloseable,
+        private val serverInitializer: AsyncCloseable,
     ) : Future<Void> by from(closeFuture, executorGroups, serverInitializer) {
 
         companion object {
@@ -404,42 +376,53 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
             private fun from(
                 closeFuture: ChannelFuture,
                 executorGroups: Iterable<EventExecutorGroup>,
-                serverInitializer: AutoCloseable
+                serverInitializer: AsyncCloseable
             ): CompletableFuture<Void> {
                 val result = CompletableFuture<Void>()
                 closeFuture.addListener {
                     val errors = mutableListOf<Throwable>()
                     val deadline = Instant.now().plusSeconds(20)
-
-
-                    for (executorGroup in executorGroups) {
-                        val future = executorGroup.terminationFuture()
-                        try {
-                            val now = Instant.now()
-                            if (now > deadline) {
-                                future.get(0, TimeUnit.SECONDS)
-                            } else {
-                                future.get(Duration.between(now, deadline).toMillis(), TimeUnit.MILLISECONDS)
-                            }
-                        }
-                        catch (te: TimeoutException) {
-                            errors.addLast(te)
-                            log.warn("Timeout while waiting for shutdown of $executorGroup", te)
-                        } catch (ex: Throwable) {
-                            log.warn(ex.message, ex)
-                            errors.addLast(ex)
-                        }
-                    }
                     try {
                         serverInitializer.close()
                     } catch (ex: Throwable) {
                         log.error(ex.message, ex)
                         errors.addLast(ex)
                     }
-                    if(errors.isEmpty()) {
+
-                        result.complete(null)
+                    serverInitializer.asyncClose().whenComplete { _, ex ->
-                    } else {
+                        if(ex != null) {
-                        result.completeExceptionally(errors.first())
+                            log.error(ex.message, ex)
+                            errors.addLast(ex)
+                        }
+
+                        executorGroups.map {
+                            it.shutdownGracefully()
+                        }
+
+                        for (executorGroup in executorGroups) {
+                            val future = executorGroup.terminationFuture()
+                            try {
+                                val now = Instant.now()
+                                if (now > deadline) {
+                                    future.get(0, TimeUnit.SECONDS)
+                                } else {
+                                    future.get(Duration.between(now, deadline).toMillis(), TimeUnit.MILLISECONDS)
+                                }
+                            }
+                            catch (te: TimeoutException) {
+                                errors.addLast(te)
+                                log.warn("Timeout while waiting for shutdown of $executorGroup", te)
+                            } catch (ex: Throwable) {
+                                log.warn(ex.message, ex)
+                                errors.addLast(ex)
+                            }
+                        }
+
+                        if(errors.isEmpty()) {
+                            result.complete(null)
+                        } else {
+                            result.completeExceptionally(errors.first())
+                        }
                     }
                 }
 
@@ -454,16 +437,15 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
 
         fun sendShutdownSignal() {
             bossGroup.shutdownGracefully()
-            executorGroups.map {
-                it.shutdownGracefully()
-            }
         }
     }
 
     fun run(): ServerHandle {
         // Create the multithreaded event loops for the server
         val bossGroup = NioEventLoopGroup(1)
-        val serverSocketChannel = NioServerSocketChannel::class.java
+        val channelFactory = ChannelFactory<SocketChannel> { NioSocketChannel() }
+        val datagramChannelFactory = ChannelFactory<DatagramChannel> { NioDatagramChannel() }
+        val serverChannelFactory = ChannelFactory<ServerSocketChannel> { NioServerSocketChannel() }
         val workerGroup = NioEventLoopGroup(0)
         val eventExecutorGroup = run {
             val threadFactory = if (cfg.eventExecutor.isUseVirtualThreads) {
@@ -473,11 +455,11 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
             }
             DefaultEventExecutorGroup(Runtime.getRuntime().availableProcessors(), threadFactory)
         }
-        val serverInitializer = ServerInitializer(cfg, eventExecutorGroup)
+        val serverInitializer = ServerInitializer(cfg, channelFactory, datagramChannelFactory, workerGroup)
         val bootstrap = ServerBootstrap().apply {
             // Configure the server
             group(bossGroup, workerGroup)
-            channel(serverSocketChannel)
+            channelFactory(serverChannelFactory)
             childHandler(serverInitializer)
             option(ChannelOption.SO_BACKLOG, cfg.incomingConnectionsBacklogSize)
             childOption(ChannelOption.SO_KEEPALIVE, true)

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/auth/ClientCertificateValidator.kt

@@ -1,90 +0,0 @@
-package net.woggioni.rbcs.server.auth
-
-import io.netty.channel.ChannelHandlerContext
-import io.netty.channel.ChannelInboundHandlerAdapter
-import io.netty.handler.ssl.SslHandler
-import io.netty.handler.ssl.SslHandshakeCompletionEvent
-import java.security.KeyStore
-import java.security.cert.CertPathValidator
-import java.security.cert.CertPathValidatorException
-import java.security.cert.CertificateException
-import java.security.cert.CertificateFactory
-import java.security.cert.PKIXParameters
-import java.security.cert.PKIXRevocationChecker
-import java.security.cert.X509Certificate
-import java.util.EnumSet
-import javax.net.ssl.SSLSession
-import javax.net.ssl.TrustManagerFactory
-import javax.net.ssl.X509TrustManager
-
-
-class ClientCertificateValidator private constructor(
-    private val sslHandler: SslHandler,
-    private val x509TrustManager: X509TrustManager
-) : ChannelInboundHandlerAdapter() {
-    override fun userEventTriggered(ctx: ChannelHandlerContext, evt: Any) {
-        if (evt is SslHandshakeCompletionEvent) {
-            if (evt.isSuccess) {
-                val session: SSLSession = sslHandler.engine().session
-                val clientCertificateChain = session.peerCertificates as Array<X509Certificate>
-                val authType: String = clientCertificateChain[0].publicKey.algorithm
-                x509TrustManager.checkClientTrusted(clientCertificateChain, authType)
-            } else {
-                // Handle the failure, for example by closing the channel.
-            }
-        }
-        super.userEventTriggered(ctx, evt)
-    }
-
-    companion object {
-        fun getTrustManager(trustStore: KeyStore?, certificateRevocationEnabled: Boolean): X509TrustManager {
-            return if (trustStore != null) {
-                val certificateFactory = CertificateFactory.getInstance("X.509")
-                val validator = CertPathValidator.getInstance("PKIX").apply {
-                    val rc = revocationChecker as PKIXRevocationChecker
-                    rc.options = EnumSet.of(
-                        PKIXRevocationChecker.Option.NO_FALLBACK
-                    )
-                }
-                val params = PKIXParameters(trustStore).apply {
-                    isRevocationEnabled = certificateRevocationEnabled
-                }
-                object : X509TrustManager {
-                    override fun checkClientTrusted(chain: Array<out X509Certificate>, authType: String) {
-                        val clientCertificateChain = certificateFactory.generateCertPath(chain.toList())
-                        try {
-                            validator.validate(clientCertificateChain, params)
-                        } catch (ex: CertPathValidatorException) {
-                            throw CertificateException(ex)
-                        }
-                    }
-
-                    override fun checkServerTrusted(chain: Array<out X509Certificate>, authType: String) {
-                        throw NotImplementedError()
-                    }
-
-                    private val acceptedIssuers = trustStore.aliases().asSequence()
-                        .filter(trustStore::isCertificateEntry)
-                        .map(trustStore::getCertificate)
-                        .map { it as X509Certificate }
-                        .toList()
-                        .toTypedArray()
-
-                    override fun getAcceptedIssuers() = acceptedIssuers
-                }
-            } else {
-                val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
-                trustManagerFactory.trustManagers.asSequence().filter { it is X509TrustManager }
-                    .single() as X509TrustManager
-            }
-        }
-
-        fun of(
-            sslHandler: SslHandler,
-            trustStore: KeyStore?,
-            certificateRevocationEnabled: Boolean
-        ): ClientCertificateValidator {
-            return ClientCertificateValidator(sslHandler, getTrustManager(trustStore, certificateRevocationEnabled))
-        }
-    }
-}

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/cache/FileSystemCache.kt

@@ -1,6 +1,7 @@
 package net.woggioni.rbcs.server.cache
 
 import net.woggioni.jwo.JWO
+import net.woggioni.rbcs.api.AsyncCloseable
 import net.woggioni.rbcs.api.CacheValueMetadata
 import net.woggioni.rbcs.common.createLogger
 import java.io.ByteArrayOutputStream
@@ -18,11 +19,12 @@ import java.nio.file.StandardOpenOption
 import java.nio.file.attribute.BasicFileAttributes
 import java.time.Duration
 import java.time.Instant
+import java.util.concurrent.CompletableFuture
 
 class FileSystemCache(
     val root: Path,
     val maxAge: Duration
-) : AutoCloseable {
+) : AsyncCloseable {
 
     class EntryValue(val metadata: CacheValueMetadata, val channel : FileChannel, val offset : Long, val size : Long) : Serializable
 
@@ -112,9 +114,18 @@ class FileSystemCache(
         return FileSink(metadata, file, tmpFile)
     }
 
-    private val garbageCollector = Thread.ofVirtual().name("file-system-cache-gc").start {
+    private val closeFuture = object : CompletableFuture<Void>() {
-        while (running) {
+        init {
-            gc()
+            Thread.ofVirtual().name("file-system-cache-gc").start {
+                try {
+                    while (running) {
+                        gc()
+                    }
+                    complete(null)
+                } catch (ex : Throwable) {
+                    completeExceptionally(ex)
+                }
+            }
         }
     }
 
@@ -151,8 +162,8 @@ class FileSystemCache(
         return result
     }
 
-    override fun close() {
+    override fun asyncClose() : CompletableFuture<Void> {
         running = false
-        garbageCollector.join()
+        return closeFuture
     }
 }

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/cache/FileSystemCacheConfiguration.kt

@@ -1,5 +1,9 @@
 package net.woggioni.rbcs.server.cache
 
+import io.netty.channel.ChannelFactory
+import io.netty.channel.EventLoopGroup
+import io.netty.channel.socket.DatagramChannel
+import io.netty.channel.socket.SocketChannel
 import net.woggioni.jwo.Application
 import net.woggioni.rbcs.api.CacheHandlerFactory
 import net.woggioni.rbcs.api.Configuration
@@ -19,11 +23,13 @@ data class FileSystemCacheConfiguration(
     override fun materialize() = object : CacheHandlerFactory {
         private val cache = FileSystemCache(root ?: Application.builder("rbcs").build().computeCacheDirectory(), maxAge)
 
-        override fun close() {
+        override fun asyncClose() = cache.asyncClose()
-            cache.close()
-        }
 
-        override fun newHandler() = FileSystemCacheHandler(cache, digestAlgorithm, compressionEnabled, compressionLevel, chunkSize)
+        override fun newHandler(
+            eventLoop: EventLoopGroup,
+            socketChannelFactory: ChannelFactory<SocketChannel>,
+            datagramChannelFactory: ChannelFactory<DatagramChannel>
+        ) = FileSystemCacheHandler(cache, digestAlgorithm, compressionEnabled, compressionLevel, chunkSize)
     }
 
     override fun getNamespaceURI() = RBCS.RBCS_NAMESPACE_URI

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/cache/FileSystemCacheProvider.kt

@@ -30,7 +30,7 @@ class FileSystemCacheProvider : CacheProvider<FileSystemCacheConfiguration> {
         val compressionLevel = el.renderAttribute("compression-level")
             ?.let(String::toInt)
             ?: Deflater.DEFAULT_COMPRESSION
-        val digestAlgorithm = el.renderAttribute("digest") ?: "MD5"
+        val digestAlgorithm = el.renderAttribute("digest")
         val chunkSize = el.renderAttribute("chunk-size")
             ?.let(Integer::decode)
             ?: 0x10000

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/cache/InMemoryCache.kt

@@ -1,10 +1,12 @@
 package net.woggioni.rbcs.server.cache
 
 import io.netty.buffer.ByteBuf
+import net.woggioni.rbcs.api.AsyncCloseable
 import net.woggioni.rbcs.api.CacheValueMetadata
 import net.woggioni.rbcs.common.createLogger
 import java.time.Duration
 import java.time.Instant
+import java.util.concurrent.CompletableFuture
 import java.util.concurrent.ConcurrentHashMap
 import java.util.concurrent.PriorityBlockingQueue
 import java.util.concurrent.TimeUnit
@@ -26,7 +28,7 @@ class CacheEntry(
 class InMemoryCache(
     private val maxAge: Duration,
     private val maxSize: Long
-) : AutoCloseable {
+) : AsyncCloseable {
 
     companion object {
         private val log = createLogger<InMemoryCache>()
@@ -45,26 +47,35 @@ class InMemoryCache(
     @Volatile
     private var running = true
 
-    private val garbageCollector = Thread.ofVirtual().name("in-memory-cache-gc").start {
+    private val closeFuture = object : CompletableFuture<Void>() {
-        while (running) {
+        init {
-            val el = removalQueue.poll(1, TimeUnit.SECONDS) ?: continue
+            Thread.ofVirtual().name("in-memory-cache-gc").start {
-            val value = el.value
+                try {
-            val now = Instant.now()
+                    while (running) {
-            if (now > el.expiry) {
+                        val el = removalQueue.poll(1, TimeUnit.SECONDS) ?: continue
-                val removed = map.remove(el.key, value)
+                        val value = el.value
-                if (removed) {
+                        val now = Instant.now()
-                    updateSizeAfterRemoval(value.content)
+                        if (now > el.expiry) {
-                    //Decrease the reference count for map
+                            val removed = map.remove(el.key, value)
-                    value.content.release()
+                            if (removed) {
+                                updateSizeAfterRemoval(value.content)
+                                //Decrease the reference count for map
+                                value.content.release()
+                            }
+                        } else {
+                            removalQueue.put(el)
+                            Thread.sleep(minOf(Duration.between(now, el.expiry), Duration.ofSeconds(1)))
+                        }
+                    }
+                    complete(null)
+                } catch (ex: Throwable) {
+                    completeExceptionally(ex)
                 }
-            } else {
-                removalQueue.put(el)
-                Thread.sleep(minOf(Duration.between(now, el.expiry), Duration.ofSeconds(1)))
             }
         }
     }
 
-    private fun removeEldest(): Long {
+    fun removeEldest(): Long {
         while (true) {
             val el = removalQueue.take()
             val value = el.value
@@ -84,9 +95,9 @@ class InMemoryCache(
         }
     }
 
-    override fun close() {
+    override fun asyncClose() : CompletableFuture<Void> {
         running = false
-        garbageCollector.join()
+        return closeFuture
     }
 
     fun get(key: ByteArray) = map[CacheKey(key)]?.run {

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/cache/InMemoryCacheConfiguration.kt

@@ -1,5 +1,10 @@
 package net.woggioni.rbcs.server.cache
 
+import io.netty.channel.ChannelFactory
+import io.netty.channel.EventLoopGroup
+import io.netty.channel.socket.DatagramChannel
+import io.netty.channel.socket.SocketChannel
+import io.netty.util.concurrent.Future
 import net.woggioni.rbcs.api.CacheHandlerFactory
 import net.woggioni.rbcs.api.Configuration
 import net.woggioni.rbcs.common.RBCS
@@ -16,11 +21,13 @@ data class InMemoryCacheConfiguration(
     override fun materialize() = object : CacheHandlerFactory {
         private val cache = InMemoryCache(maxAge, maxSize)
 
-        override fun close() {
+        override fun asyncClose() = cache.asyncClose()
-            cache.close()
-        }
 
-        override fun newHandler() = InMemoryCacheHandler(cache, digestAlgorithm, compressionEnabled, compressionLevel)
+        override fun newHandler(
+            eventLoop: EventLoopGroup,
+            socketChannelFactory: ChannelFactory<SocketChannel>,
+            datagramChannelFactory: ChannelFactory<DatagramChannel>
+        ) = InMemoryCacheHandler(cache, digestAlgorithm, compressionEnabled, compressionLevel)
     }
 
     override fun getNamespaceURI() = RBCS.RBCS_NAMESPACE_URI

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/cache/InMemoryCacheHandler.kt

@@ -91,6 +91,7 @@ class InMemoryCacheHandler(
                 val buf = ctx.alloc().heapBuffer()
                 InflaterOutputStream(ByteBufOutputStream(buf)).use {
                     value.content.readBytes(it, value.content.readableBytes())
+                    value.content.release()
                     buf.retain()
                 }
                 ctx.writeAndFlush(LastCacheContent(buf))

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/cache/InMemoryCacheProvider.kt

@@ -30,7 +30,7 @@ class InMemoryCacheProvider : CacheProvider<InMemoryCacheConfiguration> {
         val compressionLevel = el.renderAttribute("compression-level")
             ?.let(String::toInt)
             ?: Deflater.DEFAULT_COMPRESSION
-        val digestAlgorithm = el.renderAttribute("digest") ?: "MD5"
+        val digestAlgorithm = el.renderAttribute("digest")
         val chunkSize = el.renderAttribute("chunk-size")
             ?.let(Integer::decode)
             ?: 0x10000

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/configuration/Parser.kt

@@ -27,8 +27,6 @@ object Parser {
         val root = document.documentElement
         val anonymousUser = User("", null, emptySet(), null)
         var connection: Configuration.Connection = Configuration.Connection(
-            Duration.of(10, ChronoUnit.SECONDS),
-            Duration.of(10, ChronoUnit.SECONDS),
             Duration.of(60, ChronoUnit.SECONDS),
             Duration.of(30, ChronoUnit.SECONDS),
             Duration.of(30, ChronoUnit.SECONDS),
@@ -113,10 +111,6 @@ object Parser {
                 }
 
                 "connection" -> {
-                    val writeTimeout = child.renderAttribute("write-timeout")
-                        ?.let(Duration::parse) ?: Duration.of(0, ChronoUnit.SECONDS)
-                    val readTimeout = child.renderAttribute("read-timeout")
-                        ?.let(Duration::parse) ?: Duration.of(0, ChronoUnit.SECONDS)
                     val idleTimeout = child.renderAttribute("idle-timeout")
                         ?.let(Duration::parse) ?: Duration.of(30, ChronoUnit.SECONDS)
                     val readIdleTimeout = child.renderAttribute("read-idle-timeout")
@@ -126,8 +120,6 @@ object Parser {
                     val maxRequestSize = child.renderAttribute("max-request-size")
                         ?.let(Integer::decode) ?: 0x4000000
                     connection = Configuration.Connection(
-                        readTimeout,
-                        writeTimeout,
                         idleTimeout,
                         readIdleTimeout,
                         writeIdleTimeout,

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/configuration/Serializer.kt

@@ -36,8 +36,6 @@ object Serializer {
             }
             node("connection") {
                 conf.connection.let { connection ->
-                    attr("read-timeout", connection.readTimeout.toString())
-                    attr("write-timeout", connection.writeTimeout.toString())
                     attr("idle-timeout", connection.idleTimeout.toString())
                     attr("read-idle-timeout", connection.readIdleTimeout.toString())
                     attr("write-idle-timeout", connection.writeIdleTimeout.toString())

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/handler/ServerHandler.kt

@@ -135,13 +135,13 @@ class ServerHandler(private val serverPrefix: Path) :
         setRequestMetadata(msg)
         val method = msg.method()
         if (method === HttpMethod.GET) {
-            val path = Path.of(msg.uri())
+            val path = Path.of(msg.uri()).normalize()
-            val prefix = path.parent
+            if (path.startsWith(serverPrefix)) {
-            if (serverPrefix == prefix) {
+                val relativePath = serverPrefix.relativize(path)
+                val key = relativePath.toString()
                 ctx.pipeline().addAfter(NAME, CacheContentHandler.NAME, CacheContentHandler)
-                path.fileName?.toString()
+                key.let(::CacheGetRequest)
-                    ?.let(::CacheGetRequest)
+                    .let(ctx::fireChannelRead)
-                    ?.let(ctx::fireChannelRead)
                     ?: ctx.channel().write(CacheValueNotFoundResponse())
             } else {
                 log.warn(ctx) {
@@ -152,11 +152,10 @@ class ServerHandler(private val serverPrefix: Path) :
                 ctx.writeAndFlush(response)
             }
         } else if (method === HttpMethod.PUT) {
-            val path = Path.of(msg.uri())
+            val path = Path.of(msg.uri()).normalize()
-            val prefix = path.parent
+            if (path.startsWith(serverPrefix)) {
-            val key = path.fileName.toString()
+                val relativePath = serverPrefix.relativize(path)
-
+                val key = relativePath.toString()
-            if (serverPrefix == prefix) {
                 log.debug(ctx) {
                     "Added value for key '$key' to build cache"
                 }

rbcs-server/src/main/resources/net/woggioni/rbcs/server/rbcs-default.xml

@@ -4,16 +4,5 @@
              xmlns:rbcs="urn:net.woggioni.rbcs.server"
              xs:schemaLocation="urn:net.woggioni.rbcs.server jpms://net.woggioni.rbcs.server/net/woggioni/rbcs/server/schema/rbcs.xsd">
     <bind host="127.0.0.1" port="8080" incoming-connections-backlog-size="1024"/>
-    <connection
+    <cache xs:type="rbcs:fileSystemCacheType" path="${sys:java.io.tmpdir}/rbcs" max-age="P7D"/>
-            max-request-size="67108864"
-            idle-timeout="PT30S"
-            read-timeout="PT10S"
-            write-timeout="PT10S"
-            read-idle-timeout="PT60S"
-            write-idle-timeout="PT60S"/>
-    <event-executor use-virtual-threads="true"/>
-    <cache xs:type="rbcs:fileSystemCacheType" path="/tmp/rbcs" max-age="P7D"/>
-    <authentication>
-        <none/>
-    </authentication>
 </rbcs:server>

rbcs-server/src/main/resources/net/woggioni/rbcs/server/schema/rbcs.xsd

@@ -3,14 +3,27 @@
            xmlns:xs="http://www.w3.org/2001/XMLSchema"
            xmlns:rbcs="urn:net.woggioni.rbcs.server"
            elementFormDefault="unqualified">
-    <xs:element name="server" type="rbcs:serverType"/>
+    <xs:element name="server" type="rbcs:serverType">
+        <xs:annotation>
+            <xs:documentation>
+                Root element containing the server configuration
+            </xs:documentation>
+        </xs:annotation>
+    </xs:element>
 
     <xs:complexType name="serverType">
         <xs:sequence minOccurs="0">
             <xs:element name="bind" type="rbcs:bindType" maxOccurs="1"/>
             <xs:element name="connection" type="rbcs:connectionType" minOccurs="0" maxOccurs="1"/>
             <xs:element name="event-executor" type="rbcs:eventExecutorType" minOccurs="0" maxOccurs="1"/>
-            <xs:element name="cache" type="rbcs:cacheType" maxOccurs="1"/>
+            <xs:element name="cache" type="rbcs:cacheType" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>
+                        Cache storage backend implementation to use, more implementations can be added through
+                        the use of plugins
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
             <xs:element name="authorization" type="rbcs:authorizationType" minOccurs="0">
                 <xs:key name="userId">
                     <xs:selector xpath="users/user"/>
@@ -21,75 +34,279 @@
                     <xs:field xpath="@ref"/>
                 </xs:keyref>
             </xs:element>
-            <xs:element name="authentication" type="rbcs:authenticationType" minOccurs="0" maxOccurs="1"/>
+            <xs:element name="authentication" type="rbcs:authenticationType" minOccurs="0" maxOccurs="1">
-            <xs:element name="tls" type="rbcs:tlsType" minOccurs="0" maxOccurs="1"/>
+                <xs:annotation>
+                    <xs:documentation>
+                        Mechanism to use to assign a username to a specific client
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="tls" type="rbcs:tlsType" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>
+                        Use TLS to encrypt all the communications
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
         </xs:sequence>
-        <xs:attribute name="path" type="xs:string" use="optional"/>
+        <xs:attribute name="path" type="xs:string" use="optional">
+            <xs:annotation>
+                <xs:documentation>
+                    URI path prefix, if your rbcs is hosted at "http://www.example.com"
+                    and this parameter is set to "cache", then all the requests will need to be sent at
+                    "http://www.example.com/cache/KEY", where "KEY" is the cache entry KEY
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
     </xs:complexType>
 
     <xs:complexType name="bindType">
-        <xs:attribute name="host" type="xs:token" use="required"/>
+        <xs:attribute name="host" type="xs:token" use="required">
-        <xs:attribute name="port" type="xs:unsignedShort" use="required"/>
+            <xs:annotation>
-        <xs:attribute name="incoming-connections-backlog-size" type="xs:unsignedInt" use="optional" default="1024"/>
+                <xs:documentation>Server bind address</xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="port" type="xs:unsignedShort" use="required">
+            <xs:annotation>
+                <xs:documentation>Server port number</xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="incoming-connections-backlog-size" type="xs:unsignedInt" use="optional" default="1024">
+            <xs:annotation>
+                <xs:documentation>
+                    The maximum queue length for incoming connection indications (a request to connect) is set to
+                    the backlog parameter. If a connection indication arrives when the queue is full,
+                    the connection is refused.
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
     </xs:complexType>
 
     <xs:complexType name="connectionType">
-        <xs:attribute name="read-timeout" type="xs:duration" use="optional" default="PT0S"/>
+        <xs:attribute name="idle-timeout" type="xs:duration" use="optional" default="PT30S">
-        <xs:attribute name="write-timeout" type="xs:duration" use="optional" default="PT0S"/>
+            <xs:annotation>
-        <xs:attribute name="idle-timeout" type="xs:duration" use="optional" default="PT30S"/>
+                <xs:documentation>
-        <xs:attribute name="read-idle-timeout" type="xs:duration" use="optional" default="PT60S"/>
+                    The server will close the connection with the client
-        <xs:attribute name="write-idle-timeout" type="xs:duration" use="optional" default="PT60S"/>
+                    when neither a read nor a write was performed for the specified period of time.
-        <xs:attribute name="max-request-size" type="rbcs:byteSizeType" use="optional" default="0x4000000"/>
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="read-idle-timeout" type="xs:duration" use="optional" default="PT60S">
+            <xs:annotation>
+                <xs:documentation>
+                    The server will close the connection with the client
+                    when no read was performed for the specified period of time.
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="write-idle-timeout" type="xs:duration" use="optional" default="PT60S">
+            <xs:annotation>
+                <xs:documentation>
+                    The server will close the connection with the client
+                    when no write was performed for the specified period of time.
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="max-request-size" type="rbcs:byteSizeType" use="optional" default="0x4000000">
+            <xs:annotation>
+                <xs:documentation>
+                    The maximum request body size the server will accept from a client
+                    (if exceeded the server returns 413 HTTP status code)
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
     </xs:complexType>
 
     <xs:complexType name="eventExecutorType">
-        <xs:attribute name="use-virtual-threads" type="xs:boolean" use="optional" default="true"/>
+        <xs:attribute name="use-virtual-threads" type="xs:boolean" use="optional" default="true">
+            <xs:annotation>
+                <xs:documentation>
+                    Whether or not to use virtual threads for the execution of the core server handler
+                    (not for the I/O operations)
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
     </xs:complexType>
 
     <xs:complexType name="cacheType" abstract="true"/>
 
     <xs:complexType name="inMemoryCacheType">
+        <xs:annotation>
+            <xs:documentation>
+                A simple cache implementation that uses a java.util.ConcurrentHashMap as a storage backend
+            </xs:documentation>
+        </xs:annotation>
         <xs:complexContent>
             <xs:extension base="rbcs:cacheType">
-                <xs:attribute name="max-age" type="xs:duration" default="P1D"/>
+                <xs:attribute name="max-age" type="xs:duration" default="P1D">
-                <xs:attribute name="max-size" type="rbcs:byteSizeType" default="0x1000000"/>
+                    <xs:annotation>
-                <xs:attribute name="digest" type="xs:token" default="MD5"/>
+                        <xs:documentation>
-                <xs:attribute name="enable-compression" type="xs:boolean" default="true"/>
+                            Values will be removed from the cache after this amount of time
-                <xs:attribute name="compression-level" type="rbcs:compressionLevelType" default="-1"/>
+                        </xs:documentation>
-                <xs:attribute name="chunk-size" type="rbcs:byteSizeType" default="0x10000"/>
+                    </xs:annotation>
+                </xs:attribute>
+                <xs:attribute name="max-size" type="rbcs:byteSizeType" default="0x1000000">
+                    <xs:annotation>
+                        <xs:documentation>
+                            The maximum allowed total size of the cache in bytes, old values will be purged from the cache
+                            when the insertion of a new value causes this limit to be exceeded
+                        </xs:documentation>
+                    </xs:annotation>
+                </xs:attribute>
+                <xs:attribute name="digest" type="xs:token">
+                    <xs:annotation>
+                        <xs:documentation>
+                            Hashing algorithm to apply to the key. If omitted, no hashing is performed.
+                        </xs:documentation>
+                    </xs:annotation>
+                </xs:attribute>
+                <xs:attribute name="enable-compression" type="xs:boolean" default="true">
+                    <xs:annotation>
+                        <xs:documentation>
+                            Enable deflate compression for stored cache elements
+                        </xs:documentation>
+                    </xs:annotation>
+                </xs:attribute>
+                <xs:attribute name="compression-level" type="rbcs:compressionLevelType" default="-1">
+                    <xs:annotation>
+                        <xs:documentation>
+                            Deflate compression level to use for cache compression,
+                            use -1 to use the default compression level of java.util.zip.Deflater
+                        </xs:documentation>
+                    </xs:annotation>
+                </xs:attribute>
+                <xs:attribute name="chunk-size" type="rbcs:byteSizeType" default="0x10000">
+                    <xs:annotation>
+                        <xs:documentation>
+                            Maximum byte size of socket write calls
+                        </xs:documentation>
+                    </xs:annotation>
+                </xs:attribute>
             </xs:extension>
         </xs:complexContent>
     </xs:complexType>
 
     <xs:complexType name="fileSystemCacheType">
+        <xs:annotation>
+            <xs:documentation>
+                A simple cache implementation that stores data in a folder on the filesystem
+            </xs:documentation>
+        </xs:annotation>
         <xs:complexContent>
             <xs:extension base="rbcs:cacheType">
-                <xs:attribute name="path" type="xs:string" use="optional"/>
+                <xs:attribute name="path" type="xs:string" use="optional">
-                <xs:attribute name="max-age" type="xs:duration" default="P1D"/>
+                    <xs:annotation>
-                <xs:attribute name="digest" type="xs:token" default="MD5"/>
+                        <xs:documentation>
-                <xs:attribute name="enable-compression" type="xs:boolean" default="true"/>
+                            File system path that will be used to store the cache data files
-                <xs:attribute name="compression-level" type="rbcs:compressionLevelType" default="-1"/>
+                            (it will be created if it doesn't already exist)
-                <xs:attribute name="chunk-size" type="rbcs:byteSizeType" default="0x10000"/>
+                        </xs:documentation>
+                    </xs:annotation>
+                </xs:attribute>
+                <xs:attribute name="max-age" type="xs:duration" default="P1D">
+                    <xs:annotation>
+                        <xs:documentation>
+                            Values will be removed from the cache after this amount of time
+                        </xs:documentation>
+                    </xs:annotation>
+                </xs:attribute>
+                <xs:attribute name="digest" type="xs:token" default="SHA3-224">
+                    <xs:annotation>
+                        <xs:documentation>
+                            Hashing algorithm to apply to the key. If omitted, no hashing is performed.
+                        </xs:documentation>
+                    </xs:annotation>
+                </xs:attribute>
+                <xs:attribute name="enable-compression" type="xs:boolean" default="true">
+                    <xs:annotation>
+                        <xs:documentation>
+                            Enable deflate compression for stored cache elements
+                        </xs:documentation>
+                    </xs:annotation>
+                </xs:attribute>
+                <xs:attribute name="compression-level" type="rbcs:compressionLevelType" default="-1">
+                    <xs:annotation>
+                        <xs:documentation>
+                            Deflate compression level to use for cache compression,
+                            use -1 to use the default compression level of java.util.zip.Deflater
+                        </xs:documentation>
+                    </xs:annotation>
+                </xs:attribute>
+                <xs:attribute name="chunk-size" type="rbcs:byteSizeType" default="0x10000">
+                    <xs:annotation>
+                        <xs:documentation>
+                            Maximum byte size of a cache value that will be stored in memory
+                            (reduce it to reduce memory consumption, increase it for increased throughput)
+                        </xs:documentation>
+                    </xs:annotation>
+                </xs:attribute>
             </xs:extension>
         </xs:complexContent>
     </xs:complexType>
 
     <xs:complexType name="tlsCertificateAuthorizationType">
         <xs:sequence>
-            <xs:element name="group-extractor" type="rbcs:X500NameExtractorType" minOccurs="0"/>
+            <xs:element name="group-extractor" type="rbcs:X500NameExtractorType" minOccurs="0">
-            <xs:element name="user-extractor" type="rbcs:X500NameExtractorType" minOccurs="0"/>
+                <xs:annotation>
+                    <xs:documentation>
+                        A regex based extractor that will be used to determine which group the client belongs to,
+                        based on the X.500 name of the subject field in the client's TLS certificate.
+                        When this is set RBAC works even if the user isn't listed in the &lt;users/&gt; section as
+                        the client will be assigned role solely based on the group he is found to belong to.
+                        Note that this does not allow for a client to be part of multiple groups.
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="user-extractor" type="rbcs:X500NameExtractorType" minOccurs="0">
+                <xs:annotation>
+                    <xs:documentation>
+                        A regex based extractor that will be used to assign a user to a connected client,
+                        based on the X.500 name of the subject field in the client's TLS certificate.
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
         </xs:sequence>
     </xs:complexType>
 
     <xs:complexType name="X500NameExtractorType">
-        <xs:attribute name="attribute-name" type="xs:token"/>
+        <xs:annotation>
-        <xs:attribute name="pattern" type="xs:token"/>
+            <xs:documentation>
+                Extract informations from a client TLS certificates using
+                regular expressions applied to the X.500 name "Subject" field
+            </xs:documentation>
+        </xs:annotation>
+        <xs:attribute name="attribute-name" type="xs:token">
+            <xs:annotation>
+                <xs:documentation>
+                    X.500 name attribute to apply the regex
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="pattern" type="xs:token">
+            <xs:annotation>
+                <xs:documentation>
+                    Regex that wil be applied to the attribute value,
+                    use regex groups to extract relevant data
+                    (note that only the first group that appears in the regex is used)
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
     </xs:complexType>
 
     <xs:complexType name="authorizationType">
         <xs:all>
-            <xs:element name="users" type="rbcs:usersType"/>
+            <xs:element name="users" type="rbcs:usersType">
+                <xs:annotation>
+                    <xs:documentation>
+                        List of users registered in the application
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
             <xs:element name="groups" type="rbcs:groupsType">
+                <xs:annotation>
+                    <xs:documentation>
+                        List of user groups registered in the application
+                    </xs:documentation>
+                </xs:annotation>
                 <xs:unique name="groupKey">
                     <xs:selector xpath="group"/>
                     <xs:field xpath="@name"/>
@@ -99,48 +316,150 @@
     </xs:complexType>
 
     <xs:complexType name="authenticationType">
+        <xs:annotation>
+            <xs:documentation>
+                Authentication mechanism to assign usernames and groups to clients
+            </xs:documentation>
+        </xs:annotation>
         <xs:choice>
-            <xs:element name="basic"/>
+            <xs:element name="basic">
-            <xs:element name="client-certificate" type="rbcs:tlsCertificateAuthorizationType"/>
+                <xs:annotation>
-            <xs:element name="none"/>
+                    <xs:documentation>
+                        Enable HTTP basic authentication
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="client-certificate" type="rbcs:tlsCertificateAuthorizationType">
+                <xs:annotation>
+                    <xs:documentation>
+                        Enable TLS certificate authentication
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="none">
+                <xs:annotation>
+                    <xs:documentation>
+                        Disable authentication altogether
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
         </xs:choice>
     </xs:complexType>
 
     <xs:complexType name="quotaType">
-        <xs:attribute name="calls" type="xs:positiveInteger" use="required"/>
+        <xs:annotation>
-        <xs:attribute name="period" type="xs:duration" use="required"/>
+            <xs:documentation>
-        <xs:attribute name="max-available-calls" type="xs:positiveInteger" use="optional"/>
+                Defines a quota for a user or a group
-        <xs:attribute name="initial-available-calls" type="xs:unsignedInt" use="optional"/>
+            </xs:documentation>
+        </xs:annotation>
+        <xs:attribute name="calls" type="xs:positiveInteger" use="required">
+            <xs:annotation>
+                <xs:documentation>
+                    Maximum number of allowed calls in a given period
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="period" type="xs:duration" use="required">
+            <xs:annotation>
+                <xs:documentation>
+                    The period length
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="max-available-calls" type="xs:positiveInteger" use="optional">
+            <xs:annotation>
+                <xs:documentation>
+                    Maximum number of available calls that can be accumulated
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="initial-available-calls" type="xs:unsignedInt" use="optional">
+            <xs:annotation>
+                <xs:documentation>
+                    Number of available calls for users at their first call
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
     </xs:complexType>
 
     <xs:complexType name="anonymousUserType">
+        <xs:annotation>
+            <xs:documentation>
+                Placeholder for a client that is not authenticated
+            </xs:documentation>
+        </xs:annotation>
         <xs:sequence>
-            <xs:element name="quota" type="rbcs:quotaType" minOccurs="0" maxOccurs="1"/>
+            <xs:element name="quota" type="rbcs:quotaType" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>
+                        Calls quota for the user
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
         </xs:sequence>
     </xs:complexType>
 
     <xs:complexType name="userType">
+        <xs:annotation>
+            <xs:documentation>
+                An authenticated user
+            </xs:documentation>
+        </xs:annotation>
         <xs:sequence>
-            <xs:element name="quota" type="rbcs:quotaType" minOccurs="0" maxOccurs="1"/>
+            <xs:element name="quota" type="rbcs:quotaType" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>
+                        Calls quota for the user
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
         </xs:sequence>
-        <xs:attribute name="name" type="xs:token" use="required"/>
+        <xs:attribute name="name" type="xs:token" use="required">
-        <xs:attribute name="password" type="xs:string" use="optional"/>
+            <xs:annotation>
+                <xs:documentation>
+                    User's name
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="password" type="xs:string" use="optional">
+            <xs:annotation>
+                <xs:documentation>
+                    User's password used in HTTP basic authentication
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
     </xs:complexType>
 
     <xs:complexType name="usersType">
-        <xs:sequence>
+        <xs:annotation>
+            <xs:documentation>
+                List of registered users, add an &lt;anonymous&gt; tag to enable authenticated user access
+                when authentication is enabled
+            </xs:documentation>
+        </xs:annotation>
+    <xs:sequence>
             <xs:element name="user" type="rbcs:userType" minOccurs="0" maxOccurs="unbounded"/>
             <xs:element name="anonymous" type="rbcs:anonymousUserType" minOccurs="0" maxOccurs="1"/>
         </xs:sequence>
     </xs:complexType>
 
     <xs:complexType name="groupsType">
+        <xs:annotation>
+            <xs:documentation>
+                List of registered user groups
+            </xs:documentation>
+        </xs:annotation>
         <xs:sequence>
             <xs:element name="group" type="rbcs:groupType" maxOccurs="unbounded" minOccurs="0"/>
         </xs:sequence>
     </xs:complexType>
 
     <xs:complexType name="groupType">
+        <xs:annotation>
+            <xs:documentation>
+                The definition of a user group, with the list of its member users
+            </xs:documentation>
+        </xs:annotation>
         <xs:sequence>
             <xs:element name="users" type="rbcs:userRefsType" maxOccurs="1" minOccurs="0">
                 <xs:unique name="userRefWriterKey">
@@ -148,11 +467,35 @@
                     <xs:field xpath="@ref"/>
                 </xs:unique>
             </xs:element>
-            <xs:element name="roles" type="rbcs:rolesType" maxOccurs="1" minOccurs="0"/>
+            <xs:element name="roles" type="rbcs:rolesType" maxOccurs="1" minOccurs="0">
-            <xs:element name="user-quota" type="rbcs:quotaType" minOccurs="0" maxOccurs="1"/>
+                <xs:annotation>
-            <xs:element name="group-quota" type="rbcs:quotaType" minOccurs="0" maxOccurs="1"/>
+                    <xs:documentation>
+                        The list of application roles awarded to all the members of this group
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="user-quota" type="rbcs:quotaType" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>
+                        The call quota for each user in this group
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="group-quota" type="rbcs:quotaType" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>
+                        The cumulative call quota for all users in this group
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
         </xs:sequence>
-        <xs:attribute name="name" type="xs:token"/>
+        <xs:attribute name="name" type="xs:token">
+            <xs:annotation>
+                <xs:documentation>
+                    The group's name
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
     </xs:complexType>
 
     <xs:simpleType name="role" final="restriction" >
@@ -172,6 +515,11 @@
     </xs:complexType>
 
     <xs:complexType name="userRefsType">
+        <xs:annotation>
+            <xs:documentation>
+                A list of references to users in the &lt;users&gt; section
+            </xs:documentation>
+        </xs:annotation>
         <xs:sequence>
                 <xs:element name="user" type="rbcs:userRefType" maxOccurs="unbounded" minOccurs="0"/>
                 <xs:element name="anonymous" minOccurs="0" maxOccurs="1"/>
@@ -179,28 +527,106 @@
     </xs:complexType>
 
     <xs:complexType name="userRefType">
-        <xs:attribute name="ref" type="xs:string" use="required"/>
+        <xs:annotation>
+            <xs:documentation>
+                A reference to a user in the &lt;users&gt; section
+            </xs:documentation>
+        </xs:annotation>
+        <xs:attribute name="ref" type="xs:string" use="required">
+            <xs:annotation>
+                <xs:documentation>
+                    Name of the referenced user
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
     </xs:complexType>
 
     <xs:complexType name="tlsType">
+        <xs:annotation>
+            <xs:documentation>
+                Enable TLS protocol
+            </xs:documentation>
+        </xs:annotation>
         <xs:all>
-            <xs:element name="keystore" type="rbcs:keyStoreType" />
+            <xs:element name="keystore" type="rbcs:keyStoreType" >
-            <xs:element name="truststore" type="rbcs:trustStoreType" minOccurs="0"/>
+                <xs:annotation>
+                    <xs:documentation>
+                        Path to the keystore file that contains the server's key and certificate
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="truststore" type="rbcs:trustStoreType" minOccurs="0">
+                <xs:annotation>
+                    <xs:documentation>
+                        Path to the truststore file that contains the trusted CAs
+                        for TLS client certificate verification
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
         </xs:all>
     </xs:complexType>
 
     <xs:complexType name="keyStoreType">
-        <xs:attribute name="file" type="xs:string" use="required"/>
+        <xs:attribute name="file" type="xs:string" use="required">
-        <xs:attribute name="password" type="xs:string"/>
+            <xs:annotation>
-        <xs:attribute name="key-alias" type="xs:string" use="required"/>
+                <xs:documentation>
-        <xs:attribute name="key-password" type="xs:string"/>
+                    System path to the keystore file
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="password" type="xs:string">
+            <xs:annotation>
+                <xs:documentation>
+                    Password to open they keystore file
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="key-alias" type="xs:string" use="required">
+            <xs:annotation>
+                <xs:documentation>
+                    Alias of the keystore entry containing the private key
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="key-password" type="xs:string">
+            <xs:annotation>
+                <xs:documentation>
+                    Private key entry's encryption password
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
     </xs:complexType>
 
     <xs:complexType name="trustStoreType">
-        <xs:attribute name="file" type="xs:string" use="required"/>
+        <xs:attribute name="file" type="xs:string" use="required">
-        <xs:attribute name="password" type="xs:string"/>
+            <xs:annotation>
-        <xs:attribute name="check-certificate-status" type="xs:boolean"/>
+                <xs:documentation>
-        <xs:attribute name="require-client-certificate" type="xs:boolean" use="optional" default="false"/>
+                    Path to the trustore file
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="password" type="xs:string">
+            <xs:annotation>
+                <xs:documentation>
+                    Trustore file password
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="check-certificate-status" type="xs:boolean">
+            <xs:annotation>
+                <xs:documentation>
+                    Whether or not check the certificate validity using CRL/OCSP
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="require-client-certificate" type="xs:boolean" use="optional" default="false">
+            <xs:annotation>
+                <xs:documentation>
+                    If true, the server requires a TLS client certificate from the client and simply refuses to connect
+                    when a client certificate isn't provided
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
     </xs:complexType>
 
     <xs:complexType name="propertiesType">

rbcs-server/src/test/java/net/woggioni/rbcs/server/test/utils/NetworkUtils.java

@@ -1,30 +0,0 @@
-package net.woggioni.rbcs.server.test.utils;
-
-import net.woggioni.jwo.JWO;
-
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.ServerSocket;
-
-public class NetworkUtils {
-
-    private static final int MAX_ATTEMPTS = 50;
-
-    public static int getFreePort() {
-        int count = 0;
-        while(count < MAX_ATTEMPTS) {
-            try (ServerSocket serverSocket = new ServerSocket(0, 50, InetAddress.getLocalHost())) {
-                final var candidate = serverSocket.getLocalPort();
-                if (candidate > 0) {
-                    return candidate;
-                } else {
-                    JWO.newThrowable(RuntimeException.class, "Got invalid port number: %d", candidate);
-                    throw new RuntimeException("Error trying to find an open port");
-                }
-            } catch (IOException ignored) {
-                ++count;
-            }
-        }
-        throw new RuntimeException("Error trying to find an open port");
-    }
-}

rbcs-server/src/test/kotlin/net/woggioni/rbcs/server/test/AbstractBasicAuthServerTest.kt

@@ -2,10 +2,10 @@ package net.woggioni.rbcs.server.test
 
 import net.woggioni.rbcs.api.Configuration
 import net.woggioni.rbcs.api.Role
+import net.woggioni.rbcs.common.RBCS.getFreePort
 import net.woggioni.rbcs.common.Xml
 import net.woggioni.rbcs.server.cache.FileSystemCacheConfiguration
 import net.woggioni.rbcs.server.configuration.Serializer
-import net.woggioni.rbcs.server.test.utils.NetworkUtils
 import java.net.URI
 import java.net.http.HttpRequest
 import java.nio.charset.StandardCharsets
@@ -33,13 +33,11 @@ abstract class AbstractBasicAuthServerTest : AbstractServerTest() {
         this.cacheDir = testDir.resolve("cache")
         cfg = Configuration.of(
             "127.0.0.1",
-            NetworkUtils.getFreePort(),
+            getFreePort(),
             50,
             serverPath,
             Configuration.EventExecutor(false),
             Configuration.Connection(
-                Duration.of(10, ChronoUnit.SECONDS),
-                Duration.of(10, ChronoUnit.SECONDS),
                 Duration.of(60, ChronoUnit.SECONDS),
                 Duration.of(30, ChronoUnit.SECONDS),
                 Duration.of(30, ChronoUnit.SECONDS),

rbcs-server/src/test/kotlin/net/woggioni/rbcs/server/test/AbstractTlsServerTest.kt

@@ -2,12 +2,12 @@ package net.woggioni.rbcs.server.test
 
 import net.woggioni.rbcs.api.Configuration
 import net.woggioni.rbcs.api.Role
+import net.woggioni.rbcs.common.RBCS.getFreePort
 import net.woggioni.rbcs.common.Xml
 import net.woggioni.rbcs.server.cache.FileSystemCacheConfiguration
 import net.woggioni.rbcs.server.configuration.Serializer
 import net.woggioni.rbcs.server.test.utils.CertificateUtils
 import net.woggioni.rbcs.server.test.utils.CertificateUtils.X509Credentials
-import net.woggioni.rbcs.server.test.utils.NetworkUtils
 import org.bouncycastle.asn1.x500.X500Name
 import java.net.URI
 import java.net.http.HttpClient
@@ -138,13 +138,11 @@ abstract class AbstractTlsServerTest : AbstractServerTest() {
         createKeyStoreAndTrustStore()
         cfg = Configuration(
             "127.0.0.1",
-            NetworkUtils.getFreePort(),
+            getFreePort(),
             100,
             serverPath,
             Configuration.EventExecutor(false),
             Configuration.Connection(
-                Duration.of(10, ChronoUnit.SECONDS),
-                Duration.of(10, ChronoUnit.SECONDS),
                 Duration.of(60, ChronoUnit.SECONDS),
                 Duration.of(30, ChronoUnit.SECONDS),
                 Duration.of(30, ChronoUnit.SECONDS),

rbcs-server/src/test/kotlin/net/woggioni/rbcs/server/test/NoAuthServerTest.kt

@@ -2,10 +2,10 @@ package net.woggioni.rbcs.server.test
 
 import io.netty.handler.codec.http.HttpResponseStatus
 import net.woggioni.rbcs.api.Configuration
+import net.woggioni.rbcs.common.RBCS.getFreePort
 import net.woggioni.rbcs.common.Xml
 import net.woggioni.rbcs.server.cache.InMemoryCacheConfiguration
 import net.woggioni.rbcs.server.configuration.Serializer
-import net.woggioni.rbcs.server.test.utils.NetworkUtils
 import org.junit.jupiter.api.Assertions
 import org.junit.jupiter.api.Order
 import org.junit.jupiter.api.Test
@@ -33,13 +33,11 @@ class NoAuthServerTest : AbstractServerTest() {
         this.cacheDir = testDir.resolve("cache")
         cfg = Configuration(
             "127.0.0.1",
-            NetworkUtils.getFreePort(),
+            getFreePort(),
             100,
             serverPath,
             Configuration.EventExecutor(false),
             Configuration.Connection(
-                Duration.of(10, ChronoUnit.SECONDS),
-                Duration.of(10, ChronoUnit.SECONDS),
                 Duration.of(60, ChronoUnit.SECONDS),
                 Duration.of(30, ChronoUnit.SECONDS),
                 Duration.of(30, ChronoUnit.SECONDS),
@@ -120,6 +118,56 @@ class NoAuthServerTest : AbstractServerTest() {
 
     @Test
     @Order(4)
+    fun getUnhandledPath() {
+        val client: HttpClient = HttpClient.newHttpClient()
+        val (key, _) = newEntry(random)
+        val requestBuilder = HttpRequest.newBuilder()
+            .uri(URI.create("http://${cfg.host}:${cfg.port}/some/other/path/$key"))
+        val response: HttpResponse<ByteArray> =
+            client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
+        Assertions.assertEquals(HttpResponseStatus.BAD_REQUEST.code(), response.statusCode())
+    }
+
+    @Test
+    @Order(5)
+    fun putUnhandledPath() {
+        val client: HttpClient = HttpClient.newHttpClient()
+        val (key, value) = newEntry(random)
+        val requestBuilder = HttpRequest.newBuilder()
+            .uri(URI.create("http://${cfg.host}:${cfg.port}/some/other/path/$key"))
+            .PUT(HttpRequest.BodyPublishers.ofByteArray(value))
+        val response: HttpResponse<ByteArray> =
+            client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
+        Assertions.assertEquals(HttpResponseStatus.BAD_REQUEST.code(), response.statusCode())
+    }
+
+    @Test
+    @Order(6)
+    fun getRelativeUnhandledPath() {
+        val client: HttpClient = HttpClient.newHttpClient()
+        val (key, _) = newEntry(random)
+        val requestBuilder = HttpRequest.newBuilder()
+            .uri(URI.create("http://${cfg.host}:${cfg.port}/some/nested/path/../../../some/other/path/$key"))
+        val response: HttpResponse<ByteArray> =
+            client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
+        Assertions.assertEquals(HttpResponseStatus.BAD_REQUEST.code(), response.statusCode())
+    }
+
+    @Test
+    @Order(7)
+    fun getRelativePath() {
+        val client: HttpClient = HttpClient.newHttpClient()
+        val (key, value) = keyValuePair
+        val requestBuilder = HttpRequest.newBuilder()
+            .uri(URI.create("http://${cfg.host}:${cfg.port}/some/other/path/../../nested/path/$key"))
+        val response: HttpResponse<ByteArray> =
+            client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
+        Assertions.assertEquals(HttpResponseStatus.OK.code(), response.statusCode())
+        Assertions.assertArrayEquals(value, response.body())
+    }
+
+    @Test
+    @Order(10)
     fun traceTest() {
         val client: HttpClient = HttpClient.newBuilder().version(HttpClient.Version.HTTP_1_1).build()
         val requestBuilder = newRequestBuilder("").method(

rbcs-server/src/test/resources/net/woggioni/rbcs/server/test/valid/rbcs-default.xml

@@ -4,8 +4,6 @@
              xs:schemaLocation="urn:net.woggioni.rbcs.server jpms://net.woggioni.rbcs.server/net/woggioni/rbcs/server/schema/rbcs.xsd">
     <bind host="127.0.0.1" port="11443" incoming-connections-backlog-size="22"/>
     <connection
-            write-timeout="PT25M"
-            read-timeout="PT20M"
             read-idle-timeout="PT10M"
             write-idle-timeout="PT11M"
             idle-timeout="PT30M"

rbcs-server/src/test/resources/net/woggioni/rbcs/server/test/valid/rbcs-memcached-tls.xml

@@ -9,9 +9,7 @@
             max-request-size="67108864"
             idle-timeout="PT30S"
             read-idle-timeout="PT60S"
-            write-idle-timeout="PT60S"
+            write-idle-timeout="PT60S"/>
-            read-timeout="PT5M"
-            write-timeout="PT5M"/>
     <event-executor use-virtual-threads="true"/>
     <cache xs:type="rbcs-memcache:memcacheCacheType" max-age="P7D" chunk-size="123">
         <server host="memcached" port="11211"/>

rbcs-server/src/test/resources/net/woggioni/rbcs/server/test/valid/rbcs-memcached.xml

@@ -5,8 +5,6 @@
              xs:schemaLocation="urn:net.woggioni.rbcs.server.memcache jpms://net.woggioni.rbcs.server.memcache/net/woggioni/rbcs/server/memcache/schema/rbcs-memcache.xsd urn:net.woggioni.rbcs.server jpms://net.woggioni.rbcs.server/net/woggioni/rbcs/server/schema/rbcs.xsd">
     <bind host="127.0.0.1" port="11443" incoming-connections-backlog-size="50"/>
     <connection
-            write-timeout="PT25M"
-            read-timeout="PT20M"
             read-idle-timeout="PT10M"
             write-idle-timeout="PT11M"
             idle-timeout="PT30M"

rbcs-server/src/test/resources/net/woggioni/rbcs/server/test/valid/rbcs-tls.xml

@@ -4,8 +4,6 @@
              xs:schemaLocation="urn:net.woggioni.rbcs.server jpms://net.woggioni.rbcs.server/net/woggioni/rbcs/server/schema/rbcs.xsd">
     <bind host="127.0.0.1" port="11443" incoming-connections-backlog-size="180"/>
     <connection
-            write-timeout="PT25M"
-            read-timeout="PT20M"
             read-idle-timeout="PT10M"
             write-idle-timeout="PT11M"
             idle-timeout="PT30M"