Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

io,grpc,netty: Add support for IBMJSSE2 provider #5374

Closed
wants to merge 1 commit into from
Closed

io,grpc,netty: Add support for IBMJSSE2 provider #5374

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
20 changes: 20 additions & 0 deletions netty/src/main/java/io/grpc/netty/GrpcSslContexts.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ private GrpcSslContexts() {}
NEXT_PROTOCOL_VERSIONS);

private static final String SUN_PROVIDER_NAME = "SunJSSE";
private static final String IBM_PROVIDER_NAME = "IBMJSSE2";
private static final Method IS_CONSCRYPT_PROVIDER;

static {
Expand Down Expand Up @@ -225,6 +226,18 @@ public static SslContextBuilder configure(SslContextBuilder builder, Provider jd
throw new IllegalArgumentException(
SUN_PROVIDER_NAME + " selected, but Jetty NPN/ALPN unavailable");
}
} else if (IBM_PROVIDER_NAME.equals(jdkProvider.getName())) {
// Jetty ALPN/NPN only supports one of NPN or ALPN
ejona86 marked this conversation as resolved.
Show resolved Hide resolved
if (JettyTlsUtil.isJettyAlpnConfigured()) {
Copy link
Member

@ejona86 ejona86 Mar 1, 2019
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it actually support Jetty ALPN? I don't see anything about Jetty ALPN working for IBM and based on the IBM documentation, it seems like Jetty ALPN only works if using Oracle's JDK on IBM hardware. It looks like it has its own API for Java 8 (which is very similar to Jetty NPN/ALPN).

I would really like to know which of these is being selected when it works for you. I hope it is the isJava9AlpnAvailable() case.

My eventual goal in this part of the code was to use the Java 9+ API, when available, and check whether this specific provider supports ALPN by creating an sslEngine and calling getApplicationProtocol() (or similar); if it throws UnsupportedOperationException, then it doesn't support ALPN. That way we don't have to hard-code provider names (for the Java 9 ALPN API).

SunJSSE is hard-coded today because it must be hard-coded for Jetty ALPN/NPN. Java 9+ support was a community contribution and just followed most of the current flow. Unfortunately, just being on Java 9+ doesn't mean the provider supports ALPN, thus the need for eventually adding a getApplicationProtocol() check. But this had been "good enough" up until now since we know Java 9+'s SunJSSE implementation supports ALPN.

apc = ALPN;
} else if (JettyTlsUtil.isJettyNpnConfigured()) {
apc = NPN;
} else if (JettyTlsUtil.isJava9AlpnAvailable()) {
apc = ALPN;
} else {
throw new IllegalArgumentException(
IBM_PROVIDER_NAME + " selected, but Jetty NPN/ALPN unavailable");
}
} else if (isConscrypt(jdkProvider)) {
apc = ALPN;
} else {
Expand Down Expand Up @@ -268,6 +281,12 @@ private static Provider findJdkProvider() {
|| JettyTlsUtil.isJava9AlpnAvailable()) {
return provider;
}
} else if (IBM_PROVIDER_NAME.equals(provider.getName())) {
if (JettyTlsUtil.isJettyAlpnConfigured()
|| JettyTlsUtil.isJettyNpnConfigured()
|| JettyTlsUtil.isJava9AlpnAvailable()) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lines 285-287 are identical to lines 279-281. The checks seem to be independent of provider (the for loop iterator) and loop invariant. Can we create a helper method and also initialize the value outside the loop?

return provider;
}
} else if (isConscrypt(provider)) {
return provider;
}
Expand Down Expand Up @@ -305,3 +324,4 @@ static void ensureAlpnAndH2Enabled(
alpnNegotiator.protocols());
}
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the newline needed? I prefer to see only changes that are needed in the PR.