Skip to content
This repository was archived by the owner on Feb 2, 2023. It is now read-only.

Commit 481b6f8

Browse files
Alexey BakhtinDmitry Cherepanov
authored andcommitted
8254631: Better support ALPN byte wire values in SunJSSE
Reviewed-by: dcherepanov Backport-of: fe5cccc
1 parent 9940295 commit 481b6f8

File tree

3 files changed

+344
-9
lines changed

3 files changed

+344
-9
lines changed

src/java.base/share/classes/sun/security/ssl/AlpnExtension.java

Lines changed: 28 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,10 @@
2727

2828
import java.io.IOException;
2929
import java.nio.ByteBuffer;
30-
import java.nio.charset.StandardCharsets;
30+
import java.nio.charset.Charset;
31+
import java.security.AccessController;
32+
import java.security.PrivilegedAction;
33+
import java.security.Security;
3134
import java.util.Arrays;
3235
import java.util.Collections;
3336
import java.util.LinkedList;
@@ -59,6 +62,20 @@ final class AlpnExtension {
5962

6063
static final SSLStringizer alpnStringizer = new AlpnStringizer();
6164

65+
// Encoding Charset to convert between String and byte[]
66+
static final Charset alpnCharset;
67+
68+
static {
69+
String alpnCharsetString = AccessController.doPrivileged(
70+
(PrivilegedAction<String>) ()
71+
-> Security.getProperty("jdk.tls.alpnCharset"));
72+
if ((alpnCharsetString == null)
73+
|| (alpnCharsetString.length() == 0)) {
74+
alpnCharsetString = "ISO_8859_1";
75+
}
76+
alpnCharset = Charset.forName(alpnCharsetString);
77+
}
78+
6279
/**
6380
* The "application_layer_protocol_negotiation" extension.
6481
*
@@ -97,7 +114,7 @@ private AlpnSpec(ByteBuffer buffer) throws IOException {
97114
"extension: empty application protocol name");
98115
}
99116

100-
String appProtocol = new String(bytes, StandardCharsets.UTF_8);
117+
String appProtocol = new String(bytes, alpnCharset);
101118
protocolNames.add(appProtocol);
102119
}
103120

@@ -164,10 +181,10 @@ public byte[] produce(ConnectionContext context,
164181
return null;
165182
}
166183

167-
// Produce the extension.
184+
// Produce the extension: first find the overall length
168185
int listLength = 0; // ProtocolNameList length
169186
for (String ap : laps) {
170-
int length = ap.getBytes(StandardCharsets.UTF_8).length;
187+
int length = ap.getBytes(alpnCharset).length;
171188
if (length == 0) {
172189
// log the configuration problem
173190
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
@@ -219,8 +236,10 @@ public byte[] produce(ConnectionContext context,
219236
byte[] extData = new byte[listLength + 2];
220237
ByteBuffer m = ByteBuffer.wrap(extData);
221238
Record.putInt16(m, listLength);
239+
240+
// opaque ProtocolName<1..2^8-1>;
222241
for (String ap : laps) {
223-
Record.putBytes8(m, ap.getBytes(StandardCharsets.UTF_8));
242+
Record.putBytes8(m, ap.getBytes(alpnCharset));
224243
}
225244

226245
// Update the context.
@@ -415,14 +434,14 @@ public byte[] produce(ConnectionContext context,
415434
}
416435

417436
// opaque ProtocolName<1..2^8-1>, RFC 7301.
418-
int listLen = shc.applicationProtocol.length() + 1;
419-
// 1: length byte
437+
byte[] bytes = shc.applicationProtocol.getBytes(alpnCharset);
438+
int listLen = bytes.length + 1; // 1: length byte
439+
420440
// ProtocolName protocol_name_list<2..2^16-1>, RFC 7301.
421441
byte[] extData = new byte[listLen + 2]; // 2: list length
422442
ByteBuffer m = ByteBuffer.wrap(extData);
423443
Record.putInt16(m, listLen);
424-
Record.putBytes8(m,
425-
shc.applicationProtocol.getBytes(StandardCharsets.UTF_8));
444+
Record.putBytes8(m, bytes);
426445

427446
// Update the context.
428447
shc.conContext.applicationProtocol = shc.applicationProtocol;

src/java.base/share/conf/security/java.security

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1324,6 +1324,16 @@ jdk.io.permissionsUseCanonicalPath=false
13241324
#
13251325
#jdk.security.allowNonCaAnchor=true
13261326

1327+
#
1328+
# The default Character set name (java.nio.charset.Charset.forName())
1329+
# for converting TLS ALPN values between byte arrays and Strings.
1330+
# Prior versions of the JDK may use UTF-8 as the default charset. If
1331+
# you experience interoperability issues, setting this property to UTF-8
1332+
# may help.
1333+
#
1334+
# jdk.tls.alpnCharset=UTF-8
1335+
jdk.tls.alpnCharset=ISO_8859_1
1336+
13271337
#
13281338
# JNDI Object Factories Filter
13291339
#

0 commit comments

Comments
 (0)