Skip to content
This repository has been archived by the owner on Feb 2, 2023. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
8254631: Better support ALPN byte wire values in SunJSSE
Reviewed-by: dcherepanov
Backport-of: fe5cccc
  • Loading branch information
Alexey Bakhtin authored and Dmitry Cherepanov committed Aug 10, 2021
1 parent 9940295 commit 481b6f8
Show file tree
Hide file tree
Showing 3 changed files with 344 additions and 9 deletions.
37 changes: 28 additions & 9 deletions src/java.base/share/classes/sun/security/ssl/AlpnExtension.java
Expand Up @@ -27,7 +27,10 @@

import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.nio.charset.Charset;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.Security;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedList;
Expand Down Expand Up @@ -59,6 +62,20 @@ final class AlpnExtension {

static final SSLStringizer alpnStringizer = new AlpnStringizer();

// Encoding Charset to convert between String and byte[]
static final Charset alpnCharset;

static {
String alpnCharsetString = AccessController.doPrivileged(
(PrivilegedAction<String>) ()
-> Security.getProperty("jdk.tls.alpnCharset"));
if ((alpnCharsetString == null)
|| (alpnCharsetString.length() == 0)) {
alpnCharsetString = "ISO_8859_1";
}
alpnCharset = Charset.forName(alpnCharsetString);
}

/**
* The "application_layer_protocol_negotiation" extension.
*
Expand Down Expand Up @@ -97,7 +114,7 @@ private AlpnSpec(ByteBuffer buffer) throws IOException {
"extension: empty application protocol name");
}

String appProtocol = new String(bytes, StandardCharsets.UTF_8);
String appProtocol = new String(bytes, alpnCharset);
protocolNames.add(appProtocol);
}

Expand Down Expand Up @@ -164,10 +181,10 @@ public byte[] produce(ConnectionContext context,
return null;
}

// Produce the extension.
// Produce the extension: first find the overall length
int listLength = 0; // ProtocolNameList length
for (String ap : laps) {
int length = ap.getBytes(StandardCharsets.UTF_8).length;
int length = ap.getBytes(alpnCharset).length;
if (length == 0) {
// log the configuration problem
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
Expand Down Expand Up @@ -219,8 +236,10 @@ public byte[] produce(ConnectionContext context,
byte[] extData = new byte[listLength + 2];
ByteBuffer m = ByteBuffer.wrap(extData);
Record.putInt16(m, listLength);

// opaque ProtocolName<1..2^8-1>;
for (String ap : laps) {
Record.putBytes8(m, ap.getBytes(StandardCharsets.UTF_8));
Record.putBytes8(m, ap.getBytes(alpnCharset));
}

// Update the context.
Expand Down Expand Up @@ -415,14 +434,14 @@ public byte[] produce(ConnectionContext context,
}

// opaque ProtocolName<1..2^8-1>, RFC 7301.
int listLen = shc.applicationProtocol.length() + 1;
// 1: length byte
byte[] bytes = shc.applicationProtocol.getBytes(alpnCharset);
int listLen = bytes.length + 1; // 1: length byte

// ProtocolName protocol_name_list<2..2^16-1>, RFC 7301.
byte[] extData = new byte[listLen + 2]; // 2: list length
ByteBuffer m = ByteBuffer.wrap(extData);
Record.putInt16(m, listLen);
Record.putBytes8(m,
shc.applicationProtocol.getBytes(StandardCharsets.UTF_8));
Record.putBytes8(m, bytes);

// Update the context.
shc.conContext.applicationProtocol = shc.applicationProtocol;
Expand Down
10 changes: 10 additions & 0 deletions src/java.base/share/conf/security/java.security
Expand Up @@ -1324,6 +1324,16 @@ jdk.io.permissionsUseCanonicalPath=false
#
#jdk.security.allowNonCaAnchor=true

#
# The default Character set name (java.nio.charset.Charset.forName())
# for converting TLS ALPN values between byte arrays and Strings.
# Prior versions of the JDK may use UTF-8 as the default charset. If
# you experience interoperability issues, setting this property to UTF-8
# may help.
#
# jdk.tls.alpnCharset=UTF-8
jdk.tls.alpnCharset=ISO_8859_1

#
# JNDI Object Factories Filter
#
Expand Down

1 comment on commit 481b6f8

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.