Skip to content
This repository was archived by the owner on Feb 2, 2023. It is now read-only.

Commit 9e553f3

Browse files
Alexey BakhtinDmitry Cherepanov
authored andcommitted
8254631: Better support ALPN byte wire values in SunJSSE
Reviewed-by: dcherepanov Backport-of: fe5cccc1ec76a5c29b1f55af311823f84483395b
1 parent 25760d1 commit 9e553f3

File tree

3 files changed

+344
-9
lines changed

3 files changed

+344
-9
lines changed

src/java.base/share/classes/sun/security/ssl/AlpnExtension.java

Lines changed: 28 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,10 @@
2727

2828
import java.io.IOException;
2929
import java.nio.ByteBuffer;
30-
import java.nio.charset.StandardCharsets;
30+
import java.nio.charset.Charset;
31+
import java.security.AccessController;
32+
import java.security.PrivilegedAction;
33+
import java.security.Security;
3134
import java.util.Arrays;
3235
import java.util.Collections;
3336
import java.util.LinkedList;
@@ -59,6 +62,20 @@ final class AlpnExtension {
5962

6063
static final SSLStringizer alpnStringizer = new AlpnStringizer();
6164

65+
// Encoding Charset to convert between String and byte[]
66+
static final Charset alpnCharset;
67+
68+
static {
69+
String alpnCharsetString = AccessController.doPrivileged(
70+
(PrivilegedAction<String>) ()
71+
-> Security.getProperty("jdk.tls.alpnCharset"));
72+
if ((alpnCharsetString == null)
73+
|| (alpnCharsetString.length() == 0)) {
74+
alpnCharsetString = "ISO_8859_1";
75+
}
76+
alpnCharset = Charset.forName(alpnCharsetString);
77+
}
78+
6279
/**
6380
* The "application_layer_protocol_negotiation" extension.
6481
*
@@ -101,7 +118,7 @@ private AlpnSpec(HandshakeContext hc,
101118
"extension: empty application protocol name"));
102119
}
103120

104-
String appProtocol = new String(bytes, StandardCharsets.UTF_8);
121+
String appProtocol = new String(bytes, alpnCharset);
105122
protocolNames.add(appProtocol);
106123
}
107124

@@ -168,10 +185,10 @@ public byte[] produce(ConnectionContext context,
168185
return null;
169186
}
170187

171-
// Produce the extension.
188+
// Produce the extension: first find the overall length
172189
int listLength = 0; // ProtocolNameList length
173190
for (String ap : laps) {
174-
int length = ap.getBytes(StandardCharsets.UTF_8).length;
191+
int length = ap.getBytes(alpnCharset).length;
175192
if (length == 0) {
176193
// log the configuration problem
177194
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
@@ -223,8 +240,10 @@ public byte[] produce(ConnectionContext context,
223240
byte[] extData = new byte[listLength + 2];
224241
ByteBuffer m = ByteBuffer.wrap(extData);
225242
Record.putInt16(m, listLength);
243+
244+
// opaque ProtocolName<1..2^8-1>;
226245
for (String ap : laps) {
227-
Record.putBytes8(m, ap.getBytes(StandardCharsets.UTF_8));
246+
Record.putBytes8(m, ap.getBytes(alpnCharset));
228247
}
229248

230249
// Update the context.
@@ -414,14 +433,14 @@ public byte[] produce(ConnectionContext context,
414433
}
415434

416435
// opaque ProtocolName<1..2^8-1>, RFC 7301.
417-
int listLen = shc.applicationProtocol.length() + 1;
418-
// 1: length byte
436+
byte[] bytes = shc.applicationProtocol.getBytes(alpnCharset);
437+
int listLen = bytes.length + 1; // 1: length byte
438+
419439
// ProtocolName protocol_name_list<2..2^16-1>, RFC 7301.
420440
byte[] extData = new byte[listLen + 2]; // 2: list length
421441
ByteBuffer m = ByteBuffer.wrap(extData);
422442
Record.putInt16(m, listLen);
423-
Record.putBytes8(m,
424-
shc.applicationProtocol.getBytes(StandardCharsets.UTF_8));
443+
Record.putBytes8(m, bytes);
425444

426445
// Update the context.
427446
shc.conContext.applicationProtocol = shc.applicationProtocol;

src/java.base/share/conf/security/java.security

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1321,6 +1321,16 @@ jdk.io.permissionsUseCanonicalPath=false
13211321
#
13221322
#jdk.security.allowNonCaAnchor=true
13231323

1324+
#
1325+
# The default Character set name (java.nio.charset.Charset.forName())
1326+
# for converting TLS ALPN values between byte arrays and Strings.
1327+
# Prior versions of the JDK may use UTF-8 as the default charset. If
1328+
# you experience interoperability issues, setting this property to UTF-8
1329+
# may help.
1330+
#
1331+
# jdk.tls.alpnCharset=UTF-8
1332+
jdk.tls.alpnCharset=ISO_8859_1
1333+
13241334
#
13251335
# JNDI Object Factories Filter
13261336
#

0 commit comments

Comments
 (0)