[UNDERTOW-1726] Disable the JDK9AlpnProvider from being used by defau…

…lt with Java 8 251 and higher. Add a system property to disable this behavior and use the JDK9AlpnProvider if the SSLEngine implementation being used is known to have the new methods implemented. https://issues.redhat.com/browse/UNDERTOW-1726
undertow-io · Jun 3, 2020 · 1f267fa · 1f267fa
1 parent cee24e7
commit 1f267fa
Showing 1 changed file with 29 additions and 4 deletions.
diff --git a/core/src/main/java/io/undertow/protocols/alpn/JDK9AlpnProvider.java b/core/src/main/java/io/undertow/protocols/alpn/JDK9AlpnProvider.java
@@ -22,6 +22,8 @@
 import java.lang.reflect.Method;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
 
@@ -38,16 +40,39 @@ public class JDK9AlpnProvider implements ALPNProvider {
 
 
     public static final JDK9ALPNMethods JDK_9_ALPN_METHODS;
+    private static final String JDK8_SUPPORT_PROPERTY = "io.undertow.protocols.alpn.jdk8";
 
     static {
+        // This property must be checked outside of the privileged action as the user should explicitly provide read
+        // access to it. A value of true is the only supported value.
+        final boolean addSupportIfExists = Boolean.getBoolean(JDK8_SUPPORT_PROPERTY);
         JDK_9_ALPN_METHODS = AccessController.doPrivileged(new PrivilegedAction<JDK9ALPNMethods>() {
             @Override
             public JDK9ALPNMethods run() {
                 try {
-                    Method setApplicationProtocols = SSLParameters.class.getMethod("setApplicationProtocols", String[].class);
-                    Method getApplicationProtocol = SSLEngine.class.getMethod("getApplicationProtocol");
-                    UndertowLogger.ROOT_LOGGER.debug("Using JDK9 ALPN");
-                    return new JDK9ALPNMethods(setApplicationProtocols, getApplicationProtocol);
+                    final String javaVersion = System.getProperty("java.specification.version");
+                    int vmVersion = 8;
+                    try {
+                        final Matcher matcher = Pattern.compile("^(?:1\\.)?(\\d+)$").matcher(javaVersion);
+                        if (matcher.find()) {
+                            vmVersion = Integer.parseInt(matcher.group(1));
+                        }
+                    } catch (Exception ignore) {
+                    }
+                    // There was a backport of the ALPN support to Java 8 in rev 251. If a non-JDK implementation of the
+                    // SSLEngine is used these methods throw an UnsupportedOperationException by default. However the
+                    // methods would exist and could result in issues. These methods can still be used by providing the
+                    // io.undertow.protocols.alpn.jdk8=true system property and support for Java 8 known in the
+                    // SSLEngine implementation being provided.
+                    if (vmVersion > 8 || addSupportIfExists) {
+                        Method setApplicationProtocols = SSLParameters.class.getMethod("setApplicationProtocols", String[].class);
+                        Method getApplicationProtocol = SSLEngine.class.getMethod("getApplicationProtocol");
+                        UndertowLogger.ROOT_LOGGER.debug("Using JDK9 ALPN");
+                        return new JDK9ALPNMethods(setApplicationProtocols, getApplicationProtocol);
+                    }
+                    UndertowLogger.ROOT_LOGGER.debugf("It's not certain ALPN support was found. " +
+                            "Provider %s will be disabled.", JDK9AlpnProvider.class.getName());
+                    return null;
                 } catch (Exception e) {
                     UndertowLogger.ROOT_LOGGER.debug("JDK9 ALPN not supported");
                     return null;