Skip to content

Commit

Permalink
Merge pull request #904 from jamezp/UNDERTOW-1726
Browse files Browse the repository at this point in the history
[UNDERTOW-1726] Disable the JDK9AlpnProvider from being used by defau…
  • Loading branch information
fl4via authored Jun 4, 2020
2 parents cee24e7 + 1f267fa commit 2334838
Showing 1 changed file with 29 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;

Expand All @@ -38,16 +40,39 @@ public class JDK9AlpnProvider implements ALPNProvider {


public static final JDK9ALPNMethods JDK_9_ALPN_METHODS;
private static final String JDK8_SUPPORT_PROPERTY = "io.undertow.protocols.alpn.jdk8";

static {
// This property must be checked outside of the privileged action as the user should explicitly provide read
// access to it. A value of true is the only supported value.
final boolean addSupportIfExists = Boolean.getBoolean(JDK8_SUPPORT_PROPERTY);
JDK_9_ALPN_METHODS = AccessController.doPrivileged(new PrivilegedAction<JDK9ALPNMethods>() {
@Override
public JDK9ALPNMethods run() {
try {
Method setApplicationProtocols = SSLParameters.class.getMethod("setApplicationProtocols", String[].class);
Method getApplicationProtocol = SSLEngine.class.getMethod("getApplicationProtocol");
UndertowLogger.ROOT_LOGGER.debug("Using JDK9 ALPN");
return new JDK9ALPNMethods(setApplicationProtocols, getApplicationProtocol);
final String javaVersion = System.getProperty("java.specification.version");
int vmVersion = 8;
try {
final Matcher matcher = Pattern.compile("^(?:1\\.)?(\\d+)$").matcher(javaVersion);
if (matcher.find()) {
vmVersion = Integer.parseInt(matcher.group(1));
}
} catch (Exception ignore) {
}
// There was a backport of the ALPN support to Java 8 in rev 251. If a non-JDK implementation of the
// SSLEngine is used these methods throw an UnsupportedOperationException by default. However the
// methods would exist and could result in issues. These methods can still be used by providing the
// io.undertow.protocols.alpn.jdk8=true system property and support for Java 8 known in the
// SSLEngine implementation being provided.
if (vmVersion > 8 || addSupportIfExists) {
Method setApplicationProtocols = SSLParameters.class.getMethod("setApplicationProtocols", String[].class);
Method getApplicationProtocol = SSLEngine.class.getMethod("getApplicationProtocol");
UndertowLogger.ROOT_LOGGER.debug("Using JDK9 ALPN");
return new JDK9ALPNMethods(setApplicationProtocols, getApplicationProtocol);
}
UndertowLogger.ROOT_LOGGER.debugf("It's not certain ALPN support was found. " +
"Provider %s will be disabled.", JDK9AlpnProvider.class.getName());
return null;
} catch (Exception e) {
UndertowLogger.ROOT_LOGGER.debug("JDK9 ALPN not supported");
return null;
Expand Down

0 comments on commit 2334838

Please sign in to comment.