Skip to content

Commit 8fac718

Browse files
normanmaurernormanmaurer
authored
Don't reset BCSSLParameters when setting application protocols (#13262)
 Motivation: We had a bug that lead to resetting the BCSSLParameters during setting the applications protocols. Modifications: Retrieve already configured BCSSLParameters and use these to set the application protocol Result: Fixes #13261
1 parent c353f4f commit 8fac718

1 file changed

Lines changed: 24 additions & 17 deletions

File tree

handler/src/main/java/io/netty/handler/ssl/BouncyCastleAlpnSslUtils.java

Lines changed: 24 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -17,13 +17,13 @@
1717

1818

1919
import io.netty.util.internal.EmptyArrays;
20+
import io.netty.util.internal.PlatformDependent;
2021
import io.netty.util.internal.SuppressJava6Requirement;
2122
import io.netty.util.internal.logging.InternalLogger;
2223
import io.netty.util.internal.logging.InternalLoggerFactory;
2324

2425
import javax.net.ssl.SSLContext;
2526
import javax.net.ssl.SSLEngine;
26-
import javax.net.ssl.SSLParameters;
2727
import java.lang.reflect.InvocationHandler;
2828
import java.lang.reflect.Method;
2929
import java.lang.reflect.Proxy;
@@ -37,8 +37,8 @@
3737
@SuppressJava6Requirement(reason = "Usage guarded by java version check")
3838
final class BouncyCastleAlpnSslUtils {
3939
private static final InternalLogger logger = InternalLoggerFactory.getInstance(BouncyCastleAlpnSslUtils.class);
40-
private static final Class BC_SSL_PARAMETERS;
4140
private static final Method SET_PARAMETERS;
41+
private static final Method GET_PARAMETERS;
4242
private static final Method SET_APPLICATION_PROTOCOLS;
4343
private static final Method GET_APPLICATION_PROTOCOL;
4444
private static final Method GET_HANDSHAKE_APPLICATION_PROTOCOL;
@@ -49,7 +49,7 @@ final class BouncyCastleAlpnSslUtils {
4949

5050
static {
5151
Class bcSslEngine;
52-
Class bcSslParameters;
52+
Method getParameters;
5353
Method setParameters;
5454
Method setApplicationProtocols;
5555
Method getApplicationProtocol;
@@ -63,10 +63,6 @@ final class BouncyCastleAlpnSslUtils {
6363
bcSslEngine = Class.forName("org.bouncycastle.jsse.BCSSLEngine");
6464
final Class testBCSslEngine = bcSslEngine;
6565

66-
bcSslParameters = Class.forName("org.bouncycastle.jsse.BCSSLParameters");
67-
Object bcSslParametersInstance = bcSslParameters.newInstance();
68-
final Class testBCSslParameters = bcSslParameters;
69-
7066
bcApplicationProtocolSelector =
7167
Class.forName("org.bouncycastle.jsse.BCApplicationProtocolSelector");
7268

@@ -82,21 +78,32 @@ public Method run() throws Exception {
8278

8379
SSLContext context = getSSLContext("BCJSSE");
8480
SSLEngine engine = context.createSSLEngine();
81+
82+
getParameters = AccessController.doPrivileged(new PrivilegedExceptionAction<Method>() {
83+
@Override
84+
public Method run() throws Exception {
85+
return testBCSslEngine.getMethod("getParameters");
86+
}
87+
});
88+
89+
final Object bcSslParameters = getParameters.invoke(engine);
90+
final Class<?> bCSslParametersClass = bcSslParameters.getClass();
91+
8592
setParameters = AccessController.doPrivileged(new PrivilegedExceptionAction<Method>() {
8693
@Override
8794
public Method run() throws Exception {
88-
return testBCSslEngine.getMethod("setParameters", testBCSslParameters);
95+
return testBCSslEngine.getMethod("setParameters", bCSslParametersClass);
8996
}
9097
});
91-
setParameters.invoke(engine, bcSslParametersInstance);
98+
setParameters.invoke(engine, bcSslParameters);
9299

93100
setApplicationProtocols = AccessController.doPrivileged(new PrivilegedExceptionAction<Method>() {
94101
@Override
95102
public Method run() throws Exception {
96-
return testBCSslParameters.getMethod("setApplicationProtocols", String[].class);
103+
return bCSslParametersClass.getMethod("setApplicationProtocols", String[].class);
97104
}
98105
});
99-
setApplicationProtocols.invoke(bcSslParametersInstance, new Object[]{EmptyArrays.EMPTY_STRINGS});
106+
setApplicationProtocols.invoke(bcSslParameters, new Object[]{EmptyArrays.EMPTY_STRINGS});
100107

101108
getApplicationProtocol = AccessController.doPrivileged(new PrivilegedExceptionAction<Method>() {
102109
@Override
@@ -134,8 +141,8 @@ public Method run() throws Exception {
134141

135142
} catch (Throwable t) {
136143
logger.error("Unable to initialize BouncyCastleAlpnSslUtils.", t);
137-
bcSslParameters = null;
138144
setParameters = null;
145+
getParameters = null;
139146
setApplicationProtocols = null;
140147
getApplicationProtocol = null;
141148
getHandshakeApplicationProtocol = null;
@@ -144,8 +151,8 @@ public Method run() throws Exception {
144151
bcApplicationProtocolSelectorSelect = null;
145152
bcApplicationProtocolSelector = null;
146153
}
147-
BC_SSL_PARAMETERS = bcSslParameters;
148154
SET_PARAMETERS = setParameters;
155+
GET_PARAMETERS = getParameters;
149156
SET_APPLICATION_PROTOCOLS = setApplicationProtocols;
150157
GET_APPLICATION_PROTOCOL = getApplicationProtocol;
151158
GET_HANDSHAKE_APPLICATION_PROTOCOL = getHandshakeApplicationProtocol;
@@ -169,19 +176,19 @@ static String getApplicationProtocol(SSLEngine sslEngine) {
169176
}
170177

171178
static void setApplicationProtocols(SSLEngine engine, List<String> supportedProtocols) {
172-
SSLParameters parameters = engine.getSSLParameters();
173-
174179
String[] protocolArray = supportedProtocols.toArray(EmptyArrays.EMPTY_STRINGS);
175180
try {
176-
Object bcSslParameters = BC_SSL_PARAMETERS.newInstance();
181+
Object bcSslParameters = GET_PARAMETERS.invoke(engine);
177182
SET_APPLICATION_PROTOCOLS.invoke(bcSslParameters, new Object[]{protocolArray});
178183
SET_PARAMETERS.invoke(engine, bcSslParameters);
179184
} catch (UnsupportedOperationException ex) {
180185
throw ex;
181186
} catch (Exception ex) {
182187
throw new IllegalStateException(ex);
183188
}
184-
engine.setSSLParameters(parameters);
189+
if (PlatformDependent.javaVersion() >= 9) {
190+
JdkAlpnSslUtils.setApplicationProtocols(engine, supportedProtocols);
191+
}
185192
}
186193

187194
static String getHandshakeApplicationProtocol(SSLEngine sslEngine) {

0 commit comments

Comments
 (0)