This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 7763877 Direct use of the ALPN API
7763877 is described below
commit 7763877a98e5c74bb579b64f31e938fea17290a5
Author: remm <r...@apache.org>
AuthorDate: Fri Jul 3 10:37:58 2020 +0200
Direct use of the ALPN API
Tomcat 10 will now require at least Java 8_251, which was released in
April 2020, for TLS support. Any Java 9+ JVM will work too.
This will not be backported to Tomcat 9.0 as it slightly changes the
APIs, although the changes are trivial.
---
java/org/apache/tomcat/util/compat/JreCompat.java | 69 ----------------------
.../tomcat/util/compat/LocalStrings.properties | 3 -
.../tomcat/util/net/AbstractJsseEndpoint.java | 20 +------
.../apache/tomcat/util/net/SSLImplementation.java | 1 -
java/org/apache/tomcat/util/net/SSLUtil.java | 12 ----
.../apache/tomcat/util/net/SecureNio2Channel.java | 9 +--
.../apache/tomcat/util/net/SecureNioChannel.java | 9 +--
.../tomcat/util/net/jsse/JSSEImplementation.java | 5 --
.../tomcat/util/net/openssl/OpenSSLEngine.java | 5 +-
.../util/net/openssl/OpenSSLImplementation.java | 5 --
10 files changed, 7 insertions(+), 131 deletions(-)
diff --git a/java/org/apache/tomcat/util/compat/JreCompat.java
b/java/org/apache/tomcat/util/compat/JreCompat.java
index 8275e60..2f0268f 100644
--- a/java/org/apache/tomcat/util/compat/JreCompat.java
+++ b/java/org/apache/tomcat/util/compat/JreCompat.java
@@ -19,18 +19,11 @@ package org.apache.tomcat.util.compat;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.AccessibleObject;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
import java.net.URL;
import java.net.URLConnection;
import java.util.Deque;
import java.util.jar.JarFile;
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLParameters;
-
-import org.apache.tomcat.util.res.StringManager;
-
/**
* This is the base implementation class for JRE compatibility and provides an
* implementation based on Java 8. Sub-classes may extend this class and
provide
@@ -44,10 +37,6 @@ public class JreCompat {
private static final boolean graalAvailable;
private static final boolean jre11Available;
private static final boolean jre9Available;
- private static final StringManager sm =
StringManager.getManager(JreCompat.class);
-
- protected static final Method setApplicationProtocolsMethod;
- protected static final Method getApplicationProtocolMethod;
static {
// This is Tomcat 9 with a minimum Java version of Java 8.
@@ -66,17 +55,6 @@ public class JreCompat {
jre9Available = false;
}
jre11Available = instance.jarFileRuntimeMajorVersion() >= 11;
-
- Method m1 = null;
- Method m2 = null;
- try {
- m1 = SSLParameters.class.getMethod("setApplicationProtocols",
String[].class);
- m2 = SSLEngine.class.getMethod("getApplicationProtocol");
- } catch (ReflectiveOperationException | IllegalArgumentException e) {
- // Only the newest Java 8 have the ALPN API, so ignore
- }
- setApplicationProtocolsMethod = m1;
- getApplicationProtocolMethod = m2;
}
@@ -90,11 +68,6 @@ public class JreCompat {
}
- public static boolean isAlpnSupported() {
- return setApplicationProtocolsMethod != null &&
getApplicationProtocolMethod != null;
- }
-
-
public static boolean isJre9Available() {
return jre9Available;
}
@@ -123,48 +96,6 @@ public class JreCompat {
/**
- * Set the application protocols the server will accept for ALPN
- *
- * @param sslParameters The SSL parameters for a connection
- * @param protocols The application protocols to be allowed for that
- * connection
- */
- public void setApplicationProtocols(SSLParameters sslParameters, String[]
protocols) {
- if (setApplicationProtocolsMethod != null) {
- try {
- setApplicationProtocolsMethod.invoke(sslParameters, (Object)
protocols);
- } catch (IllegalAccessException | IllegalArgumentException |
InvocationTargetException e) {
- throw new UnsupportedOperationException(e);
- }
- } else {
- throw new
UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocols"));
- }
- }
-
-
- /**
- * Get the application protocol that has been negotiated for connection
- * associated with the given SSLEngine.
- *
- * @param sslEngine The SSLEngine for which to obtain the negotiated
- * protocol
- *
- * @return The name of the negotiated protocol
- */
- public String getApplicationProtocol(SSLEngine sslEngine) {
- if (getApplicationProtocolMethod != null) {
- try {
- return (String) getApplicationProtocolMethod.invoke(sslEngine);
- } catch (IllegalAccessException | IllegalArgumentException |
InvocationTargetException e) {
- throw new UnsupportedOperationException(e);
- }
- } else {
- throw new
UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocol"));
- }
- }
-
-
- /**
* Disables caching for JAR URL connections. For Java 8 and earlier, this
also disables
* caching for ALL URL connections.
*
diff --git a/java/org/apache/tomcat/util/compat/LocalStrings.properties
b/java/org/apache/tomcat/util/compat/LocalStrings.properties
index 891782c..34ffd70 100644
--- a/java/org/apache/tomcat/util/compat/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/compat/LocalStrings.properties
@@ -16,6 +16,3 @@
jre9Compat.invalidModuleUri=The module URI provided [{0}] could not be
converted to a URL for the JarScanner to process
jre9Compat.javaPre9=Class not found so assuming code is running on a pre-Java
9 JVM
jre9Compat.unexpected=Failed to create references to Java 9 classes and methods
-
-jreCompat.noApplicationProtocol=Java Runtime does not support
SSLEngine.getApplicationProtocol(). You must use Java 9 to use this feature.
-jreCompat.noApplicationProtocols=Java Runtime does not support
SSLParameters.setApplicationProtocols(). You must use Java 9 to use this
feature.
diff --git a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
index 925e91d..1488393 100644
--- a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
@@ -28,7 +28,6 @@ import java.util.Set;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
-import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.net.openssl.ciphers.Cipher;
public abstract class AbstractJsseEndpoint<S,U> extends AbstractEndpoint<S,U> {
@@ -123,7 +122,7 @@ public abstract class AbstractJsseEndpoint<S,U> extends
AbstractEndpoint<S,U> {
SSLParameters sslParameters = engine.getSSLParameters();
sslParameters.setUseCipherSuitesOrder(sslHostConfig.getHonorCipherOrder());
- if (JreCompat.isAlpnSupported() && clientRequestedApplicationProtocols
!= null
+ if (clientRequestedApplicationProtocols != null
&& clientRequestedApplicationProtocols.size() > 0
&& negotiableProtocols.size() > 0) {
// Only try to negotiate if both client and server have at least
@@ -134,7 +133,7 @@ public abstract class AbstractJsseEndpoint<S,U> extends
AbstractEndpoint<S,U> {
commonProtocols.retainAll(clientRequestedApplicationProtocols);
if (commonProtocols.size() > 0) {
String[] commonProtocolsArray = commonProtocols.toArray(new
String[0]);
- JreCompat.getInstance().setApplicationProtocols(sslParameters,
commonProtocolsArray);
+ sslParameters.setApplicationProtocols(commonProtocolsArray);
}
}
switch (sslHostConfig.getCertificateVerification()) {
@@ -193,20 +192,7 @@ public abstract class AbstractJsseEndpoint<S,U> extends
AbstractEndpoint<S,U> {
@Override
public boolean isAlpnSupported() {
// ALPN requires TLS so if TLS is not enabled, ALPN cannot be supported
- if (!isSSLEnabled()) {
- return false;
- }
-
- // Depends on the SSLImplementation.
- SSLImplementation sslImplementation;
- try {
- sslImplementation =
SSLImplementation.getInstance(getSslImplementationName());
- } catch (ClassNotFoundException e) {
- // Ignore the exception. It will be logged when trying to start the
- // end point.
- return false;
- }
- return sslImplementation.isAlpnSupported();
+ return isSSLEnabled();
}
diff --git a/java/org/apache/tomcat/util/net/SSLImplementation.java
b/java/org/apache/tomcat/util/net/SSLImplementation.java
index 43ccbe5..fb11b82 100644
--- a/java/org/apache/tomcat/util/net/SSLImplementation.java
+++ b/java/org/apache/tomcat/util/net/SSLImplementation.java
@@ -68,5 +68,4 @@ public abstract class SSLImplementation {
public abstract SSLUtil getSSLUtil(SSLHostConfigCertificate certificate);
- public abstract boolean isAlpnSupported();
}
diff --git a/java/org/apache/tomcat/util/net/SSLUtil.java
b/java/org/apache/tomcat/util/net/SSLUtil.java
index c65f7a2..4ba3504 100644
--- a/java/org/apache/tomcat/util/net/SSLUtil.java
+++ b/java/org/apache/tomcat/util/net/SSLUtil.java
@@ -67,16 +67,4 @@ public interface SSLUtil {
*/
public String[] getEnabledCiphers() throws IllegalArgumentException;
- /**
- * Optional interface that can be implemented by
- * {@link javax.net.ssl.SSLEngine}s to indicate that they support ALPN and
- * can provided the protocol agreed with the client.
- */
- public interface ProtocolInfo {
- /**
- * ALPN information.
- * @return the protocol selected using ALPN
- */
- public String getNegotiatedProtocol();
- }
}
diff --git a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
index 394837c..3db1038 100644
--- a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
+++ b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
@@ -38,7 +38,6 @@ import javax.net.ssl.SSLException;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteBufferUtils;
-import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.net.TLSClientHelloExtractor.ExtractorResult;
import org.apache.tomcat.util.net.openssl.ciphers.Cipher;
import org.apache.tomcat.util.res.StringManager;
@@ -242,13 +241,7 @@ public class SecureNio2Channel extends Nio2Channel {
}
case FINISHED: {
if (endpoint.hasNegotiableProtocols()) {
- if (sslEngine instanceof SSLUtil.ProtocolInfo) {
- socketWrapper.setNegotiatedProtocol(
- ((SSLUtil.ProtocolInfo)
sslEngine).getNegotiatedProtocol());
- } else if (JreCompat.isAlpnSupported()) {
- socketWrapper.setNegotiatedProtocol(
-
JreCompat.getInstance().getApplicationProtocol(sslEngine));
- }
+
socketWrapper.setNegotiatedProtocol(sslEngine.getApplicationProtocol());
}
//we are complete if we have delivered the last package
handshakeComplete = !netOutBuffer.hasRemaining();
diff --git a/java/org/apache/tomcat/util/net/SecureNioChannel.java
b/java/org/apache/tomcat/util/net/SecureNioChannel.java
index a176675..ef0a33e 100644
--- a/java/org/apache/tomcat/util/net/SecureNioChannel.java
+++ b/java/org/apache/tomcat/util/net/SecureNioChannel.java
@@ -35,7 +35,6 @@ import javax.net.ssl.SSLException;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteBufferUtils;
-import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.net.NioEndpoint.NioSocketWrapper;
import org.apache.tomcat.util.net.TLSClientHelloExtractor.ExtractorResult;
import org.apache.tomcat.util.net.openssl.ciphers.Cipher;
@@ -167,13 +166,7 @@ public class SecureNioChannel extends NioChannel {
throw new
IOException(sm.getString("channel.nio.ssl.notHandshaking"));
case FINISHED:
if (endpoint.hasNegotiableProtocols()) {
- if (sslEngine instanceof SSLUtil.ProtocolInfo) {
- socketWrapper.setNegotiatedProtocol(
- ((SSLUtil.ProtocolInfo)
sslEngine).getNegotiatedProtocol());
- } else if (JreCompat.isAlpnSupported()) {
- socketWrapper.setNegotiatedProtocol(
-
JreCompat.getInstance().getApplicationProtocol(sslEngine));
- }
+
socketWrapper.setNegotiatedProtocol(sslEngine.getApplicationProtocol());
}
//we are complete if we have delivered the last package
handshakeComplete = !netOutBuffer.hasRemaining();
diff --git a/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
b/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
index 1c1eae8..4fa54be 100644
--- a/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
@@ -18,7 +18,6 @@ package org.apache.tomcat.util.net.jsse;
import javax.net.ssl.SSLSession;
-import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.SSLImplementation;
import org.apache.tomcat.util.net.SSLSupport;
@@ -50,8 +49,4 @@ public class JSSEImplementation extends SSLImplementation {
return new JSSEUtil(certificate);
}
- @Override
- public boolean isAlpnSupported() {
- return JreCompat.isAlpnSupported();
- }
}
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index 058ee71..16f1451 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -46,7 +46,6 @@ import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;
import org.apache.tomcat.util.buf.ByteBufferUtils;
import org.apache.tomcat.util.net.Constants;
-import org.apache.tomcat.util.net.SSLUtil;
import
org.apache.tomcat.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser;
import org.apache.tomcat.util.res.StringManager;
@@ -55,7 +54,7 @@ import org.apache.tomcat.util.res.StringManager;
* <a href="https://www.openssl.org/docs/crypto/BIO_s_bio.html#EXAMPLE";>OpenSSL
* BIO abstractions</a>.
*/
-public final class OpenSSLEngine extends SSLEngine implements
SSLUtil.ProtocolInfo {
+public final class OpenSSLEngine extends SSLEngine {
private static final Log logger = LogFactory.getLog(OpenSSLEngine.class);
private static final StringManager sm =
StringManager.getManager(OpenSSLEngine.class);
@@ -209,7 +208,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
}
@Override
- public String getNegotiatedProtocol() {
+ public String getApplicationProtocol() {
return selectedProtocol;
}
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
index 94b4bf2..6f2c3bf 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
@@ -36,9 +36,4 @@ public class OpenSSLImplementation extends SSLImplementation {
return new OpenSSLUtil(certificate);
}
- @Override
- public boolean isAlpnSupported() {
- // OpenSSL supported ALPN
- return true;
- }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
