You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2020/05/08 16:36:27 UTC
[tomcat] branch master updated: Add support for ALPN on Java 8
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 19ce500 Add support for ALPN on Java 8
19ce500 is described below
commit 19ce5009930289f59e63250592f894aaa53cf302
Author: remm <re...@apache.org>
AuthorDate: Fri May 8 18:36:10 2020 +0200
Add support for ALPN on Java 8
HTTP/2 with a browser does work for me now. Feel free to test, it needs
a very recent Java 8.
It is also possible to get rid of the reflection and JreCompat for ALPN,
but it would create a hard dependency on the newest Java 8s. OTOH,
previous releases will soon be insecure so update is more or less
required. I will start with that change in Tomcat 10, and it could be
backported later to Tomcat 9 and 8.5, when we consider not using a
compatible Java 8 is a problem.
---
java/org/apache/tomcat/util/compat/Jre9Compat.java | 31 ----------------
java/org/apache/tomcat/util/compat/JreCompat.java | 41 ++++++++++++++++++++--
.../tomcat/util/net/AbstractJsseEndpoint.java | 2 +-
.../apache/tomcat/util/net/SecureNio2Channel.java | 2 +-
.../apache/tomcat/util/net/SecureNioChannel.java | 2 +-
.../tomcat/util/net/jsse/JSSEImplementation.java | 2 +-
webapps/docs/changelog.xml | 7 ++++
7 files changed, 50 insertions(+), 37 deletions(-)
diff --git a/java/org/apache/tomcat/util/compat/Jre9Compat.java b/java/org/apache/tomcat/util/compat/Jre9Compat.java
index 29fef06..8e0812c 100644
--- a/java/org/apache/tomcat/util/compat/Jre9Compat.java
+++ b/java/org/apache/tomcat/util/compat/Jre9Compat.java
@@ -31,9 +31,6 @@ import java.util.Set;
import java.util.jar.JarFile;
import java.util.zip.ZipFile;
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLParameters;
-
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.res.StringManager;
@@ -44,8 +41,6 @@ class Jre9Compat extends JreCompat {
private static final StringManager sm = StringManager.getManager(Jre9Compat.class);
private static final Class<?> inaccessibleObjectExceptionClazz;
- private static final Method setApplicationProtocolsMethod;
- private static final Method getApplicationProtocolMethod;
private static final Method setDefaultUseCachesMethod;
private static final Method bootMethod;
private static final Method configurationMethod;
@@ -64,8 +59,6 @@ class Jre9Compat extends JreCompat {
static {
Class<?> c1 = null;
- Method m2 = null;
- Method m3 = null;
Method m4 = null;
Method m5 = null;
Method m6 = null;
@@ -96,8 +89,6 @@ class Jre9Compat extends JreCompat {
Method runtimeVersionMethod = JarFile.class.getMethod("runtimeVersion");
Method majorMethod = versionClazz.getMethod("major");
- m2 = SSLParameters.class.getMethod("setApplicationProtocols", String[].class);
- m3 = SSLEngine.class.getMethod("getApplicationProtocol");
m4 = URLConnection.class.getMethod("setDefaultUseCaches", String.class, boolean.class);
m5 = moduleLayerClazz.getMethod("boot");
m6 = moduleLayerClazz.getMethod("configuration");
@@ -129,8 +120,6 @@ class Jre9Compat extends JreCompat {
}
inaccessibleObjectExceptionClazz = c1;
- setApplicationProtocolsMethod = m2;
- getApplicationProtocolMethod = m3;
setDefaultUseCachesMethod = m4;
bootMethod = m5;
configurationMethod = m6;
@@ -172,26 +161,6 @@ class Jre9Compat extends JreCompat {
@Override
- public void setApplicationProtocols(SSLParameters sslParameters, String[] protocols) {
- try {
- setApplicationProtocolsMethod.invoke(sslParameters, (Object) protocols);
- } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
- throw new UnsupportedOperationException(e);
- }
- }
-
-
- @Override
- public String getApplicationProtocol(SSLEngine sslEngine) {
- try {
- return (String) getApplicationProtocolMethod.invoke(sslEngine);
- } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
- throw new UnsupportedOperationException(e);
- }
- }
-
-
- @Override
public void disableCachingForJarUrlConnections() throws IOException {
try {
setDefaultUseCachesMethod.invoke(null, "JAR", Boolean.FALSE);
diff --git a/java/org/apache/tomcat/util/compat/JreCompat.java b/java/org/apache/tomcat/util/compat/JreCompat.java
index 2ad6cae..8275e60 100644
--- a/java/org/apache/tomcat/util/compat/JreCompat.java
+++ b/java/org/apache/tomcat/util/compat/JreCompat.java
@@ -19,6 +19,8 @@ package org.apache.tomcat.util.compat;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.AccessibleObject;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
import java.net.URL;
import java.net.URLConnection;
import java.util.Deque;
@@ -44,6 +46,9 @@ public class JreCompat {
private static final boolean jre9Available;
private static final StringManager sm = StringManager.getManager(JreCompat.class);
+ protected static final Method setApplicationProtocolsMethod;
+ protected static final Method getApplicationProtocolMethod;
+
static {
// This is Tomcat 9 with a minimum Java version of Java 8.
// Look for the highest supported JVM first
@@ -61,6 +66,17 @@ public class JreCompat {
jre9Available = false;
}
jre11Available = instance.jarFileRuntimeMajorVersion() >= 11;
+
+ Method m1 = null;
+ Method m2 = null;
+ try {
+ m1 = SSLParameters.class.getMethod("setApplicationProtocols", String[].class);
+ m2 = SSLEngine.class.getMethod("getApplicationProtocol");
+ } catch (ReflectiveOperationException | IllegalArgumentException e) {
+ // Only the newest Java 8 have the ALPN API, so ignore
+ }
+ setApplicationProtocolsMethod = m1;
+ getApplicationProtocolMethod = m2;
}
@@ -74,6 +90,11 @@ public class JreCompat {
}
+ public static boolean isAlpnSupported() {
+ return setApplicationProtocolsMethod != null && getApplicationProtocolMethod != null;
+ }
+
+
public static boolean isJre9Available() {
return jre9Available;
}
@@ -109,7 +130,15 @@ public class JreCompat {
* connection
*/
public void setApplicationProtocols(SSLParameters sslParameters, String[] protocols) {
- throw new UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocols"));
+ if (setApplicationProtocolsMethod != null) {
+ try {
+ setApplicationProtocolsMethod.invoke(sslParameters, (Object) protocols);
+ } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
+ throw new UnsupportedOperationException(e);
+ }
+ } else {
+ throw new UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocols"));
+ }
}
@@ -123,7 +152,15 @@ public class JreCompat {
* @return The name of the negotiated protocol
*/
public String getApplicationProtocol(SSLEngine sslEngine) {
- throw new UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocol"));
+ if (getApplicationProtocolMethod != null) {
+ try {
+ return (String) getApplicationProtocolMethod.invoke(sslEngine);
+ } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
+ throw new UnsupportedOperationException(e);
+ }
+ } else {
+ throw new UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocol"));
+ }
}
diff --git a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
index e10c9b2..925e91d 100644
--- a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
@@ -123,7 +123,7 @@ public abstract class AbstractJsseEndpoint<S,U> extends AbstractEndpoint<S,U> {
SSLParameters sslParameters = engine.getSSLParameters();
sslParameters.setUseCipherSuitesOrder(sslHostConfig.getHonorCipherOrder());
- if (JreCompat.isJre9Available() && clientRequestedApplicationProtocols != null
+ if (JreCompat.isAlpnSupported() && clientRequestedApplicationProtocols != null
&& clientRequestedApplicationProtocols.size() > 0
&& negotiableProtocols.size() > 0) {
// Only try to negotiate if both client and server have at least
diff --git a/java/org/apache/tomcat/util/net/SecureNio2Channel.java b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
index d3a0b73..394837c 100644
--- a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
+++ b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
@@ -245,7 +245,7 @@ public class SecureNio2Channel extends Nio2Channel {
if (sslEngine instanceof SSLUtil.ProtocolInfo) {
socketWrapper.setNegotiatedProtocol(
((SSLUtil.ProtocolInfo) sslEngine).getNegotiatedProtocol());
- } else if (JreCompat.isJre9Available()) {
+ } else if (JreCompat.isAlpnSupported()) {
socketWrapper.setNegotiatedProtocol(
JreCompat.getInstance().getApplicationProtocol(sslEngine));
}
diff --git a/java/org/apache/tomcat/util/net/SecureNioChannel.java b/java/org/apache/tomcat/util/net/SecureNioChannel.java
index 6cf10fb..a176675 100644
--- a/java/org/apache/tomcat/util/net/SecureNioChannel.java
+++ b/java/org/apache/tomcat/util/net/SecureNioChannel.java
@@ -170,7 +170,7 @@ public class SecureNioChannel extends NioChannel {
if (sslEngine instanceof SSLUtil.ProtocolInfo) {
socketWrapper.setNegotiatedProtocol(
((SSLUtil.ProtocolInfo) sslEngine).getNegotiatedProtocol());
- } else if (JreCompat.isJre9Available()) {
+ } else if (JreCompat.isAlpnSupported()) {
socketWrapper.setNegotiatedProtocol(
JreCompat.getInstance().getApplicationProtocol(sslEngine));
}
diff --git a/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java b/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
index 561dc3d..1c1eae8 100644
--- a/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
@@ -52,6 +52,6 @@ public class JSSEImplementation extends SSLImplementation {
@Override
public boolean isAlpnSupported() {
- return JreCompat.isJre9Available();
+ return JreCompat.isAlpnSupported();
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 703a2e0..41fcde9 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -45,6 +45,13 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 10.0.0-M6 (markt)" rtext="in development">
+ <subsection name="Coyote">
+ <changelog>
+ <update>
+ Add support for ALPN on recent OpenJDK 8 releases. (remm)
+ </update>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 10.0.0-M5 (markt)" rtext="release in progress">
<subsection name="Catalina">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [tomcat] branch master updated: Add support for ALPN on Java 8
Posted by Mark Thomas <ma...@apache.org>.
On 02/07/2020 17:21, Mark Thomas wrote:
> On 02/07/2020 10:27, Rémy Maucherat wrote:
<snip/>
>> So, two months later I plan to make the change since the required
>> OpenJDK build is now old enough, and most importantly this is a minor
>> API change that needs to happen before 10.0 goes out of M mode.
>> Basically, this is the right time for the cleanup.
>>
>> The main problem is that CI still hasn't been updated (issue to follow
>> is: https://issues.apache.org/jira/browse/INFRA-20385 ), so the trunk CI
>> build will break for the time being. This is "fine" as far as I am
>> concerned since there are now the test runs from github. Also the 9
>> branch CI is not affected.
>>
>> Comments ?
>
> Let me see if I can move that ticket along.
latest1.8 is now at OpenJDK 8u252-b09
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [tomcat] branch master updated: Add support for ALPN on Java 8
Posted by Mark Thomas <ma...@apache.org>.
On 02/07/2020 10:27, Rémy Maucherat wrote:
> On Sat, May 9, 2020 at 4:53 PM Rémy Maucherat <remm@apache.org
> <ma...@apache.org>> wrote:
>
> On Fri, May 8, 2020 at 6:36 PM <remm@apache.org
> <ma...@apache.org>> wrote:
>
> This is an automated email from the ASF dual-hosted git repository.
>
> remm pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/master by this
> push:
> new 19ce500 Add support for ALPN on Java 8
> 19ce500 is described below
>
> commit 19ce5009930289f59e63250592f894aaa53cf302
> Author: remm <remm@apache.org <ma...@apache.org>>
> AuthorDate: Fri May 8 18:36:10 2020 +0200
>
> Add support for ALPN on Java 8
>
> HTTP/2 with a browser does work for me now. Feel free to
> test, it needs
> a very recent Java 8.
> It is also possible to get rid of the reflection and
> JreCompat for ALPN,
> but it would create a hard dependency on the newest Java 8s.
> OTOH,
> previous releases will soon be insecure so update is more or
> less
> required. I will start with that change in Tomcat 10, and it
> could be
> backported later to Tomcat 9 and 8.5, when we consider not
> using a
> compatible Java 8 is a problem.
>
>
> I intend to make the additional cleanup in Tomcat 10 only for now,
> after CI is updated to a newer Java 8 JVM.
>
> For reference, the JVM change for Java 8 is here:
> https://bugs.openjdk.java.net/browse/JDK-8230977
>
>
> So, two months later I plan to make the change since the required
> OpenJDK build is now old enough, and most importantly this is a minor
> API change that needs to happen before 10.0 goes out of M mode.
> Basically, this is the right time for the cleanup.
>
> The main problem is that CI still hasn't been updated (issue to follow
> is: https://issues.apache.org/jira/browse/INFRA-20385 ), so the trunk CI
> build will break for the time being. This is "fine" as far as I am
> concerned since there are now the test runs from github. Also the 9
> branch CI is not affected.
>
> Comments ?
Let me see if I can move that ticket along.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [tomcat] branch master updated: Add support for ALPN on Java 8
Posted by Rémy Maucherat <re...@apache.org>.
On Sat, May 9, 2020 at 4:53 PM Rémy Maucherat <re...@apache.org> wrote:
> On Fri, May 8, 2020 at 6:36 PM <re...@apache.org> wrote:
>
>> This is an automated email from the ASF dual-hosted git repository.
>>
>> remm pushed a commit to branch master
>> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>>
>>
>> The following commit(s) were added to refs/heads/master by this push:
>> new 19ce500 Add support for ALPN on Java 8
>> 19ce500 is described below
>>
>> commit 19ce5009930289f59e63250592f894aaa53cf302
>> Author: remm <re...@apache.org>
>> AuthorDate: Fri May 8 18:36:10 2020 +0200
>>
>> Add support for ALPN on Java 8
>>
>> HTTP/2 with a browser does work for me now. Feel free to test, it
>> needs
>> a very recent Java 8.
>> It is also possible to get rid of the reflection and JreCompat for
>> ALPN,
>> but it would create a hard dependency on the newest Java 8s. OTOH,
>> previous releases will soon be insecure so update is more or less
>> required. I will start with that change in Tomcat 10, and it could be
>> backported later to Tomcat 9 and 8.5, when we consider not using a
>> compatible Java 8 is a problem.
>>
>
> I intend to make the additional cleanup in Tomcat 10 only for now, after
> CI is updated to a newer Java 8 JVM.
>
> For reference, the JVM change for Java 8 is here:
> https://bugs.openjdk.java.net/browse/JDK-8230977
>
So, two months later I plan to make the change since the required OpenJDK
build is now old enough, and most importantly this is a minor API change
that needs to happen before 10.0 goes out of M mode. Basically, this is the
right time for the cleanup.
The main problem is that CI still hasn't been updated (issue to follow is:
https://issues.apache.org/jira/browse/INFRA-20385 ), so the trunk CI build
will break for the time being. This is "fine" as far as I am concerned
since there are now the test runs from github. Also the 9 branch CI is not
affected.
Comments ?
Rémy
Re: [tomcat] branch master updated: Add support for ALPN on Java 8
Posted by Rémy Maucherat <re...@apache.org>.
On Fri, May 8, 2020 at 6:36 PM <re...@apache.org> wrote:
> This is an automated email from the ASF dual-hosted git repository.
>
> remm pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
> new 19ce500 Add support for ALPN on Java 8
> 19ce500 is described below
>
> commit 19ce5009930289f59e63250592f894aaa53cf302
> Author: remm <re...@apache.org>
> AuthorDate: Fri May 8 18:36:10 2020 +0200
>
> Add support for ALPN on Java 8
>
> HTTP/2 with a browser does work for me now. Feel free to test, it needs
> a very recent Java 8.
> It is also possible to get rid of the reflection and JreCompat for
> ALPN,
> but it would create a hard dependency on the newest Java 8s. OTOH,
> previous releases will soon be insecure so update is more or less
> required. I will start with that change in Tomcat 10, and it could be
> backported later to Tomcat 9 and 8.5, when we consider not using a
> compatible Java 8 is a problem.
>
I intend to make the additional cleanup in Tomcat 10 only for now, after CI
is updated to a newer Java 8 JVM.
For reference, the JVM change for Java 8 is here:
https://bugs.openjdk.java.net/browse/JDK-8230977
Rémy