Add support for ALPN on Java 8
HTTP/2 with a browser does work for me now. Feel free to test, it needs
a very recent Java 8.
It is also possible to get rid of the reflection and JreCompat for ALPN,
but it would create a hard dependency on the newest Java 8s. OTOH,
previous releases will soon be insecure so update is more or less
required. I will start with that change in Tomcat 10, and it could be
backported later to Tomcat 9 and 8.5, when we consider not using a
compatible Java 8 is a problem.
diff --git a/java/org/apache/tomcat/util/compat/Jre9Compat.java b/java/org/apache/tomcat/util/compat/Jre9Compat.java
index 29fef06..8e0812c 100644
--- a/java/org/apache/tomcat/util/compat/Jre9Compat.java
+++ b/java/org/apache/tomcat/util/compat/Jre9Compat.java
@@ -31,9 +31,6 @@
import java.util.jar.JarFile;
import java.util.zip.ZipFile;
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLParameters;
-
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.res.StringManager;
@@ -44,8 +41,6 @@
private static final StringManager sm = StringManager.getManager(Jre9Compat.class);
private static final Class<?> inaccessibleObjectExceptionClazz;
- private static final Method setApplicationProtocolsMethod;
- private static final Method getApplicationProtocolMethod;
private static final Method setDefaultUseCachesMethod;
private static final Method bootMethod;
private static final Method configurationMethod;
@@ -64,8 +59,6 @@
static {
Class<?> c1 = null;
- Method m2 = null;
- Method m3 = null;
Method m4 = null;
Method m5 = null;
Method m6 = null;
@@ -96,8 +89,6 @@
Method runtimeVersionMethod = JarFile.class.getMethod("runtimeVersion");
Method majorMethod = versionClazz.getMethod("major");
- m2 = SSLParameters.class.getMethod("setApplicationProtocols", String[].class);
- m3 = SSLEngine.class.getMethod("getApplicationProtocol");
m4 = URLConnection.class.getMethod("setDefaultUseCaches", String.class, boolean.class);
m5 = moduleLayerClazz.getMethod("boot");
m6 = moduleLayerClazz.getMethod("configuration");
@@ -129,8 +120,6 @@
}
inaccessibleObjectExceptionClazz = c1;
- setApplicationProtocolsMethod = m2;
- getApplicationProtocolMethod = m3;
setDefaultUseCachesMethod = m4;
bootMethod = m5;
configurationMethod = m6;
@@ -172,26 +161,6 @@
@Override
- public void setApplicationProtocols(SSLParameters sslParameters, String[] protocols) {
- try {
- setApplicationProtocolsMethod.invoke(sslParameters, (Object) protocols);
- } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
- throw new UnsupportedOperationException(e);
- }
- }
-
-
- @Override
- public String getApplicationProtocol(SSLEngine sslEngine) {
- try {
- return (String) getApplicationProtocolMethod.invoke(sslEngine);
- } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
- throw new UnsupportedOperationException(e);
- }
- }
-
-
- @Override
public void disableCachingForJarUrlConnections() throws IOException {
try {
setDefaultUseCachesMethod.invoke(null, "JAR", Boolean.FALSE);
diff --git a/java/org/apache/tomcat/util/compat/JreCompat.java b/java/org/apache/tomcat/util/compat/JreCompat.java
index 2ad6cae..8275e60 100644
--- a/java/org/apache/tomcat/util/compat/JreCompat.java
+++ b/java/org/apache/tomcat/util/compat/JreCompat.java
@@ -19,6 +19,8 @@
import java.io.File;
import java.io.IOException;
import java.lang.reflect.AccessibleObject;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
import java.net.URL;
import java.net.URLConnection;
import java.util.Deque;
@@ -44,6 +46,9 @@
private static final boolean jre9Available;
private static final StringManager sm = StringManager.getManager(JreCompat.class);
+ protected static final Method setApplicationProtocolsMethod;
+ protected static final Method getApplicationProtocolMethod;
+
static {
// This is Tomcat 9 with a minimum Java version of Java 8.
// Look for the highest supported JVM first
@@ -61,6 +66,17 @@
jre9Available = false;
}
jre11Available = instance.jarFileRuntimeMajorVersion() >= 11;
+
+ Method m1 = null;
+ Method m2 = null;
+ try {
+ m1 = SSLParameters.class.getMethod("setApplicationProtocols", String[].class);
+ m2 = SSLEngine.class.getMethod("getApplicationProtocol");
+ } catch (ReflectiveOperationException | IllegalArgumentException e) {
+ // Only the newest Java 8 have the ALPN API, so ignore
+ }
+ setApplicationProtocolsMethod = m1;
+ getApplicationProtocolMethod = m2;
}
@@ -74,6 +90,11 @@
}
+ public static boolean isAlpnSupported() {
+ return setApplicationProtocolsMethod != null && getApplicationProtocolMethod != null;
+ }
+
+
public static boolean isJre9Available() {
return jre9Available;
}
@@ -109,7 +130,15 @@
* connection
*/
public void setApplicationProtocols(SSLParameters sslParameters, String[] protocols) {
- throw new UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocols"));
+ if (setApplicationProtocolsMethod != null) {
+ try {
+ setApplicationProtocolsMethod.invoke(sslParameters, (Object) protocols);
+ } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
+ throw new UnsupportedOperationException(e);
+ }
+ } else {
+ throw new UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocols"));
+ }
}
@@ -123,7 +152,15 @@
* @return The name of the negotiated protocol
*/
public String getApplicationProtocol(SSLEngine sslEngine) {
- throw new UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocol"));
+ if (getApplicationProtocolMethod != null) {
+ try {
+ return (String) getApplicationProtocolMethod.invoke(sslEngine);
+ } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
+ throw new UnsupportedOperationException(e);
+ }
+ } else {
+ throw new UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocol"));
+ }
}
diff --git a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
index e10c9b2..925e91d 100644
--- a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
@@ -123,7 +123,7 @@
SSLParameters sslParameters = engine.getSSLParameters();
sslParameters.setUseCipherSuitesOrder(sslHostConfig.getHonorCipherOrder());
- if (JreCompat.isJre9Available() && clientRequestedApplicationProtocols != null
+ if (JreCompat.isAlpnSupported() && clientRequestedApplicationProtocols != null
&& clientRequestedApplicationProtocols.size() > 0
&& negotiableProtocols.size() > 0) {
// Only try to negotiate if both client and server have at least
diff --git a/java/org/apache/tomcat/util/net/SecureNio2Channel.java b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
index d3a0b73..394837c 100644
--- a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
+++ b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
@@ -245,7 +245,7 @@
if (sslEngine instanceof SSLUtil.ProtocolInfo) {
socketWrapper.setNegotiatedProtocol(
((SSLUtil.ProtocolInfo) sslEngine).getNegotiatedProtocol());
- } else if (JreCompat.isJre9Available()) {
+ } else if (JreCompat.isAlpnSupported()) {
socketWrapper.setNegotiatedProtocol(
JreCompat.getInstance().getApplicationProtocol(sslEngine));
}
diff --git a/java/org/apache/tomcat/util/net/SecureNioChannel.java b/java/org/apache/tomcat/util/net/SecureNioChannel.java
index 6cf10fb..a176675 100644
--- a/java/org/apache/tomcat/util/net/SecureNioChannel.java
+++ b/java/org/apache/tomcat/util/net/SecureNioChannel.java
@@ -170,7 +170,7 @@
if (sslEngine instanceof SSLUtil.ProtocolInfo) {
socketWrapper.setNegotiatedProtocol(
((SSLUtil.ProtocolInfo) sslEngine).getNegotiatedProtocol());
- } else if (JreCompat.isJre9Available()) {
+ } else if (JreCompat.isAlpnSupported()) {
socketWrapper.setNegotiatedProtocol(
JreCompat.getInstance().getApplicationProtocol(sslEngine));
}
diff --git a/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java b/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
index 561dc3d..1c1eae8 100644
--- a/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
@@ -52,6 +52,6 @@
@Override
public boolean isAlpnSupported() {
- return JreCompat.isJre9Available();
+ return JreCompat.isAlpnSupported();
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 703a2e0..41fcde9 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -45,6 +45,13 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 10.0.0-M6 (markt)" rtext="in development">
+ <subsection name="Coyote">
+ <changelog>
+ <update>
+ Add support for ALPN on recent OpenJDK 8 releases. (remm)
+ </update>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 10.0.0-M5 (markt)" rtext="release in progress">
<subsection name="Catalina">