RFR: 8254631: Better support ALPN byte wire values in SunJSSE

Daniel Fuchs dfuchs at openjdk.java.net
Tue Dec 1 21:27:10 UTC 2020 

On Wed, 25 Nov 2020 20:03:01 GMT, Bradford Wetmore <wetmore at openjdk.org> wrote:

> Certain TLS ALPN values can't be properly read or written by the SunJSSE provider. This is due to the choice of Strings as the API interface and the undocumented internal use of the UTF-8 Character Set which converts characters larger than U+00007F into multi-byte arrays that may not be expected by a peer.
> 
> Full details are available in:
> 
> - Bug:  https://bugs.openjdk.java.net/browse/JDK-8254631
> - CSR:  https://bugs.openjdk.java.net/browse/JDK-8256817

src/java.base/share/classes/javax/net/ssl/SSLEngine.java line 353:

> 351:  *     // MEETEI MAYEK LETTERS HUK UN I (Unicode 0xabcd->0xabcf)
> 352:  *     if (unicodeString.equals("\uabcd\uabce\uabcf") {
> 353:  *         ...

Hi Brad,

There's a missing closing parenthesis here on line 352. 

Additionally - the unicode characters in the string above will be substituted by the compiler before the API documentation is generated. I am suspecting that this is not what you want. If you want to see the literal unicode escape in the generated documentation, you will need to employ some tricks. One of them could be to use the unicode escape of \ instead of \ to prevent the compiler from interpreting \uabcd as a unicode escape.

Something like:

 *     // MEETEI MAYEK LETTERS HUK UN I (Unicode 0xabcd->0xabcf)
 *     if (unicodeString.equals("\u005cuabcd\u005cuabce\u005cuabcf")) {

would do the trick. Alternatively - this would probably work too:

 *     // MEETEI MAYEK LETTERS HUK UN I (Unicode 0xabcd->0xabcf)
 *     {@code if (unicodeString.equals("}{@code uabcd}{@code uabce}{@code uabcf"))} {

I realize none of these alternatives are ideal - maybe someone knows a better trick...

src/java.base/share/classes/javax/net/ssl/SSLSocket.java line 146:

> 144:  *
> 145:  *     // MEETEI MAYEK LETTERS HUK UN I (Unicode 0xabcd->0xabcf)
> 146:  *     if (unicodeString.equals("\uabcd\uabce\uabcf") {

Same remark here

-------------

PR: https://git.openjdk.java.net/jdk/pull/1440

More information about the security-dev mailing list