andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

SelfSignedCertificate should try BouncyCastle first (#11487)

Browse Source 
Motivation:

In JDK version >= 9 the access to sun.* is not permitted anymore by default. Because of this we should better first try the BouncyCastle based implementation before falling back to the JDK based version.

Modifications:

Switch ordering of usage of BouncyCastle vs JDK internals.

Result:

Less surprising errors when using SelfSignedCertificate in Java >9
This commit is contained in:
Norman Maurer 2021-07-15 08:59:20 +02:00 committed by GitHub
parent e236e99006
commit 55957d3e75
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java
View File

@ -237,16 +237,16 @@ public final class SelfSignedCertificate {
String[] paths; String[] paths;
try { try {
// Try the OpenJDK's proprietary implementation. // Try Bouncy Castle first as otherwise we will see an IllegalAccessError on more recent JDKs.
paths = OpenJdkSelfSignedCertGenerator.generate(fqdn, keypair, random, notBefore, notAfter, algorithm); paths = BouncyCastleSelfSignedCertGenerator.generate(
fqdn, keypair, random, notBefore, notAfter, algorithm);
} catch (Throwable t) { } catch (Throwable t) {
logger.debug("Failed to generate a self-signed X.509 certificate using sun.security.x509:", t); logger.debug("Failed to generate a self-signed X.509 certificate using Bouncy Castle:", t);
try { try {
// Try Bouncy Castle if the current JVM didn't have sun.security.x509. // Try the OpenJDK's proprietary implementation.
paths = BouncyCastleSelfSignedCertGenerator.generate( paths = OpenJdkSelfSignedCertGenerator.generate(fqdn, keypair, random, notBefore, notAfter, algorithm);
fqdn, keypair, random, notBefore, notAfter, algorithm);
} catch (Throwable t2) { } catch (Throwable t2) {
logger.debug("Failed to generate a self-signed X.509 certificate using Bouncy Castle:", t2); logger.debug("Failed to generate a self-signed X.509 certificate using sun.security.x509:", t2);
final CertificateException certificateException = new CertificateException( final CertificateException certificateException = new CertificateException(
"No provider succeeded to generate a self-signed certificate. " + "No provider succeeded to generate a self-signed certificate. " +
"See debug log for the root cause.", t2); "See debug log for the root cause.", t2);