Support for any OS where conscrypt is not available

zugazagoitia · zugazagoitia · commit 2887613abb3d · 2022-10-26T20:16:00.000+02:00
Such as Apple Silicon and ARM architectures.
diff --git a/build.gradle b/build.gradle
@@ -53,6 +53,7 @@ dependencies {
     compileOnly("org.conscrypt:conscrypt-openjdk-uber:$conscrypt")
     implementation("org.eclipse.jetty.http2:http2-server:$jetty")
     implementation("org.eclipse.jetty:jetty-alpn-conscrypt-server:$jetty")
+    implementation("org.eclipse.jetty:jetty-alpn-java-server:$jetty")
 
 
 
@@ -66,10 +67,13 @@ dependencies {
     testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine:$junit")
 
     integrationTestImplementation("org.junit.jupiter:junit-jupiter-api:$junit")
-    integrationTestImplementation("io.javalin:javalin-bundle:$javalin")
+    integrationTestImplementation("io.javalin:javalin:$javalin")
     integrationTestImplementation("io.github.hakky54:sslcontext-kickstart:$sslContextKickstart")
     integrationTestImplementation("io.github.hakky54:sslcontext-kickstart-for-jetty:$sslContextKickstart")
     integrationTestImplementation("io.github.hakky54:sslcontext-kickstart-for-pem:$sslContextKickstart")
+    integrationTestImplementation("org.eclipse.jetty.http2:http2-server:$jetty")
+    integrationTestImplementation("org.eclipse.jetty:jetty-alpn-java-server:$jetty")
+    integrationTestImplementation("org.eclipse.jetty:jetty-alpn-conscrypt-server:$jetty")
     integrationTestImplementation("com.squareup.okhttp3:okhttp:$okhttp")
     integrationTestImplementation("com.squareup.okhttp3:okhttp-tls:$okhttp")
     integrationTestImplementation('org.slf4j:slf4j-simple:2.0.3')
diff --git a/src/intTest/java/io/javalin/community/ssl/SSLConfigTests.java b/src/intTest/java/io/javalin/community/ssl/SSLConfigTests.java
@@ -1,19 +1,26 @@
 package io.javalin.community.ssl;
 
 import io.javalin.Javalin;
+import io.javalin.community.ssl.util.SSLUtils;
 import okhttp3.OkHttpClient;
 import okhttp3.Protocol;
 import okhttp3.Request;
 import okhttp3.Response;
 import org.eclipse.jetty.server.Connector;
+import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.SslConnectionFactory;
 import org.junit.jupiter.api.Tag;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.condition.EnabledOnOs;
+import org.junit.jupiter.api.condition.OS;
 
 import java.io.IOException;
+import java.security.Provider;
 import java.util.Collections;
 import java.util.Objects;
 
 import static org.junit.jupiter.api.Assertions.*;
+import static org.junit.jupiter.api.Assumptions.assumeTrue;
 
 @Tag("integration")
 public class SSLConfigTests extends IntegrationTestClass {
@@ -330,4 +337,72 @@ void testConnectorConfigConsumer(){
             fail(e);
         }
     }
+
+    @Test
+    void testNullSecurityProvider(){
+        int securePort = ports.getAndIncrement();
+        String https = HTTPS_URL_WITH_PORT.apply(securePort);
+        try (Javalin app = IntegrationTestClass.createTestApp(config -> {
+            config.insecure = false;
+            config.securePort = securePort;
+            config.pemFromString(CERTIFICATE_AS_STRING, NON_ENCRYPTED_KEY_AS_STRING);
+            config.securityProvider = null;
+        }).start()) {
+            printSecurityProviderName(app);
+            testSuccessfulEndpoint(https, Protocol.HTTP_2);
+        } catch (IOException e) {
+            fail(e);
+        }
+    }
+
+    @Test
+    void testDefaultSecurityProvider(){
+        int securePort = ports.getAndIncrement();
+        String https = HTTPS_URL_WITH_PORT.apply(securePort);
+        try (Javalin app = IntegrationTestClass.createTestApp(config -> {
+            config.insecure = false;
+            config.securePort = securePort;
+            config.pemFromString(CERTIFICATE_AS_STRING, NON_ENCRYPTED_KEY_AS_STRING);
+        }).start()) {
+            printSecurityProviderName(app);
+            testSuccessfulEndpoint(https, Protocol.HTTP_2);
+        } catch (IOException e) {
+            fail(e);
+        }
+    }
+
+    @Test
+    @EnabledOnOs({OS.LINUX, OS.MAC, OS.WINDOWS})
+    void checkSupportedOsUsesConscrypt() {
+        assumeTrue(SSLUtils.osIs64Bit());
+
+        int securePort = ports.getAndIncrement();
+        String https = HTTPS_URL_WITH_PORT.apply(securePort);
+        try (Javalin app = IntegrationTestClass.createTestApp(config -> {
+            config.insecure = false;
+            config.securePort = securePort;
+            config.pemFromString(CERTIFICATE_AS_STRING, NON_ENCRYPTED_KEY_AS_STRING);
+        }).start()) {
+            printSecurityProviderName(app);
+            assertTrue(getSecurityProviderName(app).contains("Conscrypt"));
+            testSuccessfulEndpoint(https, Protocol.HTTP_2);
+        } catch (IOException e) {
+            fail(e);
+        }
+    }
+
+    private static String getSecurityProviderName(Javalin app){
+        ServerConnector conn = (ServerConnector) app.jettyServer().server().getConnectors()[0];
+        return conn.getConnectionFactories().stream()
+                .filter(cf -> cf instanceof SslConnectionFactory)
+                .map(cf -> (SslConnectionFactory) cf)
+                .map(sslConnectionFactory -> sslConnectionFactory.getSslContextFactory().getSslContext().getProvider().getName())
+                .findFirst()
+                .orElseThrow();
+    }
+
+    private static void printSecurityProviderName(Javalin app) {
+        System.out.println("Security provider: " + getSecurityProviderName(app));
+    }
+
 }
diff --git a/src/main/java/io/javalin/community/ssl/SSLConfig.java b/src/main/java/io/javalin/community/ssl/SSLConfig.java
@@ -1,7 +1,8 @@
 package io.javalin.community.ssl;
 
+import io.javalin.community.ssl.util.SSLUtils;
 import lombok.Getter;
-import org.conscrypt.Conscrypt;
+//import org.conscrypt.Conscrypt;
 import org.eclipse.jetty.server.ServerConnector;
 import org.jetbrains.annotations.Nullable;
 
@@ -349,7 +350,7 @@ public void keystoreFromClasspath(String keyStoreFile, String keyStorePassword)
     /**
      * Security provider to use for the SSLContext.
      */
-    public Provider securityProvider = Conscrypt.newProvider();
+    public Provider securityProvider = SSLUtils.getSecurityProvider();
 
 
 }
diff --git a/src/main/java/io/javalin/community/ssl/util/SSLUtils.java b/src/main/java/io/javalin/community/ssl/util/SSLUtils.java
@@ -5,10 +5,10 @@
 import nl.altindag.ssl.SSLFactory;
 import nl.altindag.ssl.util.JettySslUtils;
 import nl.altindag.ssl.util.PemUtils;
-import org.conscrypt.Conscrypt;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
 
 import javax.net.ssl.X509ExtendedKeyManager;
+import java.security.Provider;
 
 /**
  * Utility class for SSL related tasks.
@@ -42,7 +42,7 @@ public static SslContextFactory.Server createSslContextFactory(SSLConfig config)
     /**
      * Helper method to parse the given config and add Identity Material to the given builder.
      *
-     * @param config  The config to use.
+     * @param config The config to use.
      * @throws SSLConfigException if the key configuration is invalid.
      */
     public static void parseIdentity(SSLConfig config, SSLFactory.Builder builder) throws SSLConfigException {
@@ -102,4 +102,51 @@ public static void parseIdentity(SSLConfig config, SSLFactory.Builder builder) t
 
         builder.withIdentityMaterial(keyManager);
     }
+
+    /**
+     * Helper method to create a working {@link Provider} for the current JVM.
+     */
+    public static Provider getSecurityProvider() {
+        if(osSupportsConscrypt()){
+            return new org.conscrypt.OpenSSLProvider();
+        } else {
+            return null;
+        }
+    }
+
+    /**
+     * Checks if the current OS is supported by Conscrypt.
+     * Currently only Windows (x86, x64), Linux (x64) and Mac OS X (x64) are supported.
+     * @return true if the current OS is supported by Conscrypt.
+     */
+    public static boolean osSupportsConscrypt() {
+        String osName = System.getProperty("os.name").toLowerCase();
+        //Remove all non-alphanumeric characters from the os name
+        osName = osName.replaceAll("[^a-z0-9]", "");
+
+        if (osName.contains("windows")) {
+            return true;
+        } else if (osName.contains("linux") || (osName.contains("macosx") || osName.contains("osx"))) {
+            return osIs64Bit();
+        } else {
+            return false;
+        }
+    }
+
+    /**
+     * Checks if the current OS runs on an x86_64 architecture.
+     * @return true if the current OS runs on an x86_64 architecture.
+     */
+    public static boolean osIs64Bit() {
+        String osArch = System.getProperty("os.arch").toLowerCase();
+        osArch = osArch.replaceAll("[^a-z0-9]", "");
+
+        String[] archNames = new String[]{"x8664", "amd64", "ia32e", "em64t", "x64"};
+        for (String archName : archNames) {
+            if (osArch.contains(archName)) {
+                return true;
+            }
+        }
+        return false;
+    }
 }
