Skip to content

Commit

Permalink
alts: Check Cipher before declaring Conscrypt working
Browse files Browse the repository at this point in the history
  • Loading branch information
ejona86 committed Nov 4, 2019
1 parent ca620e5 commit bad6123
Showing 1 changed file with 26 additions and 1 deletion.
27 changes: 26 additions & 1 deletion alts/src/main/java/io/grpc/alts/internal/AesGcmAeadCrypter.java
Original file line number Diff line number Diff line change
Expand Up @@ -121,11 +121,36 @@ private static Provider getConscrypt() {
//
// While we could use Conscrypt.version() to check compatibility, that is _very_ verbose via
// reflection. In practice, old conscrypts are probably not much of a problem.
Provider provider;
try {
return ConscryptLoader.newProvider();
provider = ConscryptLoader.newProvider();
} catch (Throwable t) {
logger.log(Level.INFO, "Could not load Conscrypt. Will use slower JDK implementation", t);
return null;
}
try {
Cipher.getInstance(AES_GCM, CONSCRYPT);
} catch (SecurityException t) {
// Pre-Java 7u121/Java 8u111 fails with SecurityException:
// JCE cannot authenticate the provider Conscrypt
//
// This is because Conscrypt uses a newer (more secure) signing CA than the earlier Java
// supported. https://www.oracle.com/technetwork/java/javase/8u111-relnotes-3124969.html
// https://www.oracle.com/technetwork/java/javase/documentation/javase7supportreleasenotes-1601161.html#R170_121
//
// Use WARNING instead of INFO in this case because it is unlikely to be a supported
// environment. In the other cases we might be on Java 9+; it seems unlikely in this case.
// Note that on Java 7, we're likely to crash later because GCM is unsupported.
logger.log(
Level.WARNING,
"Could not load Conscrypt. Will try slower JDK implementation. This may be because the "
+ "JDK is older than Java 7 update 121 or Java 8 update 111. If so, please update",
t);
return null;
} catch (Throwable t) {
logger.log(Level.INFO, "Could not load Conscrypt. Will use slower JDK implementation", t);
return null;
}
return provider;
}
}

0 comments on commit bad6123

Please sign in to comment.