Clean up NettyClientUtils#createNettySslContext

Inserting a JDK `javax.net.ssl.SSLContext` into Netty originated in commit https://github.com/richdougherty/akka-grpc/blob/aa05239c6cddcb20dfa0770e8e8e7649e3bbaaef/runtime/src/main/scala/akka/grpc/internal/NettyClientUtils.scala#L59-L82 in PR akka#266 It was removed in PR akka#964 to address Issue akka#946 It was returned in PR akka#979 to address Issue akka#978 --- Original comment was ```scala // FIXME: Create a JdkSslContext using a normal constructor. Need to work out sensible values for all args first. // In the meantime, use a Netty SslContextBuild to create a JdkSslContext, then use reflection to patch the // object's internal SSLContext. It's not pretty, but it gets something working for now. ``` --- This commit addresses the original `FIXME` comment, and avoids using deprecated constructors on `io.grpc.netty.shaded.io.netty.handler.ssl.JdkSslContext`
dwhjames · Aug 3, 2022 · 07d6dff · 07d6dff
1 parent 9c613f4
commit 07d6dff
Showing 1 changed file with 17 additions and 17 deletions.
diff --git a/runtime/src/main/scala/akka/grpc/internal/NettyClientUtils.scala b/runtime/src/main/scala/akka/grpc/internal/NettyClientUtils.scala
@@ -172,23 +172,23 @@ object NettyClientUtils {
    */
   @InternalApi
   private def createNettySslContext(javaSslContext: SSLContext): SslContext = {
-    import io.grpc.netty.shaded.io.netty.handler.ssl._
-    import java.lang.reflect.Field
-
-    // This is a hack for situations where the SSLContext is given.
-    // This approach forces using SslProvider.JDK, which is known not to work
-    // on JDK 1.8.0_252
-
-    // Create a Netty JdkSslContext object with all the correct ciphers, protocol settings, etc initialized.
-    val nettySslContext: JdkSslContext =
-      GrpcSslContexts.configure(GrpcSslContexts.forClient, SslProvider.JDK).build.asInstanceOf[JdkSslContext]
-
-    // Patch the SSLContext value inside the JdkSslContext object
-    val nettySslContextField: Field = classOf[JdkSslContext].getDeclaredField("sslContext")
-    nettySslContextField.setAccessible(true)
-    nettySslContextField.set(nettySslContext, javaSslContext)
-
-    nettySslContext
+    import io.grpc.netty.shaded.io.netty.handler.ssl.{
+      ApplicationProtocolConfig,
+      ClientAuth,
+      IdentityCipherSuiteFilter,
+      JdkSslContext
+    }
+    // See
+    // https://github.com/netty/netty/blob/4.1/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java#L229-L309
+    new JdkSslContext(
+      javaSslContext,
+      /* boolean isClient */ true,
+      /* Iterable<String> ciphers */ null, // use JDK defaults (null is accepted as indicated in constructor Javadoc)
+      IdentityCipherSuiteFilter.INSTANCE,
+      /* ApplicationProtocolConfig apn */ ApplicationProtocolConfig.DISABLED, // use JDK default (null would also be acceptable, DISABLED config will select the NONE protocol and thus the JdkDefaultApplicationProtocolNegotiator)
+      ClientAuth.NONE, // server-only option, which is ignored as isClient=true (as indicated in constructor Javadoc)
+      /* String[] protocols */ null, // use JDK defaults (null is accepted as indicated in constructor Javadoc)
+      /* boolean startTls */ false)
   }
 
   /**