Skip to content

Commit

Permalink
okhttp: revert "okhttp: Add restricted AppEngine SSL setup (#2795)"
Browse files Browse the repository at this point in the history 
This reverts commit b753231.
  • Loading branch information
@carl-mastrangelo
carl-mastrangelo authored Mar 15, 2017
1 parent 4091130 commit 2c4d8ee
Showing 1 changed file with 1 addition and 22 deletions.
23 changes: 1 addition & 22 deletions okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,16 +53,13 @@
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.concurrent.Executor;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nullable;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;

/** Convenience class for building channels with the OkHttp transport. */
@ExperimentalApi("https://github.com/grpc/grpc-java/issues/1785")
Expand Down Expand Up @@ -255,25 +252,7 @@ SSLSocketFactory createSocketFactory() {
case TLS:
try {
if (sslSocketFactory == null) {
SSLContext sslContext;
if (GrpcUtil.IS_RESTRICTED_APPENGINE) {
// The following auth code circumvents the following AccessControlException:
// access denied ("java.util.PropertyPermission" "javax.net.ssl.keyStore" "read")
// Conscrypt will attempt to load the default KeyStore if a trust manager is not
// provided, which is forbidden on AppEngine
sslContext = SSLContext.getInstance("TLS", Platform.get().getProvider());
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
sslContext.init(
null,
trustManagerFactory.getTrustManagers(),
// Use an algorithm that doesn't need /dev/urandom
SecureRandom.getInstance("SHA1PRNG", Platform.get().getProvider()));

} else {
sslContext = SSLContext.getInstance("Default", Platform.get().getProvider());
}
SSLContext sslContext = SSLContext.getInstance("Default", Platform.get().getProvider());
sslSocketFactory = sslContext.getSocketFactory();
}
return sslSocketFactory;
Expand Down

0 comments on commit 2c4d8ee

Please sign in to comment.