From 703b7968c511905ca631a7d8e01a0798a18217e6 Mon Sep 17 00:00:00 2001 From: Oleg Kalnichevski Date: Mon, 13 Nov 2017 10:46:09 +0100 Subject: [PATCH] Treat System#getProperty as a privileged action --- .../apache/hc/client5/http/ssl/H2TlsStrategy.java | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/H2TlsStrategy.java b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/H2TlsStrategy.java index 79150c4c9..df82ba435 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/H2TlsStrategy.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/H2TlsStrategy.java @@ -28,6 +28,8 @@ package org.apache.hc.client5.http.ssl; import java.net.SocketAddress; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.ArrayList; @@ -73,6 +75,14 @@ public class H2TlsStrategy implements TlsStrategy { return s.split(" *, *"); } + private static String getProperty(final String key) { + return AccessController.doPrivileged(new PrivilegedAction() { + @Override + public String run() { + return System.getProperty(key); + } + }); + } public static HostnameVerifier getDefaultHostnameVerifier() { return new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault()); } @@ -86,8 +96,8 @@ public class H2TlsStrategy implements TlsStrategy { public static TlsStrategy getSystemDefault() { return new H2TlsStrategy( SSLContexts.createSystemDefault(), - split(System.getProperty("https.protocols")), - split(System.getProperty("https.cipherSuites")), + split(getProperty("https.protocols")), + split(getProperty("https.cipherSuites")), SSLBufferManagement.STATIC, getDefaultHostnameVerifier()); }