Move OpenSsl*X509Certificate to util package and rename it (#10955)

Motivation:

Creating certificates from a byte[] while lazy parse it is general useful and is also needed by https://github.com/netty/netty-incubator-codec-quic/pull/141

Modifications:

Move classes, rename these and make them public

Result:

Be able to reuse code
This commit is contained in:
Norman Maurer 2021-01-21 11:12:54 +01:00 committed by GitHub
parent 42ba433576
commit 41e79835f2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 38 additions and 16 deletions

View File

@ -17,6 +17,7 @@ package io.netty.handler.ssl;
import io.netty.buffer.ByteBuf; import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufAllocator; import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.util.LazyX509Certificate;
import io.netty.internal.tcnative.CertificateVerifier; import io.netty.internal.tcnative.CertificateVerifier;
import io.netty.internal.tcnative.SSL; import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext; import io.netty.internal.tcnative.SSLContext;
@ -565,7 +566,7 @@ public abstract class ReferenceCountedOpenSslContext extends SslContext implemen
protected static X509Certificate[] certificates(byte[][] chain) { protected static X509Certificate[] certificates(byte[][] chain) {
X509Certificate[] peerCerts = new X509Certificate[chain.length]; X509Certificate[] peerCerts = new X509Certificate[chain.length];
for (int i = 0; i < peerCerts.length; i++) { for (int i = 0; i < peerCerts.length; i++) {
peerCerts[i] = new OpenSslX509Certificate(chain[i]); peerCerts[i] = new LazyX509Certificate(chain[i]);
} }
return peerCerts; return peerCerts;
} }

View File

@ -17,6 +17,8 @@ package io.netty.handler.ssl;
import io.netty.buffer.ByteBuf; import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufAllocator; import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.util.LazyJavaxX509Certificate;
import io.netty.handler.ssl.util.LazyX509Certificate;
import io.netty.internal.tcnative.Buffer; import io.netty.internal.tcnative.Buffer;
import io.netty.internal.tcnative.SSL; import io.netty.internal.tcnative.SSL;
import io.netty.util.AbstractReferenceCounted; import io.netty.util.AbstractReferenceCounted;
@ -2318,13 +2320,13 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
x509PeerCerts = EmptyArrays.EMPTY_JAVAX_X509_CERTIFICATES; x509PeerCerts = EmptyArrays.EMPTY_JAVAX_X509_CERTIFICATES;
} else { } else {
if (isEmpty(chain)) { if (isEmpty(chain)) {
peerCerts = new Certificate[] {new OpenSslX509Certificate(clientCert)}; peerCerts = new Certificate[] {new LazyX509Certificate(clientCert)};
x509PeerCerts = new X509Certificate[] {new OpenSslJavaxX509Certificate(clientCert)}; x509PeerCerts = new X509Certificate[] {new LazyJavaxX509Certificate(clientCert)};
} else { } else {
peerCerts = new Certificate[chain.length + 1]; peerCerts = new Certificate[chain.length + 1];
x509PeerCerts = new X509Certificate[chain.length + 1]; x509PeerCerts = new X509Certificate[chain.length + 1];
peerCerts[0] = new OpenSslX509Certificate(clientCert); peerCerts[0] = new LazyX509Certificate(clientCert);
x509PeerCerts[0] = new OpenSslJavaxX509Certificate(clientCert); x509PeerCerts[0] = new LazyJavaxX509Certificate(clientCert);
initCerts(chain, 1); initCerts(chain, 1);
} }
} }
@ -2334,8 +2336,8 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
private void initCerts(byte[][] chain, int startPos) { private void initCerts(byte[][] chain, int startPos) {
for (int i = 0; i < chain.length; i++) { for (int i = 0; i < chain.length; i++) {
int certPos = startPos + i; int certPos = startPos + i;
peerCerts[certPos] = new OpenSslX509Certificate(chain[i]); peerCerts[certPos] = new LazyX509Certificate(chain[i]);
x509PeerCerts[certPos] = new OpenSslJavaxX509Certificate(chain[i]); x509PeerCerts[certPos] = new LazyJavaxX509Certificate(chain[i]);
} }
} }

View File

@ -13,7 +13,9 @@
* License for the specific language governing permissions and limitations * License for the specific language governing permissions and limitations
* under the License. * under the License.
*/ */
package io.netty.handler.ssl; package io.netty.handler.ssl.util;
import io.netty.util.internal.ObjectUtil;
import javax.security.cert.CertificateException; import javax.security.cert.CertificateException;
import javax.security.cert.CertificateExpiredException; import javax.security.cert.CertificateExpiredException;
@ -28,12 +30,15 @@ import java.security.PublicKey;
import java.security.SignatureException; import java.security.SignatureException;
import java.util.Date; import java.util.Date;
final class OpenSslJavaxX509Certificate extends X509Certificate { public final class LazyJavaxX509Certificate extends X509Certificate {
private final byte[] bytes; private final byte[] bytes;
private X509Certificate wrapped; private X509Certificate wrapped;
OpenSslJavaxX509Certificate(byte[] bytes) { /**
this.bytes = bytes; * Creates a new instance which will lazy parse the given bytes. Be aware that the bytes will not be cloned.
*/
public LazyJavaxX509Certificate(byte[] bytes) {
this.bytes = ObjectUtil.checkNotNull(bytes, "bytes");
} }
@Override @Override

View File

@ -13,8 +13,9 @@
* License for the specific language governing permissions and limitations * License for the specific language governing permissions and limitations
* under the License. * under the License.
*/ */
package io.netty.handler.ssl; package io.netty.handler.ssl.util;
import io.netty.util.internal.ObjectUtil;
import io.netty.util.internal.SuppressJava6Requirement; import io.netty.util.internal.SuppressJava6Requirement;
import javax.security.auth.x500.X500Principal; import javax.security.auth.x500.X500Principal;
@ -30,6 +31,7 @@ import java.security.SignatureException;
import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException; import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException; import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException; import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
@ -38,13 +40,25 @@ import java.util.Date;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
final class OpenSslX509Certificate extends X509Certificate { public final class LazyX509Certificate extends X509Certificate {
static final CertificateFactory X509_CERT_FACTORY;
static {
try {
X509_CERT_FACTORY = CertificateFactory.getInstance("X.509");
} catch (CertificateException e) {
throw new ExceptionInInitializerError(e);
}
}
private final byte[] bytes; private final byte[] bytes;
private X509Certificate wrapped; private X509Certificate wrapped;
OpenSslX509Certificate(byte[] bytes) { /**
this.bytes = bytes; * Creates a new instance which will lazy parse the given bytes. Be aware that the bytes will not be cloned.
*/
public LazyX509Certificate(byte[] bytes) {
this.bytes = ObjectUtil.checkNotNull(bytes, "bytes");
} }
@Override @Override
@ -217,7 +231,7 @@ final class OpenSslX509Certificate extends X509Certificate {
X509Certificate wrapped = this.wrapped; X509Certificate wrapped = this.wrapped;
if (wrapped == null) { if (wrapped == null) {
try { try {
wrapped = this.wrapped = (X509Certificate) SslContext.X509_CERT_FACTORY.generateCertificate( wrapped = this.wrapped = (X509Certificate) X509_CERT_FACTORY.generateCertificate(
new ByteArrayInputStream(bytes)); new ByteArrayInputStream(bytes));
} catch (CertificateException e) { } catch (CertificateException e) {
throw new IllegalStateException(e); throw new IllegalStateException(e);