Fix buffer leaks during PEM to KeyStore conversion
This commit is contained in:
parent
44699afd79
commit
97a4277be1
@ -123,10 +123,17 @@ public final class JdkSslClientContext extends JdkSslContext {
|
|||||||
ks.load(null, null);
|
ks.load(null, null);
|
||||||
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
||||||
|
|
||||||
for (ByteBuf buf: PemReader.readCertificates(certChainFile)) {
|
ByteBuf[] certs = PemReader.readCertificates(certChainFile);
|
||||||
X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteBufInputStream(buf));
|
try {
|
||||||
X500Principal principal = cert.getSubjectX500Principal();
|
for (ByteBuf buf: certs) {
|
||||||
ks.setCertificateEntry(principal.getName("RFC2253"), cert);
|
X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteBufInputStream(buf));
|
||||||
|
X500Principal principal = cert.getSubjectX500Principal();
|
||||||
|
ks.setCertificateEntry(principal.getName("RFC2253"), cert);
|
||||||
|
}
|
||||||
|
} finally {
|
||||||
|
for (ByteBuf buf: certs) {
|
||||||
|
buf.release();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set up trust manager factory to use our key store.
|
// Set up trust manager factory to use our key store.
|
||||||
|
@ -117,7 +117,7 @@ public final class JdkSslServerContext extends JdkSslContext {
|
|||||||
|
|
||||||
ByteBuf encodedKeyBuf = PemReader.readPrivateKey(keyFile);
|
ByteBuf encodedKeyBuf = PemReader.readPrivateKey(keyFile);
|
||||||
byte[] encodedKey = new byte[encodedKeyBuf.readableBytes()];
|
byte[] encodedKey = new byte[encodedKeyBuf.readableBytes()];
|
||||||
encodedKeyBuf.readBytes(encodedKey);
|
encodedKeyBuf.readBytes(encodedKey).release();
|
||||||
PKCS8EncodedKeySpec encodedKeySpec = new PKCS8EncodedKeySpec(encodedKey);
|
PKCS8EncodedKeySpec encodedKeySpec = new PKCS8EncodedKeySpec(encodedKey);
|
||||||
|
|
||||||
PrivateKey key;
|
PrivateKey key;
|
||||||
@ -128,8 +128,15 @@ public final class JdkSslServerContext extends JdkSslContext {
|
|||||||
}
|
}
|
||||||
|
|
||||||
List<Certificate> certChain = new ArrayList<Certificate>();
|
List<Certificate> certChain = new ArrayList<Certificate>();
|
||||||
for (ByteBuf buf: PemReader.readCertificates(certChainFile)) {
|
ByteBuf[] certs = PemReader.readCertificates(certChainFile);
|
||||||
certChain.add(cf.generateCertificate(new ByteBufInputStream(buf)));
|
try {
|
||||||
|
for (ByteBuf buf: certs) {
|
||||||
|
certChain.add(cf.generateCertificate(new ByteBufInputStream(buf)));
|
||||||
|
}
|
||||||
|
} finally {
|
||||||
|
for (ByteBuf buf: certs) {
|
||||||
|
buf.release();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ks.setKeyEntry("key", key, keyPassword.toCharArray(), certChain.toArray(new Certificate[certChain.size()]));
|
ks.setKeyEntry("key", key, keyPassword.toCharArray(), certChain.toArray(new Certificate[certChain.size()]));
|
||||||
|
@ -71,7 +71,11 @@ final class PemReader {
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
certs.add(Base64.decode(Unpooled.copiedBuffer(m.group(1), CharsetUtil.US_ASCII)));
|
ByteBuf base64 = Unpooled.copiedBuffer(m.group(1), CharsetUtil.US_ASCII);
|
||||||
|
ByteBuf der = Base64.decode(base64);
|
||||||
|
base64.release();
|
||||||
|
certs.add(der);
|
||||||
|
|
||||||
start = m.end();
|
start = m.end();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -95,7 +99,10 @@ final class PemReader {
|
|||||||
throw new KeyException("found no private key: " + file);
|
throw new KeyException("found no private key: " + file);
|
||||||
}
|
}
|
||||||
|
|
||||||
return Base64.decode(Unpooled.copiedBuffer(m.group(1), CharsetUtil.US_ASCII));
|
ByteBuf base64 = Unpooled.copiedBuffer(m.group(1), CharsetUtil.US_ASCII);
|
||||||
|
ByteBuf der = Base64.decode(base64);
|
||||||
|
base64.release();
|
||||||
|
return der;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static String readContent(File file) throws IOException {
|
private static String readContent(File file) throws IOException {
|
||||||
|
Loading…
Reference in New Issue
Block a user