Use ByteBufAllocator used by the ReferenceCountedOpenSslEngine when build key-material. (#7952)

Motivation: When we build the key-material we should use the ByteBufAllocator used by the ReferenceCountedOpenSslEngine when possible. Modifications: Whenever we have access to the ReferenceCountedOpenSslEngine we use its allocator. Result: Use correct allocator
2018-05-18 19:36:57 +02:00 · 2018-05-18 19:36:57 +02:00 · 987c443888
commit 987c443888
parent 7727649b2c
5 changed files with 16 additions and 17 deletions
--- a/handler/src/main/java/io/netty/handler/ssl/OpenSsl.java
+++ b/handler/src/main/java/io/netty/handler/ssl/OpenSsl.java
@ -17,6 +17,7 @@
 package io.netty.handler.ssl;

 import io.netty.buffer.ByteBuf;
+import io.netty.buffer.ByteBufAllocator;
 import io.netty.handler.ssl.util.SelfSignedCertificate;
 import io.netty.internal.tcnative.Buffer;
 import io.netty.internal.tcnative.Library;
@ -33,7 +34,6 @@ import io.netty.util.internal.logging.InternalLoggerFactory;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.LinkedHashSet;
 import java.util.List;
@ -157,7 +157,7 @@ public final class OpenSsl {
                        }
                        try {
                            cert = new SelfSignedCertificate();
-                            certBio = ReferenceCountedOpenSslContext.toBIO(cert.cert());
+                            certBio = ReferenceCountedOpenSslContext.toBIO(ByteBufAllocator.DEFAULT, cert.cert());
                            SSL.setCertificateChainBio(ssl, certBio, false);
                            supportsKeyManagerFactory = true;
                            try {
--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslKeyMaterialManager.java
+++ b/handler/src/main/java/io/netty/handler/ssl/OpenSslKeyMaterialManager.java
@ -79,7 +79,7 @@ class OpenSslKeyMaterialManager {
            if (type != null) {
                String alias = chooseServerAlias(engine, type);
                if (alias != null && aliases.add(alias)) {
-                    setKeyMaterial(ssl, alias);
+                    setKeyMaterial(ssl, alias, engine.alloc);
                }
            }
        }
@ -101,10 +101,10 @@ class OpenSslKeyMaterialManager {
            }

            PrivateKey key = keyManager.getPrivateKey(alias);
-            keyCertChainBio = toBIO(certificates);
+            keyCertChainBio = toBIO(engine.alloc, certificates);
            certChain = SSL.parseX509Chain(keyCertChainBio);
            if (key != null) {
-                keyBio = toBIO(key);
+                keyBio = toBIO(engine.alloc, key);
                pkey = SSL.parsePrivateKey(keyBio, password);
            }
            CertificateRequestedCallback.KeyMaterial material = new CertificateRequestedCallback.KeyMaterial(
@ -127,7 +127,7 @@ class OpenSslKeyMaterialManager {
        }
    }

-    private void setKeyMaterial(long ssl, String alias) throws SSLException {
+    private void setKeyMaterial(long ssl, String alias, ByteBufAllocator allocator) throws SSLException {
        long keyBio = 0;
        long keyCertChainBio = 0;
        long keyCertChainBio2 = 0;
@ -142,13 +142,13 @@ class OpenSslKeyMaterialManager {
            PrivateKey key = keyManager.getPrivateKey(alias);

            // Only encode one time
-            PemEncoded encoded = PemX509Certificate.toPEM(ByteBufAllocator.DEFAULT, true, certificates);
+            PemEncoded encoded = PemX509Certificate.toPEM(allocator, true, certificates);
            try {
-                keyCertChainBio = toBIO(ByteBufAllocator.DEFAULT, encoded.retain());
-                keyCertChainBio2 = toBIO(ByteBufAllocator.DEFAULT, encoded.retain());
+                keyCertChainBio = toBIO(allocator, encoded.retain());
+                keyCertChainBio2 = toBIO(allocator, encoded.retain());

                if (key != null) {
-                    keyBio = toBIO(key);
+                    keyBio = toBIO(allocator, key);
                }
                SSL.setCertificateBio(ssl, keyCertChainBio, keyBio, password);

--- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslContext.java
+++ b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslContext.java
@ -710,7 +710,7 @@ public abstract class ReferenceCountedOpenSslContext extends SslContext implemen
            keyCertChainBio2 = toBIO(ByteBufAllocator.DEFAULT, encoded.retain());

            if (key != null) {
-                keyBio = toBIO(key);
+                keyBio = toBIO(ByteBufAllocator.DEFAULT, key);
            }

            SSLContext.setCertificateBio(
@ -742,12 +742,11 @@ public abstract class ReferenceCountedOpenSslContext extends SslContext implemen
     * Return the pointer to a <a href="https://www.openssl.org/docs/crypto/BIO_get_mem_ptr.html">in-memory BIO</a>
     * or {@code 0} if the {@code key} is {@code null}. The BIO contains the content of the {@code key}.
     */
-    static long toBIO(PrivateKey key) throws Exception {
+    static long toBIO(ByteBufAllocator allocator, PrivateKey key) throws Exception {
        if (key == null) {
            return 0;
        }

-        ByteBufAllocator allocator = ByteBufAllocator.DEFAULT;
        PemEncoded pem = PemPrivateKey.toPEM(allocator, true, key);
        try {
            return toBIO(allocator, pem.retain());
@ -760,7 +759,7 @@ public abstract class ReferenceCountedOpenSslContext extends SslContext implemen
     * Return the pointer to a <a href="https://www.openssl.org/docs/crypto/BIO_get_mem_ptr.html">in-memory BIO</a>
     * or {@code 0} if the {@code certChain} is {@code null}. The BIO contains the content of the {@code certChain}.
     */
-    static long toBIO(X509Certificate... certChain) throws Exception {
+    static long toBIO(ByteBufAllocator allocator, X509Certificate... certChain) throws Exception {
        if (certChain == null) {
            return 0;
        }
@ -769,7 +768,6 @@ public abstract class ReferenceCountedOpenSslContext extends SslContext implemen
            throw new IllegalArgumentException("certChain can't be empty");
        }

-        ByteBufAllocator allocator = ByteBufAllocator.DEFAULT;
        PemEncoded pem = PemX509Certificate.toPEM(allocator, true, certChain);
        try {
            return toBIO(allocator, pem.retain());
--- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java
+++ b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java
@ -209,7 +209,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc

    final boolean jdkCompatibilityMode;
    private final boolean clientMode;
-    private final ByteBufAllocator alloc;
+    final ByteBufAllocator alloc;
    private final OpenSslEngineMap engineMap;
    private final OpenSslApplicationProtocolNegotiator apn;
    private final OpenSslSession session;
--- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslServerContext.java
+++ b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslServerContext.java
@ -15,6 +15,7 @@
 */
 package io.netty.handler.ssl;

+import io.netty.buffer.ByteBufAllocator;
 import io.netty.internal.tcnative.SSL;
 import io.netty.internal.tcnative.SSLContext;
 import io.netty.internal.tcnative.SniHostNameMatcher;
@ -162,7 +163,7 @@ public final class ReferenceCountedOpenSslServerContext extends ReferenceCounted
            if (issuers != null && issuers.length > 0) {
                long bio = 0;
                try {
-                    bio = toBIO(issuers);
+                    bio = toBIO(ByteBufAllocator.DEFAULT, issuers);
                    if (!SSLContext.setCACertificateBio(ctx, bio)) {
                        throw new SSLException("unable to setup accepted issuers for trustmanager " + manager);
                    }