Use ByteBufAllocator used by the ReferenceCountedOpenSslEngine when build key-material. (#7952)
Motivation: When we build the key-material we should use the ByteBufAllocator used by the ReferenceCountedOpenSslEngine when possible. Modifications: Whenever we have access to the ReferenceCountedOpenSslEngine we use its allocator. Result: Use correct allocator
This commit is contained in:
parent
7727649b2c
commit
987c443888
@ -17,6 +17,7 @@
|
||||
package io.netty.handler.ssl;
|
||||
|
||||
import io.netty.buffer.ByteBuf;
|
||||
import io.netty.buffer.ByteBufAllocator;
|
||||
import io.netty.handler.ssl.util.SelfSignedCertificate;
|
||||
import io.netty.internal.tcnative.Buffer;
|
||||
import io.netty.internal.tcnative.Library;
|
||||
@ -33,7 +34,6 @@ import io.netty.util.internal.logging.InternalLoggerFactory;
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.LinkedHashSet;
|
||||
import java.util.List;
|
||||
@ -157,7 +157,7 @@ public final class OpenSsl {
|
||||
}
|
||||
try {
|
||||
cert = new SelfSignedCertificate();
|
||||
certBio = ReferenceCountedOpenSslContext.toBIO(cert.cert());
|
||||
certBio = ReferenceCountedOpenSslContext.toBIO(ByteBufAllocator.DEFAULT, cert.cert());
|
||||
SSL.setCertificateChainBio(ssl, certBio, false);
|
||||
supportsKeyManagerFactory = true;
|
||||
try {
|
||||
|
@ -79,7 +79,7 @@ class OpenSslKeyMaterialManager {
|
||||
if (type != null) {
|
||||
String alias = chooseServerAlias(engine, type);
|
||||
if (alias != null && aliases.add(alias)) {
|
||||
setKeyMaterial(ssl, alias);
|
||||
setKeyMaterial(ssl, alias, engine.alloc);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -101,10 +101,10 @@ class OpenSslKeyMaterialManager {
|
||||
}
|
||||
|
||||
PrivateKey key = keyManager.getPrivateKey(alias);
|
||||
keyCertChainBio = toBIO(certificates);
|
||||
keyCertChainBio = toBIO(engine.alloc, certificates);
|
||||
certChain = SSL.parseX509Chain(keyCertChainBio);
|
||||
if (key != null) {
|
||||
keyBio = toBIO(key);
|
||||
keyBio = toBIO(engine.alloc, key);
|
||||
pkey = SSL.parsePrivateKey(keyBio, password);
|
||||
}
|
||||
CertificateRequestedCallback.KeyMaterial material = new CertificateRequestedCallback.KeyMaterial(
|
||||
@ -127,7 +127,7 @@ class OpenSslKeyMaterialManager {
|
||||
}
|
||||
}
|
||||
|
||||
private void setKeyMaterial(long ssl, String alias) throws SSLException {
|
||||
private void setKeyMaterial(long ssl, String alias, ByteBufAllocator allocator) throws SSLException {
|
||||
long keyBio = 0;
|
||||
long keyCertChainBio = 0;
|
||||
long keyCertChainBio2 = 0;
|
||||
@ -142,13 +142,13 @@ class OpenSslKeyMaterialManager {
|
||||
PrivateKey key = keyManager.getPrivateKey(alias);
|
||||
|
||||
// Only encode one time
|
||||
PemEncoded encoded = PemX509Certificate.toPEM(ByteBufAllocator.DEFAULT, true, certificates);
|
||||
PemEncoded encoded = PemX509Certificate.toPEM(allocator, true, certificates);
|
||||
try {
|
||||
keyCertChainBio = toBIO(ByteBufAllocator.DEFAULT, encoded.retain());
|
||||
keyCertChainBio2 = toBIO(ByteBufAllocator.DEFAULT, encoded.retain());
|
||||
keyCertChainBio = toBIO(allocator, encoded.retain());
|
||||
keyCertChainBio2 = toBIO(allocator, encoded.retain());
|
||||
|
||||
if (key != null) {
|
||||
keyBio = toBIO(key);
|
||||
keyBio = toBIO(allocator, key);
|
||||
}
|
||||
SSL.setCertificateBio(ssl, keyCertChainBio, keyBio, password);
|
||||
|
||||
|
@ -710,7 +710,7 @@ public abstract class ReferenceCountedOpenSslContext extends SslContext implemen
|
||||
keyCertChainBio2 = toBIO(ByteBufAllocator.DEFAULT, encoded.retain());
|
||||
|
||||
if (key != null) {
|
||||
keyBio = toBIO(key);
|
||||
keyBio = toBIO(ByteBufAllocator.DEFAULT, key);
|
||||
}
|
||||
|
||||
SSLContext.setCertificateBio(
|
||||
@ -742,12 +742,11 @@ public abstract class ReferenceCountedOpenSslContext extends SslContext implemen
|
||||
* Return the pointer to a <a href="https://www.openssl.org/docs/crypto/BIO_get_mem_ptr.html">in-memory BIO</a>
|
||||
* or {@code 0} if the {@code key} is {@code null}. The BIO contains the content of the {@code key}.
|
||||
*/
|
||||
static long toBIO(PrivateKey key) throws Exception {
|
||||
static long toBIO(ByteBufAllocator allocator, PrivateKey key) throws Exception {
|
||||
if (key == null) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
ByteBufAllocator allocator = ByteBufAllocator.DEFAULT;
|
||||
PemEncoded pem = PemPrivateKey.toPEM(allocator, true, key);
|
||||
try {
|
||||
return toBIO(allocator, pem.retain());
|
||||
@ -760,7 +759,7 @@ public abstract class ReferenceCountedOpenSslContext extends SslContext implemen
|
||||
* Return the pointer to a <a href="https://www.openssl.org/docs/crypto/BIO_get_mem_ptr.html">in-memory BIO</a>
|
||||
* or {@code 0} if the {@code certChain} is {@code null}. The BIO contains the content of the {@code certChain}.
|
||||
*/
|
||||
static long toBIO(X509Certificate... certChain) throws Exception {
|
||||
static long toBIO(ByteBufAllocator allocator, X509Certificate... certChain) throws Exception {
|
||||
if (certChain == null) {
|
||||
return 0;
|
||||
}
|
||||
@ -769,7 +768,6 @@ public abstract class ReferenceCountedOpenSslContext extends SslContext implemen
|
||||
throw new IllegalArgumentException("certChain can't be empty");
|
||||
}
|
||||
|
||||
ByteBufAllocator allocator = ByteBufAllocator.DEFAULT;
|
||||
PemEncoded pem = PemX509Certificate.toPEM(allocator, true, certChain);
|
||||
try {
|
||||
return toBIO(allocator, pem.retain());
|
||||
|
@ -209,7 +209,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
||||
|
||||
final boolean jdkCompatibilityMode;
|
||||
private final boolean clientMode;
|
||||
private final ByteBufAllocator alloc;
|
||||
final ByteBufAllocator alloc;
|
||||
private final OpenSslEngineMap engineMap;
|
||||
private final OpenSslApplicationProtocolNegotiator apn;
|
||||
private final OpenSslSession session;
|
||||
|
@ -15,6 +15,7 @@
|
||||
*/
|
||||
package io.netty.handler.ssl;
|
||||
|
||||
import io.netty.buffer.ByteBufAllocator;
|
||||
import io.netty.internal.tcnative.SSL;
|
||||
import io.netty.internal.tcnative.SSLContext;
|
||||
import io.netty.internal.tcnative.SniHostNameMatcher;
|
||||
@ -162,7 +163,7 @@ public final class ReferenceCountedOpenSslServerContext extends ReferenceCounted
|
||||
if (issuers != null && issuers.length > 0) {
|
||||
long bio = 0;
|
||||
try {
|
||||
bio = toBIO(issuers);
|
||||
bio = toBIO(ByteBufAllocator.DEFAULT, issuers);
|
||||
if (!SSLContext.setCACertificateBio(ctx, bio)) {
|
||||
throw new SSLException("unable to setup accepted issuers for trustmanager " + manager);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user