Fix buffer leaks during PEM to KeyStore conversion

This commit is contained in:
Trustin Lee 2014-05-18 04:26:16 +09:00
parent 79f2f332ec
commit d6262a3542
3 changed files with 30 additions and 9 deletions

View File

@ -123,10 +123,17 @@ public final class JdkSslClientContext extends JdkSslContext {
ks.load(null, null);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
for (ByteBuf buf: PemReader.readCertificates(certChainFile)) {
X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteBufInputStream(buf));
X500Principal principal = cert.getSubjectX500Principal();
ks.setCertificateEntry(principal.getName("RFC2253"), cert);
ByteBuf[] certs = PemReader.readCertificates(certChainFile);
try {
for (ByteBuf buf: certs) {
X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteBufInputStream(buf));
X500Principal principal = cert.getSubjectX500Principal();
ks.setCertificateEntry(principal.getName("RFC2253"), cert);
}
} finally {
for (ByteBuf buf: certs) {
buf.release();
}
}
// Set up trust manager factory to use our key store.

View File

@ -117,7 +117,7 @@ public final class JdkSslServerContext extends JdkSslContext {
ByteBuf encodedKeyBuf = PemReader.readPrivateKey(keyFile);
byte[] encodedKey = new byte[encodedKeyBuf.readableBytes()];
encodedKeyBuf.readBytes(encodedKey);
encodedKeyBuf.readBytes(encodedKey).release();
PKCS8EncodedKeySpec encodedKeySpec = new PKCS8EncodedKeySpec(encodedKey);
PrivateKey key;
@ -128,8 +128,15 @@ public final class JdkSslServerContext extends JdkSslContext {
}
List<Certificate> certChain = new ArrayList<Certificate>();
for (ByteBuf buf: PemReader.readCertificates(certChainFile)) {
certChain.add(cf.generateCertificate(new ByteBufInputStream(buf)));
ByteBuf[] certs = PemReader.readCertificates(certChainFile);
try {
for (ByteBuf buf: certs) {
certChain.add(cf.generateCertificate(new ByteBufInputStream(buf)));
}
} finally {
for (ByteBuf buf: certs) {
buf.release();
}
}
ks.setKeyEntry("key", key, keyPassword.toCharArray(), certChain.toArray(new Certificate[certChain.size()]));

View File

@ -71,7 +71,11 @@ final class PemReader {
break;
}
certs.add(Base64.decode(Unpooled.copiedBuffer(m.group(1), CharsetUtil.US_ASCII)));
ByteBuf base64 = Unpooled.copiedBuffer(m.group(1), CharsetUtil.US_ASCII);
ByteBuf der = Base64.decode(base64);
base64.release();
certs.add(der);
start = m.end();
}
@ -95,7 +99,10 @@ final class PemReader {
throw new KeyException("found no private key: " + file);
}
return Base64.decode(Unpooled.copiedBuffer(m.group(1), CharsetUtil.US_ASCII));
ByteBuf base64 = Unpooled.copiedBuffer(m.group(1), CharsetUtil.US_ASCII);
ByteBuf der = Base64.decode(base64);
base64.release();
return der;
}
private static String readContent(File file) throws IOException {