andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix possible NPE introduced by a137291ad1 when using SslProvider.OPENSSL and init via files or OpenSslX509KeyManagerFactory (#8126)

Browse Source 
Motivation:

a137291ad1 introduced a way to get the most speed out of OpenSSL by not only caching keymaterial but pre-compute these. The problem was we missed to check for null before doing an instanceof check and then a cast which could lead to a NPE as we tried to cast null to Exception and throw it.

Modifications:

Add null check and unit test.

Result:

No more NPE when keymaterial was not found for requested alias.
This commit is contained in:
Norman Maurer 2018-07-11 15:19:37 +01:00 committed by GitHub
parent 8186c9aaea
commit df08467d7c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 51 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
handler/src/main/java/io/netty/handler/ssl/OpenSslX509KeyManagerFactory.java
View File

@ -198,11 +198,14 @@ public final class OpenSslX509KeyManagerFactory extends KeyManagerFactory {
@Override @Override
OpenSslKeyMaterial chooseKeyMaterial(ByteBufAllocator allocator, String alias) throws Exception { OpenSslKeyMaterial chooseKeyMaterial(ByteBufAllocator allocator, String alias) throws Exception {
Object value = materialMap.get(alias); Object value = materialMap.get(alias);
if (value == null) {
// There is no keymaterial for the requested alias, return null
return null;
}
if (value instanceof OpenSslKeyMaterial) { if (value instanceof OpenSslKeyMaterial) {
return ((OpenSslKeyMaterial) value).retain(); return ((OpenSslKeyMaterial) value).retain();
} else {
throw (Exception) value;
} }
throw (Exception) value;
} }
@Override @Override

15
handler/src/test/java/io/netty/handler/ssl/OpenSslCachingKeyMaterialProviderTest.java
View File

@ -20,7 +20,6 @@ import org.junit.Assert;
import org.junit.Test; import org.junit.Test;
import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509KeyManager;
import static org.junit.Assert.*; import static org.junit.Assert.*;
@ -32,8 +31,9 @@ public class OpenSslCachingKeyMaterialProviderTest extends OpenSslKeyMaterialPro
} }
@Override @Override
protected OpenSslKeyMaterialProvider newMaterialProvider(X509KeyManager manager, String password) { protected OpenSslKeyMaterialProvider newMaterialProvider(KeyManagerFactory factory, String password) {
return new OpenSslCachingKeyMaterialProvider(manager, password); return new OpenSslCachingKeyMaterialProvider(ReferenceCountedOpenSslContext.chooseX509KeyManager(
factory.getKeyManagers()), password);
} }
@Override @Override
@ -41,16 +41,9 @@ public class OpenSslCachingKeyMaterialProviderTest extends OpenSslKeyMaterialPro
Assert.assertFalse(material.release()); Assert.assertFalse(material.release());
} }
@Override
protected Class<? extends OpenSslKeyMaterialProvider> providerClass() {
return OpenSslCachingKeyMaterialProvider.class;
}
@Test @Test
public void testMaterialCached() throws Exception { public void testMaterialCached() throws Exception {
X509KeyManager manager = ReferenceCountedOpenSslContext.chooseX509KeyManager( OpenSslKeyMaterialProvider provider = newMaterialProvider(newKeyManagerFactory(), PASSWORD);
newKeyManagerFactory().getKeyManagers());
OpenSslKeyMaterialProvider provider = newMaterialProvider(manager, PASSWORD);
OpenSslKeyMaterial material = provider.chooseKeyMaterial(UnpooledByteBufAllocator.DEFAULT, EXISTING_ALIAS); OpenSslKeyMaterial material = provider.chooseKeyMaterial(UnpooledByteBufAllocator.DEFAULT, EXISTING_ALIAS);
assertNotNull(material); assertNotNull(material);

22
handler/src/test/java/io/netty/handler/ssl/OpenSslKeyMaterialProviderTest.java
View File

@ -20,7 +20,6 @@ import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509KeyManager;
import java.security.KeyStore; import java.security.KeyStore;
@ -49,12 +48,9 @@ public class OpenSslKeyMaterialProviderTest {
return kmf; return kmf;
} }
protected OpenSslKeyMaterialProvider newMaterialProvider(X509KeyManager manager, String password) { protected OpenSslKeyMaterialProvider newMaterialProvider(KeyManagerFactory factory, String password) {
return new OpenSslKeyMaterialProvider(manager, password); return new OpenSslKeyMaterialProvider(ReferenceCountedOpenSslContext.chooseX509KeyManager(
} factory.getKeyManagers()), password);
protected Class<? extends OpenSslKeyMaterialProvider> providerClass() {
return OpenSslKeyMaterialProvider.class;
} }
protected void assertRelease(OpenSslKeyMaterial material) { protected void assertRelease(OpenSslKeyMaterial material) {
@ -63,9 +59,7 @@ public class OpenSslKeyMaterialProviderTest {
@Test @Test
public void testChooseKeyMaterial() throws Exception { public void testChooseKeyMaterial() throws Exception {
X509KeyManager manager = ReferenceCountedOpenSslContext.chooseX509KeyManager( OpenSslKeyMaterialProvider provider = newMaterialProvider(newKeyManagerFactory(), PASSWORD);
newKeyManagerFactory().getKeyManagers());
OpenSslKeyMaterialProvider provider = newMaterialProvider(manager, PASSWORD);
OpenSslKeyMaterial nonExistingMaterial = provider.chooseKeyMaterial( OpenSslKeyMaterial nonExistingMaterial = provider.chooseKeyMaterial(
UnpooledByteBufAllocator.DEFAULT, NON_EXISTING_ALIAS); UnpooledByteBufAllocator.DEFAULT, NON_EXISTING_ALIAS);
assertNull(nonExistingMaterial); assertNull(nonExistingMaterial);
@ -78,12 +72,4 @@ public class OpenSslKeyMaterialProviderTest {
provider.destroy(); provider.destroy();
} }
@Test
public void testChooseTheCorrectProvider() throws Exception {
OpenSslKeyMaterialProvider provider = ReferenceCountedOpenSslContext.providerFor(
newKeyManagerFactory(), PASSWORD);
assertEquals(providerClass(), provider.getClass());
provider.destroy();
}
} }

38
handler/src/test/java/io/netty/handler/ssl/OpenSslX509KeyManagerFactoryProviderTest.java Normal file
View File

@ -0,0 +1,38 @@
/*
* Copyright 2018 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.ssl;
import javax.net.ssl.KeyManagerFactory;
import java.security.KeyStore;
public class OpenSslX509KeyManagerFactoryProviderTest extends OpenSslCachingKeyMaterialProviderTest {
@Override
protected KeyManagerFactory newKeyManagerFactory() throws Exception {
char[] password = PASSWORD.toCharArray();
final KeyStore keystore = KeyStore.getInstance("PKCS12");
keystore.load(getClass().getResourceAsStream("mutual_auth_server.p12"), password);
OpenSslX509KeyManagerFactory kmf = new OpenSslX509KeyManagerFactory();
kmf.init(keystore, password);
return kmf;
}
@Override
protected OpenSslKeyMaterialProvider newMaterialProvider(KeyManagerFactory kmf, String password) {
return ((OpenSslX509KeyManagerFactory) kmf).newProvider();
}
}