View Javadoc
1   /*
2    * Copyright 2022 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty.handler.codec.quic;
17  
18  /**
19   * Execute {@link BoringSSLCertificateCallback#handle(long, byte[], byte[][], String[])}.
20   */
21  final class BoringSSLCertificateCallbackTask extends BoringSSLTask {
22      private final byte[] keyTypeBytes;
23      private final byte[][] asn1DerEncodedPrincipals;
24      private final String[] authMethods;
25      private final BoringSSLCertificateCallback callback;
26  
27      // Accessed via JNI.
28      private long key;
29      private long chain;
30  
31      BoringSSLCertificateCallbackTask(long ssl, byte[] keyTypeBytes, byte[][] asn1DerEncodedPrincipals,
32                                       String[] authMethods, BoringSSLCertificateCallback callback) {
33          // It is important that this constructor never throws. Be sure to not change this!
34          super(ssl);
35          // It's ok to not clone the arrays as we create these in JNI and not-reuse.
36          this.keyTypeBytes = keyTypeBytes;
37          this.asn1DerEncodedPrincipals = asn1DerEncodedPrincipals;
38          this.authMethods = authMethods;
39          this.callback = callback;
40      }
41  
42      // See https://www.openssl.org/docs/man1.0.2/man3/SSL_set_cert_cb.html.
43      @Override
44      protected void runTask(long ssl, TaskCallback taskCallback) {
45          try {
46              long[] result = callback.handle(ssl, keyTypeBytes, asn1DerEncodedPrincipals, authMethods);
47              if (result == null) {
48                  taskCallback.onResult(ssl, 0);
49              } else {
50                  this.key = result[0];
51                  this.chain = result[1];
52                  taskCallback.onResult(ssl, 1);
53              }
54          } catch (Exception e) {
55              // Just catch the exception and return 0 to fail the handshake.
56              // The problem is that rethrowing here is really "useless" as we will process it as part of an openssl
57              // c callback which needs to return 0 for an error to abort the handshake.
58              taskCallback.onResult(ssl, 0);
59          }
60      }
61  
62      @Override
63      protected void destroy() {
64          if (key != 0) {
65              BoringSSL.EVP_PKEY_free(key);
66              key = 0;
67          }
68          if (chain != 0) {
69              BoringSSL.CRYPTO_BUFFER_stack_free(chain);
70              chain = 0;
71          }
72      }
73  }