Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitffa0578

Browse files
committed
Decode PEM format root cert in gradle to make program boot faster
1 parent79bed67 commitffa0578

File tree

2 files changed

+35
-79
lines changed

2 files changed

+35
-79
lines changed

‎build.gradle‎

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,7 @@ buildscript {
6262

6363
dependencies {
6464
classpath'com.github.ben-manes:gradle-versions-plugin:0.12.0'
65+
classpath'com.dropbox.maven:pem-converter-maven-plugin:1.0'
6566
}
6667
}
6768

@@ -101,6 +102,22 @@ processResources {
101102
filesMatching('**/sdk-version.txt') {
102103
expand project.properties
103104
}
105+
106+
filesMatching('**/*.crt') {fcd->
107+
def inputstream= fcd.open()
108+
def certDatas=com.dropbox.maven.pem_converter.PemLoader.load(
109+
newInputStreamReader(inputstream,"UTF-8")
110+
)
111+
inputstream.close()
112+
113+
def out=newDataOutputStream(newFileOutputStream(newFile(
114+
getDestinationDir(), fcd.name.substring(0, fcd.name.length()-4)+".raw"
115+
)))
116+
com.dropbox.maven.pem_converter.RawLoader.store(certDatas, out)
117+
out.close()
118+
119+
fcd.exclude()
120+
}
104121
}
105122

106123
compileJava {

‎src/main/java/com/dropbox/core/http/SSLConfig.java‎

Lines changed: 18 additions & 79 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
importjava.util.Arrays;
2222
importjava.util.Collection;
2323
importjava.util.HashSet;
24+
importjava.util.List;
2425

2526
importjavax.net.ssl.HttpsURLConnection;
2627
importjavax.net.ssl.SSLContext;
@@ -65,7 +66,8 @@ public class SSLConfig {
6566

6667
privatestatic/*@MonotonicNonNull*/CipherSuiteFilterationResultsCACHED_CIPHER_SUITE_FILTERATION_RESULTS;
6768

68-
privatestaticfinalStringROOT_CERTS_RESOURCE ="/trusted-certs.crt";
69+
privatestaticfinalStringROOT_CERTS_RESOURCE ="/trusted-certs.raw";
70+
privatestaticfinalintMAX_CERT_LENGTH =10 *1024;
6971

7072
// All client ciphersuites allowed by Dropbox.
7173
//
@@ -359,8 +361,7 @@ private static void loadKeyStore(KeyStore keyStore, InputStream in)
359361

360362
Collection<X509Certificate>certs;
361363
try {
362-
certs = (Collection<X509Certificate>)x509CertFactory
363-
.generateCertificates(newCommentFilterInputStream(in));
364+
certs =deserializeCertificates(x509CertFactory,in);
364365
}catch (CertificateExceptionex) {
365366
thrownewLoadException("Error loading certificate: " +ex.getMessage(),ex);
366367
}
@@ -375,87 +376,25 @@ private static void loadKeyStore(KeyStore keyStore, InputStream in)
375376
}
376377
}
377378

379+
privatestaticList<X509Certificate>deserializeCertificates(CertificateFactoryx509CertFactory,InputStreamin)throwsIOException,LoadException,CertificateException {
380+
List<X509Certificate>certs =newArrayList<X509Certificate>();
378381

379-
/**
380-
* Strips '#' comments from PEM encoded cert file. Java 7+ handles skipping comments that aren't
381-
* within certificate blocks. Java 6, however, will fail to parse the cert file if it contains
382-
* anything other than certificate blocks.
383-
*
384-
* <p><b> NOTE: Android will incorrectly parse PEM encoded files containing comments.</b> When
385-
* comments are left in the file, some of the certificates may not be loaded properly. This
386-
* results in exceptions like the one below:
387-
*
388-
* <pre>
389-
* Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
390-
* at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:328)
391-
* at com.android.okhttp.internal.http.SocketConnector.connectTls(SocketConnector.java:103)
392-
* at com.android.okhttp.Connection.connect(Connection.java:143)
393-
* ...
394-
* </pre>
395-
*/
396-
privatestaticfinalclassCommentFilterInputStreamextendsFilterInputStream {
397-
privatebooleanisLineStart;
398-
399-
publicCommentFilterInputStream(InputStreamin) {
400-
super(in);
401-
this.isLineStart =true;
402-
}
403-
404-
@Override
405-
publicintread()throwsIOException {
406-
intord =super.read();
407-
408-
// only filter at start of line
409-
if (!isLineStart) {
410-
returnord;
411-
}
412-
413-
while (ord =='#') {
414-
// chomp the comment
415-
do {
416-
ord =super.read();
417-
}while (!isLineFeed(ord) &&ord != -1);
418-
419-
// now chomp the line feeds
420-
while (isLineFeed(ord) &&ord != -1) {
421-
ord =super.read();
422-
}
423-
isLineStart =true;
382+
DataInputStreamdin =newDataInputStream(in);
383+
byte[]data =newbyte[MAX_CERT_LENGTH];
384+
while (true) {
385+
intlength =din.readUnsignedShort();
386+
if (length ==0)break;
387+
if (length >MAX_CERT_LENGTH) {
388+
thrownewLoadException("Invalid length for certificate entry: " +length,null);
424389
}
425-
426-
returnord;
390+
din.readFully(data,0,length);
391+
certs.add((X509Certificate)x509CertFactory.generateCertificate(newByteArrayInputStream(data,0,length)));
427392
}
428393

429-
@Override
430-
publicintread(byte []b)throwsIOException {
431-
returnread(b,0,b.length);
432-
}
433-
434-
@Override
435-
publicintread(byte []b,intoff,intlen)throwsIOException {
436-
if (b ==null) {
437-
thrownewNullPointerException("b");
438-
}
439-
if (off <0 ||len <0 ||len > (b.length -off)) {
440-
thrownewIndexOutOfBoundsException();
441-
}
442-
443-
intcount =0;
444-
for (inti =0;i <len; ++i) {
445-
intord =read();
446-
if (ord == -1) {
447-
break;
448-
}
449-
450-
b[off +i] = (byte)ord;
451-
++count;
452-
}
453-
454-
returncount ==0 ? -1 :count;
394+
if (din.read() >=0) {
395+
thrownewLoadException("Found data after after zero-length header.",null);
455396
}
456397

457-
privatestaticbooleanisLineFeed(intord) {
458-
returnord =='\n' ||ord =='\r';
459-
}
398+
returncerts;
460399
}
461400
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp