(tomcat) branch 11.0.x updated: Refactoring to reduce code duplication

markt Thu, 09 Apr 2026 01:57:48 -0700

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git



The following commit(s) were added to refs/heads/11.0.x by this push:
     new 71a78ec970 Refactoring to reduce code duplication
71a78ec970 is described below

commit 71a78ec9709f5457ad6bad0da5d9f6c5e620c04d
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Apr 9 09:56:12 2026 +0100

    Refactoring to reduce code duplication
---
 .../tomcat/util/net/openssl/panama/OpenSSLContext.java  | 13 +------------
 .../tomcat/util/net/openssl/panama/OpenSSLEngine.java   | 14 +-------------
 .../tomcat/util/net/openssl/panama/OpenSSLLibrary.java  | 17 ++++++++++++++++-
 3 files changed, 18 insertions(+), 26 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java 
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 8cce27d5db..9ea93952ca 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -809,18 +809,7 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
             int len = openssl_h_Compatibility.OPENSSL_sk_num(sk);
             byte[][] certificateChain = new byte[len][];
             try (var localArena = Arena.ofConfined()) {
-                for (int i = 0; i < len; i++) {
-                    MemorySegment/* (X509*) */ x509 = 
openssl_h_Compatibility.OPENSSL_sk_value(sk, i);
-                    MemorySegment bufPointer = 
localArena.allocateFrom(ValueLayout.ADDRESS, MemorySegment.NULL);
-                    int length = i2d_X509(x509, bufPointer);
-                    if (length <= 0) {
-                        certificateChain[i] = new byte[0];
-                        continue;
-                    }
-                    MemorySegment buf = bufPointer.get(ValueLayout.ADDRESS, 0);
-                    certificateChain[i] = buf.reinterpret(length, localArena, 
null).toArray(ValueLayout.JAVA_BYTE);
-                    OPENSSL_free(buf);
-                }
+                OpenSSLLibrary.populateCertifcateChain(localArena, sk, 
certificateChain);
                 MemorySegment cipher = SSL_get_current_cipher(ssl);
                 String authMethod = (MemorySegment.NULL.equals(cipher)) ? 
"UNKNOWN" :
                         
getCipherAuthenticationMethod(SSL_CIPHER_get_auth_nid(cipher), 
SSL_CIPHER_get_kx_nid(cipher));
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java 
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index 315b506f13..947b0f4ee0 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -860,19 +860,7 @@ public final class OpenSSLEngine extends SSLEngine 
implements SSLUtil.ProtocolIn
         }
         byte[][] certificateChain = new byte[len][];
         try (var localArena = Arena.ofConfined()) {
-            for (int i = 0; i < len; i++) {
-                MemorySegment/* (X509*) */ x509 = 
openssl_h_Compatibility.OPENSSL_sk_value(sk, i);
-                MemorySegment bufPointer = 
localArena.allocateFrom(ValueLayout.ADDRESS, MemorySegment.NULL);
-                int length = i2d_X509(x509, bufPointer);
-                if (length <= 0) {
-                    certificateChain[i] = new byte[0];
-                    continue;
-                }
-                MemorySegment buf = bufPointer.get(ValueLayout.ADDRESS, 0);
-                byte[] certificate = buf.reinterpret(length, localArena, 
null).toArray(ValueLayout.JAVA_BYTE);
-                certificateChain[i] = certificate;
-                OPENSSL_free(buf);
-            }
+            OpenSSLLibrary.populateCertifcateChain(localArena, sk, 
certificateChain);
             return certificateChain;
         }
     }
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java 
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
index c1bb2cb664..5367642699 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
@@ -26,6 +26,7 @@ import java.util.List;
 
 import static org.apache.tomcat.util.openssl.openssl_h.*;
 import static org.apache.tomcat.util.openssl.openssl_h_Compatibility.*;
+import static org.apache.tomcat.util.openssl.openssl_h_Macros.*;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
@@ -504,5 +505,19 @@ public class OpenSSLLibrary {
         return sslError;
     }
 
-
+    static void populateCertifcateChain(Arena localArena, MemorySegment /* 
STACK_OF(X509) */ sk,
+            byte[][] certificateChain) {
+        for (int i = 0; i < certificateChain.length; i++) {
+            MemorySegment/* (X509*) */ x509 = 
openssl_h_Compatibility.OPENSSL_sk_value(sk, i);
+            MemorySegment bufPointer = 
localArena.allocateFrom(ValueLayout.ADDRESS, MemorySegment.NULL);
+            int length = i2d_X509(x509, bufPointer);
+            if (length <= 0) {
+                certificateChain[i] = new byte[0];
+                continue;
+            }
+            MemorySegment buf = bufPointer.get(ValueLayout.ADDRESS, 0);
+            certificateChain[i] = buf.reinterpret(length, localArena, 
null).toArray(ValueLayout.JAVA_BYTE);
+            OPENSSL_free(buf);
+        }
+    }
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

(tomcat) branch 11.0.x updated: Refactoring to reduce code duplication

Reply via email to