Execute SSLHelper.validate as blocking

Fix eclipse-vertx#4439
MikeEdgar · Jul 21, 2022 · a887aa4 · a887aa4
1 parent 3d27653
commit a887aa4
Show file tree

Hide file tree

Showing 5 changed files with 218 additions and 108 deletions.
diff --git a/src/main/java/io/vertx/core/http/impl/HttpChannelConnector.java b/src/main/java/io/vertx/core/http/impl/HttpChannelConnector.java
@@ -85,7 +85,7 @@ public SocketAddress server() {
   }
 
   private void connect(EventLoopContext context, Promise<NetSocket> promise) {
-    netClient.connectInternal(proxyOptions, server, peerAddress, this.options.isForceSni() ? peerAddress.host() : null, ssl, useAlpn, false, promise, context, 0);
+    netClient.connect(proxyOptions, server, peerAddress, this.options.isForceSni() ? peerAddress.host() : null, ssl, useAlpn, false, promise, context, 0);
   }
 
   public Future<HttpClientConnection> wrap(EventLoopContext context, NetSocket so_) {

diff --git a/src/main/java/io/vertx/core/net/impl/NetClientImpl.java b/src/main/java/io/vertx/core/net/impl/NetClientImpl.java
@@ -31,8 +31,8 @@
 import io.vertx.core.buffer.impl.PartialPooledByteBufAllocator;
 import io.vertx.core.impl.CloseFuture;
 import io.vertx.core.impl.ContextInternal;
-import io.vertx.core.impl.future.PromiseInternal;
 import io.vertx.core.impl.VertxInternal;
+import io.vertx.core.impl.future.PromiseInternal;
 import io.vertx.core.impl.logging.Logger;
 import io.vertx.core.impl.logging.LoggerFactory;
 import io.vertx.core.net.NetClient;
@@ -91,8 +91,6 @@ public NetClientImpl(VertxInternal vertx, TCPMetrics metrics, NetClientOptions o
     this.idleTimeoutUnit = options.getIdleTimeoutUnit();
     this.closeFuture = closeFuture;
     this.proxyFilter = options.getNonProxyHosts() != null ? ProxyFilter.nonProxyHosts(options.getNonProxyHosts()) : ProxyFilter.DEFAULT_PROXY_FILTER;
-
-    sslHelper.validate(vertx);
   }
 
   protected void initChannel(ChannelPipeline pipeline) {
@@ -222,19 +220,39 @@ private void connect(SocketAddress remoteAddress, String serverName, Promise<Net
         proxyOptions = null;
       }
     }
-    connectInternal(proxyOptions, remoteAddress, peerAddress, serverName, options.isSsl(), options.isUseAlpn(), true, connectHandler, ctx, options.getReconnectAttempts());
+    connect(proxyOptions, remoteAddress, peerAddress, serverName, options.isSsl(), options.isUseAlpn(), true, connectHandler, ctx, options.getReconnectAttempts());
+  }
+
+  public void connect(ProxyOptions proxyOptions,
+                      SocketAddress remoteAddress,
+                      SocketAddress peerAddress,
+                      String serverName,
+                      boolean ssl,
+                      boolean useAlpn,
+                      boolean registerWriteHandlers,
+                      Promise<NetSocket> connectHandler,
+                      ContextInternal context,
+                      int remainingAttempts) {
+    sslHelper.validate(vertx)
+      .onComplete(validateResult -> {
+        if (validateResult.succeeded()) {
+          connectInternal(proxyOptions, remoteAddress, peerAddress, serverName, ssl, useAlpn, true, connectHandler, context, remainingAttempts);
+        } else {
+          failed(context, null, validateResult.cause(), connectHandler);
+        }
+      });
   }
 
-  public void connectInternal(ProxyOptions proxyOptions,
-                              SocketAddress remoteAddress,
-                              SocketAddress peerAddress,
-                              String serverName,
-                              boolean ssl,
-                              boolean useAlpn,
-                              boolean registerWriteHandlers,
-                              Promise<NetSocket> connectHandler,
-                              ContextInternal context,
-                              int remainingAttempts) {
+  private void connectInternal(ProxyOptions proxyOptions,
+                               SocketAddress remoteAddress,
+                               SocketAddress peerAddress,
+                               String serverName,
+                               boolean ssl,
+                               boolean useAlpn,
+                               boolean registerWriteHandlers,
+                               Promise<NetSocket> connectHandler,
+                               ContextInternal context,
+                               int remainingAttempts) {
     checkClosed();
 
     EventLoop eventLoop = context.nettyEventLoop();

diff --git a/src/main/java/io/vertx/core/net/impl/SSLHelper.java b/src/main/java/io/vertx/core/net/impl/SSLHelper.java
@@ -14,10 +14,13 @@
 import io.netty.buffer.ByteBufAllocator;
 import io.netty.handler.ssl.*;
 import io.netty.util.Mapping;
+import io.vertx.core.Future;
+import io.vertx.core.Promise;
 import io.vertx.core.VertxException;
 import io.vertx.core.buffer.Buffer;
 import io.vertx.core.http.ClientAuth;
 import io.vertx.core.http.HttpClientOptions;
+import io.vertx.core.impl.ContextInternal;
 import io.vertx.core.impl.VertxInternal;
 import io.vertx.core.impl.logging.Logger;
 import io.vertx.core.impl.logging.LoggerFactory;
@@ -99,6 +102,8 @@ public static SSLEngineOptions resolveEngineOptions(TCPSSLOptions options) {
   private static final Logger log = LoggerFactory.getLogger(SSLHelper.class);
 
   private boolean ssl;
+  private volatile boolean validated = false;
+  private volatile Throwable validationError = null;
   private boolean sni;
   private long sslHandshakeTimeout;
   private TimeUnit sslHandshakeTimeoutUnit;
@@ -502,10 +507,37 @@ public SslContext getContext(VertxInternal vertx, String serverName, boolean use
   }
 
   // This is called to validate some of the SSL params as that only happens when the context is created
-  public synchronized void validate(VertxInternal vertx) {
+  public synchronized Future<Void> validate(VertxInternal vertx) {
+    if (validated) {
+      if (validationError != null) {
+        return Future.failedFuture(validationError);
+      }
+      return Future.succeededFuture();
+    }
+
+    validated = true;
+
     if (ssl) {
-      getContext(vertx, null);
+      ContextInternal validateContext = vertx.getOrCreateContext();
+      Promise<Void> promise = validateContext.promise();
+      validateContext.executeBlockingInternal(future -> {
+        try {
+          getContext(vertx, null);
+          future.complete();
+        } catch (Exception e) {
+          future.fail(e);
+        }
+      })
+      .onSuccess(nothing -> promise.complete())
+      .onFailure(error -> {
+        validationError = error;
+        promise.fail(error);
+      });
+
+      return promise.future();
     }
+
+    return Future.succeededFuture();
   }
 
   public SSLEngine createEngine(SslContext sslContext) {