avoid (unnecessary) byte[] copies in PKey#sign/verify

kares · kares · commit 2fbb25905bcf · 2016-11-30T12:45:01.000+01:00
diff --git a/src/main/java/org/jruby/ext/openssl/PKey.java b/src/main/java/org/jruby/ext/openssl/PKey.java
@@ -64,6 +64,7 @@
 import org.jruby.ext.openssl.x509store.PEMInputOutput;
 import static org.jruby.ext.openssl.OpenSSL.*;
 import org.jruby.ext.openssl.impl.CipherSpec;
+import org.jruby.util.ByteList;
 
 /**
  * @author <a href="mailto:ola.bini@ki.se">Ola Bini</a>
@@ -187,6 +188,8 @@ public IRubyObject initialize(ThreadContext context) {
 
     public String getAlgorithm() { return "NONE"; }
 
+    public boolean isPrivateKey() { return getPrivateKey() != null; }
+
     public abstract RubyString to_der() ;
 
     public abstract RubyString to_pem(final IRubyObject[] args) ;
@@ -198,54 +201,66 @@ public RubyString export(final IRubyObject[] args) {
 
     @JRubyMethod(name = "sign")
     public IRubyObject sign(IRubyObject digest, IRubyObject data) {
-        if (!this.callMethod(getRuntime().getCurrentContext(), "private?").isTrue()) {
-            throw getRuntime().newArgumentError("Private key is needed.");
+        final Ruby runtime = getRuntime();
+        if ( ! isPrivateKey() ) {
+            throw runtime.newArgumentError("Private key is needed.");
         }
         String digAlg = ((Digest) digest).getShortAlgorithm();
         try {
-            Signature signature = SecurityHelper.getSignature(digAlg + "WITH" + getAlgorithm());
-            signature.initSign(getPrivateKey());
-            byte[] inp = data.convertToString().getBytes();
-            signature.update(inp);
-            byte[] sigge = signature.sign();
-            return RubyString.newString(getRuntime(), sigge);
+            ByteList sign = sign(digAlg + "WITH" + getAlgorithm(), getPrivateKey(), data.convertToString().getByteList());
+            return RubyString.newString(runtime, sign);
         }
-        catch (GeneralSecurityException gse) {
-            throw newPKeyError(getRuntime(), gse.getMessage());
+        catch (GeneralSecurityException ex) {
+            throw newPKeyError(runtime, ex.getMessage());
         }
     }
 
+    static ByteList sign(final String signAlg, final PrivateKey privateKey, final ByteList data)
+        throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
+        Signature signature = SecurityHelper.getSignature(signAlg);
+        signature.initSign( privateKey );
+        signature.update( data.getUnsafeBytes(), data.getBegin(), data.getRealSize() );
+        return new ByteList(signature.sign(), false);
+    }
+
     @JRubyMethod(name = "verify")
-    public IRubyObject verify(IRubyObject digest, IRubyObject sig, IRubyObject data) {
+    public IRubyObject verify(IRubyObject digest, IRubyObject sign, IRubyObject data) {
+        final Ruby runtime = getRuntime();
         if ( ! (digest instanceof Digest) ) {
-            throw newPKeyError(getRuntime(), "invalid digest");
+            throw newPKeyError(runtime, "invalid digest");
         }
-        if ( ! (sig instanceof RubyString) ) {
-            throw newPKeyError(getRuntime(), "invalid signature");
-        }
-        if ( ! (data instanceof RubyString) ) {
-            throw newPKeyError(getRuntime(), "invalid data");
-        }
-        byte[] sigBytes = ((RubyString) sig).getBytes();
-        byte[] dataBytes = ((RubyString) data).getBytes();
+        ByteList sigBytes = convertToString(runtime, sign, "OpenSSL::PKey::PKeyError", "invalid signature").getByteList();
+        ByteList dataBytes = convertToString(runtime, data, "OpenSSL::PKey::PKeyError", "invalid data").getByteList();
         String algorithm = ((Digest) digest).getShortAlgorithm() + "WITH" + getAlgorithm();
-        boolean valid;
         try {
-            Signature signature = SecurityHelper.getSignature(algorithm);
-            signature.initVerify(getPublicKey());
-            signature.update(dataBytes);
-            valid = signature.verify(sigBytes);
+            return runtime.newBoolean( verify(algorithm, getPublicKey(), dataBytes, sigBytes) );
         }
         catch (NoSuchAlgorithmException e) {
-            throw newPKeyError(getRuntime(), "unsupported algorithm: " + algorithm);
+            throw newPKeyError(runtime, "unsupported algorithm: " + algorithm);
         }
         catch (SignatureException e) {
-            throw newPKeyError(getRuntime(), "invalid signature");
+            throw newPKeyError(runtime, "invalid signature");
         }
         catch (InvalidKeyException e) {
-            throw newPKeyError(getRuntime(), "invalid key");
+            throw newPKeyError(runtime, "invalid key");
+        }
+    }
+
+    static RubyString convertToString(final Ruby runtime, final IRubyObject str, final String errorType, final CharSequence errorMsg) {
+        try {
+            return str.convertToString();
         }
-        return getRuntime().newBoolean(valid);
+        catch (RaiseException ex) { // to_str conversion failed
+            throw Utils.newError(runtime, (RubyClass) runtime.getClassFromPath(errorType), errorMsg == null ? null : errorMsg.toString());
+        }
+    }
+
+    static boolean verify(final String signAlg, final PublicKey publicKey, final ByteList data, final ByteList sign)
+        throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
+        Signature signature = SecurityHelper.getSignature(signAlg);
+        signature.initVerify(publicKey);
+        signature.update(data.getUnsafeBytes(), data.getBegin(), data.getRealSize());
+        return signature.verify(sign.getUnsafeBytes(), sign.getBegin(), sign.getRealSize());
     }
 
     // shared Helpers for PKeyRSA / PKEyDSA :
diff --git a/src/main/java/org/jruby/ext/openssl/PKeyDH.java b/src/main/java/org/jruby/ext/openssl/PKeyDH.java
@@ -274,12 +274,17 @@ public RubyBoolean public_p() {
         return getRuntime().newBoolean(dh_y != null);
     }
 
+    @Override
+    public boolean isPrivateKey() {
+        return dh_x != null /* || haveEngine */;
+    }
+
     @JRubyMethod(name = "private?")
     public RubyBoolean private_p() {
         // FIXME! need to figure out what it means in MRI/OSSL code to
         // claim a DH is private if an engine is present -- doesn't really
         // map to Java implementation.
-        return getRuntime().newBoolean(dh_x != null /* || haveEngine */);
+        return getRuntime().newBoolean(isPrivateKey());
     }
 
     @Override
diff --git a/src/main/java/org/jruby/ext/openssl/PKeyRSA.java b/src/main/java/org/jruby/ext/openssl/PKeyRSA.java
@@ -322,9 +322,14 @@ public RubyBoolean public_p() {
         return publicKey != null ? getRuntime().getTrue() : getRuntime().getFalse();
     }
 
+    @Override
+    public boolean isPrivateKey() {
+        return privateKey != null;
+    }
+
     @JRubyMethod(name = "private?")
     public RubyBoolean private_p() {
-        return privateKey != null ? getRuntime().getTrue() : getRuntime().getFalse();
+        return getRuntime().newBoolean(isPrivateKey());
     }
 
     @Override

Original file line number	Diff line number	Diff line change
`@@ -322,9 +322,14 @@ public RubyBoolean public_p() {`
`322`	`322`	`return publicKey != null ? getRuntime().getTrue() : getRuntime().getFalse();`
`323`	`323`	`}`
`324`	`324`
	`325`	`+ @Override`
	`326`	`+ public boolean isPrivateKey() {`
	`327`	`+ return privateKey != null;`
	`328`	`+ }`
	`329`	`+`
`325`	`330`	`@JRubyMethod(name = "private?")`
`326`	`331`	`public RubyBoolean private_p() {`
`327`		`- return privateKey != null ? getRuntime().getTrue() : getRuntime().getFalse();`
	`332`	`+ return getRuntime().newBoolean(isPrivateKey());`
`328`	`333`	`}`
`329`	`334`
`330`	`335`	`@Override`