fix: avoid resource leak when generating OCSP requests

[gigi.git] / src / club / wpia / gigi / crypto / OCSPRequest.java

diff --git a/src/club/wpia/gigi/crypto/OCSPRequest.java b/src/club/wpia/gigi/crypto/OCSPRequest.java
index 180297e3e1d3325cbccb14b81471bae27209e7fe..d8fdf53e17eae88f25f9faece8b6dc1675c67dc0 100644 (file)
--- a/src/club/wpia/gigi/crypto/OCSPRequest.java
+++ b/src/club/wpia/gigi/crypto/OCSPRequest.java
@@ -109,40 +109,52 @@ public class OCSPRequest {
 
     byte[] encodeBytes() throws IOException {
 
-        // encode tbsRequest
-        DerOutputStream tmp = new DerOutputStream();
-        DerOutputStream requestsOut = new DerOutputStream();
-        for (CertId certId : certIds) {
-            DerOutputStream certIdOut = new DerOutputStream();
-            certId.encode(certIdOut);
-            requestsOut.write(DerValue.tag_Sequence, certIdOut);
-        }
+        try (DerOutputStream ocspRequest = new DerOutputStream()) {
+            try (DerOutputStream tbsRequest = new DerOutputStream()) {
+                try (DerOutputStream tmp = new DerOutputStream()) {
+
+                    // encode tbsRequest
+                    try (DerOutputStream requestsOut = new DerOutputStream()) {
+                        for (CertId certId : certIds) {
+                            try (DerOutputStream certIdOut = new DerOutputStream()) {
+                                certId.encode(certIdOut);
+                                requestsOut.write(DerValue.tag_Sequence, certIdOut);
+                            }
+                        }
+
+                        tmp.write(DerValue.tag_Sequence, requestsOut);
+                    }
 
-        tmp.write(DerValue.tag_Sequence, requestsOut);
-        if ( !extensions.isEmpty()) {
-            DerOutputStream extOut = new DerOutputStream();
-            for (Extension ext : extensions) {
-                ext.encode(extOut);
-                if (ext.getId().equals(NONCE_EXTENSION_OID.toString())) {
-                    nonce = ext.getValue();
-                    nonceExt = ext;
-                }
-            }
-            DerOutputStream extsOut = new DerOutputStream();
-            extsOut.write(DerValue.tag_Sequence, extOut);
-            tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 2), extsOut);
-        }
+                    if ( !extensions.isEmpty()) {
+                        try (DerOutputStream extsOut = new DerOutputStream()) {
+                            try (DerOutputStream extOut = new DerOutputStream()) {
+                                for (Extension ext : extensions) {
+                                    ext.encode(extOut);
+
+                                    if (ext.getId().equals(NONCE_EXTENSION_OID.toString())) {
+                                        nonce = ext.getValue();
+                                        nonceExt = ext;
+                                    }
+                                }
 
-        DerOutputStream tbsRequest = new DerOutputStream();
-        tbsRequest.write(DerValue.tag_Sequence, tmp);
+                                extsOut.write(DerValue.tag_Sequence, extOut);
+                            }
 
-        // OCSPRequest without the signature
-        DerOutputStream ocspRequest = new DerOutputStream();
-        ocspRequest.write(DerValue.tag_Sequence, tbsRequest);
+                            tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 2), extsOut);
+                        }
+                    }
+
+                    tbsRequest.write(DerValue.tag_Sequence, tmp);
+                }
 
-        byte[] bytes = ocspRequest.toByteArray();
+                // OCSPRequest without the signature
+                ocspRequest.write(DerValue.tag_Sequence, tbsRequest);
+            }
+
+            byte[] bytes = ocspRequest.toByteArray();
 
-        return bytes;
+            return bytes;
+        }
     }
 
     public List<CertId> getCertIds() {