kotovalexarian-likes-github/puma--puma
1
0
Fork 0
mirror of https://github.com/puma/puma.git synced 2022-11-09 13:48:40 -05:00
Code Releases Activity

Merge branch 'jwp/fileleak1' of https://github.com/looker/puma into looker-jwp/fileleak1

Browse source
This commit is contained in:
Nate Berkopec 2020-09-08 13:57:30 -06:00
commit f5378563d8
No known key found for this signature in database
GPG key ID: BDD7A4B8E43906A6
2 changed files with 42 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
History.md
View file

@ -58,6 +58,7 @@
* Fix recursive `prune_bundler` (#2319). * Fix recursive `prune_bundler` (#2319).
* Ensure that TCP_CORK is usable * Ensure that TCP_CORK is usable
* Fix corner case when request body is chunked (#2326) * Fix corner case when request body is chunked (#2326)
* Fix filehandle leak in MiniSSL (#2299)
* Refactor * Refactor
* Remove unused loader argument from Plugin initializer (#2095) * Remove unused loader argument from Plugin initializer (#2095)

54
ext/puma_http11/org/jruby/puma/MiniSSL.java
View file

@ -22,6 +22,7 @@ import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSession;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.InputStream;
import java.io.IOException; import java.io.IOException;
import java.nio.Buffer; import java.nio.Buffer;
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
@ -32,6 +33,8 @@ import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException; import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.util.concurrent.ConcurrentHashMap;
import java.util.Map;
import static javax.net.ssl.SSLEngineResult.Status; import static javax.net.ssl.SSLEngineResult.Status;
import static javax.net.ssl.SSLEngineResult.HandshakeStatus; import static javax.net.ssl.SSLEngineResult.HandshakeStatus;
@ -130,10 +133,39 @@ public class MiniSSL extends RubyObject {
super(runtime, klass); super(runtime, klass);
} }
@JRubyMethod(meta = true) private static Map<String, KeyManagerFactory> keyManagerFactoryMap = new ConcurrentHashMap<String, KeyManagerFactory>();
public static IRubyObject server(ThreadContext context, IRubyObject recv, IRubyObject miniSSLContext) { private static Map<String, TrustManagerFactory> trustManagerFactoryMap = new ConcurrentHashMap<String, TrustManagerFactory>();
RubyClass klass = (RubyClass) recv;
@JRubyMethod(meta = true)
public static synchronized IRubyObject server(ThreadContext context, IRubyObject recv, IRubyObject miniSSLContext)
throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
// Create the KeyManagerFactory and TrustManagerFactory for this server
String keystoreFile = miniSSLContext.callMethod(context, "keystore").convertToString().asJavaString();
char[] password = miniSSLContext.callMethod(context, "keystore_pass").convertToString().asJavaString().toCharArray();
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream is = new FileInputStream(keystoreFile);
try {
ks.load(is, password);
} finally {
is.close();
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, password);
keyManagerFactoryMap.put(keystoreFile, kmf);
KeyStore ts = KeyStore.getInstance(KeyStore.getDefaultType());
is = new FileInputStream(keystoreFile);
try {
ts.load(is, password);
} finally {
is.close();
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ts);
trustManagerFactoryMap.put(keystoreFile, tmf);
RubyClass klass = (RubyClass) recv;
return klass.newInstance(context, return klass.newInstance(context,
new IRubyObject[] { miniSSLContext }, new IRubyObject[] { miniSSLContext },
Block.NULL_BLOCK); Block.NULL_BLOCK);
@ -141,20 +173,16 @@ public class MiniSSL extends RubyObject {
@JRubyMethod @JRubyMethod
public IRubyObject initialize(ThreadContext threadContext, IRubyObject miniSSLContext) public IRubyObject initialize(ThreadContext threadContext, IRubyObject miniSSLContext)
throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException { throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
KeyStore ts = KeyStore.getInstance(KeyStore.getDefaultType()); KeyStore ts = KeyStore.getInstance(KeyStore.getDefaultType());
char[] password = miniSSLContext.callMethod(threadContext, "keystore_pass").convertToString().asJavaString().toCharArray();
String keystoreFile = miniSSLContext.callMethod(threadContext, "keystore").convertToString().asJavaString(); String keystoreFile = miniSSLContext.callMethod(threadContext, "keystore").convertToString().asJavaString();
ks.load(new FileInputStream(keystoreFile), password); KeyManagerFactory kmf = keyManagerFactoryMap.get(keystoreFile);
ts.load(new FileInputStream(keystoreFile), password); TrustManagerFactory tmf = trustManagerFactoryMap.get(keystoreFile);
if(kmf == null || tmf == null) {
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); throw new KeyStoreException("Could not find KeyManagerFactory/TrustManagerFactory for keystore: " + keystoreFile);
kmf.init(ks, password); }
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ts);
SSLContext sslCtx = SSLContext.getInstance("TLS"); SSLContext sslCtx = SSLContext.getInstance("TLS");