JRuby - Add Puma::MiniSSL::Engine#init? and #teardown methods, run all SSL tests (#2317)

Update MiniSSL.java and minissl.rb for JRuby Add Puma::MiniSSL::Engine#init? and #teardown methods
2022-11-09 13:48:40 -05:00 · 2020-09-01 17:00:36 -05:00 · 2020-09-01 17:00:36 -05:00 · fa6e916fc0
commit fa6e916fc0
parent 2710a6a071
4 changed files with 53 additions and 10 deletions
--- a/History.md
+++ b/History.md
@ -1,5 +1,7 @@
 ### Master
 * Bugfixes
+  * JRuby - Add Puma::MiniSSL::Engine#init? and #teardown methods, run all SSL tests (#2317)
+  * Improve shutdown reliability (#2312)
  * Resolve issue with threadpool waiting counter decrement when thread is killed
  * Constrain rake-compiler version to 0.9.4 to fix `ClassNotFound` exception when using MiniSSL with Java8.
  * Ensure that TCP_CORK is usable
--- a/ext/puma_http11/org/jruby/puma/MiniSSL.java
+++ b/ext/puma_http11/org/jruby/puma/MiniSSL.java
@ -120,6 +120,8 @@ public class MiniSSL extends RubyObject {
  }

  private SSLEngine engine;
+  private boolean closed;
+  private boolean handshake;
  private MiniSSLBuffer inboundNetData;
  private MiniSSLBuffer outboundAppData;
  private MiniSSLBuffer outboundNetData;
@ -157,6 +159,8 @@ public class MiniSSL extends RubyObject {
    SSLContext sslCtx = SSLContext.getInstance("TLS");

    sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+    closed = false;
+    handshake = false;
    engine = sslCtx.createSSLEngine();

    String[] protocols;
@ -240,14 +244,21 @@ public class MiniSSL extends RubyObject {
          // need to wait for more data to come in before we retry
          retryOp = false;
          break;
-        default:
-          // other cases are OK and CLOSED.  We're done here.
+        case CLOSED:
+          closed = true;
          retryOp = false;
+          break;
+        default:
+          // other case is OK.  We're done here.
+          retryOp = false;
+      }
+      if (res.getHandshakeStatus() == HandshakeStatus.FINISHED) {
+        handshake = true;
      }
    }

    // after each op, run any delegated tasks if needed
-    if(engine.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
+    if(res.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
      Runnable runnable;
      while ((runnable = engine.getDelegatedTask()) != null) {
        runnable.run();
@ -271,13 +282,14 @@ public class MiniSSL extends RubyObject {

      HandshakeStatus handshakeStatus = engine.getHandshakeStatus();
      boolean done = false;
+      SSLEngineResult res = null;
      while (!done) {
        switch (handshakeStatus) {
          case NEED_WRAP:
-            doOp(SSLOperation.WRAP, inboundAppData, outboundNetData);
+            res = doOp(SSLOperation.WRAP, inboundAppData, outboundNetData);
            break;
          case NEED_UNWRAP:
-            SSLEngineResult res = doOp(SSLOperation.UNWRAP, inboundNetData, inboundAppData);
+            res = doOp(SSLOperation.UNWRAP, inboundNetData, inboundAppData);
            if (res.getStatus() == Status.BUFFER_UNDERFLOW) {
              // need more data before we can shake more hands
              done = true;
@ -286,7 +298,9 @@ public class MiniSSL extends RubyObject {
          default:
            done = true;
        }
-        handshakeStatus = engine.getHandshakeStatus();
+        if (!done) {
+          handshakeStatus = res.getHandshakeStatus();
+        }
      }

      if (inboundNetData.hasRemaining()) {
@ -360,4 +374,21 @@ public class MiniSSL extends RubyObject {
      return getRuntime().getNil();
    }
  }
+
+  @JRubyMethod(name = "init?")
+  public IRubyObject isInit(ThreadContext context) {
+    return handshake ? getRuntime().getFalse() : getRuntime().getTrue();
+  }
+
+  @JRubyMethod
+  public IRubyObject shutdown() {
+    if (closed || engine.isInboundDone() && engine.isOutboundDone()) {
+      if (engine.isOutboundDone()) {
+        engine.closeOutbound();
+      }
+      return getRuntime().getTrue();
+    } else {
+      return getRuntime().getFalse();
+    }
+  }
 }
--- a/lib/puma/minissl.rb
+++ b/lib/puma/minissl.rb
@ -197,6 +197,9 @@ module Puma
    end

    if IS_JRUBY
+      OPENSSL_NO_SSL3 = false
+      OPENSSL_NO_TLS1 = false
+
      class SSLError < StandardError
        # Define this for jruby even though it isn't used.
      end
--- a/test/test_puma_server_ssl.rb
+++ b/test/test_puma_server_ssl.rb
@ -23,10 +23,17 @@ DISABLE_SSL = begin
              Puma::MiniSSL.check
              # net/http (loaded in helper) does not necessarily load OpenSSL
              require "openssl" unless Object.const_defined? :OpenSSL
-              puts "", RUBY_DESCRIPTION, "RUBYOPT: #{ENV['RUBYOPT']}",
-                   "                         Puma::MiniSSL                   OpenSSL",
-                   "OPENSSL_LIBRARY_VERSION: #{Puma::MiniSSL::OPENSSL_LIBRARY_VERSION.ljust 32}#{OpenSSL::OPENSSL_LIBRARY_VERSION}",
-                   "        OPENSSL_VERSION: #{Puma::MiniSSL::OPENSSL_VERSION.ljust 32}#{OpenSSL::OPENSSL_VERSION}", ""
+              if Puma::IS_JRUBY
+                puts "", RUBY_DESCRIPTION, "RUBYOPT: #{ENV['RUBYOPT']}",
+                  "                         OpenSSL",
+                  "OPENSSL_LIBRARY_VERSION: #{OpenSSL::OPENSSL_LIBRARY_VERSION}",
+                  "        OPENSSL_VERSION: #{OpenSSL::OPENSSL_VERSION}", ""
+              else
+                puts "", RUBY_DESCRIPTION, "RUBYOPT: #{ENV['RUBYOPT']}",
+                  "                         Puma::MiniSSL                   OpenSSL",
+                  "OPENSSL_LIBRARY_VERSION: #{Puma::MiniSSL::OPENSSL_LIBRARY_VERSION.ljust 32}#{OpenSSL::OPENSSL_LIBRARY_VERSION}",
+                  "        OPENSSL_VERSION: #{Puma::MiniSSL::OPENSSL_VERSION.ljust 32}#{OpenSSL::OPENSSL_VERSION}", ""
+              end
            rescue
              true
            else