puma 1.6.3 → 2.0.0.b1

data/ext/puma_http11/org/jruby/puma/MiniSSL.java

@@ -0,0 +1,289 @@
+package org.jruby.puma;
+
+import org.jruby.Ruby;
+import org.jruby.RubyClass;
+import org.jruby.RubyHash;
+import org.jruby.RubyModule;
+import org.jruby.RubyNumeric;
+import org.jruby.RubyObject;
+import org.jruby.RubyString;
+
+import org.jruby.anno.JRubyMethod;
+
+import org.jruby.runtime.Block;
+import org.jruby.runtime.ObjectAllocator;
+import org.jruby.runtime.ThreadContext;
+import org.jruby.runtime.builtin.IRubyObject;
+
+import org.jruby.exceptions.RaiseException;
+
+import org.jruby.util.ByteList;
+
+
+import javax.net.ssl.*;
+import javax.net.ssl.SSLEngineResult.*;
+import java.io.*;
+import java.security.*;
+import java.nio.*;
+
+public class MiniSSL extends RubyObject {
+  private static ObjectAllocator ALLOCATOR = new ObjectAllocator() {
+    public IRubyObject allocate(Ruby runtime, RubyClass klass) {
+      return new MiniSSL(runtime, klass);
+    }
+  };
+
+  public static void createMiniSSL(Ruby runtime) {
+    RubyModule mPuma = runtime.defineModule("Puma");
+    RubyModule ssl =   mPuma.defineModuleUnder("MiniSSL");
+
+    mPuma.defineClassUnder("SSLError",
+                           runtime.getClass("IOError"),
+                           runtime.getClass("IOError").getAllocator());
+
+    RubyClass eng = ssl.defineClassUnder("Engine",runtime.getObject(),ALLOCATOR);
+    eng.defineAnnotatedMethods(MiniSSL.class);
+  }
+
+  private Ruby runtime;
+  private SSLContext sslc;
+
+  private SSLEngine  engine;
+
+  private ByteBuffer peerAppData;
+  private ByteBuffer peerNetData;
+  private ByteBuffer netData;
+  private ByteBuffer dummy;
+  
+  public MiniSSL(Ruby runtime, RubyClass klass) {
+    super(runtime, klass);
+
+    this.runtime = runtime;
+  }
+
+  @JRubyMethod(meta = true)
+  public static IRubyObject server(ThreadContext context, IRubyObject recv, IRubyObject key, IRubyObject cert) {
+      RubyClass klass = (RubyClass) recv;
+      IRubyObject newInstance = klass.newInstance(context,
+          new IRubyObject[] { key, cert },
+          Block.NULL_BLOCK);
+
+      return newInstance;
+  }
+
+  @JRubyMethod
+  public IRubyObject initialize(IRubyObject key, IRubyObject cert) 
+      throws java.security.KeyStoreException,
+             java.io.FileNotFoundException,
+             java.io.IOException,
+             java.io.FileNotFoundException,
+             java.security.NoSuchAlgorithmException,
+             java.security.KeyManagementException,
+             java.security.cert.CertificateException,
+             java.security.UnrecoverableKeyException
+  {
+    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+    KeyStore ts = KeyStore.getInstance(KeyStore.getDefaultType());
+
+    char[] pass = "blahblah".toCharArray();
+
+    ks.load(new FileInputStream(key.convertToString().asJavaString()),
+                                pass);
+    ts.load(new FileInputStream(cert.convertToString().asJavaString()),
+            pass);
+
+    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
+    kmf.init(ks, pass);
+
+    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
+    tmf.init(ts);
+
+    SSLContext sslCtx = SSLContext.getInstance("TLS");
+
+    sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+
+    sslc = sslCtx;
+
+    engine = sslc.createSSLEngine();
+    engine.setUseClientMode(false);
+    // engine.setNeedClientAuth(true);
+
+    SSLSession session = engine.getSession();
+    peerNetData = ByteBuffer.allocate(session.getPacketBufferSize());
+    peerAppData = ByteBuffer.allocate(session.getApplicationBufferSize());		
+    netData = ByteBuffer.allocate(session.getPacketBufferSize());
+    peerNetData.limit(0);
+    peerAppData.limit(0);
+    netData.limit(0);
+
+    peerNetData.clear();
+    peerAppData.clear();
+    netData.clear();
+
+    dummy = ByteBuffer.allocate(0);
+    
+    return this;
+  }
+
+  @JRubyMethod
+  public IRubyObject inject(IRubyObject arg) {
+    byte[] bytes = arg.convertToString().getBytes();
+
+    peerNetData.limit(peerNetData.limit() + bytes.length);
+
+    log("capacity: " + peerNetData.capacity() + " limit: " + peerNetData.limit());
+
+    peerNetData.put(bytes);
+
+    log("netData: " + peerNetData.position() + "/" + peerAppData.limit());
+    return this;
+  }
+
+  @JRubyMethod
+  public IRubyObject read() throws javax.net.ssl.SSLException, Exception {
+    peerAppData.clear();
+    peerNetData.flip();
+    SSLEngineResult res;
+
+    log("available read: " + peerNetData.position() + "/ " + peerNetData.limit());
+
+    if(!peerNetData.hasRemaining()) {
+      return getRuntime().getNil();
+    }
+
+    do {
+      res = engine.unwrap(peerNetData, peerAppData);
+    } while(res.getStatus() == SSLEngineResult.Status.OK &&
+        res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_UNWRAP &&
+        res.bytesProduced() == 0);
+
+    log("read: ", res);
+
+    if(peerNetData.hasRemaining()) {
+      log("STILL HAD peerNetData!");
+    }
+
+    peerNetData.position(0);
+    peerNetData.limit(0);
+
+    HandshakeStatus hsStatus = runDelegatedTasks(res, engine);
+
+    if(res.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
+      return getRuntime().getNil();
+    }
+
+    if(hsStatus == HandshakeStatus.NEED_WRAP) {
+      netData.clear();
+      log("netData: " + netData.limit());
+      engine.wrap(dummy, netData);
+      return getRuntime().getNil();
+    }
+
+    if(hsStatus == HandshakeStatus.NEED_UNWRAP) {
+      return getRuntime().getNil();
+
+      // log("peerNet: " + peerNetData.position() + "/" + peerNetData.limit());
+      // log("peerApp: " + peerAppData.position() + "/" + peerAppData.limit());
+
+      // peerNetData.compact();
+
+      // log("peerNet: " + peerNetData.position() + "/" + peerNetData.limit());
+        // do {
+          // res = engine.unwrap(peerNetData, peerAppData);
+        // } while(res.getStatus() == SSLEngineResult.Status.OK &&
+            // res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_UNWRAP &&
+            // res.bytesProduced() == 0);
+      // return getRuntime().getNil();
+    }
+
+    // if(peerAppData.position() == 0 && 
+        // res.getStatus() == SSLEngineResult.Status.OK &&
+        // peerNetData.hasRemaining()) {
+      // res = engine.unwrap(peerNetData, peerAppData);
+    // }
+
+    byte[] bss = new byte[peerAppData.limit()];
+
+    peerAppData.get(bss);
+
+    RubyString str = getRuntime().newString("");
+    str.setValue(new ByteList(bss));
+
+    return str;
+  }
+
+  private static HandshakeStatus runDelegatedTasks(SSLEngineResult result,
+      SSLEngine engine) throws Exception {
+
+    HandshakeStatus hsStatus = result.getHandshakeStatus();
+
+    if(hsStatus == HandshakeStatus.NEED_TASK) {
+      Runnable runnable;
+      while ((runnable = engine.getDelegatedTask()) != null) {
+        log("\trunning delegated task...");
+        runnable.run();
+      }
+      hsStatus = engine.getHandshakeStatus();
+      if (hsStatus == HandshakeStatus.NEED_TASK) {
+        throw new Exception(
+            "handshake shouldn't need additional tasks");
+      }
+      log("\tnew HandshakeStatus: " + hsStatus);
+    }
+
+    return hsStatus;
+  }
+  
+
+  private static void log(String str, SSLEngineResult result) {
+    System.out.println("The format of the SSLEngineResult is: \n" +
+        "\t\"getStatus() / getHandshakeStatus()\" +\n" +
+        "\t\"bytesConsumed() / bytesProduced()\"\n");
+
+    HandshakeStatus hsStatus = result.getHandshakeStatus();
+    log(str +
+        result.getStatus() + "/" + hsStatus + ", " +
+        result.bytesConsumed() + "/" + result.bytesProduced() +
+        " bytes");
+    if (hsStatus == HandshakeStatus.FINISHED) {
+      log("\t...ready for application data");
+    }
+  }
+
+  private static void log(String str) {
+    System.out.println(str);
+  }
+  
+  
+
+  @JRubyMethod
+  public IRubyObject write(IRubyObject arg) throws javax.net.ssl.SSLException {
+    log("write from: " + netData.position());
+
+    byte[] bls = arg.convertToString().getBytes();
+    ByteBuffer src = ByteBuffer.wrap(bls);
+
+    SSLEngineResult res = engine.wrap(src, netData);
+
+    return getRuntime().newFixnum(res.bytesConsumed());
+  }
+
+  @JRubyMethod
+  public IRubyObject extract() {
+    netData.flip();
+
+    if(!netData.hasRemaining()) {
+      return getRuntime().getNil();
+    }
+
+    byte[] bss = new byte[netData.limit()];
+
+    netData.get(bss);
+    netData.clear();
+
+    RubyString str = getRuntime().newString("");
+    str.setValue(new ByteList(bss));
+
+    return str;
+  }
+}

data/ext/puma_http11/puma_http11.c

@@ -456,6 +456,9 @@ VALUE HttpParser_body(VALUE self) {
   return http->body;
 }
 
+void Init_io_buffer(VALUE puma);
+void Init_mini_ssl(VALUE mod);
+
 void Init_puma_http11()
 {
 
@@ -482,4 +485,7 @@ void Init_puma_http11()
   rb_define_method(cHttpParser, "nread", HttpParser_nread, 0);
   rb_define_method(cHttpParser, "body", HttpParser_body, 0);
   init_common_fields();
+
+  Init_io_buffer(mPuma);
+  Init_mini_ssl(mPuma);
 }

data/lib/puma/accept_nonblock.rb

@@ -0,0 +1,23 @@
+require 'openssl'
+
+module OpenSSL
+  module SSL
+    class SSLServer
+      unless public_method_defined? :accept_nonblock
+        def accept_nonblock
+          sock = @svr.accept_nonblock
+
+          begin
+            ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
+            ssl.sync_close = true
+            ssl.accept if @start_immediately
+            ssl
+          rescue SSLError => ex
+            sock.close
+            raise ex
+          end
+        end
+      end
+    end
+  end
+end

data/lib/puma/binder.rb

@@ -0,0 +1,253 @@
+require 'puma/const'
+
+module Puma
+  class Binder
+    include Puma::Const
+
+    def initialize(events)
+      @events = events
+      @listeners = []
+      @inherited_fds = {}
+      @unix_paths = []
+
+      @proto_env = {
+        "rack.version".freeze => Rack::VERSION,
+        "rack.errors".freeze => events.stderr,
+        "rack.multithread".freeze => true,
+        "rack.multiprocess".freeze => false,
+        "rack.run_once".freeze => true,
+        "SCRIPT_NAME".freeze => ENV['SCRIPT_NAME'] || "",
+
+        # Rack blows up if this is an empty string, and Rack::Lint
+        # blows up if it's nil. So 'text/plain' seems like the most
+        # sensible default value.
+        "CONTENT_TYPE".freeze => "text/plain",
+
+        "QUERY_STRING".freeze => "",
+        SERVER_PROTOCOL => HTTP_11,
+        SERVER_SOFTWARE => PUMA_VERSION,
+        GATEWAY_INTERFACE => CGI_VER
+      }
+
+      @envs = {}
+      @ios = []
+    end
+
+    attr_reader :listeners, :ios
+
+    def env(sock)
+      @envs.fetch(sock, @proto_env)
+    end
+
+    def close
+      @ios.each { |i| i.close }
+      @unix_paths.each { |i| File.unlink i }
+    end
+
+    def import_from_env
+      remove = []
+
+      ENV.each do |k,v|
+        if k =~ /PUMA_INHERIT_\d+/
+          fd, url = v.split(":", 2)
+          @inherited_fds[url] = fd.to_i
+          remove << k
+        end
+      end
+
+      remove.each do |k|
+        ENV.delete k
+      end
+    end
+
+    def parse(binds, logger)
+      binds.each do |str|
+        uri = URI.parse str
+        case uri.scheme
+        when "tcp"
+          if fd = @inherited_fds.delete(str)
+            logger.log "* Inherited #{str}"
+            io = inherit_tcp_listener uri.host, uri.port, fd
+          else
+            logger.log "* Listening on #{str}"
+            io = add_tcp_listener uri.host, uri.port
+          end
+
+          @listeners << [str, io]
+        when "unix"
+          path = "#{uri.host}#{uri.path}"
+
+          if fd = @inherited_fds.delete(str)
+            logger.log "* Inherited #{str}"
+            io = inherit_unix_listener path, fd
+          else
+            logger.log "* Listening on #{str}"
+
+            umask = nil
+
+            if uri.query
+              params = Rack::Utils.parse_query uri.query
+              if u = params['umask']
+                # Use Integer() to respect the 0 prefix as octal
+                umask = Integer(u)
+              end
+            end
+
+            io = add_unix_listener path, umask
+          end
+
+          @listeners << [str, io]
+        when "ssl"
+          if IS_JRUBY
+            @events.error "SSL not supported on JRuby"
+            raise UnsupportedOption
+          end
+
+          params = Rack::Utils.parse_query uri.query
+          require 'puma/minissl'
+
+          ctx = MiniSSL::Context.new
+          unless params['key']
+            @events.error "Please specify the SSL key via 'key='"
+          end
+
+          ctx.key = params['key']
+
+          unless params['cert']
+            @events.error "Please specify the SSL cert via 'cert='"
+          end
+
+          ctx.cert = params['cert']
+
+          ctx.verify_mode = MiniSSL::VERIFY_NONE
+
+          if fd = @inherited_fds.delete(str)
+            logger.log "* Inherited #{str}"
+            io = inherited_ssl_listener fd, ctx
+          else
+            logger.log "* Listening on #{str}"
+            io = add_ssl_listener uri.host, uri.port, ctx
+          end
+
+          @listeners << [str, io]
+        else
+          logger.error "Invalid URI: #{str}"
+        end
+      end
+
+      # If we inherited fds but didn't use them (because of a
+      # configuration change), then be sure to close them.
+      @inherited_fds.each do |str, fd|
+        logger.log "* Closing unused inherited connection: #{str}"
+
+        begin
+          IO.for_fd(fd).close
+        rescue SystemCallError
+        end
+
+        # We have to unlink a unix socket path that's not being used
+        uri = URI.parse str
+        if uri.scheme == "unix"
+          path = "#{uri.host}#{uri.path}"
+          File.unlink path
+        end
+      end
+
+    end
+
+    # Tell the server to listen on host +host+, port +port+.
+    # If +optimize_for_latency+ is true (the default) then clients connecting
+    # will be optimized for latency over throughput.
+    #
+    # +backlog+ indicates how many unaccepted connections the kernel should
+    # allow to accumulate before returning connection refused.
+    #
+    def add_tcp_listener(host, port, optimize_for_latency=true, backlog=1024)
+      s = TCPServer.new(host, port)
+      if optimize_for_latency
+        s.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
+      end
+      s.setsockopt(Socket::SOL_SOCKET,Socket::SO_REUSEADDR, true)
+      s.listen backlog
+      @ios << s
+      s
+    end
+
+    def inherit_tcp_listener(host, port, fd)
+      if fd.kind_of? TCPServer
+        s = fd
+      else
+        s = TCPServer.for_fd(fd)
+      end
+
+      @ios << s
+      s
+    end
+
+    def add_ssl_listener(host, port, ctx,
+                         optimize_for_latency=true, backlog=1024)
+      if IS_JRUBY
+        @events.error "SSL not supported on JRuby"
+        raise UnsupportedOption
+      end
+
+      require 'puma/minissl'
+
+      s = TCPServer.new(host, port)
+      if optimize_for_latency
+        s.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
+      end
+      s.setsockopt(Socket::SOL_SOCKET,Socket::SO_REUSEADDR, true)
+      s.listen backlog
+
+      ssl = MiniSSL::Server.new s, ctx
+      env = @proto_env.dup
+      env[HTTPS_KEY] = HTTPS
+      @envs[ssl] = env
+
+      @ios << ssl
+      s
+    end
+
+    def inherited_ssl_listener(fd, ctx)
+      if IS_JRUBY
+        @events.error "SSL not supported on JRuby"
+        raise UnsupportedOption
+      end
+
+      require 'puma/minissl'
+      s = TCPServer.for_fd(fd)
+      @ios << MiniSSL::Server.new(s, ctx)
+      s
+    end
+
+    # Tell the server to listen on +path+ as a UNIX domain socket.
+    #
+    def add_unix_listener(path, umask=nil)
+      @unix_paths << path
+
+      # Let anyone connect by default
+      umask ||= 0
+
+      begin
+        old_mask = File.umask(umask)
+        s = UNIXServer.new(path)
+        @ios << s
+      ensure
+        File.umask old_mask
+      end
+
+      s
+    end
+
+    def inherit_unix_listener(path, fd)
+      @unix_paths << path
+
+      s = UNIXServer.for_fd fd
+      @ios << s
+
+      s
+    end
+
+  end
+end