puma 3.11.1 → 6.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/History.md +2092 -422
- data/LICENSE +23 -20
- data/README.md +301 -69
- data/bin/puma-wild +3 -9
- data/docs/architecture.md +59 -21
- data/docs/compile_options.md +55 -0
- data/docs/deployment.md +69 -58
- data/docs/fork_worker.md +41 -0
- data/docs/java_options.md +54 -0
- data/docs/jungle/README.md +9 -0
- data/docs/jungle/rc.d/README.md +74 -0
- data/docs/jungle/rc.d/puma +61 -0
- data/docs/jungle/rc.d/puma.conf +10 -0
- data/docs/kubernetes.md +78 -0
- data/docs/nginx.md +2 -2
- data/docs/plugins.md +26 -12
- data/docs/rails_dev_mode.md +28 -0
- data/docs/restart.md +48 -22
- data/docs/signals.md +13 -11
- data/docs/stats.md +147 -0
- data/docs/systemd.md +108 -117
- data/docs/testing_benchmarks_local_files.md +150 -0
- data/docs/testing_test_rackup_ci_files.md +36 -0
- data/ext/puma_http11/PumaHttp11Service.java +2 -2
- data/ext/puma_http11/ext_help.h +1 -1
- data/ext/puma_http11/extconf.rb +68 -3
- data/ext/puma_http11/http11_parser.c +106 -118
- data/ext/puma_http11/http11_parser.h +2 -2
- data/ext/puma_http11/http11_parser.java.rl +22 -38
- data/ext/puma_http11/http11_parser.rl +6 -4
- data/ext/puma_http11/http11_parser_common.rl +6 -6
- data/ext/puma_http11/mini_ssl.c +474 -94
- data/ext/puma_http11/no_ssl/PumaHttp11Service.java +15 -0
- data/ext/puma_http11/org/jruby/puma/Http11.java +136 -121
- data/ext/puma_http11/org/jruby/puma/Http11Parser.java +84 -99
- data/ext/puma_http11/org/jruby/puma/MiniSSL.java +251 -88
- data/ext/puma_http11/puma_http11.c +53 -58
- data/lib/puma/app/status.rb +71 -49
- data/lib/puma/binder.rb +257 -151
- data/lib/puma/cli.rb +61 -38
- data/lib/puma/client.rb +464 -224
- data/lib/puma/cluster/worker.rb +183 -0
- data/lib/puma/cluster/worker_handle.rb +96 -0
- data/lib/puma/cluster.rb +343 -239
- data/lib/puma/commonlogger.rb +23 -14
- data/lib/puma/configuration.rb +144 -96
- data/lib/puma/const.rb +194 -115
- data/lib/puma/control_cli.rb +135 -81
- data/lib/puma/detect.rb +34 -2
- data/lib/puma/dsl.rb +1092 -153
- data/lib/puma/error_logger.rb +113 -0
- data/lib/puma/events.rb +17 -111
- data/lib/puma/io_buffer.rb +44 -5
- data/lib/puma/jruby_restart.rb +2 -73
- data/lib/puma/json_serialization.rb +96 -0
- data/lib/puma/launcher/bundle_pruner.rb +104 -0
- data/lib/puma/launcher.rb +205 -138
- data/lib/puma/log_writer.rb +147 -0
- data/lib/puma/minissl/context_builder.rb +96 -0
- data/lib/puma/minissl.rb +279 -70
- data/lib/puma/null_io.rb +61 -2
- data/lib/puma/plugin/systemd.rb +90 -0
- data/lib/puma/plugin/tmp_restart.rb +3 -1
- data/lib/puma/plugin.rb +9 -13
- data/lib/puma/rack/builder.rb +10 -11
- data/lib/puma/rack/urlmap.rb +3 -1
- data/lib/puma/rack_default.rb +21 -4
- data/lib/puma/reactor.rb +97 -185
- data/lib/puma/request.rb +688 -0
- data/lib/puma/runner.rb +114 -69
- data/lib/puma/sd_notify.rb +146 -0
- data/lib/puma/server.rb +409 -704
- data/lib/puma/single.rb +29 -72
- data/lib/puma/state_file.rb +48 -9
- data/lib/puma/thread_pool.rb +234 -93
- data/lib/puma/util.rb +23 -10
- data/lib/puma.rb +68 -5
- data/lib/rack/handler/puma.rb +119 -86
- data/tools/Dockerfile +16 -0
- data/tools/trickletest.rb +0 -1
- metadata +55 -33
- data/ext/puma_http11/io_buffer.c +0 -155
- data/lib/puma/accept_nonblock.rb +0 -23
- data/lib/puma/compat.rb +0 -14
- data/lib/puma/convenient.rb +0 -23
- data/lib/puma/daemon_ext.rb +0 -31
- data/lib/puma/delegation.rb +0 -11
- data/lib/puma/java_io_buffer.rb +0 -45
- data/lib/puma/rack/backports/uri/common_193.rb +0 -33
- data/lib/puma/tcp_logger.rb +0 -39
- data/tools/jungle/README.md +0 -13
- data/tools/jungle/init.d/README.md +0 -59
- data/tools/jungle/init.d/puma +0 -421
- data/tools/jungle/init.d/run-puma +0 -18
- data/tools/jungle/upstart/README.md +0 -61
- data/tools/jungle/upstart/puma-manager.conf +0 -31
- data/tools/jungle/upstart/puma.conf +0 -69
|
@@ -1,11 +1,13 @@
|
|
|
1
1
|
package org.jruby.puma;
|
|
2
2
|
|
|
3
3
|
import org.jruby.Ruby;
|
|
4
|
+
import org.jruby.RubyArray;
|
|
4
5
|
import org.jruby.RubyClass;
|
|
5
6
|
import org.jruby.RubyModule;
|
|
6
7
|
import org.jruby.RubyObject;
|
|
7
8
|
import org.jruby.RubyString;
|
|
8
9
|
import org.jruby.anno.JRubyMethod;
|
|
10
|
+
import org.jruby.exceptions.RaiseException;
|
|
9
11
|
import org.jruby.javasupport.JavaEmbedUtils;
|
|
10
12
|
import org.jruby.runtime.Block;
|
|
11
13
|
import org.jruby.runtime.ObjectAllocator;
|
|
@@ -14,6 +16,7 @@ import org.jruby.runtime.builtin.IRubyObject;
|
|
|
14
16
|
import org.jruby.util.ByteList;
|
|
15
17
|
|
|
16
18
|
import javax.net.ssl.KeyManagerFactory;
|
|
19
|
+
import javax.net.ssl.TrustManager;
|
|
17
20
|
import javax.net.ssl.TrustManagerFactory;
|
|
18
21
|
import javax.net.ssl.SSLContext;
|
|
19
22
|
import javax.net.ssl.SSLEngine;
|
|
@@ -21,21 +24,30 @@ import javax.net.ssl.SSLEngineResult;
|
|
|
21
24
|
import javax.net.ssl.SSLException;
|
|
22
25
|
import javax.net.ssl.SSLPeerUnverifiedException;
|
|
23
26
|
import javax.net.ssl.SSLSession;
|
|
27
|
+
import javax.net.ssl.X509TrustManager;
|
|
24
28
|
import java.io.FileInputStream;
|
|
29
|
+
import java.io.InputStream;
|
|
25
30
|
import java.io.IOException;
|
|
31
|
+
import java.nio.Buffer;
|
|
26
32
|
import java.nio.ByteBuffer;
|
|
27
33
|
import java.security.KeyManagementException;
|
|
28
34
|
import java.security.KeyStore;
|
|
29
35
|
import java.security.KeyStoreException;
|
|
30
36
|
import java.security.NoSuchAlgorithmException;
|
|
31
37
|
import java.security.UnrecoverableKeyException;
|
|
38
|
+
import java.security.cert.Certificate;
|
|
32
39
|
import java.security.cert.CertificateEncodingException;
|
|
33
40
|
import java.security.cert.CertificateException;
|
|
41
|
+
import java.security.cert.X509Certificate;
|
|
42
|
+
import java.util.concurrent.ConcurrentHashMap;
|
|
43
|
+
import java.util.Map;
|
|
44
|
+
import java.util.function.Supplier;
|
|
34
45
|
|
|
35
46
|
import static javax.net.ssl.SSLEngineResult.Status;
|
|
36
47
|
import static javax.net.ssl.SSLEngineResult.HandshakeStatus;
|
|
37
48
|
|
|
38
|
-
public class MiniSSL extends RubyObject {
|
|
49
|
+
public class MiniSSL extends RubyObject { // MiniSSL::Engine
|
|
50
|
+
private static final long serialVersionUID = -6903439483039141234L;
|
|
39
51
|
private static ObjectAllocator ALLOCATOR = new ObjectAllocator() {
|
|
40
52
|
public IRubyObject allocate(Ruby runtime, RubyClass klass) {
|
|
41
53
|
return new MiniSSL(runtime, klass);
|
|
@@ -46,11 +58,10 @@ public class MiniSSL extends RubyObject {
|
|
|
46
58
|
RubyModule mPuma = runtime.defineModule("Puma");
|
|
47
59
|
RubyModule ssl = mPuma.defineModuleUnder("MiniSSL");
|
|
48
60
|
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
runtime.getClass("IOError").getAllocator());
|
|
61
|
+
// Puma::MiniSSL::SSLError
|
|
62
|
+
ssl.defineClassUnder("SSLError", runtime.getStandardError(), runtime.getStandardError().getAllocator());
|
|
52
63
|
|
|
53
|
-
RubyClass eng = ssl.defineClassUnder("Engine",runtime.getObject(),ALLOCATOR);
|
|
64
|
+
RubyClass eng = ssl.defineClassUnder("Engine", runtime.getObject(), ALLOCATOR);
|
|
54
65
|
eng.defineAnnotatedMethods(MiniSSL.class);
|
|
55
66
|
}
|
|
56
67
|
|
|
@@ -65,7 +76,7 @@ public class MiniSSL extends RubyObject {
|
|
|
65
76
|
|
|
66
77
|
public void clear() { buffer.clear(); }
|
|
67
78
|
public void compact() { buffer.compact(); }
|
|
68
|
-
public void flip() { buffer.flip(); }
|
|
79
|
+
public void flip() { ((Buffer) buffer).flip(); }
|
|
69
80
|
public boolean hasRemaining() { return buffer.hasRemaining(); }
|
|
70
81
|
public int position() { return buffer.position(); }
|
|
71
82
|
|
|
@@ -76,11 +87,11 @@ public class MiniSSL extends RubyObject {
|
|
|
76
87
|
/**
|
|
77
88
|
* Writes bytes to the buffer after ensuring there's room
|
|
78
89
|
*/
|
|
79
|
-
|
|
80
|
-
if (buffer.remaining() <
|
|
81
|
-
resize(buffer.limit() +
|
|
90
|
+
private void put(byte[] bytes, final int offset, final int length) {
|
|
91
|
+
if (buffer.remaining() < length) {
|
|
92
|
+
resize(buffer.limit() + length);
|
|
82
93
|
}
|
|
83
|
-
buffer.put(bytes);
|
|
94
|
+
buffer.put(bytes, offset, length);
|
|
84
95
|
}
|
|
85
96
|
|
|
86
97
|
/**
|
|
@@ -89,7 +100,7 @@ public class MiniSSL extends RubyObject {
|
|
|
89
100
|
public void resize(int newCapacity) {
|
|
90
101
|
if (newCapacity > buffer.capacity()) {
|
|
91
102
|
ByteBuffer dstTmp = ByteBuffer.allocate(newCapacity);
|
|
92
|
-
|
|
103
|
+
flip();
|
|
93
104
|
dstTmp.put(buffer);
|
|
94
105
|
buffer = dstTmp;
|
|
95
106
|
} else {
|
|
@@ -101,7 +112,7 @@ public class MiniSSL extends RubyObject {
|
|
|
101
112
|
* Drains the buffer to a ByteList, or returns null for an empty buffer
|
|
102
113
|
*/
|
|
103
114
|
public ByteList asByteList() {
|
|
104
|
-
|
|
115
|
+
flip();
|
|
105
116
|
if (!buffer.hasRemaining()) {
|
|
106
117
|
buffer.clear();
|
|
107
118
|
return null;
|
|
@@ -111,7 +122,7 @@ public class MiniSSL extends RubyObject {
|
|
|
111
122
|
|
|
112
123
|
buffer.get(bss);
|
|
113
124
|
buffer.clear();
|
|
114
|
-
return new ByteList(bss);
|
|
125
|
+
return new ByteList(bss, false);
|
|
115
126
|
}
|
|
116
127
|
|
|
117
128
|
@Override
|
|
@@ -119,6 +130,8 @@ public class MiniSSL extends RubyObject {
|
|
|
119
130
|
}
|
|
120
131
|
|
|
121
132
|
private SSLEngine engine;
|
|
133
|
+
private boolean closed;
|
|
134
|
+
private boolean handshake;
|
|
122
135
|
private MiniSSLBuffer inboundNetData;
|
|
123
136
|
private MiniSSLBuffer outboundAppData;
|
|
124
137
|
private MiniSSLBuffer outboundNetData;
|
|
@@ -127,42 +140,119 @@ public class MiniSSL extends RubyObject {
|
|
|
127
140
|
super(runtime, klass);
|
|
128
141
|
}
|
|
129
142
|
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
143
|
+
private static Map<String, KeyManagerFactory> keyManagerFactoryMap = new ConcurrentHashMap<String, KeyManagerFactory>();
|
|
144
|
+
private static Map<String, TrustManagerFactory> trustManagerFactoryMap = new ConcurrentHashMap<String, TrustManagerFactory>();
|
|
145
|
+
|
|
146
|
+
@JRubyMethod(meta = true) // Engine.server
|
|
147
|
+
public static synchronized IRubyObject server(ThreadContext context, IRubyObject recv, IRubyObject miniSSLContext)
|
|
148
|
+
throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
|
|
149
|
+
// Create the KeyManagerFactory and TrustManagerFactory for this server
|
|
150
|
+
String keystoreFile = asStringValue(miniSSLContext.callMethod(context, "keystore"), null);
|
|
151
|
+
char[] keystorePass = asStringValue(miniSSLContext.callMethod(context, "keystore_pass"), null).toCharArray();
|
|
152
|
+
String keystoreType = asStringValue(miniSSLContext.callMethod(context, "keystore_type"), KeyStore::getDefaultType);
|
|
153
|
+
|
|
154
|
+
String truststoreFile;
|
|
155
|
+
char[] truststorePass;
|
|
156
|
+
String truststoreType;
|
|
157
|
+
IRubyObject truststore = miniSSLContext.callMethod(context, "truststore");
|
|
158
|
+
if (truststore.isNil()) {
|
|
159
|
+
truststoreFile = keystoreFile;
|
|
160
|
+
truststorePass = keystorePass;
|
|
161
|
+
truststoreType = keystoreType;
|
|
162
|
+
} else if (!isDefaultSymbol(context, truststore)) {
|
|
163
|
+
truststoreFile = truststore.convertToString().asJavaString();
|
|
164
|
+
IRubyObject pass = miniSSLContext.callMethod(context, "truststore_pass");
|
|
165
|
+
if (pass.isNil()) {
|
|
166
|
+
truststorePass = null;
|
|
167
|
+
} else {
|
|
168
|
+
truststorePass = asStringValue(pass, null).toCharArray();
|
|
169
|
+
}
|
|
170
|
+
truststoreType = asStringValue(miniSSLContext.callMethod(context, "truststore_type"), KeyStore::getDefaultType);
|
|
171
|
+
} else { // self.truststore = :default
|
|
172
|
+
truststoreFile = null;
|
|
173
|
+
truststorePass = null;
|
|
174
|
+
truststoreType = null;
|
|
175
|
+
}
|
|
133
176
|
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
177
|
+
KeyStore ks = KeyStore.getInstance(keystoreType);
|
|
178
|
+
InputStream is = new FileInputStream(keystoreFile);
|
|
179
|
+
try {
|
|
180
|
+
ks.load(is, keystorePass);
|
|
181
|
+
} finally {
|
|
182
|
+
is.close();
|
|
183
|
+
}
|
|
184
|
+
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
|
|
185
|
+
kmf.init(ks, keystorePass);
|
|
186
|
+
keyManagerFactoryMap.put(keystoreFile, kmf);
|
|
187
|
+
|
|
188
|
+
if (truststoreFile != null) {
|
|
189
|
+
KeyStore ts = KeyStore.getInstance(truststoreType);
|
|
190
|
+
is = new FileInputStream(truststoreFile);
|
|
191
|
+
try {
|
|
192
|
+
ts.load(is, truststorePass);
|
|
193
|
+
} finally {
|
|
194
|
+
is.close();
|
|
195
|
+
}
|
|
196
|
+
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
|
|
197
|
+
tmf.init(ts);
|
|
198
|
+
trustManagerFactoryMap.put(truststoreFile, tmf);
|
|
199
|
+
}
|
|
138
200
|
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
|
|
143
|
-
KeyStore ts = KeyStore.getInstance(KeyStore.getDefaultType());
|
|
201
|
+
RubyClass klass = (RubyClass) recv;
|
|
202
|
+
return klass.newInstance(context, miniSSLContext, Block.NULL_BLOCK);
|
|
203
|
+
}
|
|
144
204
|
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
205
|
+
private static String asStringValue(IRubyObject value, Supplier<String> defaultValue) {
|
|
206
|
+
if (defaultValue != null && value.isNil()) return defaultValue.get();
|
|
207
|
+
return value.convertToString().asJavaString();
|
|
208
|
+
}
|
|
149
209
|
|
|
150
|
-
|
|
151
|
-
|
|
210
|
+
private static boolean isDefaultSymbol(ThreadContext context, IRubyObject truststore) {
|
|
211
|
+
return context.runtime.newSymbol("default").equals(truststore);
|
|
212
|
+
}
|
|
152
213
|
|
|
153
|
-
|
|
154
|
-
|
|
214
|
+
@JRubyMethod
|
|
215
|
+
public IRubyObject initialize(ThreadContext context, IRubyObject miniSSLContext)
|
|
216
|
+
throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
|
|
217
|
+
|
|
218
|
+
String keystoreFile = miniSSLContext.callMethod(context, "keystore").convertToString().asJavaString();
|
|
219
|
+
KeyManagerFactory kmf = keyManagerFactoryMap.get(keystoreFile);
|
|
220
|
+
IRubyObject truststore = miniSSLContext.callMethod(context, "truststore");
|
|
221
|
+
String truststoreFile = isDefaultSymbol(context, truststore) ? "" : asStringValue(truststore, () -> keystoreFile);
|
|
222
|
+
TrustManagerFactory tmf = trustManagerFactoryMap.get(truststoreFile); // null if self.truststore = :default
|
|
223
|
+
if (kmf == null) {
|
|
224
|
+
throw new KeyStoreException("Could not find KeyManagerFactory for keystore: " + keystoreFile + " truststore: " + truststoreFile);
|
|
225
|
+
}
|
|
155
226
|
|
|
156
227
|
SSLContext sslCtx = SSLContext.getInstance("TLS");
|
|
157
228
|
|
|
158
|
-
sslCtx.init(kmf.getKeyManagers(),
|
|
229
|
+
sslCtx.init(kmf.getKeyManagers(), getTrustManagers(tmf), null);
|
|
230
|
+
closed = false;
|
|
231
|
+
handshake = false;
|
|
159
232
|
engine = sslCtx.createSSLEngine();
|
|
160
233
|
|
|
161
|
-
String[]
|
|
162
|
-
|
|
234
|
+
String[] enabledProtocols;
|
|
235
|
+
IRubyObject protocols = miniSSLContext.callMethod(context, "protocols");
|
|
236
|
+
if (protocols.isNil()) {
|
|
237
|
+
if (miniSSLContext.callMethod(context, "no_tlsv1").isTrue()) {
|
|
238
|
+
enabledProtocols = new String[] { "TLSv1.1", "TLSv1.2", "TLSv1.3" };
|
|
239
|
+
} else {
|
|
240
|
+
enabledProtocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" };
|
|
241
|
+
}
|
|
242
|
+
|
|
243
|
+
if (miniSSLContext.callMethod(context, "no_tlsv1_1").isTrue()) {
|
|
244
|
+
enabledProtocols = new String[] { "TLSv1.2", "TLSv1.3" };
|
|
245
|
+
}
|
|
246
|
+
} else if (protocols instanceof RubyArray) {
|
|
247
|
+
enabledProtocols = (String[]) ((RubyArray) protocols).toArray(new String[0]);
|
|
248
|
+
} else {
|
|
249
|
+
throw context.runtime.newTypeError(protocols, context.runtime.getArray());
|
|
250
|
+
}
|
|
251
|
+
engine.setEnabledProtocols(enabledProtocols);
|
|
252
|
+
|
|
163
253
|
engine.setUseClientMode(false);
|
|
164
254
|
|
|
165
|
-
long verify_mode = miniSSLContext.callMethod(
|
|
255
|
+
long verify_mode = miniSSLContext.callMethod(context, "verify_mode").convertToInteger("to_i").getLongValue();
|
|
166
256
|
if ((verify_mode & 0x1) != 0) { // 'peer'
|
|
167
257
|
engine.setWantClientAuth(true);
|
|
168
258
|
}
|
|
@@ -170,6 +260,13 @@ public class MiniSSL extends RubyObject {
|
|
|
170
260
|
engine.setNeedClientAuth(true);
|
|
171
261
|
}
|
|
172
262
|
|
|
263
|
+
IRubyObject cipher_suites = miniSSLContext.callMethod(context, "cipher_suites");
|
|
264
|
+
if (cipher_suites instanceof RubyArray) {
|
|
265
|
+
engine.setEnabledCipherSuites((String[]) ((RubyArray) cipher_suites).toArray(new String[0]));
|
|
266
|
+
} else if (!cipher_suites.isNil()) {
|
|
267
|
+
throw context.runtime.newTypeError(cipher_suites, context.runtime.getArray());
|
|
268
|
+
}
|
|
269
|
+
|
|
173
270
|
SSLSession session = engine.getSession();
|
|
174
271
|
inboundNetData = new MiniSSLBuffer(session.getPacketBufferSize());
|
|
175
272
|
outboundAppData = new MiniSSLBuffer(session.getApplicationBufferSize());
|
|
@@ -179,16 +276,53 @@ public class MiniSSL extends RubyObject {
|
|
|
179
276
|
return this;
|
|
180
277
|
}
|
|
181
278
|
|
|
279
|
+
private TrustManager[] getTrustManagers(TrustManagerFactory factory) {
|
|
280
|
+
if (factory == null) return null; // use JDK trust defaults
|
|
281
|
+
final TrustManager[] tms = factory.getTrustManagers();
|
|
282
|
+
if (tms != null) {
|
|
283
|
+
for (int i=0; i<tms.length; i++) {
|
|
284
|
+
final TrustManager tm = tms[i];
|
|
285
|
+
if (tm instanceof X509TrustManager) {
|
|
286
|
+
tms[i] = new TrustManagerWrapper((X509TrustManager) tm);
|
|
287
|
+
}
|
|
288
|
+
}
|
|
289
|
+
}
|
|
290
|
+
return tms;
|
|
291
|
+
}
|
|
292
|
+
|
|
293
|
+
private volatile transient X509Certificate lastCheckedCert0;
|
|
294
|
+
|
|
295
|
+
private class TrustManagerWrapper implements X509TrustManager {
|
|
296
|
+
|
|
297
|
+
private final X509TrustManager delegate;
|
|
298
|
+
|
|
299
|
+
TrustManagerWrapper(X509TrustManager delegate) {
|
|
300
|
+
this.delegate = delegate;
|
|
301
|
+
}
|
|
302
|
+
|
|
303
|
+
@Override
|
|
304
|
+
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
|
|
305
|
+
lastCheckedCert0 = chain.length > 0 ? chain[0] : null;
|
|
306
|
+
delegate.checkClientTrusted(chain, authType);
|
|
307
|
+
}
|
|
308
|
+
|
|
309
|
+
@Override
|
|
310
|
+
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
|
|
311
|
+
delegate.checkServerTrusted(chain, authType);
|
|
312
|
+
}
|
|
313
|
+
|
|
314
|
+
@Override
|
|
315
|
+
public X509Certificate[] getAcceptedIssuers() {
|
|
316
|
+
return delegate.getAcceptedIssuers();
|
|
317
|
+
}
|
|
318
|
+
|
|
319
|
+
}
|
|
320
|
+
|
|
182
321
|
@JRubyMethod
|
|
183
322
|
public IRubyObject inject(IRubyObject arg) {
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
return this;
|
|
188
|
-
} catch (Exception e) {
|
|
189
|
-
e.printStackTrace();
|
|
190
|
-
throw new RuntimeException(e);
|
|
191
|
-
}
|
|
323
|
+
ByteList bytes = arg.convertToString().getByteList();
|
|
324
|
+
inboundNetData.put(bytes.unsafeBytes(), bytes.getBegin(), bytes.getRealSize());
|
|
325
|
+
return this;
|
|
192
326
|
}
|
|
193
327
|
|
|
194
328
|
private enum SSLOperation {
|
|
@@ -208,7 +342,7 @@ public class MiniSSL extends RubyObject {
|
|
|
208
342
|
res = engine.unwrap(src.getRawBuffer(), dst.getRawBuffer());
|
|
209
343
|
break;
|
|
210
344
|
default:
|
|
211
|
-
throw new
|
|
345
|
+
throw new AssertionError("Unknown SSLOperation: " + sslOp);
|
|
212
346
|
}
|
|
213
347
|
|
|
214
348
|
switch (res.getStatus()) {
|
|
@@ -223,17 +357,16 @@ public class MiniSSL extends RubyObject {
|
|
|
223
357
|
// need to wait for more data to come in before we retry
|
|
224
358
|
retryOp = false;
|
|
225
359
|
break;
|
|
360
|
+
case CLOSED:
|
|
361
|
+
closed = true;
|
|
362
|
+
retryOp = false;
|
|
363
|
+
break;
|
|
226
364
|
default:
|
|
227
|
-
// other
|
|
365
|
+
// other case is OK. We're done here.
|
|
228
366
|
retryOp = false;
|
|
229
367
|
}
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
// after each op, run any delegated tasks if needed
|
|
233
|
-
if(engine.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
|
|
234
|
-
Runnable runnable;
|
|
235
|
-
while ((runnable = engine.getDelegatedTask()) != null) {
|
|
236
|
-
runnable.run();
|
|
368
|
+
if (res.getHandshakeStatus() == HandshakeStatus.FINISHED) {
|
|
369
|
+
handshake = true;
|
|
237
370
|
}
|
|
238
371
|
}
|
|
239
372
|
|
|
@@ -241,7 +374,7 @@ public class MiniSSL extends RubyObject {
|
|
|
241
374
|
}
|
|
242
375
|
|
|
243
376
|
@JRubyMethod
|
|
244
|
-
public IRubyObject read()
|
|
377
|
+
public IRubyObject read() {
|
|
245
378
|
try {
|
|
246
379
|
inboundNetData.flip();
|
|
247
380
|
|
|
@@ -255,21 +388,30 @@ public class MiniSSL extends RubyObject {
|
|
|
255
388
|
HandshakeStatus handshakeStatus = engine.getHandshakeStatus();
|
|
256
389
|
boolean done = false;
|
|
257
390
|
while (!done) {
|
|
391
|
+
SSLEngineResult res;
|
|
258
392
|
switch (handshakeStatus) {
|
|
259
393
|
case NEED_WRAP:
|
|
260
|
-
doOp(SSLOperation.WRAP, inboundAppData, outboundNetData);
|
|
394
|
+
res = doOp(SSLOperation.WRAP, inboundAppData, outboundNetData);
|
|
395
|
+
handshakeStatus = res.getHandshakeStatus();
|
|
261
396
|
break;
|
|
262
397
|
case NEED_UNWRAP:
|
|
263
|
-
|
|
398
|
+
res = doOp(SSLOperation.UNWRAP, inboundNetData, inboundAppData);
|
|
264
399
|
if (res.getStatus() == Status.BUFFER_UNDERFLOW) {
|
|
265
400
|
// need more data before we can shake more hands
|
|
266
401
|
done = true;
|
|
267
402
|
}
|
|
403
|
+
handshakeStatus = res.getHandshakeStatus();
|
|
404
|
+
break;
|
|
405
|
+
case NEED_TASK:
|
|
406
|
+
Runnable runnable;
|
|
407
|
+
while ((runnable = engine.getDelegatedTask()) != null) {
|
|
408
|
+
runnable.run();
|
|
409
|
+
}
|
|
410
|
+
handshakeStatus = engine.getHandshakeStatus();
|
|
268
411
|
break;
|
|
269
412
|
default:
|
|
270
413
|
done = true;
|
|
271
414
|
}
|
|
272
|
-
handshakeStatus = engine.getHandshakeStatus();
|
|
273
415
|
}
|
|
274
416
|
|
|
275
417
|
if (inboundNetData.hasRemaining()) {
|
|
@@ -283,64 +425,85 @@ public class MiniSSL extends RubyObject {
|
|
|
283
425
|
return getRuntime().getNil();
|
|
284
426
|
}
|
|
285
427
|
|
|
286
|
-
RubyString
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
} catch (Exception e) {
|
|
290
|
-
throw getRuntime().newEOFError(e.getMessage());
|
|
428
|
+
return RubyString.newString(getRuntime(), appDataByteList);
|
|
429
|
+
} catch (SSLException e) {
|
|
430
|
+
throw newSSLError(getRuntime(), e);
|
|
291
431
|
}
|
|
292
432
|
}
|
|
293
433
|
|
|
294
434
|
@JRubyMethod
|
|
295
435
|
public IRubyObject write(IRubyObject arg) {
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
outboundAppData = new MiniSSLBuffer(bls);
|
|
436
|
+
byte[] bls = arg.convertToString().getBytes();
|
|
437
|
+
outboundAppData = new MiniSSLBuffer(bls);
|
|
299
438
|
|
|
300
|
-
|
|
301
|
-
} catch (Exception e) {
|
|
302
|
-
e.printStackTrace();
|
|
303
|
-
throw new RuntimeException(e);
|
|
304
|
-
}
|
|
439
|
+
return getRuntime().newFixnum(bls.length);
|
|
305
440
|
}
|
|
306
441
|
|
|
307
442
|
@JRubyMethod
|
|
308
|
-
public IRubyObject extract()
|
|
443
|
+
public IRubyObject extract(ThreadContext context) {
|
|
309
444
|
try {
|
|
310
445
|
ByteList dataByteList = outboundNetData.asByteList();
|
|
311
446
|
if (dataByteList != null) {
|
|
312
|
-
RubyString
|
|
313
|
-
str.setValue(dataByteList);
|
|
314
|
-
return str;
|
|
447
|
+
return RubyString.newString(context.runtime, dataByteList);
|
|
315
448
|
}
|
|
316
449
|
|
|
317
450
|
if (!outboundAppData.hasRemaining()) {
|
|
318
|
-
return
|
|
451
|
+
return context.nil;
|
|
319
452
|
}
|
|
320
453
|
|
|
321
454
|
outboundNetData.clear();
|
|
322
455
|
doOp(SSLOperation.WRAP, outboundAppData, outboundNetData);
|
|
323
456
|
dataByteList = outboundNetData.asByteList();
|
|
324
457
|
if (dataByteList == null) {
|
|
325
|
-
return
|
|
458
|
+
return context.nil;
|
|
326
459
|
}
|
|
327
460
|
|
|
328
|
-
RubyString
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
return str;
|
|
332
|
-
} catch (Exception e) {
|
|
333
|
-
e.printStackTrace();
|
|
334
|
-
throw new RuntimeException(e);
|
|
461
|
+
return RubyString.newString(context.runtime, dataByteList);
|
|
462
|
+
} catch (SSLException e) {
|
|
463
|
+
throw newSSLError(getRuntime(), e);
|
|
335
464
|
}
|
|
336
465
|
}
|
|
337
466
|
|
|
338
467
|
@JRubyMethod
|
|
339
|
-
public IRubyObject peercert() throws CertificateEncodingException {
|
|
468
|
+
public IRubyObject peercert(ThreadContext context) throws CertificateEncodingException {
|
|
469
|
+
Certificate peerCert;
|
|
340
470
|
try {
|
|
341
|
-
|
|
342
|
-
} catch (SSLPeerUnverifiedException
|
|
343
|
-
|
|
471
|
+
peerCert = engine.getSession().getPeerCertificates()[0];
|
|
472
|
+
} catch (SSLPeerUnverifiedException e) {
|
|
473
|
+
peerCert = lastCheckedCert0; // null if trust check did not happen
|
|
474
|
+
}
|
|
475
|
+
return peerCert == null ? context.nil : JavaEmbedUtils.javaToRuby(context.runtime, peerCert.getEncoded());
|
|
476
|
+
}
|
|
477
|
+
|
|
478
|
+
@JRubyMethod(name = "init?")
|
|
479
|
+
public IRubyObject isInit(ThreadContext context) {
|
|
480
|
+
return handshake ? getRuntime().getFalse() : getRuntime().getTrue();
|
|
481
|
+
}
|
|
482
|
+
|
|
483
|
+
@JRubyMethod
|
|
484
|
+
public IRubyObject shutdown() {
|
|
485
|
+
if (closed || engine.isInboundDone() && engine.isOutboundDone()) {
|
|
486
|
+
if (engine.isOutboundDone()) {
|
|
487
|
+
engine.closeOutbound();
|
|
488
|
+
}
|
|
489
|
+
return getRuntime().getTrue();
|
|
490
|
+
} else {
|
|
491
|
+
return getRuntime().getFalse();
|
|
344
492
|
}
|
|
345
493
|
}
|
|
494
|
+
|
|
495
|
+
private static RubyClass getSSLError(Ruby runtime) {
|
|
496
|
+
return (RubyClass) ((RubyModule) runtime.getModule("Puma").getConstantAt("MiniSSL")).getConstantAt("SSLError");
|
|
497
|
+
}
|
|
498
|
+
|
|
499
|
+
private static RaiseException newSSLError(Ruby runtime, SSLException cause) {
|
|
500
|
+
return newError(runtime, getSSLError(runtime), cause.toString(), cause);
|
|
501
|
+
}
|
|
502
|
+
|
|
503
|
+
private static RaiseException newError(Ruby runtime, RubyClass errorClass, String message, Throwable cause) {
|
|
504
|
+
RaiseException ex = RaiseException.from(runtime, errorClass, message);
|
|
505
|
+
ex.initCause(cause);
|
|
506
|
+
return ex;
|
|
507
|
+
}
|
|
508
|
+
|
|
346
509
|
}
|