puma 4.3.3 → 5.3.2

data/ext/puma_http11/no_ssl/PumaHttp11Service.java

@@ -0,0 +1,15 @@
+package puma;
+
+import java.io.IOException;
+
+import org.jruby.Ruby;
+import org.jruby.runtime.load.BasicLibraryService;
+
+import org.jruby.puma.Http11;
+
+public class PumaHttp11Service implements BasicLibraryService {
+    public boolean basicLoad(final Ruby runtime) throws IOException {
+        Http11.createHttp11(runtime);
+        return true;
+    }
+}

data/ext/puma_http11/org/jruby/puma/Http11.java

@@ -30,8 +30,8 @@ public class Http11 extends RubyObject {
     public final static String MAX_REQUEST_URI_LENGTH_ERR = "HTTP element REQUEST_URI is longer than the 12288 allowed length.";
     public final static int MAX_FRAGMENT_LENGTH = 1024;
     public final static String MAX_FRAGMENT_LENGTH_ERR = "HTTP element REQUEST_PATH is longer than the 1024 allowed length.";
-    public final static int MAX_REQUEST_PATH_LENGTH = 2048;
-    public final static String MAX_REQUEST_PATH_LENGTH_ERR = "HTTP element REQUEST_PATH is longer than the 2048 allowed length.";
+    public final static int MAX_REQUEST_PATH_LENGTH = 8192;
+    public final static String MAX_REQUEST_PATH_LENGTH_ERR = "HTTP element REQUEST_PATH is longer than the 8192 allowed length.";
     public final static int MAX_QUERY_STRING_LENGTH = 1024 * 10;
     public final static String MAX_QUERY_STRING_LENGTH_ERR = "HTTP element QUERY_STRING is longer than the 10240 allowed length.";
     public final static int MAX_HEADER_LENGTH = 1024 * (80 + 32);
@@ -197,7 +197,7 @@ public class Http11 extends RubyObject {
             validateMaxLength(runtime, parser.nread,MAX_HEADER_LENGTH, MAX_HEADER_LENGTH_ERR);
 
             if(hp.has_error()) {
-                throw newHTTPParserError(runtime, "Invalid HTTP format, parsing fails.");
+                throw newHTTPParserError(runtime, "Invalid HTTP format, parsing fails. Are you trying to open an SSL connection to a non-SSL Puma?");
             } else {
                 return runtime.newFixnum(parser.nread);
             }

data/ext/puma_http11/org/jruby/puma/Http11Parser.java

@@ -182,8 +182,6 @@ static final int puma_parser_start = 1;
 static final int puma_parser_first_final = 46;
 static final int puma_parser_error = 0;
 
-static final int puma_parser_en_main = 1;
-
 
 // line 62 "ext/puma_http11/http11_parser.java.rl"
 
@@ -212,12 +210,12 @@ static final int puma_parser_en_main = 1;
           cs = 0;
 
           
-// line 218 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
+// line 214 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
 	{
 	cs = puma_parser_start;
 	}
 
-// line 90 "ext/puma_http11/http11_parser.java.rl"
+// line 88 "ext/puma_http11/http11_parser.java.rl"
 
           body_start = 0;
           content_len = 0;
@@ -244,7 +242,7 @@ static final int puma_parser_en_main = 1;
      parser.buffer = buffer;
 
      
-// line 250 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
+// line 246 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
 	{
 	int _klen;
 	int _trans = 0;
@@ -400,7 +398,7 @@ case 1:
     { p += 1; _goto_targ = 5; if (true)  continue _goto;}
   }
 	break;
-// line 406 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
+// line 402 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
 			}
 		}
 	}
@@ -420,7 +418,7 @@ case 5:
 	break; }
 	}
 
-// line 116 "ext/puma_http11/http11_parser.java.rl"
+// line 114 "ext/puma_http11/http11_parser.java.rl"
 
      parser.cs = cs;
      parser.nread += (p - off);

data/ext/puma_http11/org/jruby/puma/MiniSSL.java

@@ -22,6 +22,7 @@ import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 import java.io.FileInputStream;
+import java.io.InputStream;
 import java.io.IOException;
 import java.nio.Buffer;
 import java.nio.ByteBuffer;
@@ -32,6 +33,8 @@ import java.security.NoSuchAlgorithmException;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.Map;
 
 import static javax.net.ssl.SSLEngineResult.Status;
 import static javax.net.ssl.SSLEngineResult.HandshakeStatus;
@@ -120,6 +123,8 @@ public class MiniSSL extends RubyObject {
   }
 
   private SSLEngine engine;
+  private boolean closed;
+  private boolean handshake;
   private MiniSSLBuffer inboundNetData;
   private MiniSSLBuffer outboundAppData;
   private MiniSSLBuffer outboundNetData;
@@ -128,10 +133,39 @@ public class MiniSSL extends RubyObject {
     super(runtime, klass);
   }
 
+  private static Map<String, KeyManagerFactory> keyManagerFactoryMap = new ConcurrentHashMap<String, KeyManagerFactory>();
+  private static Map<String, TrustManagerFactory> trustManagerFactoryMap = new ConcurrentHashMap<String, TrustManagerFactory>();
+
   @JRubyMethod(meta = true)
-  public static IRubyObject server(ThreadContext context, IRubyObject recv, IRubyObject miniSSLContext) {
-    RubyClass klass = (RubyClass) recv;
+  public static synchronized IRubyObject server(ThreadContext context, IRubyObject recv, IRubyObject miniSSLContext)
+      throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
+    // Create the KeyManagerFactory and TrustManagerFactory for this server
+    String keystoreFile = miniSSLContext.callMethod(context, "keystore").convertToString().asJavaString();
+    char[] password = miniSSLContext.callMethod(context, "keystore_pass").convertToString().asJavaString().toCharArray();
 
+    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+    InputStream is = new FileInputStream(keystoreFile);
+    try {
+      ks.load(is, password);
+    } finally {
+      is.close();
+    }
+    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
+    kmf.init(ks, password);
+    keyManagerFactoryMap.put(keystoreFile, kmf);
+
+    KeyStore ts = KeyStore.getInstance(KeyStore.getDefaultType());
+    is = new FileInputStream(keystoreFile);
+    try {
+      ts.load(is, password);
+    } finally {
+      is.close();
+    }
+    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
+    tmf.init(ts);
+    trustManagerFactoryMap.put(keystoreFile, tmf);
+
+    RubyClass klass = (RubyClass) recv;
     return klass.newInstance(context,
         new IRubyObject[] { miniSSLContext },
         Block.NULL_BLOCK);
@@ -139,24 +173,22 @@ public class MiniSSL extends RubyObject {
 
   @JRubyMethod
   public IRubyObject initialize(ThreadContext threadContext, IRubyObject miniSSLContext)
-      throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
+      throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
     KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
     KeyStore ts = KeyStore.getInstance(KeyStore.getDefaultType());
 
-    char[] password = miniSSLContext.callMethod(threadContext, "keystore_pass").convertToString().asJavaString().toCharArray();
     String keystoreFile = miniSSLContext.callMethod(threadContext, "keystore").convertToString().asJavaString();
-    ks.load(new FileInputStream(keystoreFile), password);
-    ts.load(new FileInputStream(keystoreFile), password);
-
-    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
-    kmf.init(ks, password);
-
-    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
-    tmf.init(ts);
+    KeyManagerFactory kmf = keyManagerFactoryMap.get(keystoreFile);
+    TrustManagerFactory tmf = trustManagerFactoryMap.get(keystoreFile);
+    if(kmf == null || tmf == null) {
+      throw new KeyStoreException("Could not find KeyManagerFactory/TrustManagerFactory for keystore: " + keystoreFile);
+    }
 
     SSLContext sslCtx = SSLContext.getInstance("TLS");
 
     sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+    closed = false;
+    handshake = false;
     engine = sslCtx.createSSLEngine();
 
     String[] protocols;
@@ -173,7 +205,7 @@ public class MiniSSL extends RubyObject {
     engine.setEnabledProtocols(protocols);
     engine.setUseClientMode(false);
 
-    long verify_mode = miniSSLContext.callMethod(threadContext, "verify_mode").convertToInteger().getLongValue();
+    long verify_mode = miniSSLContext.callMethod(threadContext, "verify_mode").convertToInteger("to_i").getLongValue();
     if ((verify_mode & 0x1) != 0) { // 'peer'
         engine.setWantClientAuth(true);
     }
@@ -240,14 +272,21 @@ public class MiniSSL extends RubyObject {
           // need to wait for more data to come in before we retry
           retryOp = false;
           break;
+        case CLOSED:
+          closed = true;
+          retryOp = false;
+          break;
         default:
-          // other cases are OK and CLOSED.  We're done here.
+          // other case is OK.  We're done here.
           retryOp = false;
       }
+      if (res.getHandshakeStatus() == HandshakeStatus.FINISHED) {
+        handshake = true;
+      }
     }
 
     // after each op, run any delegated tasks if needed
-    if(engine.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
+    if(res.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
       Runnable runnable;
       while ((runnable = engine.getDelegatedTask()) != null) {
         runnable.run();
@@ -271,13 +310,14 @@ public class MiniSSL extends RubyObject {
 
       HandshakeStatus handshakeStatus = engine.getHandshakeStatus();
       boolean done = false;
+      SSLEngineResult res = null;
       while (!done) {
         switch (handshakeStatus) {
           case NEED_WRAP:
-            doOp(SSLOperation.WRAP, inboundAppData, outboundNetData);
+            res = doOp(SSLOperation.WRAP, inboundAppData, outboundNetData);
             break;
           case NEED_UNWRAP:
-            SSLEngineResult res = doOp(SSLOperation.UNWRAP, inboundNetData, inboundAppData);
+            res = doOp(SSLOperation.UNWRAP, inboundNetData, inboundAppData);
             if (res.getStatus() == Status.BUFFER_UNDERFLOW) {
               // need more data before we can shake more hands
               done = true;
@@ -286,7 +326,9 @@ public class MiniSSL extends RubyObject {
           default:
             done = true;
         }
-        handshakeStatus = engine.getHandshakeStatus();
+        if (!done) {
+          handshakeStatus = res.getHandshakeStatus();
+        }
       }
 
       if (inboundNetData.hasRemaining()) {
@@ -360,4 +402,21 @@ public class MiniSSL extends RubyObject {
       return getRuntime().getNil();
     }
   }
+
+  @JRubyMethod(name = "init?")
+  public IRubyObject isInit(ThreadContext context) {
+    return handshake ? getRuntime().getFalse() : getRuntime().getTrue();
+  }
+
+  @JRubyMethod
+  public IRubyObject shutdown() {
+    if (closed || engine.isInboundDone() && engine.isOutboundDone()) {
+      if (engine.isOutboundDone()) {
+        engine.closeOutbound();
+      }
+      return getRuntime().getTrue();
+    } else {
+      return getRuntime().getFalse();
+    }
+  }
 }

data/ext/puma_http11/puma_http11.c

@@ -10,6 +10,7 @@
 #include "ext_help.h"
 #include <assert.h>
 #include <string.h>
+#include <ctype.h>
 #include "http11_parser.h"
 
 #ifndef MANAGED_STRINGS
@@ -39,7 +40,9 @@ static VALUE global_http_version;
 static VALUE global_request_path;
 
 /** Defines common length and error messages for input length validation. */
-#define DEF_MAX_LENGTH(N,length) const size_t MAX_##N##_LENGTH = length; const char *MAX_##N##_LENGTH_ERR = "HTTP element " # N  " is longer than the " # length " allowed length (was %d)"
+#define QUOTE(s) #s
+#define EXPLAIN_MAX_LENGTH_VALUE(s) QUOTE(s)
+#define DEF_MAX_LENGTH(N,length) const size_t MAX_##N##_LENGTH = length; const char *MAX_##N##_LENGTH_ERR = "HTTP element " # N  " is longer than the " EXPLAIN_MAX_LENGTH_VALUE(length) " allowed length (was %d)"
 
 /** Validates the max length of given input and throws an HttpParserError exception if over. */
 #define VALIDATE_MAX_LENGTH(len, N) if(len > MAX_##N##_LENGTH) { rb_raise(eHttpParserError, MAX_##N##_LENGTH_ERR, len); }
@@ -49,12 +52,16 @@ static VALUE global_request_path;
 
 
 /* Defines the maximum allowed lengths for various input elements.*/
+#ifndef PUMA_QUERY_STRING_MAX_LENGTH
+#define PUMA_QUERY_STRING_MAX_LENGTH (1024 * 10)
+#endif
+
 DEF_MAX_LENGTH(FIELD_NAME, 256);
 DEF_MAX_LENGTH(FIELD_VALUE, 80 * 1024);
 DEF_MAX_LENGTH(REQUEST_URI, 1024 * 12);
 DEF_MAX_LENGTH(FRAGMENT, 1024); /* Don't know if this length is specified somewhere or not */
-DEF_MAX_LENGTH(REQUEST_PATH, 2048);
-DEF_MAX_LENGTH(QUERY_STRING, (1024 * 10));
+DEF_MAX_LENGTH(REQUEST_PATH, 8192);
+DEF_MAX_LENGTH(QUERY_STRING, PUMA_QUERY_STRING_MAX_LENGTH);
 DEF_MAX_LENGTH(HEADER, (1024 * (80 + 32)));
 
 struct common_field {
@@ -111,21 +118,6 @@ static struct common_field common_http_fields[] = {
 # undef f
 };
 
-/*
- * qsort(3) and bsearch(3) improve average performance slightly, but may
- * not be worth it for lack of portability to certain platforms...
- */
-#if defined(HAVE_QSORT_BSEARCH)
-/* sort by length, then by name if there's a tie */
-static int common_field_cmp(const void *a, const void *b)
-{
-  struct common_field *cfa = (struct common_field *)a;
-  struct common_field *cfb = (struct common_field *)b;
-  signed long diff = cfa->len - cfb->len;
-  return diff ? diff : memcmp(cfa->name, cfb->name, cfa->len);
-}
-#endif /* HAVE_QSORT_BSEARCH */
-
 static void init_common_fields(void)
 {
   unsigned i;
@@ -142,28 +134,10 @@ static void init_common_fields(void)
     }
     rb_global_variable(&cf->value);
   }
-
-#if defined(HAVE_QSORT_BSEARCH)
-  qsort(common_http_fields,
-        ARRAY_SIZE(common_http_fields),
-        sizeof(struct common_field),
-        common_field_cmp);
-#endif /* HAVE_QSORT_BSEARCH */
 }
 
 static VALUE find_common_field_value(const char *field, size_t flen)
 {
-#if defined(HAVE_QSORT_BSEARCH)
-  struct common_field key;
-  struct common_field *found;
-  key.name = field;
-  key.len = (signed long)flen;
-  found = (struct common_field *)bsearch(&key, common_http_fields,
-                                         ARRAY_SIZE(common_http_fields),
-                                         sizeof(struct common_field),
-                                         common_field_cmp);
-  return found ? found->value : Qnil;
-#else /* !HAVE_QSORT_BSEARCH */
   unsigned i;
   struct common_field *cf = common_http_fields;
   for(i = 0; i < ARRAY_SIZE(common_http_fields); i++, cf++) {
@@ -171,7 +145,6 @@ static VALUE find_common_field_value(const char *field, size_t flen)
       return cf->value;
   }
   return Qnil;
-#endif /* !HAVE_QSORT_BSEARCH */
 }
 
 void http_field(puma_parser* hp, const char *field, size_t flen,
@@ -286,11 +259,18 @@ void HttpParser_free(void *data) {
   }
 }
 
-void HttpParser_mark(puma_parser* hp) {
+void HttpParser_mark(void *ptr) {
+  puma_parser *hp = ptr;
   if(hp->request) rb_gc_mark(hp->request);
   if(hp->body) rb_gc_mark(hp->body);
 }
 
+const rb_data_type_t HttpParser_data_type = {
+    "HttpParser",
+    { HttpParser_mark, HttpParser_free, 0 },
+    0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
+};
+
 VALUE HttpParser_alloc(VALUE klass)
 {
   puma_parser *hp = ALLOC_N(puma_parser, 1);
@@ -307,7 +287,7 @@ VALUE HttpParser_alloc(VALUE klass)
 
   puma_parser_init(hp);
 
-  return Data_Wrap_Struct(klass, HttpParser_mark, HttpParser_free, hp);
+  return TypedData_Wrap_Struct(klass, &HttpParser_data_type, hp);
 }
 
 /**
@@ -319,7 +299,7 @@ VALUE HttpParser_alloc(VALUE klass)
 VALUE HttpParser_init(VALUE self)
 {
   puma_parser *http = NULL;
-  DATA_GET(self, puma_parser, http);
+  DATA_GET(self, puma_parser, &HttpParser_data_type, http);
   puma_parser_init(http);
 
   return self;
@@ -336,7 +316,7 @@ VALUE HttpParser_init(VALUE self)
 VALUE HttpParser_reset(VALUE self)
 {
   puma_parser *http = NULL;
-  DATA_GET(self, puma_parser, http);
+  DATA_GET(self, puma_parser, &HttpParser_data_type, http);
   puma_parser_init(http);
 
   return Qnil;
@@ -353,7 +333,7 @@ VALUE HttpParser_reset(VALUE self)
 VALUE HttpParser_finish(VALUE self)
 {
   puma_parser *http = NULL;
-  DATA_GET(self, puma_parser, http);
+  DATA_GET(self, puma_parser, &HttpParser_data_type, http);
   puma_parser_finish(http);
 
   return puma_parser_is_finished(http) ? Qtrue : Qfalse;
@@ -384,7 +364,7 @@ VALUE HttpParser_execute(VALUE self, VALUE req_hash, VALUE data, VALUE start)
   char *dptr = NULL;
   long dlen = 0;
 
-  DATA_GET(self, puma_parser, http);
+  DATA_GET(self, puma_parser, &HttpParser_data_type, http);
 
   from = FIX2INT(start);
   dptr = rb_extract_chars(data, &dlen);
@@ -400,7 +380,7 @@ VALUE HttpParser_execute(VALUE self, VALUE req_hash, VALUE data, VALUE start)
     VALIDATE_MAX_LENGTH(puma_parser_nread(http), HEADER);
 
     if(puma_parser_has_error(http)) {
-      rb_raise(eHttpParserError, "%s", "Invalid HTTP format, parsing fails.");
+      rb_raise(eHttpParserError, "%s", "Invalid HTTP format, parsing fails. Are you trying to open an SSL connection to a non-SSL Puma?");
     } else {
       return INT2FIX(puma_parser_nread(http));
     }
@@ -418,7 +398,7 @@ VALUE HttpParser_execute(VALUE self, VALUE req_hash, VALUE data, VALUE start)
 VALUE HttpParser_has_error(VALUE self)
 {
   puma_parser *http = NULL;
-  DATA_GET(self, puma_parser, http);
+  DATA_GET(self, puma_parser, &HttpParser_data_type, http);
 
   return puma_parser_has_error(http) ? Qtrue : Qfalse;
 }
@@ -433,7 +413,7 @@ VALUE HttpParser_has_error(VALUE self)
 VALUE HttpParser_is_finished(VALUE self)
 {
   puma_parser *http = NULL;
-  DATA_GET(self, puma_parser, http);
+  DATA_GET(self, puma_parser, &HttpParser_data_type, http);
 
   return puma_parser_is_finished(http) ? Qtrue : Qfalse;
 }
@@ -449,7 +429,7 @@ VALUE HttpParser_is_finished(VALUE self)
 VALUE HttpParser_nread(VALUE self)
 {
   puma_parser *http = NULL;
-  DATA_GET(self, puma_parser, http);
+  DATA_GET(self, puma_parser, &HttpParser_data_type, http);
 
   return INT2FIX(http->nread);
 }
@@ -462,13 +442,14 @@ VALUE HttpParser_nread(VALUE self)
  */
 VALUE HttpParser_body(VALUE self) {
   puma_parser *http = NULL;
-  DATA_GET(self, puma_parser, http);
+  DATA_GET(self, puma_parser, &HttpParser_data_type, http);
 
   return http->body;
 }
 
-void Init_io_buffer(VALUE puma);
+#ifdef HAVE_OPENSSL_BIO_H
 void Init_mini_ssl(VALUE mod);
+#endif
 
 void Init_puma_http11()
 {
@@ -497,6 +478,7 @@ void Init_puma_http11()
   rb_define_method(cHttpParser, "body", HttpParser_body, 0);
   init_common_fields();
 
-  Init_io_buffer(mPuma);
+#ifdef HAVE_OPENSSL_BIO_H
   Init_mini_ssl(mPuma);
+#endif
 }