wendell-puma 2.9.2

data/ext/puma_http11/org/jruby/puma/MiniSSL.java

@@ -0,0 +1,391 @@
+package org.jruby.puma;
+
+import org.jruby.Ruby;
+import org.jruby.RubyBoolean;
+import org.jruby.RubyClass;
+import org.jruby.RubyModule;
+import org.jruby.RubyObject;
+import org.jruby.RubyString;
+import org.jruby.anno.JRubyMethod;
+import org.jruby.runtime.Block;
+import org.jruby.runtime.ObjectAllocator;
+import org.jruby.runtime.ThreadContext;
+import org.jruby.runtime.builtin.IRubyObject;
+import org.jruby.util.ByteList;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLSession;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+
+import static javax.net.ssl.SSLEngineResult.Status;
+import static javax.net.ssl.SSLEngineResult.HandshakeStatus;
+
+public class MiniSSL extends RubyObject {
+  private static ObjectAllocator ALLOCATOR = new ObjectAllocator() {
+    public IRubyObject allocate(Ruby runtime, RubyClass klass) {
+      return new MiniSSL(runtime, klass);
+    }
+  };
+
+  // set to true to switch on our low-fi trace logging
+  private static boolean DEBUG = false;
+
+  public static void createMiniSSL(Ruby runtime) {
+    RubyModule mPuma = runtime.defineModule("Puma");
+    RubyModule ssl = mPuma.defineModuleUnder("MiniSSL");
+
+    mPuma.defineClassUnder("SSLError",
+                           runtime.getClass("IOError"),
+                           runtime.getClass("IOError").getAllocator());
+
+    RubyClass eng = ssl.defineClassUnder("Engine",runtime.getObject(),ALLOCATOR);
+    eng.defineAnnotatedMethods(MiniSSL.class);
+  }
+
+  /**
+   * Fairly transparent wrapper around {@link java.nio.ByteBuffer} which adds the enhancements we need
+   */
+  private static class MiniSSLBuffer {
+    ByteBuffer buffer;
+
+    private MiniSSLBuffer(int capacity) { buffer = ByteBuffer.allocate(capacity); }
+    private MiniSSLBuffer(byte[] initialContents) { buffer = ByteBuffer.wrap(initialContents); }
+
+    public void clear() { buffer.clear(); }
+    public void compact() { buffer.compact(); }
+    public void flip() { buffer.flip(); }
+    public boolean hasRemaining() { return buffer.hasRemaining(); }
+    public int position() { return buffer.position(); }
+
+    public ByteBuffer getRawBuffer() {
+      return buffer;
+    }
+
+    /**
+     * Writes bytes to the buffer after ensuring there's room
+     */
+    public void put(byte[] bytes) {
+      if (buffer.remaining() < bytes.length) {
+        resize(buffer.limit() + bytes.length);
+      }
+      buffer.put(bytes);
+    }
+
+    /**
+     * Ensures that newCapacity bytes can be written to this buffer, only re-allocating if necessary
+     */
+    public void resize(int newCapacity) {
+      if (newCapacity > buffer.capacity()) {
+        ByteBuffer dstTmp = ByteBuffer.allocate(newCapacity);
+        buffer.flip();
+        dstTmp.put(buffer);
+        buffer = dstTmp;
+      } else {
+        buffer.limit(newCapacity);
+      }
+    }
+
+    /**
+     * Drains the buffer to a ByteList, or returns null for an empty buffer
+     */
+    public ByteList asByteList() {
+      buffer.flip();
+      if (!buffer.hasRemaining()) {
+        buffer.clear();
+        return null;
+      }
+
+      byte[] bss = new byte[buffer.limit()];
+
+      buffer.get(bss);
+      buffer.clear();
+      return new ByteList(bss);
+    }
+
+    @Override
+    public String toString() { return buffer.toString(); }
+  }
+
+  private SSLEngine engine;
+  private MiniSSLBuffer inboundNetData;
+  private MiniSSLBuffer outboundAppData;
+  private MiniSSLBuffer outboundNetData;
+
+  public MiniSSL(Ruby runtime, RubyClass klass) {
+    super(runtime, klass);
+  }
+
+  @JRubyMethod(meta = true)
+  public static IRubyObject server(ThreadContext context, IRubyObject recv, IRubyObject miniSSLContext) {
+    RubyClass klass = (RubyClass) recv;
+
+    return klass.newInstance(context,
+        new IRubyObject[] { miniSSLContext },
+        Block.NULL_BLOCK);
+  }
+
+  @JRubyMethod
+  public IRubyObject initialize(ThreadContext threadContext, IRubyObject miniSSLContext)
+      throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
+    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+
+    char[] password = miniSSLContext.callMethod(threadContext, "keystore_pass").convertToString().asJavaString().toCharArray();
+    ks.load(new FileInputStream(miniSSLContext.callMethod(threadContext, "keystore").convertToString().asJavaString()),
+        password);
+
+    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
+    kmf.init(ks, password);
+
+    SSLContext sslCtx = SSLContext.getInstance("TLS");
+
+    sslCtx.init(kmf.getKeyManagers(), null, null);
+    engine = sslCtx.createSSLEngine();
+
+    IRubyObject enableSSLv3 = miniSSLContext.callMethod(threadContext, "enable_SSLv3");
+    String[] protocols;
+    if (enableSSLv3 instanceof RubyBoolean && enableSSLv3.isTrue()) {
+      protocols = new String[] { "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" };
+    } else {
+      protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" };
+    }
+    engine.setEnabledProtocols(protocols);
+    engine.setUseClientMode(false);
+
+    SSLSession session = engine.getSession();
+    inboundNetData = new MiniSSLBuffer(session.getPacketBufferSize());
+    outboundAppData = new MiniSSLBuffer(session.getApplicationBufferSize());
+    outboundAppData.flip();
+    outboundNetData = new MiniSSLBuffer(session.getPacketBufferSize());
+
+    return this;
+  }
+
+  @JRubyMethod
+  public IRubyObject inject(IRubyObject arg) {
+    try {
+      byte[] bytes = arg.convertToString().getBytes();
+
+      log("Net Data post pre-inject: " + inboundNetData);
+      inboundNetData.put(bytes);
+      log("Net Data post post-inject: " + inboundNetData);
+
+      log("inject(): " + bytes.length + " encrypted bytes from request");
+      return this;
+    } catch (Exception e) {
+      e.printStackTrace();
+      throw new RuntimeException(e);
+    }
+  }
+
+  private enum SSLOperation {
+    WRAP,
+    UNWRAP
+  }
+
+  private SSLEngineResult doOp(SSLOperation sslOp, MiniSSLBuffer src, MiniSSLBuffer dst) throws SSLException {
+    SSLEngineResult res = null;
+    boolean retryOp = true;
+    while (retryOp) {
+      switch (sslOp) {
+        case WRAP:
+          res = engine.wrap(src.getRawBuffer(), dst.getRawBuffer());
+          break;
+        case UNWRAP:
+          res = engine.unwrap(src.getRawBuffer(), dst.getRawBuffer());
+          break;
+        default:
+          throw new IllegalStateException("Unknown SSLOperation: " + sslOp);
+      }
+
+      switch (res.getStatus()) {
+        case BUFFER_OVERFLOW:
+          log("SSLOp#doRun(): overflow");
+          log("SSLOp#doRun(): dst data at overflow: " + dst);
+          // increase the buffer size to accommodate the overflowing data
+          int newSize = Math.max(engine.getSession().getPacketBufferSize(), engine.getSession().getApplicationBufferSize());
+          dst.resize(newSize + dst.position());
+          // retry the operation
+          retryOp = true;
+          break;
+        case BUFFER_UNDERFLOW:
+          log("SSLOp#doRun(): underflow");
+          log("SSLOp#doRun(): src data at underflow: " + src);
+          // need to wait for more data to come in before we retry
+          retryOp = false;
+          break;
+        default:
+          // other cases are OK and CLOSED.  We're done here.
+          retryOp = false;
+      }
+    }
+
+    // after each op, run any delegated tasks if needed
+    if(engine.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
+      Runnable runnable;
+      while ((runnable = engine.getDelegatedTask()) != null) {
+        runnable.run();
+      }
+    }
+
+    return res;
+  }
+
+  @JRubyMethod
+  public IRubyObject read() throws Exception {
+    try {
+      inboundNetData.flip();
+
+      if(!inboundNetData.hasRemaining()) {
+        return getRuntime().getNil();
+      }
+
+      log("read(): inboundNetData prepped for read: " + inboundNetData);
+
+      MiniSSLBuffer inboundAppData = new MiniSSLBuffer(engine.getSession().getApplicationBufferSize());
+      SSLEngineResult res = doOp(SSLOperation.UNWRAP, inboundNetData, inboundAppData);
+      log("read(): after initial unwrap", engine, res);
+
+      log("read(): Net Data post unwrap: " + inboundNetData);
+
+      HandshakeStatus handshakeStatus = engine.getHandshakeStatus();
+      boolean done = false;
+      while (!done) {
+        switch (handshakeStatus) {
+          case NEED_WRAP:
+            res = doOp(SSLOperation.WRAP, inboundAppData, outboundNetData);
+            log("read(): after handshake wrap", engine, res);
+            break;
+          case NEED_UNWRAP:
+            res = doOp(SSLOperation.UNWRAP, inboundNetData, inboundAppData);
+            log("read(): after handshake unwrap", engine, res);
+            if (res.getStatus() == Status.BUFFER_UNDERFLOW) {
+              // need more data before we can shake more hands
+              done = true;
+            }
+            break;
+          default:
+            done = true;
+        }
+        handshakeStatus = engine.getHandshakeStatus();
+      }
+
+      if (inboundNetData.hasRemaining()) {
+        log("Net Data post pre-compact: " + inboundNetData);
+        inboundNetData.compact();
+        log("Net Data post post-compact: " + inboundNetData);
+      } else {
+        log("Net Data post pre-reset: " + inboundNetData);
+        inboundNetData.clear();
+        log("Net Data post post-reset: " + inboundNetData);
+      }
+
+      ByteList appDataByteList = inboundAppData.asByteList();
+      if (appDataByteList == null) {
+        return getRuntime().getNil();
+      }
+
+      RubyString str = getRuntime().newString("");
+      str.setValue(appDataByteList);
+
+      logPlain("\n");
+      log("read(): begin dump of request data >>>>\n");
+      if (str.asJavaString().getBytes().length < 1000) {
+        logPlain(str.asJavaString() + "\n");
+      }
+      logPlain("Num bytes: " + str.asJavaString().getBytes().length + "\n");
+      log("read(): end dump of request data   <<<<\n");
+      return str;
+    } catch (Exception e) {
+      e.printStackTrace();
+      throw new RuntimeException(e);
+    }
+  }
+
+  private static void log(String str, SSLEngine engine, SSLEngineResult result) {
+    if (DEBUG) {
+      log(str + " " + result.getStatus() + "/" + engine.getHandshakeStatus() +
+          "---bytes consumed: " + result.bytesConsumed() +
+          ", bytes produced: " + result.bytesProduced());
+    }
+  }
+
+  private static void log(String str) {
+    if (DEBUG) {
+      System.out.println("MiniSSL.java: " + str);
+    }
+  }
+
+  private static void logPlain(String str) {
+    if (DEBUG) {
+      System.out.println(str);
+    }
+  }
+
+  @JRubyMethod
+  public IRubyObject write(IRubyObject arg) {
+    try {
+      log("write(): begin dump of response data >>>>\n");
+      logPlain("\n");
+      if (arg.asJavaString().getBytes().length < 1000) {
+        logPlain(arg.asJavaString() + "\n");
+      }
+      logPlain("Num bytes: " + arg.asJavaString().getBytes().length + "\n");
+      log("write(): end dump of response data   <<<<\n");
+
+      byte[] bls = arg.convertToString().getBytes();
+      outboundAppData = new MiniSSLBuffer(bls);
+
+      return getRuntime().newFixnum(bls.length);
+    } catch (Exception e) {
+      e.printStackTrace();
+      throw new RuntimeException(e);
+    }
+  }
+
+  @JRubyMethod
+  public IRubyObject extract() throws SSLException {
+    try {
+      ByteList dataByteList = outboundNetData.asByteList();
+      if (dataByteList != null) {
+        RubyString str = getRuntime().newString("");
+        str.setValue(dataByteList);
+        return str;
+      }
+
+      if (!outboundAppData.hasRemaining()) {
+        return getRuntime().getNil();
+      }
+
+      outboundNetData.clear();
+      SSLEngineResult res = doOp(SSLOperation.WRAP, outboundAppData, outboundNetData);
+      log("extract(): bytes consumed: " + res.bytesConsumed() + "\n");
+      log("extract(): bytes produced: " + res.bytesProduced() + "\n");
+      dataByteList = outboundNetData.asByteList();
+      if (dataByteList == null) {
+        return getRuntime().getNil();
+      }
+
+      RubyString str = getRuntime().newString("");
+      str.setValue(dataByteList);
+
+      log("extract(): " + dataByteList.getRealSize() + " encrypted bytes for response");
+
+      return str;
+    } catch (Exception e) {
+      e.printStackTrace();
+      throw new RuntimeException(e);
+    }
+  }
+}

data/ext/puma_http11/puma_http11.c

@@ -0,0 +1,491 @@
+/**
+ * Copyright (c) 2005 Zed A. Shaw
+ * You can redistribute it and/or modify it under the same terms as Ruby.
+ */
+
+#define RSTRING_NOT_MODIFIED 1
+
+#include "ruby.h"
+#include "ext_help.h"
+#include <assert.h>
+#include <string.h>
+#include "http11_parser.h"
+
+#ifndef MANAGED_STRINGS
+
+#ifndef RSTRING_PTR
+#define RSTRING_PTR(s) (RSTRING(s)->ptr)
+#endif
+#ifndef RSTRING_LEN
+#define RSTRING_LEN(s) (RSTRING(s)->len)
+#endif
+
+#define rb_extract_chars(e, sz) (*sz = RSTRING_LEN(e), RSTRING_PTR(e))
+#define rb_free_chars(e) /* nothing */
+
+#endif
+
+static VALUE eHttpParserError;
+
+#define HTTP_PREFIX "HTTP_"
+#define HTTP_PREFIX_LEN (sizeof(HTTP_PREFIX) - 1)
+
+static VALUE global_request_method;
+static VALUE global_request_uri;
+static VALUE global_fragment;
+static VALUE global_query_string;
+static VALUE global_http_version;
+static VALUE global_request_path;
+
+/** Defines common length and error messages for input length validation. */
+#define DEF_MAX_LENGTH(N,length) const size_t MAX_##N##_LENGTH = length; const char *MAX_##N##_LENGTH_ERR = "HTTP element " # N  " is longer than the " # length " allowed length (was %d)"
+
+/** Validates the max length of given input and throws an HttpParserError exception if over. */
+#define VALIDATE_MAX_LENGTH(len, N) if(len > MAX_##N##_LENGTH) { rb_raise(eHttpParserError, MAX_##N##_LENGTH_ERR, len); }
+
+/** Defines global strings in the init method. */
+#define DEF_GLOBAL(N, val)   global_##N = rb_str_new2(val); rb_global_variable(&global_##N)
+
+
+/* Defines the maximum allowed lengths for various input elements.*/
+DEF_MAX_LENGTH(FIELD_NAME, 256);
+DEF_MAX_LENGTH(FIELD_VALUE, 80 * 1024);
+DEF_MAX_LENGTH(REQUEST_URI, 1024 * 12);
+DEF_MAX_LENGTH(FRAGMENT, 1024); /* Don't know if this length is specified somewhere or not */
+DEF_MAX_LENGTH(REQUEST_PATH, 2048);
+DEF_MAX_LENGTH(QUERY_STRING, (1024 * 10));
+DEF_MAX_LENGTH(HEADER, (1024 * (80 + 32)));
+
+struct common_field {
+	const size_t len;
+	const char *name;
+  int raw;
+	VALUE value;
+};
+
+/*
+ * A list of common HTTP headers we expect to receive.
+ * This allows us to avoid repeatedly creating identical string
+ * objects to be used with rb_hash_aset().
+ */
+static struct common_field common_http_fields[] = {
+# define f(N) { (sizeof(N) - 1), N, 0, Qnil }
+# define fr(N) { (sizeof(N) - 1), N, 1, Qnil }
+	f("ACCEPT"),
+	f("ACCEPT_CHARSET"),
+	f("ACCEPT_ENCODING"),
+	f("ACCEPT_LANGUAGE"),
+	f("ALLOW"),
+	f("AUTHORIZATION"),
+	f("CACHE_CONTROL"),
+	f("CONNECTION"),
+	f("CONTENT_ENCODING"),
+	fr("CONTENT_LENGTH"),
+	fr("CONTENT_TYPE"),
+	f("COOKIE"),
+	f("DATE"),
+	f("EXPECT"),
+	f("FROM"),
+	f("HOST"),
+	f("IF_MATCH"),
+	f("IF_MODIFIED_SINCE"),
+	f("IF_NONE_MATCH"),
+	f("IF_RANGE"),
+	f("IF_UNMODIFIED_SINCE"),
+	f("KEEP_ALIVE"), /* Firefox sends this */
+	f("MAX_FORWARDS"),
+	f("PRAGMA"),
+	f("PROXY_AUTHORIZATION"),
+	f("RANGE"),
+	f("REFERER"),
+	f("TE"),
+	f("TRAILER"),
+	f("TRANSFER_ENCODING"),
+	f("UPGRADE"),
+	f("USER_AGENT"),
+	f("VIA"),
+	f("X_FORWARDED_FOR"), /* common for proxies */
+	f("X_REAL_IP"), /* common for proxies */
+	f("WARNING")
+# undef f
+};
+
+/*
+ * qsort(3) and bsearch(3) improve average performance slightly, but may
+ * not be worth it for lack of portability to certain platforms...
+ */
+#if defined(HAVE_QSORT_BSEARCH)
+/* sort by length, then by name if there's a tie */
+static int common_field_cmp(const void *a, const void *b)
+{
+  struct common_field *cfa = (struct common_field *)a;
+  struct common_field *cfb = (struct common_field *)b;
+  signed long diff = cfa->len - cfb->len;
+  return diff ? diff : memcmp(cfa->name, cfb->name, cfa->len);
+}
+#endif /* HAVE_QSORT_BSEARCH */
+
+static void init_common_fields(void)
+{
+  unsigned i;
+  struct common_field *cf = common_http_fields;
+  char tmp[256]; /* MAX_FIELD_NAME_LENGTH */
+  memcpy(tmp, HTTP_PREFIX, HTTP_PREFIX_LEN);
+
+  for(i = 0; i < ARRAY_SIZE(common_http_fields); cf++, i++) {
+    if(cf->raw) {
+      cf->value = rb_str_new(cf->name, cf->len);
+    } else {
+      memcpy(tmp + HTTP_PREFIX_LEN, cf->name, cf->len + 1);
+      cf->value = rb_str_new(tmp, HTTP_PREFIX_LEN + cf->len);
+    }
+    rb_global_variable(&cf->value);
+  }
+
+#if defined(HAVE_QSORT_BSEARCH)
+  qsort(common_http_fields,
+        ARRAY_SIZE(common_http_fields),
+        sizeof(struct common_field),
+        common_field_cmp);
+#endif /* HAVE_QSORT_BSEARCH */
+}
+
+static VALUE find_common_field_value(const char *field, size_t flen)
+{
+#if defined(HAVE_QSORT_BSEARCH)
+  struct common_field key;
+  struct common_field *found;
+  key.name = field;
+  key.len = (signed long)flen;
+  found = (struct common_field *)bsearch(&key, common_http_fields,
+                                         ARRAY_SIZE(common_http_fields),
+                                         sizeof(struct common_field),
+                                         common_field_cmp);
+  return found ? found->value : Qnil;
+#else /* !HAVE_QSORT_BSEARCH */
+  unsigned i;
+  struct common_field *cf = common_http_fields;
+  for(i = 0; i < ARRAY_SIZE(common_http_fields); i++, cf++) {
+    if (cf->len == flen && !memcmp(cf->name, field, flen))
+      return cf->value;
+  }
+  return Qnil;
+#endif /* !HAVE_QSORT_BSEARCH */
+}
+
+void http_field(puma_parser* hp, const char *field, size_t flen,
+                                 const char *value, size_t vlen)
+{
+  VALUE v = Qnil;
+  VALUE f = Qnil;
+
+  VALIDATE_MAX_LENGTH(flen, FIELD_NAME);
+  VALIDATE_MAX_LENGTH(vlen, FIELD_VALUE);
+
+  v = rb_str_new(value, vlen);
+
+  f = find_common_field_value(field, flen);
+
+  if (f == Qnil) {
+    /*
+     * We got a strange header that we don't have a memoized value for.
+     * Fallback to creating a new string to use as a hash key.
+     */
+
+    size_t new_size = HTTP_PREFIX_LEN + flen;
+    assert(new_size < BUFFER_LEN);
+
+    memcpy(hp->buf, HTTP_PREFIX, HTTP_PREFIX_LEN);
+    memcpy(hp->buf + HTTP_PREFIX_LEN, field, flen);
+
+    f = rb_str_new(hp->buf, new_size);
+  }
+
+  rb_hash_aset(hp->request, f, v);
+}
+
+void request_method(puma_parser* hp, const char *at, size_t length)
+{
+  VALUE val = Qnil;
+
+  val = rb_str_new(at, length);
+  rb_hash_aset(hp->request, global_request_method, val);
+}
+
+void request_uri(puma_parser* hp, const char *at, size_t length)
+{
+  VALUE val = Qnil;
+
+  VALIDATE_MAX_LENGTH(length, REQUEST_URI);
+
+  val = rb_str_new(at, length);
+  rb_hash_aset(hp->request, global_request_uri, val);
+}
+
+void fragment(puma_parser* hp, const char *at, size_t length)
+{
+  VALUE val = Qnil;
+
+  VALIDATE_MAX_LENGTH(length, FRAGMENT);
+
+  val = rb_str_new(at, length);
+  rb_hash_aset(hp->request, global_fragment, val);
+}
+
+void request_path(puma_parser* hp, const char *at, size_t length)
+{
+  VALUE val = Qnil;
+
+  VALIDATE_MAX_LENGTH(length, REQUEST_PATH);
+
+  val = rb_str_new(at, length);
+  rb_hash_aset(hp->request, global_request_path, val);
+}
+
+void query_string(puma_parser* hp, const char *at, size_t length)
+{
+  VALUE val = Qnil;
+
+  VALIDATE_MAX_LENGTH(length, QUERY_STRING);
+
+  val = rb_str_new(at, length);
+  rb_hash_aset(hp->request, global_query_string, val);
+}
+
+void http_version(puma_parser* hp, const char *at, size_t length)
+{
+  VALUE val = rb_str_new(at, length);
+  rb_hash_aset(hp->request, global_http_version, val);
+}
+
+/** Finalizes the request header to have a bunch of stuff that's
+  needed. */
+
+void header_done(puma_parser* hp, const char *at, size_t length)
+{
+  hp->body = rb_str_new(at, length);
+}
+
+
+void HttpParser_free(void *data) {
+  TRACE();
+
+  if(data) {
+    xfree(data);
+  }
+}
+
+void HttpParser_mark(puma_parser* hp) {
+  if(hp->request) rb_gc_mark(hp->request);
+  if(hp->body) rb_gc_mark(hp->body);
+}
+
+VALUE HttpParser_alloc(VALUE klass)
+{
+  puma_parser *hp = ALLOC_N(puma_parser, 1);
+  TRACE();
+  hp->http_field = http_field;
+  hp->request_method = request_method;
+  hp->request_uri = request_uri;
+  hp->fragment = fragment;
+  hp->request_path = request_path;
+  hp->query_string = query_string;
+  hp->http_version = http_version;
+  hp->header_done = header_done;
+  hp->request = Qnil;
+
+  puma_parser_init(hp);
+
+  return Data_Wrap_Struct(klass, HttpParser_mark, HttpParser_free, hp);
+}
+
+/**
+ * call-seq:
+ *    parser.new -> parser
+ *
+ * Creates a new parser.
+ */
+VALUE HttpParser_init(VALUE self)
+{
+  puma_parser *http = NULL;
+  DATA_GET(self, puma_parser, http);
+  puma_parser_init(http);
+
+  return self;
+}
+
+
+/**
+ * call-seq:
+ *    parser.reset -> nil
+ *
+ * Resets the parser to it's initial state so that you can reuse it
+ * rather than making new ones.
+ */
+VALUE HttpParser_reset(VALUE self)
+{
+  puma_parser *http = NULL;
+  DATA_GET(self, puma_parser, http);
+  puma_parser_init(http);
+
+  return Qnil;
+}
+
+
+/**
+ * call-seq:
+ *    parser.finish -> true/false
+ *
+ * Finishes a parser early which could put in a "good" or bad state.
+ * You should call reset after finish it or bad things will happen.
+ */
+VALUE HttpParser_finish(VALUE self)
+{
+  puma_parser *http = NULL;
+  DATA_GET(self, puma_parser, http);
+  puma_parser_finish(http);
+
+  return puma_parser_is_finished(http) ? Qtrue : Qfalse;
+}
+
+
+/**
+ * call-seq:
+ *    parser.execute(req_hash, data, start) -> Integer
+ *
+ * Takes a Hash and a String of data, parses the String of data filling in the Hash
+ * returning an Integer to indicate how much of the data has been read.  No matter
+ * what the return value, you should call HttpParser#finished? and HttpParser#error?
+ * to figure out if it's done parsing or there was an error.
+ *
+ * This function now throws an exception when there is a parsing error.  This makes
+ * the logic for working with the parser much easier.  You can still test for an
+ * error, but now you need to wrap the parser with an exception handling block.
+ *
+ * The third argument allows for parsing a partial request and then continuing
+ * the parsing from that position.  It needs all of the original data as well
+ * so you have to append to the data buffer as you read.
+ */
+VALUE HttpParser_execute(VALUE self, VALUE req_hash, VALUE data, VALUE start)
+{
+  puma_parser *http = NULL;
+  int from = 0;
+  char *dptr = NULL;
+  long dlen = 0;
+
+  DATA_GET(self, puma_parser, http);
+
+  from = FIX2INT(start);
+  dptr = rb_extract_chars(data, &dlen);
+
+  if(from >= dlen) {
+    rb_free_chars(dptr);
+    rb_raise(eHttpParserError, "%s", "Requested start is after data buffer end.");
+  } else {
+    http->request = req_hash;
+    puma_parser_execute(http, dptr, dlen, from);
+
+    rb_free_chars(dptr);
+    VALIDATE_MAX_LENGTH(puma_parser_nread(http), HEADER);
+
+    if(puma_parser_has_error(http)) {
+      rb_raise(eHttpParserError, "%s", "Invalid HTTP format, parsing fails.");
+    } else {
+      return INT2FIX(puma_parser_nread(http));
+    }
+  }
+}
+
+
+
+/**
+ * call-seq:
+ *    parser.error? -> true/false
+ *
+ * Tells you whether the parser is in an error state.
+ */
+VALUE HttpParser_has_error(VALUE self)
+{
+  puma_parser *http = NULL;
+  DATA_GET(self, puma_parser, http);
+
+  return puma_parser_has_error(http) ? Qtrue : Qfalse;
+}
+
+
+/**
+ * call-seq:
+ *    parser.finished? -> true/false
+ *
+ * Tells you whether the parser is finished or not and in a good state.
+ */
+VALUE HttpParser_is_finished(VALUE self)
+{
+  puma_parser *http = NULL;
+  DATA_GET(self, puma_parser, http);
+
+  return puma_parser_is_finished(http) ? Qtrue : Qfalse;
+}
+
+
+/**
+ * call-seq:
+ *    parser.nread -> Integer
+ *
+ * Returns the amount of data processed so far during this processing cycle.  It is
+ * set to 0 on initialize or reset calls and is incremented each time execute is called.
+ */
+VALUE HttpParser_nread(VALUE self)
+{
+  puma_parser *http = NULL;
+  DATA_GET(self, puma_parser, http);
+
+  return INT2FIX(http->nread);
+}
+
+/**
+ * call-seq:
+ *    parser.body -> nil or String
+ *
+ * If the request included a body, returns it.
+ */
+VALUE HttpParser_body(VALUE self) {
+  puma_parser *http = NULL;
+  DATA_GET(self, puma_parser, http);
+
+  return http->body;
+}
+
+void Init_io_buffer(VALUE puma);
+void Init_mini_ssl(VALUE mod);
+
+void Init_puma_http11()
+{
+
+  VALUE mPuma = rb_define_module("Puma");
+  VALUE cHttpParser = rb_define_class_under(mPuma, "HttpParser", rb_cObject);
+
+  DEF_GLOBAL(request_method, "REQUEST_METHOD");
+  DEF_GLOBAL(request_uri, "REQUEST_URI");
+  DEF_GLOBAL(fragment, "FRAGMENT");
+  DEF_GLOBAL(query_string, "QUERY_STRING");
+  DEF_GLOBAL(http_version, "HTTP_VERSION");
+  DEF_GLOBAL(request_path, "REQUEST_PATH");
+
+  eHttpParserError = rb_define_class_under(mPuma, "HttpParserError", rb_eIOError);
+  rb_global_variable(&eHttpParserError);
+
+  rb_define_alloc_func(cHttpParser, HttpParser_alloc);
+  rb_define_method(cHttpParser, "initialize", HttpParser_init, 0);
+  rb_define_method(cHttpParser, "reset", HttpParser_reset, 0);
+  rb_define_method(cHttpParser, "finish", HttpParser_finish, 0);
+  rb_define_method(cHttpParser, "execute", HttpParser_execute, 3);
+  rb_define_method(cHttpParser, "error?", HttpParser_has_error, 0);
+  rb_define_method(cHttpParser, "finished?", HttpParser_is_finished, 0);
+  rb_define_method(cHttpParser, "nread", HttpParser_nread, 0);
+  rb_define_method(cHttpParser, "body", HttpParser_body, 0);
+  init_common_fields();
+
+  Init_io_buffer(mPuma);
+  Init_mini_ssl(mPuma);
+}