Merge remote-tracking branch 'refs/remotes/upstream/master'

openlogic · Feb 24, 2015 · b3c114d · b3c114d
2 parents c001a0c + 9e65f4f
commit b3c114d
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 18 deletions.
diff --git a/src/main/java/org/jruby/ext/openssl/SSLSocket.java b/src/main/java/org/jruby/ext/openssl/SSLSocket.java
@@ -403,7 +403,6 @@ private static void writeWouldBlock(final Ruby runtime) {
 
     private void doHandshake(boolean blocking) throws IOException {
         while (true) {
-            SSLEngineResult res;
             boolean ready = waitSelect(SelectionKey.OP_READ | SelectionKey.OP_WRITE, blocking);
 
             // if not blocking, raise EAGAIN
@@ -437,8 +436,8 @@ private void doHandshake(boolean blocking) throws IOException {
                     while ( flushData(blocking) ) { /* loop */ }
                 }
                 netData.clear();
-                res = engine.wrap(dummy, netData);
-                handshakeStatus = res.getHandshakeStatus();
+                SSLEngineResult result = engine.wrap(dummy, netData);
+                handshakeStatus = result.getHandshakeStatus();
                 netData.flip();
                 flushData(blocking);
                 break;

diff --git a/src/main/java/org/jruby/ext/openssl/x509store/Lookup.java b/src/main/java/org/jruby/ext/openssl/x509store/Lookup.java
@@ -53,6 +53,7 @@
 import java.io.InputStreamReader;
 import java.io.Reader;
 import java.math.BigInteger;
+import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 import java.security.cert.CRL;
 import java.security.cert.PKIXParameters;
@@ -66,7 +67,6 @@
 import org.jruby.RubyHash;
 import org.jruby.ext.openssl.SecurityHelper;
 import org.jruby.util.JRubyFile;
-import org.jruby.util.SafePropertyAccessor;
 import org.jruby.util.io.ChannelDescriptor;
 import org.jruby.util.io.ChannelStream;
 import org.jruby.util.io.FileExistsException;
@@ -82,10 +82,10 @@ public class Lookup {
 
     boolean init = false;
     boolean skip = false;
-    
+
     final LookupMethod method;
     private final Ruby runtime;
-    
+
     Object methodData;
     Store store;
 
@@ -277,9 +277,8 @@ else if ( v instanceof CRL ) {
         return count;
     }
 
-    public int loadDefaultJavaCACertsFile() throws Exception {
-        final String certsFile = SafePropertyAccessor.getProperty("java.home") +
-            "/lib/security/cacerts".replace('/', File.separatorChar);
+    public int loadDefaultJavaCACertsFile() throws IOException, GeneralSecurityException {
+        final String certsFile = X509Utils.X509_CERT_FILE.replace('/', File.separatorChar);
         final FileInputStream fin = new FileInputStream(certsFile);
         int count = 0;
         try {
@@ -329,7 +328,7 @@ private String envEntry(final String key) {
     	RubyHash env = (RubyHash) runtime.getObject().getConstant("ENV");
         return (String) env.get( runtime.newString(key) );
     }
-    
+
     /**
      * c: X509_LOOKUP_free
      */
@@ -440,7 +439,7 @@ public int call(final Lookup ctx, final Integer cmd, final String argp, final Nu
                         file = ctx.envEntry( getDefaultCertificateFileEnvironment() );
                     }
                     catch (RuntimeException e) { }
-                    
+
                     if (file != null) {
                         ok = ctx.loadCertificateOrCRLFile(file, X509_FILETYPE_PEM) != 0 ? 1 : 0;
                     } else {
@@ -544,7 +543,7 @@ private int addCertificateDirectory(final LookupDir ctx, final String dir, final
                 return 0;
             }
 
-            String[] dirs = dir.split(SafePropertyAccessor.getProperty("path.separator"));
+            String[] dirs = dir.split(File.pathSeparator);
 
             for ( int i=0; i<dirs.length; i++ ) {
                 if ( dirs[i].length() == 0 ) {

diff --git a/src/main/java/org/jruby/ext/openssl/x509store/X509Utils.java b/src/main/java/org/jruby/ext/openssl/x509store/X509Utils.java
@@ -284,12 +284,22 @@ else if ( keyUsage != null && ! keyUsage[5] ) { // KU_KEY_CERT_SIGN
         return V_OK;
     }
 
-    public static final String OPENSSLDIR = "/usr/local/openssl";
-
-    public static final String X509_CERT_AREA = SafePropertyAccessor.getProperty("java.home") + "/lib/security";
-    public static final String X509_CERT_DIR = SafePropertyAccessor.getProperty("java.home") + "/lib/security";
-    public static final String X509_CERT_FILE = SafePropertyAccessor.getProperty("java.home") + "/lib/security" + "/cacerts";
-    public static final String X509_PRIVATE_DIR = "/usr/lib/ssl/private";
+    public static final String OPENSSLDIR;
+
+    public static final String X509_CERT_AREA;
+    public static final String X509_CERT_DIR;
+    public static final String X509_CERT_FILE;
+    public static final String X509_PRIVATE_DIR;
+
+    static {
+        OPENSSLDIR = "/usr/local/openssl"; // NOTE: blindly follow?!
+        // TODO usability in limited environments should be tested/reviewed
+        final String JAVA_HOME = SafePropertyAccessor.getProperty("java.home", "");
+        X509_CERT_AREA = JAVA_HOME + "/lib/security";
+        X509_CERT_DIR = X509_CERT_AREA;
+        X509_CERT_FILE = X509_CERT_DIR + "/cacerts";
+        X509_PRIVATE_DIR = "/usr/lib/ssl/private"; // NOTE: blindly follow?!
+    }
 
     public static final String X509_CERT_DIR_EVP = "SSL_CERT_DIR";
     public static final String X509_CERT_FILE_EVP = "SSL_CERT_FILE";