use JRubyFile to get input-stream to file-resource fixes #11

this is just a mix of the old code, the new code and what the ChannelDescriptor
of jruby-1.7.x is doing. but works only for jruby-1.7.14 or newer with a fallback
to new code.

Sponsored by Lookout Inc.

Author: mkristian

Mavenfile

@@ -78,7 +78,7 @@ end
 
 # NOTE: unfortunately we can not use 1.6.8 to generate invokers ...
 # although we'd like to compile against 1.6 to make sure all is well
-jar 'org.jruby:jruby-core', '1.7.10', :scope => :provided  # 1.6.8
+jar 'org.jruby:jruby-core', '1.7.16', :scope => :provided  # 1.6.8
 jar 'junit:junit', '4.11', :scope => :test
 
 jruby_plugin! :gem do

pom.xml

@@ -73,7 +73,7 @@
     <dependency>
       <groupId>org.jruby</groupId>
       <artifactId>jruby-core</artifactId>
-      <version>1.7.10</version>
+      <version>1.7.16</version>
       <scope>provided</scope>
     </dependency>
     <dependency>

src/main/java/org/jruby/ext/openssl/SSLContext.java

@@ -336,7 +336,7 @@ public IRubyObject setup(final ThreadContext context) {
         String caPath = getCaPath();
         if (caFile != null || caPath != null) {
             try {
-                if (internalContext.store.loadLocations(caFile, caPath) == 0) {
+                if (internalContext.store.loadLocations(runtime, caFile, caPath) == 0) {
                     runtime.getWarnings().warn(ID.MISCELLANEOUS, "can't set verify locations");
                 }
             }

src/main/java/org/jruby/ext/openssl/X509Store.java

@@ -27,6 +27,10 @@
  ***** END LICENSE BLOCK *****/
 package org.jruby.ext.openssl;
 
+import static org.jruby.ext.openssl.OpenSSL.debugStackTrace;
+import static org.jruby.ext.openssl.OpenSSL.warn;
+import static org.jruby.ext.openssl.X509._X509;
+
 import org.jruby.Ruby;
 import org.jruby.RubyClass;
 import org.jruby.RubyFixnum;
@@ -35,22 +39,17 @@
 import org.jruby.RubyObject;
 import org.jruby.anno.JRubyMethod;
 import org.jruby.exceptions.RaiseException;
-import org.jruby.ext.openssl.x509store.X509AuxCertificate;
 import org.jruby.ext.openssl.x509store.Store;
 import org.jruby.ext.openssl.x509store.StoreContext;
+import org.jruby.ext.openssl.x509store.X509AuxCertificate;
+import org.jruby.ext.openssl.x509store.X509Error;
 import org.jruby.ext.openssl.x509store.X509Utils;
 import org.jruby.runtime.Arity;
 import org.jruby.runtime.Block;
 import org.jruby.runtime.ObjectAllocator;
 import org.jruby.runtime.ThreadContext;
-import org.jruby.runtime.builtin.IRubyObject;
 import org.jruby.runtime.Visibility;
-
-import static org.jruby.ext.openssl.OpenSSL.debugStackTrace;
-import static org.jruby.ext.openssl.OpenSSL.isDebug;
-import static org.jruby.ext.openssl.OpenSSL.warn;
-import static org.jruby.ext.openssl.X509._X509;
-import org.jruby.ext.openssl.x509store.X509Error;
+import org.jruby.runtime.builtin.IRubyObject;
 
 /**
  * @author <a href="mailto:[email protected]">Ola Bini</a>
@@ -164,11 +163,11 @@ public IRubyObject add_path(final ThreadContext context, final IRubyObject arg)
     @JRubyMethod
     public IRubyObject add_file(final IRubyObject arg) {
         String file = arg.toString();
+        final Ruby runtime = getRuntime();
         try {
-            store.loadLocations(file, null);
+            store.loadLocations(runtime, file, null);
         }
         catch (Exception e) {
-            final Ruby runtime = getRuntime();
             debugStackTrace(runtime, e);
             throw newStoreError(runtime, "loading file failed: ", e);
         }
@@ -179,7 +178,7 @@ public IRubyObject add_file(final IRubyObject arg) {
     public IRubyObject set_default_paths(final ThreadContext context) {
         final Ruby runtime = context.runtime;
         try {
-            store.setDefaultPaths();
+            store.setDefaultPaths(runtime);
         }
         catch (Exception e) {
             debugStackTrace(runtime, e);

src/main/java/org/jruby/ext/openssl/x509store/Lookup.java

@@ -27,33 +27,47 @@
  ***** END LICENSE BLOCK *****/
 package org.jruby.ext.openssl.x509store;
 
+import static org.jruby.ext.openssl.x509store.X509Utils.CRYPTO_LOCK_X509_STORE;
+import static org.jruby.ext.openssl.x509store.X509Utils.X509_FILETYPE_ASN1;
+import static org.jruby.ext.openssl.x509store.X509Utils.X509_FILETYPE_DEFAULT;
+import static org.jruby.ext.openssl.x509store.X509Utils.X509_FILETYPE_PEM;
+import static org.jruby.ext.openssl.x509store.X509Utils.X509_LU_CRL;
+import static org.jruby.ext.openssl.x509store.X509Utils.X509_LU_FAIL;
+import static org.jruby.ext.openssl.x509store.X509Utils.X509_LU_X509;
+import static org.jruby.ext.openssl.x509store.X509Utils.X509_L_ADD_DIR;
+import static org.jruby.ext.openssl.x509store.X509Utils.X509_L_FILE_LOAD;
+import static org.jruby.ext.openssl.x509store.X509Utils.X509_R_BAD_X509_FILETYPE;
+import static org.jruby.ext.openssl.x509store.X509Utils.X509_R_INVALID_DIRECTORY;
+import static org.jruby.ext.openssl.x509store.X509Utils.X509_R_LOADING_CERT_DIR;
+import static org.jruby.ext.openssl.x509store.X509Utils.X509_R_LOADING_DEFAULTS;
+import static org.jruby.ext.openssl.x509store.X509Utils.X509_R_WRONG_LOOKUP_TYPE;
+import static org.jruby.ext.openssl.x509store.X509Utils.getDefaultCertificateDirectoryEnvironment;
+import static org.jruby.ext.openssl.x509store.X509Utils.getDefaultCertificateFileEnvironment;
+
 import java.io.BufferedInputStream;
+import java.io.BufferedReader;
 import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
 import java.io.IOException;
-import java.io.Reader;
 import java.io.InputStream;
-import java.io.BufferedReader;
-import java.io.FileInputStream;
 import java.io.InputStreamReader;
-
+import java.io.Reader;
 import java.math.BigInteger;
-
 import java.security.KeyStore;
+import java.security.cert.CRL;
 import java.security.cert.PKIXParameters;
 import java.security.cert.TrustAnchor;
 import java.security.cert.X509Certificate;
-import java.security.cert.CRL;
-
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Iterator;
 
 import org.jruby.Ruby;
 import org.jruby.RubyHash;
-
 import org.jruby.ext.openssl.SecurityHelper;
-
-import static org.jruby.ext.openssl.x509store.X509Utils.*;
+import org.jruby.util.FileResource;
+import org.jruby.util.JRubyFile;
 
 /**
  * X509_LOOKUP
@@ -65,17 +79,19 @@ public class Lookup {
     boolean init = false;
     boolean skip = false;
     final LookupMethod method;
+    final Ruby runtime;
     Object methodData;
     Store store;
 
     /**
      * c: X509_LOOKUP_new
      */
-    public Lookup(LookupMethod method) {
+    public Lookup(Ruby runtime, LookupMethod method) {
         if ( method == null ) {
             throw new IllegalArgumentException("null method");
         }
         this.method = method;
+        this.runtime = runtime;
 
         final LookupMethod.NewItemFunction newItem = method.newItem;
         if ( newItem != null && newItem != Function1.EMPTY ) {
@@ -278,7 +294,29 @@ public int loadDefaultJavaCACertsFile() throws Exception {
     }
 
     private InputStream wrapJRubyNormalizedInputStream(String file) throws IOException {
-        return new BufferedInputStream(new FileInputStream(file));
+        try {
+            FileResource resource = JRubyFile.createResource(runtime, file);
+            if(!resource.exists()) {
+                throw new FileNotFoundException(file + " (No such file or directory)");
+            }
+            if(resource.isDirectory()) {
+                throw new IOException(file + " is a directory");
+            }
+            InputStream is = resource.openInputStream();
+            if (is instanceof BufferedInputStream) {
+                return is;
+            }
+            else {
+                return new BufferedInputStream(is);
+            }
+        }
+        catch(NoSuchMethodError e){
+            File f = new File(file);
+            if(!f.isAbsolute()) {
+                f = new File(runtime.getCurrentDirectory(), file);
+            }
+            return new BufferedInputStream(new FileInputStream(f));
+        }
     }
 
     /**

src/main/java/org/jruby/ext/openssl/x509store/Store.java

@@ -27,13 +27,19 @@
  ***** END LICENSE BLOCK *****/
 package org.jruby.ext.openssl.x509store;
 
+import static org.jruby.ext.openssl.x509store.X509Utils.CRYPTO_LOCK_X509_STORE;
+import static org.jruby.ext.openssl.x509store.X509Utils.X509_FILETYPE_DEFAULT;
+import static org.jruby.ext.openssl.x509store.X509Utils.X509_FILETYPE_PEM;
+import static org.jruby.ext.openssl.x509store.X509Utils.X509_R_CERT_ALREADY_IN_HASH_TABLE;
+
 import java.io.FileNotFoundException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.List;
+
 import javax.net.ssl.X509TrustManager;
 
-import static org.jruby.ext.openssl.x509store.X509Utils.*;
+import org.jruby.Ruby;
 
 /**
  * c: X509_STORE
@@ -244,11 +250,11 @@ public int setParam(VerifyParameter pm) {
     /**
      * c: X509_STORE_add_lookup
      */
-    public Lookup addLookup(final LookupMethod method) throws Exception {
+    public Lookup addLookup(Ruby runtime, final LookupMethod method) throws Exception {
         for ( Lookup lookup : certificateMethods ) {
             if ( lookup.equals(method) ) return lookup;
         }
-        Lookup lookup = new Lookup(method);
+        Lookup lookup = new Lookup(runtime, method);
         lookup.store = this;
         certificateMethods.add(lookup);
         return lookup;
@@ -300,9 +306,9 @@ public int addCRL(final java.security.cert.CRL crl) {
     /**
      * c: X509_STORE_load_locations
      */
-    public int loadLocations(String file, String path) throws Exception {
+    public int loadLocations(Ruby runtime, String file, String path) throws Exception {
         if ( file != null ) {
-            final Lookup lookup = addLookup( Lookup.fileLookup() );
+            final Lookup lookup = addLookup( runtime, Lookup.fileLookup() );
             if ( lookup == null ) {
                 return 0;
             }
@@ -312,7 +318,7 @@ public int loadLocations(String file, String path) throws Exception {
         }
 
         if ( path != null ) {
-            final Lookup lookup = addLookup( Lookup.hashDirLookup() );
+            final Lookup lookup = addLookup( runtime, Lookup.hashDirLookup() );
             if ( lookup == null ) {
                 return 0;
             }
@@ -328,9 +334,9 @@ public int loadLocations(String file, String path) throws Exception {
     /**
      * c: X509_STORE_set_default_paths
      */
-    public int setDefaultPaths() throws Exception {
+    public int setDefaultPaths(Ruby runtime) throws Exception {
 
-        Lookup lookup = addLookup(Lookup.fileLookup());
+        Lookup lookup = addLookup(runtime, Lookup.fileLookup());
         //if ( lookup == null ) return 0;
 
         try {
@@ -340,7 +346,7 @@ public int setDefaultPaths() throws Exception {
             // set_default_paths ignores FileNotFound
         }
 
-        lookup = addLookup(Lookup.hashDirLookup());
+        lookup = addLookup(runtime, Lookup.hashDirLookup());
         //if ( lookup == null ) return 0;
 
         try {

src/main/java/org/jruby/ext/openssl/x509store/StoreContext.java

@@ -32,18 +32,18 @@
 import java.security.cert.X509CRL;
 import java.security.cert.X509Certificate;
 import java.security.cert.X509Extension;
-
+import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.Collection;
 import java.util.Date;
-import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
-import java.util.HashSet;
 
 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1Sequence;
+import org.jruby.Ruby;
 import org.jruby.ext.openssl.SecurityHelper;
 
 /**
@@ -448,7 +448,7 @@ private void resetSettingsToWithoutStore() {
     /**
      * c: SSL_CTX_load_verify_locations
      */
-    public int loadVerifyLocations(String CAfile, String CApath) {
+    public int loadVerifyLocations(Ruby runtime, String CAfile, String CApath) {
         boolean reset = false;
         try {
             if ( store == null ) {
@@ -483,7 +483,7 @@ public int loadVerifyLocations(String CAfile, String CApath) {
                 }
             }
 
-            final int ret = store.loadLocations(CAfile, CApath);
+            final int ret = store.loadLocations(runtime, CAfile, CApath);
             if ( ret == 0 && reset ) resetSettingsToWithoutStore();
 
             return ret;

src/test/java/org/jruby/ext/openssl/SecurityHelperTest.java

@@ -1,13 +1,20 @@
 
 package org.jruby.ext.openssl;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.fail;
+
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
 import java.security.cert.CertificateException;
 
-import org.junit.*;
-import static org.junit.Assert.*;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
 
 /**
  * @author kares