do some internal API cleanup ... public field sets are confusing to follow

Author: kares

src/main/java/org/jruby/ext/openssl/SSLContext.java

@@ -265,7 +265,6 @@ public SSLContext(Ruby runtime, RubyClass type) {
     private PKey t_key;
     private X509Cert t_cert;
 
-    /* TODO: should move to SSLSession after implemented */
     private int verifyResult = 1; /* avoid 0 (= X509_V_OK) just in case */
 
     //private int sessionCacheMode; // 2 default on MRI
@@ -409,7 +408,8 @@ public IRubyObject setup(final ThreadContext context) {
             // SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
         }
 
-        /* TODO: should be implemented for SSLSession
+        // NOTE: no API under javax.net to support session get/new/remove callbacks
+        /*
         val = ossl_sslctx_get_sess_id_ctx(self);
         if (!NIL_P(val)){
             StringValue(val);
@@ -883,15 +883,12 @@ private class InternalContext {
         StoreContext createStoreContext(final String purpose) {
             if ( store == null ) return null;
 
-            final StoreContext storeContext = new StoreContext();
-            if ( storeContext.init(store, null, null) == 0 ) {
-                return null;
-            }
+            final StoreContext storeContext = new StoreContext(store);
+            if ( storeContext.init(null, null) == 0 ) return null;
+
             // for verify_cb
             storeContext.setExtraData(1, store.getExtraData(1));
-            if ( purpose != null ) {
-                storeContext.setDefault(purpose);
-            }
+            if ( purpose != null ) storeContext.setDefault(purpose);
             storeContext.verifyParameter.inherit(store.verifyParameter);
             return storeContext;
         }

src/main/java/org/jruby/ext/openssl/X509StoreContext.java

@@ -79,11 +79,10 @@ private static RubyClass _StoreContext(final Ruby runtime) {
         return _X509(runtime).getClass("StoreContext");
     }
 
-    private final StoreContext storeContext;
+    private StoreContext storeContext;
 
     public X509StoreContext(Ruby runtime, RubyClass type) {
         super(runtime, type);
-        this.storeContext = new StoreContext();
     }
 
     // constructor for creating callback parameter object of verify_cb
@@ -115,19 +114,20 @@ public IRubyObject initialize(final ThreadContext context, final IRubyObject[] a
             if ( args.length > 2) chain = args[2];
         }
 
-        final X509AuxCertificate x509Cert = cert.isNil() ? null : ((X509Cert) cert).getAuxCert();
-        final List<X509AuxCertificate> x509Certs;
+        final X509AuxCertificate _cert = cert.isNil() ? null : ((X509Cert) cert).getAuxCert();
+        final List<X509AuxCertificate> _chain;
         if ( ! chain.isNil() ) {
             @SuppressWarnings("unchecked")
             final List<X509Cert> certs = (List<X509Cert>) chain; // RubyArray
-            x509Certs = new ArrayList<X509AuxCertificate>( certs.size() );
-            for ( X509Cert x : certs ) x509Certs.add( x.getAuxCert() );
+            _chain = new ArrayList<X509AuxCertificate>( certs.size() );
+            for ( X509Cert x : certs ) _chain.add( x.getAuxCert() );
         }
         else {
-            x509Certs = new ArrayList<X509AuxCertificate>(4);
+            _chain = new ArrayList<X509AuxCertificate>(4);
         }
 
-        if ( storeContext.init(store.getStore(), x509Cert, x509Certs) != 1 ) {
+        this.storeContext = new StoreContext(store.getStore());
+        if ( storeContext.init(_cert, _chain) != 1 ) {
             throw newStoreError(context.runtime, null);
         }
 

src/main/java/org/jruby/ext/openssl/impl/PKCS7.java

@@ -218,19 +218,19 @@ public static X509AuxCertificate findByIssuerAndSerial(
     /* c: PKCS7_get0_signers
      *
      */
-    public List<X509AuxCertificate> getSigners(Collection<X509AuxCertificate> certs, List<SignerInfoWithPkey> sinfos, int flags) throws PKCS7Exception {
-        List<X509AuxCertificate> signers = new ArrayList<X509AuxCertificate>();
-
-        if(!isSigned()) {
-            throw new PKCS7Exception(F_PKCS7_GET0_SIGNERS,R_WRONG_CONTENT_TYPE);
+    public List<X509AuxCertificate> getSigners(Collection<X509AuxCertificate> certs, Collection<SignerInfoWithPkey> infos, int flags) throws PKCS7Exception {
+        if ( ! isSigned() ) {
+            throw new PKCS7Exception(F_PKCS7_GET0_SIGNERS, R_WRONG_CONTENT_TYPE);
         }
 
-        if(sinfos.size() == 0) {
-            throw new PKCS7Exception(F_PKCS7_GET0_SIGNERS,R_NO_SIGNERS);
+        if ( infos == null || infos.size() == 0) {
+            throw new PKCS7Exception(F_PKCS7_GET0_SIGNERS, R_NO_SIGNERS);
         }
 
-        for(SignerInfoWithPkey si : sinfos) {
-            IssuerAndSerialNumber ias = si.getIssuerAndSerialNumber();
+        final ArrayList<X509AuxCertificate> signers = new ArrayList<X509AuxCertificate>(infos.size());
+
+        for ( final SignerInfoWithPkey info : infos ) {
+            final IssuerAndSerialNumber ias = info.getIssuerAndSerialNumber();
             X509AuxCertificate signer = null;
 //             System.err.println("looking for: " + ias.getName() + " and " + ias.getCertificateSerialNumber());
 //             System.err.println(" in: " + certs);
@@ -329,98 +329,90 @@ public void signatureVerify(BIO bio, SignerInfoWithPkey si, X509AuxCertificate x
      *
      */
     public void verify(Collection<X509AuxCertificate> certs, Store store, BIO indata, BIO out, int flags) throws PKCS7Exception {
-        if(!isSigned()) {
+        if ( ! isSigned() ) {
             throw new PKCS7Exception(F_PKCS7_VERIFY, R_WRONG_CONTENT_TYPE);
         }
 
-        if(getDetached() != 0 && indata == null) {
+        if ( getDetached() != 0 && indata == null ) {
             throw new PKCS7Exception(F_PKCS7_VERIFY, R_NO_CONTENT);
         }
 
-        List<SignerInfoWithPkey> sinfos = new ArrayList<SignerInfoWithPkey>(getSignerInfo());
-        if(sinfos.size() == 0) {
+        Collection<SignerInfoWithPkey> infos = getSignerInfo();
+        if ( infos == null || infos.size() == 0 ) {
             throw new PKCS7Exception(F_PKCS7_VERIFY, R_NO_SIGNATURES_ON_DATA);
         }
 
-        List<X509AuxCertificate> signers = getSigners(certs, sinfos, flags);
-        if(signers == null) {
+        List<X509AuxCertificate> signers = getSigners(certs, infos, flags);
+        if ( signers == null ) {
             throw new NotVerifiedPKCS7Exception();
         }
 
         /* Now verify the certificates */
-        if((flags & NOVERIFY) == 0) {
-            for(X509AuxCertificate signer : signers) {
-                StoreContext cert_ctx = new StoreContext();
-                if((flags & NOCHAIN) == 0) {
-                    if(cert_ctx.init(store, signer, new ArrayList<X509AuxCertificate>(getSign().getCert())) == 0) {
+        if ( (flags & NOVERIFY) == 0 ) {
+            for ( final X509AuxCertificate signer : signers ) {
+                final StoreContext certContext = new StoreContext(store);
+                if ( (flags & NOCHAIN) == 0 ) {
+                    if ( certContext.init(signer, new ArrayList<X509AuxCertificate>(getSign().getCert())) == 0 ) {
                         throw new PKCS7Exception(F_PKCS7_VERIFY, -1);
                     }
-                    cert_ctx.setPurpose(X509Utils.X509_PURPOSE_SMIME_SIGN);
-                } else if(cert_ctx.init(store, signer, null) == 0) {
+                    certContext.setPurpose(X509Utils.X509_PURPOSE_SMIME_SIGN);
+                }
+                else if ( certContext.init(signer, null) == 0 ) {
                     throw new PKCS7Exception(F_PKCS7_VERIFY, -1);
                 }
-                cert_ctx.setExtraData(1, store.getExtraData(1));
-                if((flags & NOCRL) == 0) {
-                    cert_ctx.setCRLs((List<X509CRL>)getSign().getCrl());
+                certContext.setExtraData(1, store.getExtraData(1));
+                if ( (flags & NOCRL) == 0 ) {
+                    certContext.setCRLs((List<X509CRL>) getSign().getCrl());
                 }
                 try {
-                    int i = cert_ctx.verifyCertificate();
+                    int i = certContext.verifyCertificate();
                     int j = 0;
-                    if(i <= 0) {
-                        j = cert_ctx.getError();
+                    if (i <= 0) {
+                        j = certContext.getError();
                     }
-                    cert_ctx.cleanup();
-                    if(i <= 0) {
+                    certContext.cleanup();
+                    if ( i <= 0 ) {
                         throw new PKCS7Exception(F_PKCS7_VERIFY, R_CERTIFICATE_VERIFY_ERROR, "Verify error:" + X509Utils.verifyCertificateErrorString(j));
                     }
-                } catch(PKCS7Exception e) {
+                }
+                catch (PKCS7Exception e) {
                     throw e;
-                } catch(Exception e) {
+                }
+                catch (Exception e) {
                     throw new PKCS7Exception(F_PKCS7_VERIFY, R_CERTIFICATE_VERIFY_ERROR, e);
                 }
             }
         }
 
         BIO tmpin = indata;
         BIO p7bio = dataInit(tmpin);
-        BIO tmpout;
-        if((flags & TEXT) != 0) {
-            tmpout = BIO.mem();
-        } else {
-            tmpout = out;
-        }
+        final BIO tmpout = ( flags & TEXT ) != 0 ? BIO.mem() : out;
 
-        byte[] buf = new byte[4096];
+        final byte[] buf = new byte[4096];
         for(;;) {
             try {
-                int i = p7bio.read(buf, 0, buf.length);
-                if(i <= 0) {
-                    break;
-                }
-                if(tmpout != null) {
-                    tmpout.write(buf, 0, i);
-                }
-            } catch(IOException e) {
+                final int i = p7bio.read(buf, 0, buf.length);
+                if ( i <= 0 ) break;
+                if (tmpout != null) tmpout.write(buf, 0, i);
+            }
+            catch (IOException e) {
                 throw new PKCS7Exception(F_PKCS7_VERIFY, -1, e);
             }
         }
 
-        if((flags & TEXT) != 0) {
+        if ( (flags & TEXT) != 0 ) {
             new SMIME(Mime.DEFAULT).text(tmpout, out);
         }
 
-        if((flags & NOSIGS) == 0) {
-            for(int i=0; i<sinfos.size(); i++) {
-                SignerInfoWithPkey si = sinfos.get(i);
-                X509AuxCertificate signer = signers.get(i);
-                signatureVerify(p7bio, si, signer);
+        if ( (flags & NOSIGS) == 0 ) {
+            int i = 0; for ( SignerInfoWithPkey info : infos ) {
+                X509AuxCertificate signer = signers.get(i++);
+                signatureVerify(p7bio, info, signer);
             }
         }
 
-        if(tmpin == indata) {
-            if(indata != null) {
-                p7bio.pop();
-            }
+        if ( tmpin == indata ) {
+            if ( indata != null ) p7bio.pop();
         }
     }
 

src/main/java/org/jruby/ext/openssl/x509store/Certificate.java

@@ -34,7 +34,11 @@
  */
 public class Certificate extends X509Object {
 
-    public X509AuxCertificate x509;
+    public final X509AuxCertificate x509;
+
+    public Certificate(final X509AuxCertificate cert) {
+        this.x509 = cert;
+    }
 
     @Override
     public int type() {

src/main/java/org/jruby/ext/openssl/x509store/Store.java

@@ -281,8 +281,7 @@ private static Lookup findLookupMethod(final Lookup[] lookups, final LookupMetho
     public int addCertificate(final X509Certificate cert) {
         if ( cert == null ) return 0;
 
-        final Certificate certObj = new Certificate();
-        certObj.x509 = StoreContext.ensureAux(cert);
+        final Certificate certObj = new Certificate(StoreContext.ensureAux(cert));
 
         final X509Object[] objects = this.objects;
         if ( matchedObject(objects, certObj) ) {