[refactor] cleanup + more OP_NO_xxx filtering

kares · kares · commit dd782678c98b · 2020-06-14T20:08:54.000+02:00
diff --git a/src/main/java/org/jruby/ext/openssl/SSLContext.java b/src/main/java/org/jruby/ext/openssl/SSLContext.java
@@ -620,8 +620,7 @@ private static SSLEngine dummySSLEngine(final String protocol) throws GeneralSec
     }
 
     // should keep SSLContext as a member for introducin SSLSession. later...
-    final SSLEngine createSSLEngine(String peerHost, int peerPort)
-        throws NoSuchAlgorithmException, KeyManagementException {
+    final SSLEngine createSSLEngine(String peerHost, int peerPort) {
         final SSLEngine engine;
         // an empty peerHost implies no SNI (RFC 3546) support requested
         if ( peerHost == null || peerHost.length() == 0 ) {
@@ -639,12 +638,9 @@ final SSLEngine createSSLEngine(String peerHost, int peerPort)
     }
 
     private String[] getCipherSuites(final String[] supported) {
-        Collection<CipherStrings.Def> cipherDefs =
-                CipherStrings.matchingCiphers(this.ciphers, supported, true);
+        Collection<CipherStrings.Def> cipherDefs = CipherStrings.matchingCiphers(this.ciphers, supported, true);
         final String[] result = new String[ cipherDefs.size() ]; int i = 0;
-        for ( CipherStrings.Def def : cipherDefs ) {
-            result[ i++ ] = def.getCipherSuite();
-        }
+        for ( CipherStrings.Def def : cipherDefs ) result[ i++ ] = def.getCipherSuite();
         return result;
     }
 
@@ -655,15 +651,12 @@ private String[] getEnabledProtocols(final SSLEngine engine) {
             final String[] engineProtocols = engine.getEnabledProtocols();
             final List<String> protocols = new ArrayList<String>(enabledProtocols.length);
             for ( final String enabled : enabledProtocols ) {
-                if (((options & SSL.OP_NO_SSLv2) != 0) && enabled.equals("SSLv2")) {
-                    continue;
-                }
-                if (((options & SSL.OP_NO_SSLv3) != 0) && enabled.equals("SSLv3")) {
-                    continue;
-                }
-                if (((options & SSL.OP_NO_TLSv1) != 0) && enabled.equals("TLSv1")) {
-                    continue;
-                }
+                if (((options & OP_NO_SSLv2) != 0) && enabled.equals("SSLv2")) continue;
+                if (((options & OP_NO_SSLv3) != 0) && enabled.equals("SSLv3")) continue;
+                if (((options & OP_NO_TLSv1) != 0) && enabled.equals("TLSv1")) continue;
+                if (((options & OP_NO_TLSv1_1) != 0) && enabled.equals("TLSv1.1")) continue;
+                if (((options & OP_NO_TLSv1_2) != 0) && enabled.equals("TLSv1.2")) continue;
+                if (((options & OP_NO_TLSv1_3) != 0) && enabled.equals("TLSv1.3")) continue;
                 for ( final String allowed : engineProtocols ) {
                     if ( allowed.equals(enabled) ) protocols.add(allowed);
                 }
diff --git a/src/main/java/org/jruby/ext/openssl/SSLSocket.java b/src/main/java/org/jruby/ext/openssl/SSLSocket.java
@@ -208,8 +208,7 @@ private IRubyObject fallback_set_io_nonblock_checked(ThreadContext context, Ruby
         return context.nil;
     }
 
-    private SSLEngine ossl_ssl_setup(final ThreadContext context)
-        throws NoSuchAlgorithmException, KeyManagementException {
+    private SSLEngine ossl_ssl_setup(final ThreadContext context) {
         SSLEngine engine = this.engine;
         if ( engine != null ) return engine;
 
@@ -301,16 +300,6 @@ private IRubyObject connectImpl(final ThreadContext context, final boolean block
             forceClose();
             throw newSSLErrorFromHandshake(context.runtime, e);
         }
-        catch (NoSuchAlgorithmException e) {
-            debugStackTrace(context.runtime, e);
-            forceClose();
-            throw newSSLError(context.runtime, e);
-        }
-        catch (KeyManagementException e) {
-            debugStackTrace(context.runtime, e);
-            forceClose();
-            throw newSSLError(context.runtime, e);
-        }
         catch (IOException e) {
             //debugStackTrace(context.runtime, e);
             forceClose();
@@ -391,14 +380,6 @@ private IRubyObject acceptImpl(final ThreadContext context, final boolean blocki
             }
             throw newSSLErrorFromHandshake(context.runtime, e);
         }
-        catch (NoSuchAlgorithmException e) {
-            debugStackTrace(context.runtime, e);
-            throw newSSLError(context.runtime, e);
-        }
-        catch (KeyManagementException e) {
-            debugStackTrace(context.runtime, e);
-            throw newSSLError(context.runtime, e);
-        }
         catch (IOException e) {
             debugStackTrace(context.runtime, e);
             throw newSSLError(context.runtime, e);
diff --git a/src/main/java/org/jruby/ext/openssl/StringHelper.java b/src/main/java/org/jruby/ext/openssl/StringHelper.java
@@ -129,15 +129,6 @@ static RubyString readInput(final ThreadContext context, final IRubyObject arg)
     static final ByteList NEW_LINE = new ByteList(new byte[] { '\n' }, false);
     static final ByteList COMMA_SPACE = new ByteList(new byte[] { ',',' ' }, false);
 
-    static void gsub(final Ruby runtime, final ByteList str, final byte match, final byte replace) {
-        final int begin = str.getBegin();
-        final int slen = str.getRealSize();
-        final byte[] bytes = str.getUnsafeBytes();
-        for ( int i = begin; i < begin + slen; i++ ) {
-            if ( bytes[i] == match ) bytes[i] = replace;
-        }
-    }
-
     static final char[] S20 = new char[] {
         ' ',' ',' ',' ',  ' ',' ',' ',' ',
         ' ',' ',' ',' ',  ' ',' ',' ',' ',
diff --git a/src/main/java/org/jruby/ext/openssl/x509store/X509Utils.java b/src/main/java/org/jruby/ext/openssl/x509store/X509Utils.java
@@ -421,11 +421,11 @@ else if (maybeCertFile != null && new File(maybeCertFile).exists()) {
     public static final int	V_FLAG_STRICT = 0x20;
     public static final int	V_FLAG_X509_STRICT = 0x20;
     public static final int	V_FLAG_ALLOW_PROXY_CERTS = 0x40;
-    public static final int     V_FLAG_POLICY_CHECK = 0x80;
-    public static final int     V_FLAG_EXPLICIT_POLICY = 0x100;
+    public static final int V_FLAG_POLICY_CHECK = 0x80;
+    public static final int V_FLAG_EXPLICIT_POLICY = 0x100;
     public static final int	V_FLAG_INHIBIT_ANY = 0x200;
-    public static final int     V_FLAG_INHIBIT_MAP = 0x400;
-    public static final int     V_FLAG_NOTIFY_POLICY = 0x800;
+    public static final int V_FLAG_INHIBIT_MAP = 0x400;
+    public static final int V_FLAG_NOTIFY_POLICY = 0x800;
 
     public static final int VP_FLAG_DEFAULT = 0x1;
     public static final int VP_FLAG_OVERWRITE = 0x2;
