You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by jb...@apache.org on 2011/09/27 07:34:31 UTC

svn commit: r1176206 - in /cassandra/branches/cassandra-1.0.0: ./ CHANGES.txt src/java/org/apache/cassandra/security/SSLFactory.java

Author: jbellis
Date: Tue Sep 27 05:34:31 2011
New Revision: 1176206

URL: http://svn.apache.org/viewvc?rev=1176206&view=rev
Log:
merge #3257 from 0.8

Modified:
    cassandra/branches/cassandra-1.0.0/   (props changed)
    cassandra/branches/cassandra-1.0.0/CHANGES.txt
    cassandra/branches/cassandra-1.0.0/src/java/org/apache/cassandra/security/SSLFactory.java

Propchange: cassandra/branches/cassandra-1.0.0/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Sep 27 05:34:31 2011
@@ -1,7 +1,7 @@
 /cassandra/branches/cassandra-0.6:922689-1052356,1052358-1053452,1053454,1053456-1131291
 /cassandra/branches/cassandra-0.7:1026516-1170333,1172024
 /cassandra/branches/cassandra-0.7.0:1053690-1055654
-/cassandra/branches/cassandra-0.8:1090934-1125013,1125019-1175057,1175880
+/cassandra/branches/cassandra-0.8:1090934-1125013,1125019-1176205
 /cassandra/branches/cassandra-0.8.0:1125021-1130369
 /cassandra/branches/cassandra-0.8.1:1101014-1125018
 /cassandra/tags/cassandra-0.7.0-rc3:1051699-1053689

Modified: cassandra/branches/cassandra-1.0.0/CHANGES.txt
URL: http://svn.apache.org/viewvc/cassandra/branches/cassandra-1.0.0/CHANGES.txt?rev=1176206&r1=1176205&r2=1176206&view=diff
==============================================================================
--- cassandra/branches/cassandra-1.0.0/CHANGES.txt (original)
+++ cassandra/branches/cassandra-1.0.0/CHANGES.txt Tue Sep 27 05:34:31 2011
@@ -25,6 +25,7 @@
  * Fix sstableloader --ignores option (CASSANDRA-3247)
  * File descriptor limit increased in packaging (CASSANDRA-3206)
  * Fix deadlock in commit log during flush (CASSANDRA-3253)
+ * Fix FD leak when internode encryption is enabled (CASSANDRA-3257)
 
 
 1.0.0-beta1

Modified: cassandra/branches/cassandra-1.0.0/src/java/org/apache/cassandra/security/SSLFactory.java
URL: http://svn.apache.org/viewvc/cassandra/branches/cassandra-1.0.0/src/java/org/apache/cassandra/security/SSLFactory.java?rev=1176206&r1=1176205&r2=1176206&view=diff
==============================================================================
--- cassandra/branches/cassandra-1.0.0/src/java/org/apache/cassandra/security/SSLFactory.java (original)
+++ cassandra/branches/cassandra-1.0.0/src/java/org/apache/cassandra/security/SSLFactory.java Tue Sep 27 05:34:31 2011
@@ -25,7 +25,6 @@ import java.io.FileInputStream;
 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
-import java.net.SocketAddress;
 import java.security.KeyStore;
 
 import javax.net.ssl.KeyManagerFactory;
@@ -35,6 +34,7 @@ import javax.net.ssl.SSLSocket;
 import javax.net.ssl.TrustManagerFactory;
 
 import org.apache.cassandra.config.EncryptionOptions;
+import org.apache.cassandra.io.util.FileUtils;
 
 /**
  * A Factory for providing and setting up Client and Server SSL wrapped
@@ -46,7 +46,6 @@ public final class SSLFactory
     private static final String ALGORITHM = "SunX509";
     private static final String STORE_TYPE = "JKS";
 
-
     public static SSLServerSocket getServerSocket(EncryptionOptions options, InetAddress address, int port) throws IOException
     {
         SSLContext ctx = createSSLContext(options);
@@ -75,28 +74,39 @@ public final class SSLFactory
         return socket;
     }
 
-    private static SSLContext createSSLContext(EncryptionOptions options) throws IOException {
+    private static SSLContext createSSLContext(EncryptionOptions options) throws IOException
+    {
+        FileInputStream tsf = new FileInputStream(options.truststore);
+        FileInputStream ksf = new FileInputStream(options.keystore);
         SSLContext ctx;
-        try {
+        try
+        {
             ctx = SSLContext.getInstance(PROTOCOL);
-            TrustManagerFactory tmf = null;
-            KeyManagerFactory kmf = null;
+            TrustManagerFactory tmf;
+            KeyManagerFactory kmf;
 
             tmf = TrustManagerFactory.getInstance(ALGORITHM);
             KeyStore ts = KeyStore.getInstance(STORE_TYPE);
-            ts.load(new FileInputStream(options.truststore), options.truststore_password.toCharArray());
+            ts.load(tsf, options.truststore_password.toCharArray());
             tmf.init(ts);
 
             kmf = KeyManagerFactory.getInstance(ALGORITHM);
             KeyStore ks = KeyStore.getInstance(STORE_TYPE);
-            ks.load(new FileInputStream(options.keystore), options.keystore_password.toCharArray());
+            ks.load(ksf, options.keystore_password.toCharArray());
             kmf.init(ks, options.keystore_password.toCharArray());
 
             ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
 
-        } catch (Exception e) {
+        }
+        catch (Exception e)
+        {
             throw new IOException("Error creating the initializing the SSL Context", e);
         }
+        finally
+        {
+            FileUtils.closeQuietly(tsf);
+            FileUtils.closeQuietly(ksf);
+        }
         return ctx;
     }
 }