Merge pull request #4268 from jruby/test-jossl-0.9.18

upgrade jruby-openssl to 0.9.18
jruby · Nov 11, 2016 · ff193c4 · eregon · Nov 13, 2016 · kares
2 parents 64de113 + 0b14a1a
commit ff193c4
Show file tree

Hide file tree

Showing 7 changed files with 41 additions and 16 deletions.
diff --git a/core/src/main/java/org/jruby/Ruby.java b/core/src/main/java/org/jruby/Ruby.java
@@ -1797,7 +1797,7 @@ private void initBuiltins() {
         // we define the classes at boot because we need them
         addBuiltinIfAllowed("thread.rb", Library.DUMMY);
 
-        if(RubyInstanceConfig.NATIVE_NET_PROTOCOL) {
+        if (RubyInstanceConfig.NATIVE_NET_PROTOCOL) {
             addLazyBuiltin("net/protocol.rb", "net/protocol", "org.jruby.ext.net.protocol.NetProtocolBufferedIOLibrary");
         }
 

diff --git a/core/src/main/java/org/jruby/RubyInstanceConfig.java b/core/src/main/java/org/jruby/RubyInstanceConfig.java
@@ -1753,7 +1753,7 @@ public boolean isTruffle() {
     /**
      * Enable use of the native Java version of the 'net/protocol' library.
      *
-     * Set with the <tt>jruby.thread.pool.max</tt> system property.
+     * Set with the <tt>jruby.native.net.protocol</tt> system property.
      */
     public static final boolean NATIVE_NET_PROTOCOL = Options.NATIVE_NET_PROTOCOL.load();
 
@@ -1892,11 +1892,11 @@ public boolean isTruffle() {
     private static int initGlobalJavaVersion() {
         final String specVersion = Options.BYTECODE_VERSION.load();
         switch ( specVersion ) {
-            case "1.6" : return Opcodes.V1_6;
-            case "1.7" : return Opcodes.V1_7;
-            case "1.8" : return Opcodes.V1_8;
+            case "1.6" : return Opcodes.V1_6; // 50
+            case "1.7" : return Opcodes.V1_7; // 51
+            case "1.8" : case "8" : return Opcodes.V1_8; // 52
             // NOTE: JDK 9 now returns "9" instead of "1.9"
-            case "1.9" : case "9" : return Opcodes.V1_8; // +1
+            case "1.9" : case "9" : return Opcodes.V1_8 + 1; // 53
             default :
                 System.err.println("unsupported Java version \"" + specVersion + "\", defaulting to 1.7");
                 return Opcodes.V1_7;

diff --git a/core/src/main/java/org/jruby/compiler/JITCompiler.java b/core/src/main/java/org/jruby/compiler/JITCompiler.java
@@ -421,10 +421,14 @@ public static String getHashForBytes(byte[] bytes) {
         }
     }
 
+    private static boolean java7InvokeDynamic() {
+        return RubyInstanceConfig.JAVA_VERSION == Opcodes.V1_7 || Options.COMPILE_INVOKEDYNAMIC.load() == true;
+    }
+
     public static class MethodJITClassGenerator {
         public MethodJITClassGenerator(String className, String methodName, String key, Ruby ruby, MixedModeIRMethod method, JVMVisitor visitor) {
             this.packageName = JITCompiler.RUBY_JIT_PREFIX;
-            if (RubyInstanceConfig.JAVA_VERSION == Opcodes.V1_7 || Options.COMPILE_INVOKEDYNAMIC.load() == true) {
+            if ( java7InvokeDynamic() ) {
                 // Some versions of Java 7 seems to have a bug that leaks definitions across cousin classloaders
                 // so we force the class name to be unique to this runtime.
 
@@ -519,7 +523,7 @@ public String toString() {
     public static class BlockJITClassGenerator {
         public BlockJITClassGenerator(String className, String methodName, String key, Ruby ruby, MixedModeIRBlockBody body, JVMVisitor visitor) {
             this.packageName = JITCompiler.RUBY_JIT_PREFIX;
-            if (RubyInstanceConfig.JAVA_VERSION == Opcodes.V1_7 || Options.COMPILE_INVOKEDYNAMIC.load() == true) {
+            if ( java7InvokeDynamic() ) {
                 // Some versions of Java 7 seems to have a bug that leaks definitions across cousin classloaders
                 // so we force the class name to be unique to this runtime.
 

diff --git a/core/src/main/java/org/jruby/util/SecurityHelper.java b/core/src/main/java/org/jruby/util/SecurityHelper.java
@@ -6,6 +6,9 @@
 
 import java.lang.reflect.Field;
 import java.lang.reflect.Modifier;
+import java.security.Security;
+
+import static org.jruby.RubyInstanceConfig.JAVA_VERSION;
 
 public abstract class SecurityHelper {
 
@@ -14,9 +17,14 @@ public abstract class SecurityHelper {
 
     // attempt to enable unlimited-strength crypto on OracleJDK
     public static void checkCryptoRestrictions(final Ruby runtime) {
-        if ( !attempted) {
+        if ( ! attempted ) {
             attempted = true;
-            setNonRestricted();
+            if ( JAVA_VERSION >= 53 ) {
+                setNonRestrictedJava9();
+            }
+            else {
+                setNonRestrictedJava8();
+            }
             // NOTE: this is not 'really' enough and there's more to be done :
             // JceSecurity#defaultPolicy should add: javax.crypto.CryptoAllPermission
             //
@@ -25,7 +33,20 @@ public static void checkCryptoRestrictions(final Ruby runtime) {
         }
     }
 
-    private static boolean setNonRestricted() {
+    private static boolean setNonRestrictedJava9() {
+        try {
+            if (Security.getProperty("crypto.policy") == null) {
+                Security.setProperty("crypto.policy", "unlimited");
+            }
+            return true;
+        }
+        catch (Exception e) {
+            if (LOG.isDebugEnabled()) LOG.debug("unable un-restrict jce security: ", e);
+        }
+        return false;
+    }
+
+    private static boolean setNonRestrictedJava8() {
         try {
             Class jceSecurity = Class.forName("javax.crypto.JceSecurity");
             Field isRestricted = jceSecurity.getDeclaredField("isRestricted");

diff --git a/core/src/main/java/org/jruby/util/cli/Options.java b/core/src/main/java/org/jruby/util/cli/Options.java
@@ -144,7 +144,7 @@ public class Options {
     public static final Option<Boolean> OBJECTSPACE_ENABLED = bool(MISCELLANEOUS, "objectspace.enabled", false, "Enable or disable ObjectSpace.each_object.");
     public static final Option<Boolean> SIPHASH_ENABLED = bool(MISCELLANEOUS, "siphash.enabled", false, "Enable or disable SipHash for String hash function.");
     public static final Option<Boolean> LAUNCH_INPROC = bool(MISCELLANEOUS, "launch.inproc", false, "Set in-process launching of e.g. system('ruby ...').");
-    public static final Option<String> BYTECODE_VERSION = string(MISCELLANEOUS, "bytecode.version", new String[]{"1.6", "1.7", "1.8"}, SafePropertyAccessor.getProperty("java.specification.version", "1.7"), "Specify the major Java bytecode version.");
+    public static final Option<String> BYTECODE_VERSION = string(MISCELLANEOUS, "bytecode.version", new String[]{"1.6", "1.7", "1.8", "1.9"}, SafePropertyAccessor.getProperty("java.specification.version", "1.7"), "Specify the major Java bytecode version.");
     public static final Option<Boolean> MANAGEMENT_ENABLED = bool(MISCELLANEOUS, "management.enabled", false, "Set whether JMX management is enabled.");
     public static final Option<Boolean> JUMP_BACKTRACE = bool(MISCELLANEOUS, "jump.backtrace", false, "Make non-local flow jumps generate backtraces.");
     public static final Option<Boolean> PROCESS_NOUNWRAP = bool(MISCELLANEOUS, "process.noUnwrap", false, "Do not unwrap process streams (issue on some recent JVMs).");

diff --git a/lib/pom.rb b/lib/pom.rb
@@ -26,7 +26,7 @@ def initialize( name, version, default_spec = true )
 
 default_gems =
   [
-   ImportedGem.new( 'jruby-openssl', '0.9.17' ),
+   ImportedGem.new( 'jruby-openssl', '0.9.18' ),
    ImportedGem.new( 'jruby-readline', '1.1.1' ),
    ImportedGem.new( 'rake', '${rake.version}' ),
    ImportedGem.new( 'rdoc', '${rdoc.version}' ),

diff --git a/lib/pom.xml b/lib/pom.xml
@@ -34,7 +34,7 @@ DO NOT MODIFIY - GENERATED CODE
     <dependency>
       <groupId>rubygems</groupId>
       <artifactId>jruby-openssl</artifactId>
-      <version>0.9.17</version>
+      <version>0.9.18</version>
       <type>gem</type>
       <scope>provided</scope>
       <exclusions>
@@ -313,7 +313,7 @@ DO NOT MODIFIY - GENERATED CODE
       <plugin>
         <groupId>io.takari.polyglot</groupId>
         <artifactId>polyglot-maven-plugin</artifactId>
-        <version>0.1.15</version>
+        <version>0.1.16</version>
         <executions>
           <execution>
             <id>install_gems</id>
@@ -364,7 +364,7 @@ DO NOT MODIFIY - GENERATED CODE
           <dependency>
             <groupId>io.takari.polyglot</groupId>
             <artifactId>polyglot-ruby</artifactId>
-            <version>0.1.15</version>
+            <version>0.1.16</version>
           </dependency>
         </dependencies>
       </plugin>