Author: jbellis Date: Tue Sep 27 05:34:31 2011 New Revision: 1176206 URL: http://svn.apache.org/viewvc?rev=1176206&view=rev Log: merge #3257 from 0.8
Modified: cassandra/branches/cassandra-1.0.0/ (props changed) cassandra/branches/cassandra-1.0.0/CHANGES.txt cassandra/branches/cassandra-1.0.0/src/java/org/apache/cassandra/security/SSLFactory.java Propchange: cassandra/branches/cassandra-1.0.0/ ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Tue Sep 27 05:34:31 2011 @@ -1,7 +1,7 @@ /cassandra/branches/cassandra-0.6:922689-1052356,1052358-1053452,1053454,1053456-1131291 /cassandra/branches/cassandra-0.7:1026516-1170333,1172024 /cassandra/branches/cassandra-0.7.0:1053690-1055654 -/cassandra/branches/cassandra-0.8:1090934-1125013,1125019-1175057,1175880 +/cassandra/branches/cassandra-0.8:1090934-1125013,1125019-1176205 /cassandra/branches/cassandra-0.8.0:1125021-1130369 /cassandra/branches/cassandra-0.8.1:1101014-1125018 /cassandra/tags/cassandra-0.7.0-rc3:1051699-1053689 Modified: cassandra/branches/cassandra-1.0.0/CHANGES.txt URL: http://svn.apache.org/viewvc/cassandra/branches/cassandra-1.0.0/CHANGES.txt?rev=1176206&r1=1176205&r2=1176206&view=diff ============================================================================== --- cassandra/branches/cassandra-1.0.0/CHANGES.txt (original) +++ cassandra/branches/cassandra-1.0.0/CHANGES.txt Tue Sep 27 05:34:31 2011 @@ -25,6 +25,7 @@ * Fix sstableloader --ignores option (CASSANDRA-3247) * File descriptor limit increased in packaging (CASSANDRA-3206) * Fix deadlock in commit log during flush (CASSANDRA-3253) + * Fix FD leak when internode encryption is enabled (CASSANDRA-3257) 1.0.0-beta1 Modified: cassandra/branches/cassandra-1.0.0/src/java/org/apache/cassandra/security/SSLFactory.java URL: http://svn.apache.org/viewvc/cassandra/branches/cassandra-1.0.0/src/java/org/apache/cassandra/security/SSLFactory.java?rev=1176206&r1=1176205&r2=1176206&view=diff ============================================================================== --- cassandra/branches/cassandra-1.0.0/src/java/org/apache/cassandra/security/SSLFactory.java (original) +++ cassandra/branches/cassandra-1.0.0/src/java/org/apache/cassandra/security/SSLFactory.java Tue Sep 27 05:34:31 2011 @@ -25,7 +25,6 @@ import java.io.FileInputStream; import java.io.IOException; import java.net.InetAddress; import java.net.InetSocketAddress; -import java.net.SocketAddress; import java.security.KeyStore; import javax.net.ssl.KeyManagerFactory; @@ -35,6 +34,7 @@ import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManagerFactory; import org.apache.cassandra.config.EncryptionOptions; +import org.apache.cassandra.io.util.FileUtils; /** * A Factory for providing and setting up Client and Server SSL wrapped @@ -46,7 +46,6 @@ public final class SSLFactory private static final String ALGORITHM = "SunX509"; private static final String STORE_TYPE = "JKS"; - public static SSLServerSocket getServerSocket(EncryptionOptions options, InetAddress address, int port) throws IOException { SSLContext ctx = createSSLContext(options); @@ -75,28 +74,39 @@ public final class SSLFactory return socket; } - private static SSLContext createSSLContext(EncryptionOptions options) throws IOException { + private static SSLContext createSSLContext(EncryptionOptions options) throws IOException + { + FileInputStream tsf = new FileInputStream(options.truststore); + FileInputStream ksf = new FileInputStream(options.keystore); SSLContext ctx; - try { + try + { ctx = SSLContext.getInstance(PROTOCOL); - TrustManagerFactory tmf = null; - KeyManagerFactory kmf = null; + TrustManagerFactory tmf; + KeyManagerFactory kmf; tmf = TrustManagerFactory.getInstance(ALGORITHM); KeyStore ts = KeyStore.getInstance(STORE_TYPE); - ts.load(new FileInputStream(options.truststore), options.truststore_password.toCharArray()); + ts.load(tsf, options.truststore_password.toCharArray()); tmf.init(ts); kmf = KeyManagerFactory.getInstance(ALGORITHM); KeyStore ks = KeyStore.getInstance(STORE_TYPE); - ks.load(new FileInputStream(options.keystore), options.keystore_password.toCharArray()); + ks.load(ksf, options.keystore_password.toCharArray()); kmf.init(ks, options.keystore_password.toCharArray()); ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - } catch (Exception e) { + } + catch (Exception e) + { throw new IOException("Error creating the initializing the SSL Context", e); } + finally + { + FileUtils.closeQuietly(tsf); + FileUtils.closeQuietly(ksf); + } return ctx; } }