public IRubyObject initialize()

in ext/puma_http11/org/jruby/puma/MiniSSL.java [141:197]

• 45 lines of code
• 6 McCabe index (conditional complexity)

  public IRubyObject initialize(ThreadContext threadContext, IRubyObject miniSSLContext)
      throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
    KeyStore ts = KeyStore.getInstance(KeyStore.getDefaultType());

    char[] password = miniSSLContext.callMethod(threadContext, "keystore_pass").convertToString().asJavaString().toCharArray();
    String keystoreFile = miniSSLContext.callMethod(threadContext, "keystore").convertToString().asJavaString();
    ks.load(new FileInputStream(keystoreFile), password);
    ts.load(new FileInputStream(keystoreFile), password);

    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    kmf.init(ks, password);

    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
    tmf.init(ts);

    SSLContext sslCtx = SSLContext.getInstance("TLS");

    sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
    engine = sslCtx.createSSLEngine();

    String[] protocols;
    if(miniSSLContext.callMethod(threadContext, "no_tlsv1").isTrue()) {
        protocols = new String[] { "TLSv1.1", "TLSv1.2" };
    } else {
        protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" };
    }

    if(miniSSLContext.callMethod(threadContext, "no_tlsv1_1").isTrue()) {
        protocols = new String[] { "TLSv1.2" };
    }

    engine.setEnabledProtocols(protocols);
    engine.setUseClientMode(false);

    long verify_mode = miniSSLContext.callMethod(threadContext, "verify_mode").convertToInteger().getLongValue();
    if ((verify_mode & 0x1) != 0) { // 'peer'
        engine.setWantClientAuth(true);
    }
    if ((verify_mode & 0x2) != 0) { // 'force_peer'
        engine.setNeedClientAuth(true);
    }

    IRubyObject sslCipherListObject = miniSSLContext.callMethod(threadContext, "ssl_cipher_list");
    if (!sslCipherListObject.isNil()) {
      String[] sslCipherList = sslCipherListObject.convertToString().asJavaString().split(",");
      engine.setEnabledCipherSuites(sslCipherList);
    }

    SSLSession session = engine.getSession();
    inboundNetData = new MiniSSLBuffer(session.getPacketBufferSize());
    outboundAppData = new MiniSSLBuffer(session.getApplicationBufferSize());
    outboundAppData.flip();
    outboundNetData = new MiniSSLBuffer(session.getPacketBufferSize());

    return this;
  }