Make input streams buffered and close them after use

Several input streams were unbuffered and others were not closed
after use.

(cherry picked from commit 1cf4d85)

Conflicts:
	jsse/src/main/java/org/globus/gsi/jsse/GlobusSSLHelper.java

gridftp/src/main/java/org/globus/ftp/examples/LocalCredentialHelper.java

@@ -1,9 +1,5 @@
 package org.globus.ftp.examples;
 
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.globus.util.ConfigUtil;
@@ -12,6 +8,10 @@
 import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSException;
 
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+
 public class LocalCredentialHelper {
 
     private Log log = LogFactory.getLog(LocalCredentialHelper.class);
@@ -23,11 +23,14 @@ public GSSCredential getDefaultCredential() throws IOException, GSSException {
     }
 
     public GSSCredential getCredential(File proxyFile) throws IOException, GSSException {
-        
+
         byte[] proxyBytes = new byte[(int) proxyFile.length()];
         FileInputStream in = new FileInputStream(proxyFile);
-        in.read(proxyBytes);
-        in.close();
+        try {
+            in.read(proxyBytes);
+        } finally {
+            in.close();
+        }
         ExtendedGSSManager manager = (ExtendedGSSManager) ExtendedGSSManager.getInstance();
         return manager.createCredential(proxyBytes, ExtendedGSSCredential.IMPEXP_OPAQUE,
                 GSSCredential.DEFAULT_LIFETIME, null, GSSCredential.INITIATE_AND_ACCEPT);

gridftp/src/test/java/org/globus/ftp/test/SimpleTarTransfer.java

@@ -1,79 +1,83 @@
-package org.globus.ftp.test;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import org.globus.ftp.GridFTPClient;
-import org.globus.ftp.Session;
-import org.globus.gsi.gssapi.auth.IdentityAuthorization;
-import org.globus.util.ConfigUtil;
-import org.gridforum.jgss.ExtendedGSSCredential;
-import org.gridforum.jgss.ExtendedGSSManager;
-import org.ietf.jgss.GSSCredential;
-import org.ietf.jgss.GSSException;
-
-public class SimpleTarTransfer {
-
-    public static void main(String[] args) throws Exception {
-        String tarAlias = "tar";
-        String host = "localhost";//args[0];
-        int port = 60000;//new Integer(args[1]).intValue();
-        String sourceParentDir = "/tmp";// args[2];
-        String sourceDir = "tartest";//args[3];
-        String destFile = "/tmp/target.tar";
-
-        GSSCredential cred = getDefaultCredential();
-        String tarCommand = createDownloadTarSiteCommand(sourceParentDir, sourceDir, tarAlias);
-        GridFTPClient client = createClient(host, port, cred, tarCommand);
-        downloadTarToFile(client, sourceDir, destFile);
-    }
-
-    static GridFTPClient createClient(String host, int port, GSSCredential cred, String tarCommand) throws Exception {
-        GridFTPClient client = null;
-        client = new GridFTPClient(host, port);
-        client.setAuthorization(new IdentityAuthorization("/O=Grid/OU=GlobusTest/OU=simpleCA-ubuntu/CN=Vijay Anand"));
-        client.authenticate(cred);
-        client.setType(Session.TYPE_IMAGE);
-        try {
-            client.site(tarCommand);
-        } catch (Exception e) {
-            throw new Exception("popen driver not supported", e);
-        }
-        client.setPassive();
-        client.setLocalActive();
-        return client;
-    }
-
-    static String createDownloadTarSiteCommand(String sourceParentDir, String sourceDir, String tarAlias) {
-        StringBuffer sb = new StringBuffer();
-        sb.append("SETDISKSTACK popen:argv=#");
-        sb.append(tarAlias);
-        sb.append("#cf#-#-C#");
-        sb.append(sourceParentDir);
-        sb.append("#");
-        sb.append(sourceDir);
-        return sb.toString();
-    }
-
-    static void downloadTarToFile(GridFTPClient client, String sourceDir, String destFile) throws Exception {
-        try {
-            client.get(sourceDir, new File(destFile));
-        } finally {
-            if (client != null) {
-                client.close(true);
-            }
-        }
-    }
-
-    static GSSCredential getDefaultCredential() throws IOException, GSSException {
-        File proxyFile = new File(ConfigUtil.discoverProxyLocation());
-        byte[] proxyBytes = new byte[(int) proxyFile.length()];
-        FileInputStream in = new FileInputStream(proxyFile);
-        in.read(proxyBytes);
-        in.close();
-        ExtendedGSSManager manager = (ExtendedGSSManager) ExtendedGSSManager.getInstance();
-        return manager.createCredential(proxyBytes, ExtendedGSSCredential.IMPEXP_OPAQUE,
-            GSSCredential.DEFAULT_LIFETIME, null, GSSCredential.INITIATE_AND_ACCEPT);
-    }
-
-}
+package org.globus.ftp.test;
+
+import org.globus.ftp.GridFTPClient;
+import org.globus.ftp.Session;
+import org.globus.gsi.gssapi.auth.IdentityAuthorization;
+import org.globus.util.ConfigUtil;
+import org.gridforum.jgss.ExtendedGSSCredential;
+import org.gridforum.jgss.ExtendedGSSManager;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+
+public class SimpleTarTransfer {
+
+    public static void main(String[] args) throws Exception {
+        String tarAlias = "tar";
+        String host = "localhost";//args[0];
+        int port = 60000;//new Integer(args[1]).intValue();
+        String sourceParentDir = "/tmp";// args[2];
+        String sourceDir = "tartest";//args[3];
+        String destFile = "/tmp/target.tar";
+
+        GSSCredential cred = getDefaultCredential();
+        String tarCommand = createDownloadTarSiteCommand(sourceParentDir, sourceDir, tarAlias);
+        GridFTPClient client = createClient(host, port, cred, tarCommand);
+        downloadTarToFile(client, sourceDir, destFile);
+    }
+
+    static GridFTPClient createClient(String host, int port, GSSCredential cred, String tarCommand) throws Exception {
+        GridFTPClient client = null;
+        client = new GridFTPClient(host, port);
+        client.setAuthorization(new IdentityAuthorization("/O=Grid/OU=GlobusTest/OU=simpleCA-ubuntu/CN=Vijay Anand"));
+        client.authenticate(cred);
+        client.setType(Session.TYPE_IMAGE);
+        try {
+            client.site(tarCommand);
+        } catch (Exception e) {
+            throw new Exception("popen driver not supported", e);
+        }
+        client.setPassive();
+        client.setLocalActive();
+        return client;
+    }
+
+    static String createDownloadTarSiteCommand(String sourceParentDir, String sourceDir, String tarAlias) {
+        StringBuffer sb = new StringBuffer();
+        sb.append("SETDISKSTACK popen:argv=#");
+        sb.append(tarAlias);
+        sb.append("#cf#-#-C#");
+        sb.append(sourceParentDir);
+        sb.append("#");
+        sb.append(sourceDir);
+        return sb.toString();
+    }
+
+    static void downloadTarToFile(GridFTPClient client, String sourceDir, String destFile) throws Exception {
+        try {
+            client.get(sourceDir, new File(destFile));
+        } finally {
+            if (client != null) {
+                client.close(true);
+            }
+        }
+    }
+
+    static GSSCredential getDefaultCredential() throws IOException, GSSException {
+        File proxyFile = new File(ConfigUtil.discoverProxyLocation());
+        byte[] proxyBytes = new byte[(int) proxyFile.length()];
+        FileInputStream in = new FileInputStream(proxyFile);
+        try {
+            in.read(proxyBytes);
+        } finally {
+            in.close();
+        }
+        ExtendedGSSManager manager = (ExtendedGSSManager) ExtendedGSSManager.getInstance();
+        return manager.createCredential(proxyBytes, ExtendedGSSCredential.IMPEXP_OPAQUE,
+            GSSCredential.DEFAULT_LIFETIME, null, GSSCredential.INITIATE_AND_ACCEPT);
+    }
+
+}

jsse/src/main/java/org/globus/gsi/jsse/GlobusSSLHelper.java

@@ -18,6 +18,7 @@
 import org.apache.commons.logging.LogFactory;
 import org.globus.gsi.stores.Stores;
 
+import java.io.BufferedInputStream;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
@@ -37,7 +38,7 @@
 /**
  * This is a utility class designed to simplify common tasks required for
  * configuring the globus ssl support.
- * 
+ *
  * @version 1.0
  * @since 1.0
  */
@@ -52,7 +53,7 @@ private GlobusSSLHelper() {
 	 * Create a trust store using the supplied details. Java SSL requires the
 	 * trust store to be supplied as a java.security.KeyStore, so this will
 	 * create a KeyStore containing all of the Trust Anchors.
-	 * 
+	 *
 	 * @param provider
 	 *            The Java security provider to use.
 	 * @param trustAnchorStoreType
@@ -79,9 +80,13 @@ public static KeyStore buildTrustStore(String provider,
 						provider);
 			}
 			InputStream keyStoreInput = getStream(trustAnchorStoreLocation);
-			trustAnchorStore.load(keyStoreInput,
+                        try {
+                            trustAnchorStore.load(new BufferedInputStream(keyStoreInput),
 					trustAnchorStorePassword == null ? null
 							: trustAnchorStorePassword.toCharArray());
+                        } finally {
+                            keyStoreInput.close();
+                        }
 			return trustAnchorStore;
 		} catch (KeyStoreException e) {
 			throw new GlobusSSLConfigurationException(e);
@@ -99,7 +104,7 @@ public static KeyStore buildTrustStore(String provider,
 	/**
 	 * Create a configured CredentialStore using the supplied parameters. The
 	 * credential store is a java.security.KeyStore.
-	 * 
+	 *
 	 * @param provider
 	 *            The Java security provider to use.
 	 * @param credentialStoreType
@@ -126,9 +131,13 @@ public static KeyStore findCredentialStore(String provider,
 						provider);
 			}
 			InputStream keyStoreInput = getStream(credentialStoreLocation);
-			credentialStore.load(keyStoreInput,
+                        try {
+                            credentialStore.load(new BufferedInputStream(keyStoreInput),
 					credentialStorePassword == null ? null
 							: credentialStorePassword.toCharArray());
+                        } finally {
+                            keyStoreInput.close();
+                        }
 			return credentialStore;
 		} catch (KeyStoreException e) {
 			throw new GlobusSSLConfigurationException(e);
@@ -173,7 +182,7 @@ private static InputStream getStream(String url)
 	 * both CRL's and non-trusted certs. For the purposes of this method, we
 	 * assume that only crl's will be loaded. This can only be used with the
 	 * Globus provided Certificate Store.
-	 * 
+	 *
 	 * @param crlPattern
 	 *            The pattern which defines the locations of the CRL's
 	 * @return A configured Java CertStore containing the specified CRL's

ssl-proxies/src/main/java/org/globus/gsi/stores/ResourceCRL.java

@@ -16,15 +16,14 @@
 package org.globus.gsi.stores;
 
 import org.globus.gsi.util.CertificateLoadUtil;
+import org.globus.util.GlobusResource;
 
+import java.io.BufferedInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.GeneralSecurityException;
 import java.security.cert.X509CRL;
 
-
-import org.globus.util.GlobusResource;
-
 /**
  * Created by IntelliJ IDEA.
  * User: turtlebender
@@ -55,19 +54,20 @@ public X509CRL getCrl() throws ResourceStoreException {
 
     @Override
     protected X509CRL create(GlobusResource resource) throws ResourceStoreException {
-        InputStream is = null;
         try {
-            is = resource.getInputStream();
-            return CertificateLoadUtil.loadCrl(is);
+            InputStream is = resource.getInputStream();
+            try {
+                return CertificateLoadUtil.loadCrl(new BufferedInputStream(is));
+            } finally {
+                try {
+                    is.close();
+                } catch (IOException ignored) {
+                }
+            }
         } catch (IOException e) {
             throw new ResourceStoreException(e);
         } catch (GeneralSecurityException e) {
             throw new ResourceStoreException(e);
-        } finally {
-            try {
-                if (is != null) is.close();
-            } catch (IOException e) {
-            }
         }
     }
 

ssl-proxies/src/main/java/org/globus/gsi/stores/ResourceTrustAnchor.java

@@ -17,15 +17,16 @@
 
 import org.globus.gsi.util.CertificateIOUtil;
 import org.globus.gsi.util.CertificateLoadUtil;
+import org.globus.util.GlobusResource;
 
+import java.io.BufferedInputStream;
 import java.io.IOException;
+import java.io.InputStream;
 import java.security.GeneralSecurityException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.TrustAnchor;
 import java.security.cert.X509Certificate;
 
-import org.globus.util.GlobusResource;
-
 
 /**
  * Created by IntelliJ IDEA.
@@ -65,7 +66,15 @@ public TrustAnchor getTrustAnchor() throws ResourceStoreException {
     protected TrustAnchor create(GlobusResource globusResource) throws ResourceStoreException {
         X509Certificate certificate;
         try {
-            certificate = CertificateLoadUtil.loadCertificate(globusResource.getInputStream());
+            InputStream inputStream = globusResource.getInputStream();
+            try {
+                certificate = CertificateLoadUtil.loadCertificate(new BufferedInputStream(inputStream));
+            } finally {
+                try {
+                    inputStream.close();
+                } catch (IOException ignored) {
+                }
+            }
         } catch (IOException e) {
             throw new ResourceStoreException(e);
         } catch (GeneralSecurityException e) {