Index: /home/oglueck/projects/HttpClient-3/release_notes.txt =================================================================== --- /home/oglueck/projects/HttpClient-3/release_notes.txt (revision 514383) +++ /home/oglueck/projects/HttpClient-3/release_notes.txt (working copy) @@ -1,4 +1,7 @@ Changes since Release 3.1 Beta 1: +* [HTTPCLIENT-641] - Resource Leakage when loading keystore in AuthSSLProtocolSocketFactory. + Contributed by Hanson Char + * [HTTPCLIENT-634] - Default host config can override scheme of absolute URL. Contributed by John Kristian Index: /home/oglueck/projects/HttpClient-3/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java =================================================================== --- /home/oglueck/projects/HttpClient-3/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java (revision 514383) +++ /home/oglueck/projects/HttpClient-3/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java (working copy) @@ -31,6 +31,7 @@ package org.apache.commons.httpclient.contrib.ssl; import java.io.IOException; +import java.io.InputStream; import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.Socket; @@ -215,7 +216,13 @@ } LOG.debug("Initializing key store"); KeyStore keystore = KeyStore.getInstance("jks"); - keystore.load(url.openStream(), password != null ? password.toCharArray(): null); + InputStream is = null; + try { + is = url.openStream(); + keystore.load(is, password != null ? password.toCharArray(): null); + } finally { + if (is != null) is.close(); + } return keystore; } Index: /home/oglueck/projects/HttpClient-3/src/test/org/apache/commons/httpclient/ssl/SimpleSSLSocketFactory.java =================================================================== --- /home/oglueck/projects/HttpClient-3/src/test/org/apache/commons/httpclient/ssl/SimpleSSLSocketFactory.java (revision 514383) +++ /home/oglueck/projects/HttpClient-3/src/test/org/apache/commons/httpclient/ssl/SimpleSSLSocketFactory.java (working copy) @@ -31,6 +31,7 @@ package org.apache.commons.httpclient.ssl; import java.io.IOException; +import java.io.InputStream; import java.net.ServerSocket; import java.net.URL; import java.security.KeyStore; @@ -61,7 +62,13 @@ ClassLoader cl = SimpleSocketFactory.class.getClassLoader(); URL url = cl.getResource("org/apache/commons/httpclient/ssl/simpleserver.keystore"); KeyStore keystore = KeyStore.getInstance("jks"); - keystore.load(url.openStream(), "nopassword".toCharArray()); + InputStream is = null; + try { + is = url.openStream(); + keystore.load(is, "nopassword".toCharArray()); + } finally { + if (is != null) is.close(); + } KeyManagerFactory kmfactory = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm()); kmfactory.init(keystore, "nopassword".toCharArray()); Index: /home/oglueck/projects/HttpClient-3/src/test/org/apache/commons/httpclient/ssl/SimpleSSLTestProtocolSocketFactory.java =================================================================== --- /home/oglueck/projects/HttpClient-3/src/test/org/apache/commons/httpclient/ssl/SimpleSSLTestProtocolSocketFactory.java (revision 514383) +++ /home/oglueck/projects/HttpClient-3/src/test/org/apache/commons/httpclient/ssl/SimpleSSLTestProtocolSocketFactory.java (working copy) @@ -31,6 +31,7 @@ package org.apache.commons.httpclient.ssl; import java.io.IOException; +import java.io.InputStream; import java.net.InetAddress; import java.net.Socket; import java.net.URL; @@ -60,7 +61,13 @@ ClassLoader cl = SimpleSocketFactory.class.getClassLoader(); URL url = cl.getResource("org/apache/commons/httpclient/ssl/simpleserver.keystore"); KeyStore keystore = KeyStore.getInstance("jks"); - keystore.load(url.openStream(), "nopassword".toCharArray()); + InputStream is = null; + try { + is = url.openStream(); + keystore.load(is, "nopassword".toCharArray()); + } finally { + if (is != null) is.close(); + } TrustManagerFactory tmfactory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm()); tmfactory.init(keystore);