Author: mturk
Date: Sat Sep 17 07:02:26 2011
New Revision: 1171920
URL: http://svn.apache.org/viewvc?rev=1171920&view=rev
Log:
Reuse bio byte arrays
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java?rev=1171920&r1=1171919&r2=1171920&view=diff
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
(original)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
Sat Sep 17 07:02:26 2011
@@ -34,24 +34,28 @@ public final class SSLServer extends Nat
// Hide NativePointer
private final long pointer = 0L;
- private final String name;
+ private final String hostId;
private static native long new0(String name);
private static native void close0(long srv);
private SSLServer()
{
- name = null;
+ hostId = null;
}
/**
* Creates a new server instance.
*
- * @param name server name
+ * @param hostId server's host id
+ * @throws NullPointerException if hostId is {@code null}.
*/
- public SSLServer(String name)
+ public SSLServer(String hostId)
+ throws NullPointerException
{
- this.name = name;
- super.pointer = new0(this.name);
+ if (hostId == null)
+ throw new NullPointerException();
+ this.hostId = hostId;
+ super.pointer = new0(this.hostId);
}
/**
@@ -72,12 +76,13 @@ public final class SSLServer extends Nat
}
/**
- * Gets this server's name.
- * @return server name
+ * Gets this server's host id.
+ *
+ * @return server host id
*/
- public final String getName()
+ public final String getHostId()
{
- return name;
+ return hostId;
}
}
Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1171920&r1=1171919&r2=1171920&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Sat Sep 17
07:02:26 2011
@@ -185,7 +185,6 @@
#define SSL_BIO_FLAG_RDONLY 1
#define SSL_BIO_FLAG_CALLBACK 2
#define SSL_DEFAULT_CACHE_SIZE 256
-#define SSL_DEFAULT_VHOST_NAME "_default_:443"
#define SSL_MAX_STR_LEN 2048
#define SSL_CVERIFY_UNSET (-1)
@@ -291,13 +290,13 @@ typedef struct ssl_pass_cb_t {
*/
extern ssl_pass_cb_t *acr_ssl_password_cb;
-typedef struct acr_ssl_server_t acr_ssl_server_t;
+typedef struct acr_ssl_srv_t acr_ssl_srv_t;
/* Server context */
typedef struct acr_ssl_ctxt_t {
+ acr_ssl_srv_t *srv;
SSL_CTX *ctx;
BIO *bio_os;
BIO *bio_is;
- acr_ssl_server_t *srv;
unsigned char context_id[MD5_DIGEST_LENGTH];
int protocol;
@@ -308,8 +307,8 @@ typedef struct acr_ssl_ctxt_t {
X509_STORE *crls;
/* pointer to the context verify store */
X509_STORE *store;
- X509 *certs[SSL_AIDX_MAX];
- EVP_PKEY *keys[SSL_AIDX_MAX];
+ X509 *cert;
+ EVP_PKEY *skey;
int ca_certs;
int shutdown_type;
@@ -343,10 +342,13 @@ typedef struct acr_ssl_ctxt_t {
} acr_ssl_ctxt_t;
-struct acr_ssl_server_t {
- char *name;
+struct acr_ssl_srv_t {
+ char *hostid;
+ int hostid_len;
acr_ssl_ctxt_t *ctx;
acr_ssl_ctxt_t *ctx2;
+ int enabled;
+
};
#define ssl_ctx_get_extra_certs(ctx) ((ctx)->extra_certs)
@@ -379,7 +381,7 @@ struct ssl_sd_t {
WCHAR *socketfname;
#endif
/*** SSL struct members ***/
- acr_ssl_server_t *srv;
+ acr_ssl_srv_t *srv;
acr_ssl_ctxt_t *ctx;
SSL *ssl;
X509 *peer;
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c?rev=1171920&r1=1171919&r2=1171920&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c Sat Sep
17 07:02:26 2011
@@ -37,13 +37,13 @@ J_DECLARE_CLAZZ = {
J_DECLARE_M_ID(0001) = {
0,
"write",
- "([B)I"
+ "([BI)I"
};
J_DECLARE_M_ID(0002) = {
0,
"read",
- "([B)I"
+ "([BI)I"
};
J_DECLARE_M_ID(0003) = {
@@ -61,6 +61,10 @@ J_DECLARE_M_ID(0004) = {
typedef struct acr_bio_t {
volatile acr_atomic32_t refs;
jobject obj;
+ jbyteArray rdb;
+ int rdb_len;
+ jbyteArray wrb;
+ int wrb_len;
} acr_bio_t;
ACR_SSL_EXPORT(void, SSLBio, init0)(JNI_STDARGS)
@@ -84,6 +88,10 @@ static void jni_bio_close(JNI_STDENV, BI
acr_bio_t *bp = (acr_bio_t *)bi->ptr;
if (bp != 0) {
if (bp->obj != 0 && env != 0) {
+ if (bp->wrb != 0)
+ (*env)->DeleteWeakGlobalRef(env, bp->wrb);
+ if (bp->rdb != 0)
+ (*env)->DeleteWeakGlobalRef(env, bp->rdb);
(*env)->DeleteWeakGlobalRef(env, bp->obj);
bp->obj = 0;
}
@@ -153,8 +161,13 @@ static int bio_j_free(BIO *bi)
bi->init = 0;
if (bp->obj != 0) {
JNIEnv *env = AcrGetJNIEnv();
- if (env != 0)
+ if (env != 0) {
+ if (bp->wrb != 0)
+ (*env)->DeleteWeakGlobalRef(env, bp->wrb);
+ if (bp->rdb != 0)
+ (*env)->DeleteWeakGlobalRef(env, bp->rdb);
(*env)->DeleteWeakGlobalRef(env, bp->obj);
+ }
bp->obj = 0;
}
}
@@ -179,15 +192,24 @@ static int bio_j_write(BIO *bi, const ch
jobject obj;
acr_bio_t *bp = (acr_bio_t *)bi->ptr;
JNIEnv *env = AcrGetJNIEnv();
- jbyteArray ba;
+ jbyteArray ba = 0;;
if (env == 0)
return -1;
if ((obj = (*env)->NewLocalRef(env, bp->obj)) == 0)
return -1;
- ba = (*env)->NewByteArray(env, inl);
+ if (bp->wrb == 0 || inl > bp->wrb_len)
+ ba = (*env)->NewByteArray(env, inl);
+ if (ba != 0) {
+ if (bp->wrb != 0)
+ (*env)->DeleteWeakGlobalRef(env, bp->wrb);
+ bp->wrb = (*env)->NewWeakGlobalRef(env, ba);
+ bp->wrb_len = inl;
+ }
+ else if (bp->wrb != 0)
+ ba = (*env)->NewLocalRef(env, bp->wrb);
if (ba != 0) {
(*env)->SetByteArrayRegion(env, ba, 0, inl, (jbyte *)in);
- rv = CALL_METHOD1(Int, 0001, obj, ba);
+ rv = CALL_METHOD2(Int, 0001, obj, ba, inl);
(*env)->DeleteLocalRef(env, ba);
}
(*env)->DeleteLocalRef(env, obj);
@@ -210,14 +232,23 @@ static int bio_j_read(BIO *bi, char *in,
jobject obj;
acr_bio_t *bp = (acr_bio_t *)bi->ptr;
JNIEnv *env = AcrGetJNIEnv();
- jbyteArray ba;
+ jbyteArray ba = 0;
if (env == 0)
return -1;
if ((obj = (*env)->NewLocalRef(env, bp->obj)) == 0)
return -1;
- ba = (*env)->NewByteArray(env, inl);
+ if (bp->rdb == 0 || inl > bp->rdb_len)
+ ba = (*env)->NewByteArray(env, inl);
+ if (ba != 0) {
+ if (bp->rdb != 0)
+ (*env)->DeleteWeakGlobalRef(env, bp->rdb);
+ bp->rdb = (*env)->NewWeakGlobalRef(env, ba);
+ bp->rdb_len = inl;
+ }
+ else if (bp->rdb != 0)
+ ba = (*env)->NewLocalRef(env, bp->rdb);
if (ba != 0) {
- rv = CALL_METHOD1(Int, 0002, obj, ba);
+ rv = CALL_METHOD2(Int, 0002, obj, ba, inl);
if (rv > 0)
(*env)->GetByteArrayRegion(env, ba, 0, rv, (jbyte *)in);
(*env)->DeleteLocalRef(env, ba);
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1171920&r1=1171919&r2=1171920&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Sat Sep
17 07:02:26 2011
@@ -26,6 +26,12 @@
#error "Cannot compile this file without HAVE_OPENSSL defined"
#endif
+/* anything will do */
+static struct {
+ int id;
+ int protocol;
+ int mode;
+} context_id;
ACR_SSL_EXPORT(jlong, SSLContext, new0)(JNI_STDARGS, jint protocol, jint mode)
{
@@ -155,6 +161,10 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
if (protocol != SSL_PROTOCOL_TLSV1)
SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);
+#ifdef TLS1_2_VERSION
+ if (protocol != SSL_PROTOCOL_TLSV1_2)
+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
+#endif
/*
* Configure additional context ingredients
*/
@@ -168,9 +178,10 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
#endif
/* Default session context id and cache size */
SSL_CTX_sess_set_cache_size(c->ctx, SSL_DEFAULT_CACHE_SIZE);
- MD5((const unsigned char *)SSL_DEFAULT_VHOST_NAME,
- (unsigned long)(sizeof(SSL_DEFAULT_VHOST_NAME) - 1),
- c->context_id);
+ context_id.id++;
+ context_id.protocol = protocol;
+ context_id.mode = mode;
+ MD5((const unsigned char *)&context_id, sizeof(context_id), c->context_id);
if (mode != SSL_MODE_CLIENT) {
SSL_CTX_set_tmp_rsa_callback(c->ctx, ssl_callback_tmp_rsa);
SSL_CTX_set_tmp_dh_callback(c->ctx, ssl_callback_tmp_dh);
@@ -185,21 +196,18 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
ACR_SSL_EXPORT(void, SSLContext, free0)(JNI_STDARGS, jlong ctx)
{
- int i;
acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
if (c == 0)
return;
- if (c->crl != 0)
- X509_STORE_free(c->crl);
+ if (c->crls != 0)
+ X509_STORE_free(c->crls);
if (c->ctx != 0)
SSL_CTX_free(c->ctx);
- for (i = 0; i < SSL_AIDX_MAX; i++) {
- if (c->certs[i] != 0)
- X509_free(c->certs[i]);
- if (c->keys[i] != 0)
- EVP_PKEY_free(c->keys[i]);
- }
+ if (c->cert != 0)
+ X509_free(c->cert);
+ if (c->skey != 0)
+ EVP_PKEY_free(c->skey);
ssl_bio_close(c->bio_is);
ssl_bio_close(c->bio_os);
#ifdef HAVE_OCSP_STAPLING
@@ -235,8 +243,8 @@ ACR_SSL_EXPORT(void, SSLContext, setveri
*/
if (c->verify_mode == SSL_CVERIFY_REQUIRE)
verify |= SSL_VERIFY_PEER_STRICT;
- if ((c->verify_mode == SSL_CVERIFY_OPTIONAL) ||
- (c->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA))
+ if (c->verify_mode == SSL_CVERIFY_OPTIONAL ||
+ c->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA)
verify |= SSL_VERIFY_PEER;
if (c->store == 0) {
if (SSL_CTX_set_default_verify_paths(c->ctx)) {
@@ -251,8 +259,11 @@ ACR_SSL_EXPORT(void, SSLContext, setveri
}
ACR_SSL_EXPORT(void, SSLContext, setpasscb0)(JNI_STDARGS, jlong ctx,
- jlong cb)
+ jlong cbp)
{
- acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
- c->password_callback = J2P(cb, ssl_pass_cb_t *);
+ acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
+ c->password_callback = J2P(cbp, ssl_pass_cb_t *);
+
+ SSL_CTX_set_default_passwd_cb(c->ctx, ssl_password_callback);
+ SSL_CTX_set_default_passwd_cb_userdata(c->ctx, c->password_callback);
}
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c?rev=1171920&r1=1171919&r2=1171920&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c Sat
Sep 17 07:02:26 2011
@@ -26,26 +26,31 @@
#error "Cannot compile this file without HAVE_OPENSSL defined"
#endif
-ACR_SSL_EXPORT(jlong, SSLServer, new0)(JNI_STDARGS, jstring name)
+ACR_SSL_EXPORT(jlong, SSLServer, new0)(JNI_STDARGS, jstring hostid)
{
- acr_ssl_server_t *s;
+ acr_ssl_srv_t *s;
- s = ACR_TALLOC(acr_ssl_server_t);
+ s = ACR_TALLOC(acr_ssl_srv_t);
if (s == 0)
return 0;
-
- WITH_CSTR(name) {
- s->name = AcrStrdup(env, J2S(name));
- } DONE_WITH_STR(name);
+ WITH_CSTR(hostid) {
+ s->hostid = AcrStrdup(env, J2S(hostid));
+ if (s->hostid == 0) {
+ AcrFree(s);
+ s = 0;
+ }
+ else
+ s->hostid_len = strlen(s->hostid);
+ } DONE_WITH_STR(hostid);
return P2J(s);
}
ACR_SSL_EXPORT(void, SSLServer, free0)(JNI_STDARGS, jlong srv)
{
- acr_ssl_server_t *s = J2P(srv, acr_ssl_server_t *);
+ acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
if (s != 0) {
- AcrFree(s->name);
+ AcrFree(s->hostid);
/* SSLServer cleanup */
AcrFree(s);
}
