Author: mturk
Date: Mon Sep 19 06:56:26 2011
New Revision: 1172490
URL: http://svn.apache.org/viewvc?rev=1172490&view=rev
Log:
Add and use SSL exceptions
Added:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCrlCheckMode.java
(with props)
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLException.java
(with props)
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidCertificateException.java
(with props)
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidKeyException.java
(with props)
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h
commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/cert.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
commons/sandbox/runtime/trunk/src/main/native/shared/error.c
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties
(original)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties
Mon Sep 19 06:56:26 2011
@@ -13,6 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+openssl.EINIT=OpenSSL subsytem was not initialized
fips.ENOTIMPL=FIPS was not available at build time. You will need an OpenSSL
with FIPS support.
password.PROMPT=Some of your private key files are encrypted for security
reasons.\
\nIn order to read them you have to provide the pass phrases.\
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java
(original)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java
Mon Sep 19 06:56:26 2011
@@ -37,9 +37,14 @@ public abstract class SSLBio extends Nat
/**
* Create new object instance.
+ *
+ * @throws RuntimeException if SSL was not initialized.
*/
protected SSLBio()
+ throws RuntimeException
{
+ if (!SSL.initialized())
+ throw new RuntimeException(Local.sm.get("openssl.EINIT"));
super.pointer = new0(this);
}
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java
(original)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java
Mon Sep 19 06:56:26 2011
@@ -18,7 +18,6 @@ package org.apache.commons.runtime.ssl;
import org.apache.commons.runtime.InvalidArgumentException;
import org.apache.commons.runtime.InvalidDataException;
-import java.io.File;
/**
* SSL Certificate.
@@ -27,57 +26,78 @@ public final class SSLCertificate extend
{
// Hide NativePointer
- private final long pointer = 0L;
- private final String desc;
+ private final long pointer = 0L;
+ private final String desc;
+ private SSLCertificateFormat format;
private static native long load0(String file, String desc, int format,
long pcb)
- throws InvalidDataException;
+ throws SSLInvalidCertificateException;
private static native long load1(String file, int format, String password)
- throws InvalidDataException;
+ throws SSLInvalidCertificateException;
private static native void free0(long cert);
- private SSLCertificate()
+ /**
+ * Creates a new object instance.
+ */
+ public SSLCertificate()
{
this.desc = null;
- // No instance
}
/**
* Creates a new object instance.
+ *
+ * @param desc this certificate's decription.
*/
public SSLCertificate(String desc)
{
this.desc = desc;
}
- public void load(String file, SSLCertificateFormat format,
PasswordCallback cb)
- throws InvalidDataException
+ public synchronized void load(String file, SSLCertificateFormat format,
PasswordCallback cb)
+ throws IllegalStateException, SSLInvalidCertificateException
{
if (super.pointer != 0L) {
// Already loaded
- // TODO: Throw exception
+ throw new IllegalStateException();
}
super.pointer = load0(file, desc, format.valueOf(),
((NativePointer)cb).pointer);
+ this.format = format;
}
- public void load(String file, SSLCertificateFormat format)
- throws InvalidDataException
+ public synchronized void load(String file, SSLCertificateFormat format)
+ throws IllegalStateException, SSLInvalidCertificateException
{
if (super.pointer != 0L) {
// Already loaded
- // TODO: Throw exception
+ throw new IllegalStateException();
}
super.pointer = load0(file, desc, format.valueOf(), 0L);
+ this.format = format;
}
- public void load(String file, SSLCertificateFormat format, String password)
- throws InvalidDataException
+ public synchronized void load(String file, SSLCertificateFormat format,
String password)
+ throws IllegalStateException, SSLInvalidCertificateException
{
if (super.pointer != 0L) {
// Already loaded
- // TODO: Throw exception
+ throw new IllegalStateException();
}
super.pointer = load1(file, format.valueOf(), password);
+ this.format = format;
+ }
+
+ public SSLCertificateFormat getFormat()
+ {
+ return format;
+ }
+
+ public synchronized void free()
+ {
+ if (super.pointer != 0L) {
+ free0(super.pointer);
+ super.pointer = 0L;
+ }
}
/**
@@ -93,8 +113,7 @@ public final class SSLCertificate extend
protected final void finalize()
throws Throwable
{
- if (super.pointer != 0L)
- free0(super.pointer);
+ free();
}
}
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
(original)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
Mon Sep 19 06:56:26 2011
@@ -17,6 +17,7 @@
package org.apache.commons.runtime.ssl;
import org.apache.commons.runtime.InvalidArgumentException;
+import org.apache.commons.runtime.InvalidDataException;
import org.apache.commons.runtime.InvalidRangeException;
import org.apache.commons.runtime.OperationNotImplementedException;
import org.apache.commons.runtime.Status;
@@ -38,13 +39,23 @@ public final class SSLContext extends Na
// Hide NativePointer
private final long pointer = 0L;
+ private SSLKey[] keys;
+ private SSLCertificate[] cert;
+
private static native long new0(int protocol, int mode)
throws OperationNotImplementedException;
+ private static native void free0(long key);
private static native void setsprefix0(long ctx, String prefix);
private static native void setid0(long ctx, String id);
private static native void setscachesize0(long ctx, int size);
private static native void setpasscb0(long ctx, long cb);
- private static native void setverify0(long ctx, int mode, int
depth);
+ private static native void setcrlcheck0(long ctx, int mode);
+ private static native void setcafile0(long ctx, String caPath)
+ throws SSLException;
+ private static native void setcapath0(long ctx, String caPath)
+ throws SSLException;
+ private static native void setvmode0(long ctx, int mode, int depth)
+ throws SSLException;
private SSLContext()
{
@@ -60,7 +71,11 @@ public final class SSLContext extends Na
public SSLContext(SSLProtocolMethod method, SSLProtocolMode mode)
throws OperationNotImplementedException
{
+ if (!SSL.initialized())
+ throw new RuntimeException(Local.sm.get("openssl.EINIT"));
super.pointer = new0(method.valueOf(), mode.valueOf());
+ keys = new SSLKey[2];
+ cert = new SSLCertificate[2];
}
/**
@@ -68,8 +83,11 @@ public final class SSLContext extends Na
*
* @param id unique context id string.
*/
- public void setSessionContextId(String id)
+ public synchronized void setSessionContextId(String id)
+ throws IllegalStateException, NullPointerException
{
+ if (super.pointer == 0L)
+ throw new IllegalStateException();
if (id == null)
throw new NullPointerException();
setid0(super.pointer, id);
@@ -80,11 +98,80 @@ public final class SSLContext extends Na
*
* @param size cache size to use. If {@code zero} the session
* cache is turned off.
+ * @throws IllegalStateException if this context is closed.
*/
- public void setSessionCacheSize(int size)
+ public synchronized void setSessionCacheSize(int size)
+ throws IllegalStateException
{
- if (super.pointer != 0L)
- setscachesize0(super.pointer, size);
+ if (super.pointer == 0L)
+ throw new IllegalStateException();
+ setscachesize0(super.pointer, size);
+ }
+
+ /**
+ * Set default locations for trusted CA certificates.
+ * <p>
+ * Set the path that points to a file of CA certificates
+ * in PEM format. The file can contain several CA certificates
+ * identified by
+ * <pre>
+ * -----BEGIN CERTIFICATE-----
+ * ... (CA certificate in base64 encoding) ...
+ * -----END CERTIFICATE-----
+ * </pre>
+ * sequences. Before, between, and after the certificates text is allowed
+ * which can be used e.g. for descriptions of the certificates.
+ *
+ * @param path PEM format file of CA's.
+ */
+ public synchronized void setCACertificateFile(String path)
+ throws SSLException, IllegalStateException
+ {
+ if (super.pointer == 0L)
+ throw new IllegalStateException();
+ if (path == 0)
+ throw new NullPointerException();
+ setcafile0(super.pointer, path);
+ }
+
+ /**
+ * Set default locations for trusted CA certificates.
+ * <p>
+ * Set the path that points to a directory containing
+ * CA certificates in PEM format. The files each contain one CA
+ * certificate. The files are looked up by the CA subject name hash
+ * value, which must hence be available. If more than one CA certificate
+ * with the same name hash value exist, the extension must be different
+ * (e.g. {@code 9d66eef0.0, 9d66eef0.1} etc). The search is performed in
+ * the ordering of the extension number, regardless of other properties
+ * of the certificates. Use the {@code c_rehash} utility to create the
+ * necessary links.
+ * <p>
+ * </p>
+ * The certificates in {@code path} are only looked up when required,
+ * e.g. when building the certificate chain or when actually performing
+ * the verification of a peer certificate.
+ * </p>
+ * @param path PEM format directory of CA's.
+ * @throws IllegalStateException if context is invalid
+ * @throws SSLException if path cannot be set
+ */
+ public synchronized void setCACertificatePath(String path)
+ throws SSLException, IllegalStateException
+ {
+ if (super.pointer == 0L)
+ throw new IllegalStateException();
+ if (path == 0)
+ throw new NullPointerException();
+ setcapath0(super.pointer, path);
+ }
+
+ public synchronized void setCrlCheckMode(SSLCrlCheckMode mode)
+ throws IllegalStateException
+ {
+ if (super.pointer == 0L)
+ throw new IllegalStateException();
+ setcrlcheck0(super.pointer, mode.valueOf());
}
/**
@@ -93,11 +180,14 @@ public final class SSLContext extends Na
* @param mode verification mode to use.
* @param depth sets the maximum depth for the certificate chain
* verification that shall be allowed for this context.
+ * @throws IllegalStateException if context is invalid
*/
- public void setClientVerification(SSLClientVerifyMode mode, int depth)
+ public synchronized void setClientVerification(SSLClientVerifyMode mode,
int depth)
+ throws SSLException, IllegalStateException
{
- if (super.pointer != 0L)
- setverify0(super.pointer, mode.valueOf(), depth);
+ if (super.pointer == 0L)
+ throw new IllegalStateException();
+ setvmode0(super.pointer, mode.valueOf(), depth);
}
/**
@@ -120,12 +210,40 @@ public final class SSLContext extends Na
* @param prefix session id prefix.
* @throws InvalidRangeException if the length of the prefix is too large.
*/
- public void setSessionIdPrefix(String prefix)
- throws InvalidRangeException
+ public synchronized void setSessionIdPrefix(String prefix)
+ throws InvalidRangeException, IllegalStateException
{
+ if (super.pointer == 0L)
+ throw new IllegalStateException();
if (prefix.length() > 31)
throw new InvalidRangeException();
setsprefix0(super.pointer, prefix);
}
+
+ /**
+ * Close this context and free resources allocated by the
+ * operating system.
+ * Closing the context will close all attached keys and certificates.
+ * After the context is closed furter attempts to use the context will
+ * throw {@code IllegalStateException} exception.
+ */
+ public synchronized void free()
+ {
+ for (int i = 0; i < keys.length; i++) {
+ if (keys[i] != null) {
+ keys[i].free();
+ keys[i] = null;
+ }
+ if (cert[i] != null) {
+ cert[i].free();
+ cert[i] = null;
+ }
+ }
+ if (super.pointer != 0L) {
+ free0(super.pointer);
+ super.pointer = 0L;
+ }
+ }
+
}
Added:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCrlCheckMode.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCrlCheckMode.java?rev=1172490&view=auto
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCrlCheckMode.java
(added)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCrlCheckMode.java
Mon Sep 19 06:56:26 2011
@@ -0,0 +1,58 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.runtime.ssl;
+
+/**
+ * Represents the SSL client revocation list check mode.
+ */
+public enum SSLCrlCheckMode
+{
+
+ /**
+ * No check.
+ */
+ NONE( 0),
+ /**
+ * Check the peer certificate.
+ */
+ CHECK( 1),
+ /**
+ * Check the peer certificate.
+ */
+ CHECK_ALL( 2);
+
+ private int value;
+ private SSLCrlCheckMode(int v)
+ {
+ value = v;
+ }
+
+ public int valueOf()
+ {
+ return value;
+ }
+
+ public static SSLCrlCheckMode valueOf(int value)
+ {
+ for (SSLCrlCheckMode e : values()) {
+ if (e.value == value)
+ return e;
+ }
+ return NONE;
+ }
+
+}
Propchange:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCrlCheckMode.java
------------------------------------------------------------------------------
svn:eol-style = native
Added:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLException.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLException.java?rev=1172490&view=auto
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLException.java
(added)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLException.java
Mon Sep 19 06:56:26 2011
@@ -0,0 +1,39 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.runtime.ssl;
+
+import java.io.IOException;
+
+/**
+ * SSLException is base exception class for all SSL subsytem errors.
+ *
+ * @since Runtime 1.0
+ */
+
+public class SSLException extends IOException
+{
+
+ public SSLException()
+ {
+ super();
+ }
+
+ public SSLException(String msg)
+ {
+ super(msg);
+ }
+}
Propchange:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLException.java
------------------------------------------------------------------------------
svn:eol-style = native
Added:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidCertificateException.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidCertificateException.java?rev=1172490&view=auto
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidCertificateException.java
(added)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidCertificateException.java
Mon Sep 19 06:56:26 2011
@@ -0,0 +1,40 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.runtime.ssl;
+import org.apache.commons.runtime.InvalidDataException;
+
+/**
+ * Reports a bad SSL certificate.
+ * Normally, this indicates a misconfiguration of the server or
+ * client SSL certificate and private key.
+ *
+ * @since Runtime 1.0
+ */
+
+public class SSLInvalidCertificateException extends InvalidDataException
+{
+
+ public SSLInvalidCertificateException()
+ {
+ super();
+ }
+
+ public SSLInvalidCertificateException(String msg)
+ {
+ super(msg);
+ }
+}
Propchange:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidCertificateException.java
------------------------------------------------------------------------------
svn:eol-style = native
Added:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidKeyException.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidKeyException.java?rev=1172490&view=auto
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidKeyException.java
(added)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidKeyException.java
Mon Sep 19 06:56:26 2011
@@ -0,0 +1,40 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.runtime.ssl;
+import org.apache.commons.runtime.InvalidDataException;
+
+/**
+ * Reports a bad SSL key or certificate.
+ * Normally, this indicates a misconfiguration of the server or
+ * client SSL certificate and private key.
+ *
+ * @since Runtime 1.0
+ */
+
+public class SSLInvalidKeyException extends InvalidDataException
+{
+
+ public SSLInvalidKeyException()
+ {
+ super();
+ }
+
+ public SSLInvalidKeyException(String msg)
+ {
+ super(msg);
+ }
+}
Propchange:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidKeyException.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java
(original)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java
Mon Sep 19 06:56:26 2011
@@ -18,7 +18,6 @@ package org.apache.commons.runtime.ssl;
import org.apache.commons.runtime.InvalidArgumentException;
import org.apache.commons.runtime.InvalidDataException;
-import java.io.File;
/**
* SSL Key.
@@ -29,57 +28,83 @@ public final class SSLKey extends Native
// Hide NativePointer
private final long pointer = 0L;
private final String desc;
-
+ private SSLKeyFormat format;
private static native long load0(String file, String desc, int format,
long pcb)
- throws InvalidDataException;
+ throws SSLInvalidKeyException;
private static native long load1(String file, int format, String password)
- throws InvalidDataException;
+ throws SSLInvalidKeyException;
private static native void free0(long key);
- private SSLKey()
+ /**
+ * Creates a new object instance.
+ */
+ public SSLKey()
{
this.desc = null;
- // No instance
}
/**
* Creates a new object instance.
+ *
+ * @param desc This key's description
*/
public SSLKey(String desc)
{
this.desc = desc;
}
- public void load(String file, SSLKeyFormat format, PasswordCallback cb)
- throws InvalidDataException
+ public synchronized void load(String file, SSLKeyFormat format,
PasswordCallback cb)
+ throws IllegalStateException, SSLInvalidKeyException
{
if (super.pointer != 0L) {
// Already loaded
- // TODO: Throw exception
+ throw new IllegalStateException();
}
super.pointer = load0(file, desc, format.valueOf(),
((NativePointer)cb).pointer);
+ this.format = format;
}
- public void load(String file, SSLKeyFormat format, String password)
- throws InvalidDataException
+ public synchronized void load(String file, SSLKeyFormat format, String
password)
+ throws IllegalStateException, SSLInvalidKeyException
{
if (super.pointer != 0L) {
// Already loaded
- // TODO: Throw exception
+ throw new IllegalStateException();
}
super.pointer = load1(file, format.valueOf(), password);
+ this.format = format;
}
- public void load(String file, SSLKeyFormat format)
- throws InvalidDataException
+ public synchronized void load(String file, SSLKeyFormat format)
+ throws IllegalStateException, SSLInvalidKeyException
{
if (super.pointer != 0L) {
// Already loaded
- // TODO: Throw exception
+ throw new IllegalStateException();
}
super.pointer = load0(file, desc, format.valueOf(), 0L);
+ this.format = format;
+ }
+
+ public void load(String file)
+ throws IllegalStateException, SSLInvalidKeyException
+ {
+ load(file, SSLKeyFormat.PEM);
+ }
+
+ public SSLKeyFormat getFormat()
+ {
+ return format;
}
+ public synchronized void free()
+ {
+ if (super.pointer != 0L) {
+ free0(super.pointer);
+ super.pointer = 0L;
+ }
+ }
+
/**
* Called by the garbage collector when the object is destroyed.
* The class will free internal resources allocated by the
@@ -93,8 +118,7 @@ public final class SSLKey extends Native
protected final void finalize()
throws Throwable
{
- if (super.pointer != 0L)
- free0(super.pointer);
+ free();
}
}
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
(original)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
Mon Sep 19 06:56:26 2011
@@ -37,6 +37,11 @@ public final class SSLServer extends Nat
private final String hostId;
private static native long new0(String name);
private static native void close0(long srv);
+ private static native void setctx0(long srv, long ctx);
+
+
+ private SSLContext ctx1 = null;
+ private SSLContext ctx2 = null;
private SSLServer()
{
@@ -52,6 +57,8 @@ public final class SSLServer extends Nat
public SSLServer(String hostId)
throws NullPointerException
{
+ if (!SSL.initialized())
+ throw new RuntimeException(Local.sm.get("openssl.EINIT"));
if (hostId == null)
throw new NullPointerException();
this.hostId = hostId;
@@ -68,11 +75,22 @@ public final class SSLServer extends Nat
* @see java.io.Closeable#close()
* @throws IOException if an I/O error occurs.
*/
- public final void close()
+ public synchronized final void close()
throws IOException
{
- close0(super.pointer);
- super.pointer = 0L;
+
+ if (ctx1 != null) {
+ ctx1.free();
+ ctx1 = null;
+ }
+ if (ctx2 != null) {
+ ctx2.free();
+ ctx2 = null;
+ }
+ if (super.pointer != 0L) {
+ close0(super.pointer);
+ super.pointer = 0L;
+ }
}
/**
@@ -84,5 +102,23 @@ public final class SSLServer extends Nat
{
return hostId;
}
+
+ /**
+ * Set this server's SSL context.
+ * <p>
+ *
+ * </p>
+ * @param ctx the context to set
+ * @return previous context or {@code null} if the context
+ * was not set already.
+ */
+ public synchronized final SSLContext setContext(SSLContext ctx)
+ {
+ SSLContext org = ctx1;
+ ctx1 = ctx;
+ setctx0(super.pointer, ((NativePointer)ctx).pointer);
+ return org;
+ }
+
}
Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h Mon Sep
19 06:56:26 2011
@@ -43,6 +43,7 @@ enum {
ACR_EX_ENULL, /* java/lang/NullPointerException */
ACR_EX_ENOSYS, /* java/lang/UnsupportedOperationException */
ACR_EX_EIO, /* java/io/IOException */
+ ACR_EX_EBADPATH, /* java/io/FileNotFoundException */
ACR_EX_ESOCK, /* java/net/SocketException */
ACR_EX_EBADF, /* io/InvalidDescriptorException */
@@ -65,6 +66,9 @@ enum {
ACR_EX_ENORES, /* OutOfResourcesException */
ACR_EX_ECONNABORTED, /* ConnectionAbortedException */
ACR_EX_ECONNRESET, /* ConnectionResetException */
+ ACR_EX_ESSL, /* SSLException */
+ ACR_EX_ESSLBADCERT, /* SSLInvalidCertificateException */
+ ACR_EX_ESSLBADKEY, /* SSLInvalidKeyException */
ACR_EX_LEN
};
Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Mon Sep 19
06:56:26 2011
@@ -292,7 +292,7 @@ extern ssl_pass_cb_t *acr_ssl_password_c
typedef struct acr_ssl_srv_t acr_ssl_srv_t;
/* Server context */
-typedef struct acr_ssl_ctxt_t {
+typedef struct acr_ssl_ctx_t {
acr_ssl_srv_t *srv;
SSL_CTX *ctx;
BIO *bio_os;
@@ -320,7 +320,10 @@ typedef struct acr_ssl_ctxt_t {
int verify_mode;
char session_id_prefix[32];
unsigned int session_id_prefix_len;
-
+#ifndef OPENSSL_NO_TLSEXT
+ char *servername;
+ int extension_error;
+#endif
#ifdef HAVE_OCSP_STAPLING
/** OCSP stapling options */
BOOL stapling_enabled;
@@ -343,13 +346,13 @@ typedef struct acr_ssl_ctxt_t {
long ocsp_resp_maxage;
acr_time_t ocsp_responder_timeout;
-} acr_ssl_ctxt_t;
+} acr_ssl_ctx_t;
struct acr_ssl_srv_t {
char *hostid;
int hostid_len;
- acr_ssl_ctxt_t *ctx;
- acr_ssl_ctxt_t *ctx2;
+ acr_ssl_ctx_t *ctx;
+ acr_ssl_ctx_t *ctx2;
int enabled;
};
@@ -385,7 +388,7 @@ struct ssl_sd_t {
#endif
/*** SSL struct members ***/
acr_ssl_srv_t *srv;
- acr_ssl_ctxt_t *ctx;
+ acr_ssl_ctx_t *ctx;
SSL *ssl;
X509 *peer;
int shutdown_type;
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c Mon Sep
19 06:56:26 2011
@@ -170,8 +170,10 @@ struct SSLAPIst {
void (*fpSSL_CTX_set_tmp_dh_callback)(SSL_CTX *, DH
*(*)(SSL *, int, int));
X509_STORE* (*fpSSL_CTX_get_cert_store)(const SSL_CTX *);
int (*fpSSL_CTX_set_default_verify_paths)(SSL_CTX *);
+ int (*fpSSL_CTX_load_verify_locations)(SSL_CTX *, const
char *, const char *);
void (*fpSSL_CTX_set_verify)(SSL_CTX *, int, int (*)(int,
X509_STORE_CTX *));
int (*fpSSL_CTX_set_generate_session_id)(SSL_CTX *,
GEN_SESSION_CB);
+ void (*fpSSL_CTX_set_quiet_shutdown)(SSL_CTX *, int);
/*** SSL ***/
void* (*fpSSL_get_ex_data)(const SSL *, int);
@@ -310,8 +312,10 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
LIBSSL_FPLOAD(SSL_CTX_set_tmp_rsa_callback);
LIBSSL_FPLOAD(SSL_CTX_get_cert_store);
LIBSSL_FPLOAD(SSL_CTX_set_default_verify_paths);
+ LIBSSL_FPLOAD(SSL_CTX_load_verify_locations);
LIBSSL_FPLOAD(SSL_CTX_set_verify);
LIBSSL_FPLOAD(SSL_CTX_set_generate_session_id);
+ LIBSSL_FPLOAD(SSL_CTX_set_quiet_shutdown);
/*** BIO ***/
CRYPTO_FPLOAD(BIO_ctrl);
@@ -846,6 +850,12 @@ int SSL_CTX_set_default_verify_paths(SSL
return SSLAPI_CALL(SSL_CTX_set_default_verify_paths)(ctx);
}
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+ const char *CApath)
+{
+ return SSLAPI_CALL(SSL_CTX_load_verify_locations)(ctx, CAfile, CApath);
+}
+
void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
int (*callback)(int, X509_STORE_CTX *))
{
@@ -857,6 +867,11 @@ int SSL_CTX_set_generate_session_id(SSL
return SSLAPI_CALL(SSL_CTX_set_generate_session_id)(ctx, cb);
}
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
+{
+ SSLAPI_CALL(SSL_CTX_set_quiet_shutdown)(ctx, mode);
+}
+
void *SSL_get_ex_data(const SSL *ssl, int idx)
{
return SSLAPI_CALL(SSL_get_ex_data)(ssl, idx);
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/cert.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/cert.c?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/cert.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/cert.c Mon
Sep 19 06:56:26 2011
@@ -44,14 +44,14 @@ static X509 *load_cert(ssl_pass_cb_t *pa
else
password_callback->desc = file;
}
- if (format == SSL_CRT_FORMAT_ASN1) {
- cert = d2i_X509_bio(bio, 0);
- }
- else if (format == SSL_CRT_FORMAT_PEM) {
+ if (format == SSL_CRT_FORMAT_PEM) {
cert = PEM_read_bio_X509_AUX(bio, 0,
ssl_password_callback,
password_callback);
}
+ else if (format == SSL_CRT_FORMAT_ASN1) {
+ cert = d2i_X509_bio(bio, 0);
+ }
else if (format == SSL_CRT_FORMAT_PKCS12) {
if (!ssl_load_pkcs12(bio, 0, 0, &cert, 0))
cert = 0;
@@ -73,7 +73,7 @@ ACR_SSL_EXPORT(jlong, SSLCertificate, lo
/* Load key */
cert = load_cert(cb, format, J2S(file), J2S(desc));
if (cert == 0)
- ssl_throw_errno(env, ACR_EX_EILSEQ);
+ ssl_throw_errno(env, ACR_EX_ESSLBADCERT);
} DONE_WITH_STR(desc);
} DONE_WITH_STR(file);
@@ -96,7 +96,7 @@ ACR_SSL_EXPORT(jlong, SSLCertificate, lo
/* Load key */
cert = load_cert(&cb, format, J2S(file), 0);
if (cert == 0)
- ssl_throw_errno(env, ACR_EX_EILSEQ);
+ ssl_throw_errno(env, ACR_EX_ESSLBADCERT);
} DONE_WITH_STR(password);
} DONE_WITH_STR(file);
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Mon Sep
19 06:56:26 2011
@@ -37,12 +37,23 @@ static struct {
static int generate_session_id(const SSL *ssl, unsigned char *id,
unsigned int *id_len)
{
- unsigned int count = 0;
+ int count = 0;
ssl_sd_t *sd = (ssl_sd_t *)SSL_get_app_data(ssl);
+
+ if (sd == 0 || sd->ctx == 0) {
+ /* XXX: This should not happen!
+ */
+ RAND_pseudo_bytes(id, *id_len);
+ return 0;
+ }
+ if (sd->ctx->session_id_prefix_len < 1) {
+ /* No prefix set.
+ */
+ RAND_pseudo_bytes(id, *id_len);
+ return 0;
+ }
do {
RAND_pseudo_bytes(id, *id_len);
- if (sd == 0 || sd->ctx == 0)
- break;
/* Prefix the session_id with the required prefix. NB: If our
* prefix is too long, clip it - but there will be worse effects
* anyway, eg. the server could only possibly create 1 session
@@ -52,7 +63,9 @@ static int generate_session_id(const SSL
memcpy(id, sd->ctx->session_id_prefix,
sd->ctx->session_id_prefix_len < *id_len ?
sd->ctx->session_id_prefix_len : *id_len);
- } while (SSL_has_matching_session_id(ssl, id, *id_len) && (++count <
MAX_SESSION_ID_ATTEMPTS));
+ if (!SSL_has_matching_session_id(ssl, id, *id_len))
+ return 0;
+ } while (++count < MAX_SESSION_ID_ATTEMPTS);
if (count >= MAX_SESSION_ID_ATTEMPTS)
return 0;
@@ -62,10 +75,10 @@ static int generate_session_id(const SSL
ACR_SSL_EXPORT(jlong, SSLContext, new0)(JNI_STDARGS, jint protocol, jint mode)
{
- acr_ssl_ctxt_t *c;
+ acr_ssl_ctx_t *c;
CONST_SSL_METHOD *m = 0;
- c = ACR_TALLOC(acr_ssl_ctxt_t);
+ c = ACR_TALLOC(acr_ssl_ctx_t);
if (c == 0)
return 0;
switch (mode) {
@@ -181,6 +194,7 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
c->verify_mode = SSL_CVERIFY_UNSET;
c->shutdown_type = SSL_SHUTDOWN_TYPE_UNSET;
+ SSL_CTX_set_quiet_shutdown(c->ctx, 1);
SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
if (protocol != SSL_PROTOCOL_SSLV2)
SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
@@ -223,7 +237,7 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
ACR_SSL_EXPORT(void, SSLContext, free0)(JNI_STDARGS, jlong ctx)
{
- acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
+ acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
if (c == 0)
return;
@@ -231,10 +245,6 @@ ACR_SSL_EXPORT(void, SSLContext, free0)(
X509_STORE_free(c->crls);
if (c->ctx != 0)
SSL_CTX_free(c->ctx);
- if (c->cert != 0)
- X509_free(c->cert);
- if (c->skey != 0)
- EVP_PKEY_free(c->skey);
ssl_bio_close(c->bio_is);
ssl_bio_close(c->bio_os);
#ifdef HAVE_OCSP_STAPLING
@@ -247,7 +257,7 @@ ACR_SSL_EXPORT(void, SSLContext, free0)(
ACR_SSL_EXPORT(void, SSLContext, setid0)(JNI_STDARGS, jlong ctx, jstring id)
{
- acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
+ acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
WITH_CSTR(id) {
MD5((const unsigned char *)J2S(id), strlen(J2S(id)), c->context_id);
@@ -257,7 +267,7 @@ ACR_SSL_EXPORT(void, SSLContext, setid0)
ACR_SSL_EXPORT(void, SSLContext, setsprefix0)(JNI_STDARGS, jlong ctx,
jstring prefix)
{
- acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
+ acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
WITH_CSTR(prefix) {
c->session_id_prefix_len = (unsigned int)strlcpy(c->session_id_prefix,
J2S(prefix), 32);
@@ -265,11 +275,55 @@ ACR_SSL_EXPORT(void, SSLContext, setspre
} DONE_WITH_STR(prefix);
}
-ACR_SSL_EXPORT(void, SSLContext, setverify0)(JNI_STDARGS, jlong ctx,
- jint mode, jint depth)
+ACR_SSL_EXPORT(void, SSLContext, setcafile0)(JNI_STDARGS, jlong ctx,
+ jstring cafile)
+{
+ acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
+ WITH_CSTR(cafile) {
+ if (!SSL_CTX_load_verify_locations(c->ctx, J2S(cafile), 0))
+ ssl_throw_errno(env, ACR_EX_ESSL);
+ else
+ c->store = SSL_CTX_get_cert_store(c->ctx);
+ } DONE_WITH_STR(cafile);
+}
+
+ACR_SSL_EXPORT(void, SSLContext, setcapath0)(JNI_STDARGS, jlong ctx,
+ jstring capath)
+{
+ acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
+ WITH_CSTR(capath) {
+ if (!SSL_CTX_load_verify_locations(c->ctx, 0, J2S(capath)))
+ ssl_throw_errno(env, ACR_EX_ESSL);
+ else
+ c->store = SSL_CTX_get_cert_store(c->ctx);
+ } DONE_WITH_STR(capath);
+}
+
+ACR_SSL_EXPORT(void, SSLContext, setcrlcheck0)(JNI_STDARGS, jlong ctx,
+ jint ccmode)
+{
+ int vflags = 0;
+ acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
+
+ if (c->store == 0) {
+ c->store = SSL_CTX_get_cert_store(c->ctx);
+ if (c->store == 0) {
+ /* XXX: This should never happen (TM) */
+ return;
+ }
+ }
+ if (ccmode == 1)
+ vflags |= X509_V_FLAG_CRL_CHECK;
+ else if (ccmode == 2)
+ vflags |= X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL;
+ X509_STORE_set_flags(c->store, vflags);
+}
+
+ACR_SSL_EXPORT(void, SSLContext, setvmode0)(JNI_STDARGS, jlong ctx,
+ jint mode, jint depth)
{
int verify = SSL_VERIFY_NONE;
- acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
+ acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
if (depth > 0)
c->verify_depth = depth;
@@ -285,21 +339,21 @@ ACR_SSL_EXPORT(void, SSLContext, setveri
c->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA)
verify |= SSL_VERIFY_PEER;
if (c->store == 0) {
- if (SSL_CTX_set_default_verify_paths(c->ctx)) {
- c->store = SSL_CTX_get_cert_store(c->ctx);
- X509_STORE_set_flags(c->store, 0);
- }
- else {
- /* XXX: See if this is fatal */
+ if (c->verify_mode != 0 && !SSL_CTX_set_default_verify_paths(c->ctx)) {
+ ssl_throw_errno(env, ACR_EX_ESSL);
+ return;
}
+ c->store = SSL_CTX_get_cert_store(c->ctx);
+ X509_STORE_set_flags(c->store, 0);
}
+
SSL_CTX_set_verify(c->ctx, verify, 0 /* ssl_callback_ssl_verify */);
}
ACR_SSL_EXPORT(void, SSLContext, setpasscb0)(JNI_STDARGS, jlong ctx,
jlong cbp)
{
- acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
+ acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
c->password_callback = J2P(cbp, ssl_pass_cb_t *);
SSL_CTX_set_default_passwd_cb(c->ctx, ssl_password_callback);
@@ -309,7 +363,7 @@ ACR_SSL_EXPORT(void, SSLContext, setpass
ACR_SSL_EXPORT(void, SSLContext, setscachesize0)(JNI_STDARGS, jlong ctx,
jint size)
{
- acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
+ acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
if (size < 1)
SSL_CTX_set_session_cache_mode(c->ctx, SSL_SESS_CACHE_OFF);
else
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c Mon Sep
19 06:56:26 2011
@@ -74,7 +74,7 @@ ACR_SSL_EXPORT(jlong, SSLKey, load0)(JNI
/* Load key */
key = load_key(cb, format, J2S(file), J2S(desc));
if (key == 0)
- ssl_throw_errno(env, ACR_EX_EILSEQ);
+ ssl_throw_errno(env, ACR_EX_ESSLBADKEY);
} DONE_WITH_STR(desc);
} DONE_WITH_STR(file);
@@ -97,7 +97,7 @@ ACR_SSL_EXPORT(jlong, SSLKey, load1)(JNI
/* Load key */
key = load_key(&cb, format, J2S(file), 0);
if (key == 0)
- ssl_throw_errno(env, ACR_EX_EILSEQ);
+ ssl_throw_errno(env, ACR_EX_ESSLBADKEY);
} DONE_WITH_STR(password);
} DONE_WITH_STR(file);
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c Mon
Sep 19 06:56:26 2011
@@ -33,20 +33,18 @@ ACR_SSL_EXPORT(jlong, SSLServer, new0)(J
s = ACR_TALLOC(acr_ssl_srv_t);
if (s == 0)
return 0;
- WITH_CSTR(hostid) {
- s->hostid = AcrStrdup(env, J2S(hostid));
- if (s->hostid == 0) {
- AcrFree(s);
- s = 0;
- }
- else
- s->hostid_len = strlen(s->hostid);
- } DONE_WITH_STR(hostid);
-
- return P2J(s);
+ s->hostid = AcrGetJavaStringA(env, hostid, 0);
+ if (s->hostid == 0) {
+ AcrFree(s);
+ return 0;
+ }
+ else {
+ s->hostid_len = strlen(s->hostid);
+ return P2J(s);
+ }
}
-ACR_SSL_EXPORT(void, SSLServer, free0)(JNI_STDARGS, jlong srv)
+ACR_SSL_EXPORT(void, SSLServer, close0)(JNI_STDARGS, jlong srv)
{
acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
if (s != 0) {
@@ -55,3 +53,15 @@ ACR_SSL_EXPORT(void, SSLServer, free0)(J
AcrFree(s);
}
}
+
+ACR_SSL_EXPORT(void, SSLServer, setctx0)(JNI_STDARGS, jlong srv, jlong ctx)
+{
+ acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
+ s->ctx = J2P(ctx, acr_ssl_ctx_t *);
+}
+
+ACR_SSL_EXPORT(void, SSLServer, setctx2)(JNI_STDARGS, jlong srv, jlong ctx)
+{
+ acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
+ s->ctx2 = J2P(ctx, acr_ssl_ctx_t *);
+}
Modified: commons/sandbox/runtime/trunk/src/main/native/shared/error.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/shared/error.c?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/shared/error.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/shared/error.c Mon Sep 19
06:56:26 2011
@@ -30,13 +30,14 @@ static struct {
jclass clazz;
const char *name;
} _throw_classes[ACR_EX_LEN] = {
- { 0, "java/lang/IllegalStateException" },
+ { 0, "java/lang/IllegalStateException" }, /* EILLEGAL
*/
{ 0, "java/lang/InstatiationException" }, /* ENOINIT
*/
{ 0, "java/lang/RuntimeException" }, /* EGENERAL
*/
{ 0, "java/lang/OutOfMemoryError" }, /* ENOMEM
*/
{ 0, "java/lang/NullPointerException" }, /* EISNULL
*/
{ 0, "java/lang/UnsupportedOperationException" }, /* ENOSYS
*/
{ 0, "java/io/IOException" }, /* EIO
*/
+ { 0, "java/io/FileNotFoundException" }, /* EBADPATH
*/
{ 0, "java/net/SocketException" }, /* ESOCK
*/
{ 0, ACR_IO_CP "InvalidDescriptorException" }, /* EBADF
*/
@@ -58,7 +59,9 @@ static struct {
{ 0, ACR_CLASS_PATH "OverflowException" }, /*
EOVERFLOW */
{ 0, ACR_CLASS_PATH "OutOfResourcesException" }, /* ENORES
*/
{ 0, ACR_NET_CP "ConnectionAbortedException" }, /*
ECONNABORTED */
- { 0, ACR_NET_CP "ConnectionResetException" } /*
ECONNRESET */
+ { 0, ACR_NET_CP "ConnectionResetException" }, /*
ECONNRESET */
+ { 0, ACR_SSL_CP "SSLException" }, /* ESSL
*/
+ { 0, ACR_SSL_CP "SSLInvalidKeyException" } /*
ESSLBADKEY */
};
static const char *const _canon_errors[] = {
