Author: mturk
Date: Mon Oct 24 05:46:51 2011
New Revision: 1188025
URL: http://svn.apache.org/viewvc?rev=1188025&view=rev
Log:
Add stub files for proxy and client
Added:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLClient.java
(with props)
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/client.c
(with props)
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/netio.c
(with props)
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ocsp.c
(with props)
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/proxy.c
(with props)
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/stapling.c
(with props)
Modified:
commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in
commons/sandbox/runtime/trunk/src/main/native/include/acr/descriptor.h
commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
Added:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLClient.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLClient.java?rev=1188025&view=auto
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLClient.java
(added)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLClient.java
Mon Oct 24 05:46:51 2011
@@ -0,0 +1,140 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.runtime.ssl;
+
+import org.apache.commons.runtime.ClosedObjectException;
+import org.apache.commons.runtime.InvalidArgumentException;
+import org.apache.commons.runtime.OperationNotImplementedException;
+import org.apache.commons.runtime.ObjectNotInitializedException;
+import org.apache.commons.runtime.Status;
+import org.apache.commons.runtime.SystemException;
+
+import java.io.Closeable;
+import java.io.File;
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+/**
+ * Represents SSL client instance.
+ */
+public final class SSLClient extends SSLObject implements Closeable
+{
+
+ // Hide SSLObject
+ private final long pointer = 0L;
+ private static native long new0()
+ throws OutOfMemoryError;
+ private static native void close0(long client);
+ private static native void setbio0(long client, long bio);
+ private static native void setctx0(long client, long ctx)
+ throws SSLException;
+
+ private SSLContext ctx = null;
+
+ /**
+ * Creates a new client instance.
+ *
+ * @throws NullPointerException if hostId is {@code null}.
+ * @throws RuntimeException if SSL was not initialized.
+ */
+ public SSLClient()
+ throws NullPointerException
+ {
+ if (!SSL.initialized())
+ throw new RuntimeException(Local.sm.get("openssl.EINIT"));
+ super.pointer = new0();
+ }
+
+ public synchronized final void dispose()
+ throws IllegalStateException
+ {
+ if (super.pointer == 0L)
+ return;
+ if (ctx != null) {
+ ctx.dispose();
+ ctx = null;
+ }
+ if (super.pointer != 0L) {
+ close0(super.pointer);
+ super.pointer = 0L;
+ }
+ }
+
+ /**
+ * Free the allocated resource by the Operating system.
+ * <p>
+ * Note that {@code Object.finalize()} method will call
+ * this function. However if the native code can block for
+ * long time explicit {@code close()} should be called.
+ * </p>
+ * @see java.io.Closeable#close()
+ * @throws IOException if an I/O error occurs.
+ */
+ public synchronized final void close()
+ throws IOException
+ {
+ dispose();
+ }
+
+ /**
+ * Set this clients's SSL context.
+ * <p>
+ *
+ * </p>
+ * @param ctx the context to set
+ * @return previous context or {@code null} if the context
+ * was not set already.
+ * @throws ClosedObjectException if server is closed.
+ */
+ public synchronized final SSLContext setContext(SSLContext ctx)
+ throws IllegalStateException,
+ SSLException
+ {
+ if (super.pointer == 0L)
+ throw new ClosedObjectException();
+ if (this.ctx != null)
+ return this.ctx;
+ setctx0(super.pointer, ((SSLObject)ctx).pointer);
+ this.ctx = ctx;
+ return null;
+ }
+
+ /**
+ * Set the SSLBio used for error reporting.
+ * <p>
+ * By default all error messages will be printed to the
+ * stderr stream. This method allow to redirect those messages
+ * to the provided callback.
+ * </p>
+ *
+ * @param bio SSLBio callback.
+ *
+ * @throws ClosedObjectException if server is closed.
+ * @throws ObjectNotInitializedException if {@code bio} is invalid.
+ */
+ public void setErrorReportBio(SSLBio bio)
+ throws ClosedObjectException,
+ ObjectNotInitializedException
+ {
+ if (super.pointer == 0L)
+ throw new ClosedObjectException();
+ long bh = ((SSLObject)bio).pointer;
+ if (bh == 0L)
+ throw new ObjectNotInitializedException();
+ setbio0(super.pointer, bh);
+ }
+}
Propchange:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLClient.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in?rev=1188025&r1=1188024&r2=1188025&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in (original)
+++ commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in Mon Oct 24
05:46:51 2011
@@ -153,14 +153,19 @@ SSLSOURCES=\
$(TOPDIR)/modules/openssl/api.c \
$(TOPDIR)/modules/openssl/bio.c \
$(TOPDIR)/modules/openssl/cert.c \
+ $(TOPDIR)/modules/openssl/client.c \
$(TOPDIR)/modules/openssl/ctx.c \
$(TOPDIR)/modules/openssl/engine.c \
$(TOPDIR)/modules/openssl/init.c \
$(TOPDIR)/modules/openssl/key.c \
+ $(TOPDIR)/modules/openssl/netio.c \
+ $(TOPDIR)/modules/openssl/ocsp.c \
$(TOPDIR)/modules/openssl/password.c \
+ $(TOPDIR)/modules/openssl/proxy.c \
$(TOPDIR)/modules/openssl/rand.c \
$(TOPDIR)/modules/openssl/server.c \
$(TOPDIR)/modules/openssl/ssl.c \
+ $(TOPDIR)/modules/openssl/stapling.c \
$(TOPDIR)/modules/openssl/util.c
CXXSOURCES=
Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/descriptor.h
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/descriptor.h?rev=1188025&r1=1188024&r2=1188025&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/descriptor.h
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/descriptor.h Mon
Oct 24 05:46:51 2011
@@ -64,6 +64,8 @@ struct acr_fd_t {
#else
int f;
#endif
+ void *opaque; /**< Descriptor attachment */
+ void *ctx; /**< Descriptor context */
};
typedef struct acr_sd_t acr_sd_t;
@@ -84,10 +86,14 @@ struct acr_sd_t {
#if defined(WINDOWS)
WCHAR *socketfname;
#endif
+ void *opaque; /**< Descriptor attachment */
+ void *ctx; /**< Descriptor context */
};
typedef struct acr_sf_t acr_sf_t;
struct acr_sf_t {
+ void *opaque;
+ void *ctx;
#if !defined(WINDOWS)
int fd;
#else
Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1188025&r1=1188024&r2=1188025&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Mon Oct 24
05:46:51 2011
@@ -19,9 +19,16 @@
#include "acr/stdtypes.h"
#include "acr/callback.h"
+#include "acr/descriptor.h"
#include "acr/time.h"
+
#if HAVE_OPENSSL
+#ifndef RAND_MAX
+#include <limits.h>
+#define RAND_MAX INT_MAX
+#endif
+
/* Exclude unused OpenSSL features
* even if the OpenSSL supports them
*/
@@ -57,11 +64,8 @@
#include <openssl/engine.h>
#endif
-#ifndef RAND_MAX
-#include <limits.h>
-#define RAND_MAX INT_MAX
-#endif
-
+#if HAVE_OCSP
+#include <openssl/ocsp.h>
#if OPENSSL_VERSION_NUMBER >= 0x00908080 && !defined(OPENSSL_NO_OCSP) \
&& !defined(OPENSSL_NO_TLSEXT)
#define HAVE_OCSP_STAPLING
@@ -69,6 +73,7 @@
#define sk_OPENSSL_STRING_pop sk_pop
#endif
#endif
+#endif
#if (OPENSSL_VERSION_NUMBER >= 0x10000000)
#define CONST_SSL_METHOD const SSL_METHOD
@@ -316,6 +321,8 @@ typedef struct ssl_obj_t {
extern UI_METHOD *acr_ssl_password_ui;
typedef struct acr_ssl_srv_t acr_ssl_srv_t;
+typedef struct acr_ssl_client_t acr_ssl_client_t;
+typedef struct acr_ssl_proxy_t acr_ssl_proxy_t;
/* SSL context */
typedef struct acr_ssl_ctx_t {
@@ -356,6 +363,8 @@ typedef struct acr_ssl_ctx_t {
char *cipher_suite;
int verify_depth;
int verify_mode;
+ int verify_error;
+ int verify_return_error;
int crl_check;
@@ -407,6 +416,35 @@ struct acr_ssl_srv_t {
char error_str[ACR_ERR_BUFFSIZE];
};
+/* Client context */
+struct acr_ssl_client_t {
+ acr_refcount_t refs;
+ int type;
+ acr_ssl_ctx_t *ctx;
+ BIO *bio;
+ int inited;
+ long options;
+ int enabled;
+ int error_num;
+ char error_str[ACR_ERR_BUFFSIZE];
+};
+
+/* Proxy context */
+struct acr_ssl_proxy_t {
+ acr_refcount_t refs;
+ int type;
+ acr_ssl_ctx_t *ctx;
+ char *proxyname;
+ char *proxyid;
+ BIO *bio;
+ int inited;
+ int proxyid_len;
+ long options;
+ int enabled;
+ int error_num;
+ char error_str[ACR_ERR_BUFFSIZE];
+};
+
#define ssl_ctx_get_extra_certs(ctx) ((ctx)->extra_certs)
#define ssl_ctx_set_extra_certs(ctx, value) \
do { \
@@ -415,30 +453,18 @@ struct acr_ssl_srv_t {
/**
* SSL socket descriptor.
- * Make sure it is in sync with acr_sd_t so
- * it can be casted to it
*/
typedef struct ssl_sd_t ssl_sd_t;
struct ssl_sd_t {
- acr_refcount_t refs; /**< Reference counter */
- int type; /**< Descriptor type */
- int timeout;
- int flags;
-#if defined(WINDOWS)
- union {
- HANDLE h;
- SOCKET s;
- LPVOID p;
- };
-#else
- int s;
-#endif
-#if defined(WINDOWS)
- WCHAR *socketfname;
-#endif
- /*** SSL struct members ***/
- acr_ssl_srv_t *srv;
+ acr_refcount_t refs;
+ int type;
+ acr_sd_t *sd; /**< Real socket descriptor */
acr_ssl_ctx_t *ctx;
+ union {
+ acr_ssl_client_t *client;
+ acr_ssl_proxy_t *proxy;
+ acr_ssl_srv_t *srv;
+ } u;
SSL *ssl;
X509 *peer;
int shutdown_type;
@@ -458,6 +484,10 @@ SSL_CTX *ssl_ctx_retain(acr_ssl_ctx_t
int ssl_ctx_release(acr_ssl_ctx_t *c);
void ssl_srv_retain(acr_ssl_srv_t *s);
int ssl_srv_release(acr_ssl_srv_t *s);
+void ssl_client_retain(acr_ssl_client_t *s);
+int ssl_client_release(acr_ssl_client_t *s);
+void ssl_proxy_retain(acr_ssl_proxy_t *s);
+int ssl_proxy_release(acr_ssl_proxy_t *s);
void ssl_init_app_data2_idx(void);
void *ssl_get_app_data2(SSL *);
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c?rev=1188025&r1=1188024&r2=1188025&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c Mon Oct
24 05:46:51 2011
@@ -186,6 +186,11 @@ struct SSLAPIst {
int (*fpSSL_CTX_use_PrivateKey)(SSL_CTX *, EVP_PKEY *);
int (*fpSSL_CTX_use_certificate)(SSL_CTX *, X509 *);
int (*fpSSL_CTX_check_private_key)(const SSL_CTX *);
+ void (*fpSSL_CTX_set_client_CA_list)(SSL_CTX *,
STACK_OF(X509_NAME) *);
+ STACK_OF(X509_NAME)*(*fpSSL_CTX_get_client_CA_list)(const SSL_CTX *);
+ int (*fpSSL_CTX_set_cipher_list)(SSL_CTX *, const char *);
+
+
/*** SSL ***/
void* (*fpSSL_get_ex_data)(const SSL *, int);
@@ -194,7 +199,17 @@ struct SSLAPIst {
int (*fpSSL_library_init)(void);
void (*fpSSL_load_error_strings)(void);
int (*fpSSL_set_ex_data)(SSL *, int, void *);
+ STACK_OF(X509_NAME)*(*fpSSL_load_client_CA_file)(const char *);
+ int
(*fpSSL_add_file_cert_subjects_to_stack)(STACK_OF(X509_NAME) *, const char *);
+ SSL* (*fpSSL_new)(SSL_CTX *);
+ int (*fpSSL_set_session_id_context)(SSL *,const unsigned
char *, unsigned int);
+ void (*fpSSL_free)(SSL *);
+ int (*fpSSL_accept)(SSL *);
+ int (*fpSSL_connect)(SSL *);
+ void (*fpSSL_set_verify_result)(SSL *, long);
+ int (*fpSSL_set_fd)(SSL *, int);
+
CONST_SSL_METHOD* (*fpSSLv3_method)(void); /* SSLv3 */
CONST_SSL_METHOD* (*fpSSLv3_server_method)(void); /* SSLv3 */
CONST_SSL_METHOD* (*fpSSLv3_client_method)(void); /* SSLv3 */
@@ -250,6 +265,7 @@ struct SSLAPIst {
int (*fpX509_STORE_set_flags)(X509_STORE *, unsigned long);
int (*fpX509_STORE_load_locations)(X509_STORE *, const
char *, const char *);
X509* (*fpd2i_X509_bio)(BIO *, X509 **);
+ int (*fpX509_get_ex_new_index)(long, void *, CRYPTO_EX_new
*, CRYPTO_EX_dup *, CRYPTO_EX_free *);
/*** _STACK ***/
void (*fpsk_pop_free)(SSLAPI_STACK *, void (*)(void *));
@@ -331,6 +347,15 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
LIBSSL_FPLOAD(SSL_library_init);
LIBSSL_FPLOAD(SSL_load_error_strings);
LIBSSL_FPLOAD(SSL_set_ex_data);
+ LIBSSL_FPLOAD(SSL_load_client_CA_file);
+ LIBSSL_FPLOAD(SSL_add_file_cert_subjects_to_stack);
+ LIBSSL_FPLOAD(SSL_new);
+ LIBSSL_FPLOAD(SSL_set_session_id_context);
+ LIBSSL_FPLOAD(SSL_free);
+ LIBSSL_FPLOAD(SSL_accept);
+ LIBSSL_FPLOAD(SSL_connect);
+ LIBSSL_FPLOAD(SSL_set_verify_result);
+ LIBSSL_FPLOAD(SSL_set_fd);
LIBSSL_FPLOAD(SSLv3_method);
LIBSSL_FPLOAD(SSLv3_server_method);
@@ -362,6 +387,9 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
LIBSSL_FPLOAD(SSL_CTX_use_PrivateKey);
LIBSSL_FPLOAD(SSL_CTX_use_certificate);
LIBSSL_FPLOAD(SSL_CTX_check_private_key);
+ LIBSSL_FPLOAD(SSL_CTX_set_client_CA_list);
+ LIBSSL_FPLOAD(SSL_CTX_get_client_CA_list);
+ LIBSSL_FPLOAD(SSL_CTX_set_cipher_list);
/*** BIO ***/
CRYPTO_FPLOAD(BIO_ctrl);
@@ -472,6 +500,7 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
CRYPTO_FPLOAD(X509_STORE_set_flags);
CRYPTO_FPLOAD(X509_STORE_load_locations);
CRYPTO_FPLOAD(d2i_X509_bio);
+ CRYPTO_FPLOAD(X509_get_ex_new_index);
/*** _STACK ***/
CRYPTO_FPLOAD(sk_pop_free);
@@ -1019,6 +1048,21 @@ int SSL_CTX_check_private_key(const SSL_
return SSLAPI_CALL(SSL_CTX_check_private_key)(ctx);
}
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
+{
+ SSLAPI_CALL(SSL_CTX_set_client_CA_list)(ctx, name_list);
+}
+
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s)
+{
+ return SSLAPI_CALL(SSL_CTX_get_client_CA_list)(s);
+}
+
+int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
+{
+ return SSLAPI_CALL(SSL_CTX_set_cipher_list)(ctx, str);
+}
+
void *SSL_get_ex_data(const SSL *ssl, int idx)
{
@@ -1052,6 +1096,54 @@ int SSL_set_ex_data(SSL *ssl, int idx, v
return SSLAPI_CALL(SSL_set_ex_data)(ssl, idx, data);
}
+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
+{
+ return SSLAPI_CALL(SSL_load_client_CA_file)(file);
+
+}
+
+int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+ const char *file)
+{
+ return SSLAPI_CALL(SSL_add_file_cert_subjects_to_stack)(stackCAs, file);
+}
+
+SSL *SSL_new(SSL_CTX *ctx)
+{
+ return SSLAPI_CALL(SSL_new)(ctx);
+}
+
+int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
+ unsigned int sid_ctx_len)
+{
+ return SSLAPI_CALL(SSL_set_session_id_context)(ssl, sid_ctx, sid_ctx_len);
+}
+
+void SSL_free(SSL *ssl)
+{
+ SSLAPI_CALL(SSL_free)(ssl);
+}
+
+int SSL_accept(SSL *ssl)
+{
+ return SSLAPI_CALL(SSL_accept)(ssl);
+}
+
+int SSL_connect(SSL *ssl)
+{
+ return SSLAPI_CALL(SSL_connect)(ssl);
+}
+
+void SSL_set_verify_result(SSL *ssl, long v)
+{
+ SSLAPI_CALL(SSL_set_verify_result)(ssl, v);
+}
+
+int SSL_set_fd(SSL *s, int fd)
+{
+ return SSLAPI_CALL(SSL_set_fd)(s, fd);
+}
+
#define IMPLEMENT_SSLAPI_METHOD(name) \
CONST_SSL_METHOD *name##_method(void) { \
return (*SSLapi.fp##name##_method)(); \
@@ -1236,6 +1328,13 @@ int X509_STORE_load_locations (X509_STOR
return SSLAPI_CALL(X509_STORE_load_locations)(ctx, file, dir);
}
+int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+ return SSLAPI_CALL(X509_get_ex_new_index)(argl, argp, new_func, dup_func,
free_func);
+}
+
+
void sk_pop_free(SSLAPI_STACK *st, void (*func)(void *))
{
SSLAPI_CALL(sk_pop_free)(st, func);
Added: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/client.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/client.c?rev=1188025&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/client.c
(added)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/client.c Mon
Oct 24 05:46:51 2011
@@ -0,0 +1,79 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "acr/clazz.h"
+#include "acr/error.h"
+#include "acr/misc.h"
+#include "acr/string.h"
+#include "acr/port.h"
+#include "acr/ssl.h"
+#include "arch_sync.h"
+
+#if !HAVE_OPENSSL
+#error "Cannot compile this file without HAVE_OPENSSL defined"
+#endif
+
+/* NOTICE: Not implemented yet.
+ */
+
+
+ACR_SSL_EXPORT(jlong, SSLClient, new0)(JNI_STDARGS)
+{
+ acr_ssl_client_t *c;
+
+ c = ACR_TALLOC(acr_ssl_client_t);
+ if (c == 0)
+ return 0;
+ if ((c->bio = BIO_new(BIO_s_file())) != 0)
+ BIO_set_fp(c->bio, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+ c->refs = 1;
+ return P2J(c);
+}
+
+void ssl_client_retain(acr_ssl_client_t *c)
+{
+ if (c != 0)
+ AcrAtomic32Inc(&c->refs);
+}
+
+int ssl_client_release(acr_ssl_client_t *c)
+{
+ if (c == 0)
+ return 0;
+ if (AcrAtomic32Dec(&c->refs) != 0)
+ return 0;
+ ssl_ctx_release(c->ctx);
+ ssl_bio_close(c->bio);
+ /* SSLServer cleanup */
+ AcrFree(c);
+ return 1;
+}
+
+ACR_SSL_EXPORT(void, SSLClient, close0)(JNI_STDARGS, jlong c)
+{
+ ssl_client_release(J2P(c, acr_ssl_client_t *));
+}
+
+ACR_SSL_EXPORT(void, SSLClient, setbio0)(JNI_STDARGS, jlong cp, jlong bp)
+{
+ acr_ssl_client_t *c = J2P(cp, acr_ssl_client_t *);
+ BIO *bio = J2P(bp, BIO *);
+
+ if (c->bio != 0 && c->bio != bio)
+ ssl_bio_close(c->bio);
+ c->bio = bio;
+ ssl_bio_doref(bio);
+}
Propchange:
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/client.c
------------------------------------------------------------------------------
svn:eol-style = native
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1188025&r1=1188024&r2=1188025&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Mon Oct
24 05:46:51 2011
@@ -384,7 +384,28 @@ ACR_SSL_EXPORT(void, SSLContext, addcast
acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
WITH_CSTR(file) {
WITH_CSTR(path) {
- if (!SSL_CTX_load_verify_locations(c->ctx, J2S(file), J2S(path)))
+ if (SSL_CTX_load_verify_locations(c->ctx, J2S(file), J2S(path))) {
+ if (c->mode != SSL_MODE_CLIENT && J2S(file) != 0) {
+ STACK_OF(X509_NAME) *ca_certs;
+
+ c->store = SSL_CTX_get_cert_store(c->ctx);
+ ca_certs = SSL_CTX_get_client_CA_list(c->ctx);
+ if (ca_certs == 0) {
+ ca_certs = SSL_load_client_CA_file(J2S(file));
+ if (ca_certs != 0)
+ SSL_CTX_set_client_CA_list(c->ctx, ca_certs);
+ else
+ ssl_throw_errno(env, ACR_EX_ESSL);
+ }
+ else if (!SSL_add_file_cert_subjects_to_stack(ca_certs,
J2S(file))) {
+ ssl_throw_errno(env, ACR_EX_ESSL);
+ ca_certs = 0;
+ }
+ if (ca_certs != 0)
+ c->ca_certs++;
+ }
+ }
+ else
ssl_throw_errno(env, ACR_EX_ESSL);
} DONE_WITH_STR(path);
} DONE_WITH_STR(file);
@@ -425,34 +446,12 @@ ACR_SSL_EXPORT(void, SSLContext, setcrlc
ACR_SSL_EXPORT(void, SSLContext, setvmode0)(JNI_STDARGS, jlong ctx,
jint mode, jint depth)
{
-// int verify = SSL_VERIFY_NONE;
acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
if (depth > 0)
c->verify_depth = depth;
- c->verify_mode = mode;
-#if 0
- if (c->verify_depth == UNSET)
- c->verify_depth = 1;
- /*
- * Configure callbacks for SSL context
- */
- if (c->verify_mode == SSL_CVERIFY_REQUIRE)
- verify |= SSL_VERIFY_PEER_STRICT;
- if (c->verify_mode == SSL_CVERIFY_OPTIONAL ||
- c->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA)
- verify |= SSL_VERIFY_PEER;
- if (c->store == 0) {
- if (c->verify_mode != 0 && !SSL_CTX_set_default_verify_paths(c->ctx)) {
- ssl_throw_errno(env, ACR_EX_ESSL);
- return;
- }
- c->store = SSL_CTX_get_cert_store(c->ctx);
- X509_STORE_set_flags(c->store, 0);
- }
-
- SSL_CTX_set_verify(c->ctx, verify, 0 /* ssl_callback_ssl_verify */);
-#endif
+ c->verify_mode = mode;
+ c->verify_error = X509_V_OK;
}
ACR_SSL_EXPORT(void, SSLContext, setpasscb0)(JNI_STDARGS, jlong ctx,
@@ -495,3 +494,18 @@ ACR_SSL_EXPORT(jboolean, SSLContext, use
else
return JNI_TRUE;
}
+
+ACR_SSL_EXPORT(void, SSLContext, setcertchain0)(JNI_STDARGS, jlong ctx,
+ jstring file, jboolean
skipfirst)
+{
+ acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
+
+ WITH_CSTR(file) {
+ if (ssl_ctx_use_certificate_chain(c->ctx, J2S(file), skipfirst) < 0) {
+ /* XXX: Should we throw some custom error so we can
+ * localize the message? Probably not.
+ */
+ ACR_THROW_MSG(ACR_EX_ESSL, "Failed to configure CA certificate
chain");
+ }
+ } DONE_WITH_STR(file);
+}
Added: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/netio.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/netio.c?rev=1188025&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/netio.c
(added)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/netio.c Mon
Oct 24 05:46:51 2011
@@ -0,0 +1,85 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "acr/clazz.h"
+#include "acr/error.h"
+#include "acr/misc.h"
+#include "acr/string.h"
+#include "acr/iofd.h"
+#include "acr/netapi.h"
+#include "acr/port.h"
+#include "acr/ssl.h"
+#include "arch_sync.h"
+
+#if !HAVE_OPENSSL
+#error "Cannot compile this file without HAVE_OPENSSL defined"
+#endif
+
+ACR_NET_EXPORT(jlong, SSLSocketDescriptor, socket0)(JNI_STDARGS, jlong ssd,
+ jlong ctx)
+{
+ ssl_sd_t *s;
+ acr_sd_t *sd = J2P(ssd, acr_sd_t *);
+ acr_ssl_ctx_t *c = J2P(c, acr_ssl_ctx_t *);
+
+ if (sd->ctx != 0) {
+ ACR_THROW_MSG(ACR_EX_EILLEGAL,
+ "SocketDescriptor is already bound to another context");
+ return 0;
+ }
+ s = ACR_TALLOC(ssl_sd_t);
+ if (s == 0)
+ return 0;
+ s->refs = 1;
+ s->sd = sd;
+ s->ctx = c;
+ s->ssl = SSL_new(c->ctx);
+ if (s->ssl == 0) {
+ AcrFree(s);
+ ACR_THROW_SYS_ERROR(ACR_ENOMEM);
+ return 0;
+ }
+ s->shutdown_type = c->shutdown_type;
+ SSL_set_app_data(s->ssl, s);
+ SSL_set_verify_result(s->ssl, X509_V_OK);
+ SSL_set_fd(s->ssl, (int)sd->s);
+
+ /* Reference SocketDescriptor so it doesn't get
+ * garbage collected before we close it
+ */
+ AcrAtomic32Inc(&sd->refs);
+ sd->ctx = s;
+ return P2J(s);
+}
+
+ACR_NET_EXPORT(jint, SSLSocketDescriptor, close0)(JNI_STDARGS, jlong sp)
+{
+ ssl_sd_t *ss = J2P(sp, ssl_sd_t *);
+
+ if (ss == 0)
+ return ACR_EBADF;
+ if (AcrAtomic32Dec(&ss->refs) == 0) {
+ if (ss->ssl != 0) {
+ SSL_free(ss->ssl);
+ }
+ if (ss->peer != 0) {
+ X509_free(ss->peer);
+ }
+ AcrAtomic32Dec(&ss->sd->refs);
+ AcrFree(ss);
+ }
+ return 0;
+}
Propchange:
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/netio.c
------------------------------------------------------------------------------
svn:eol-style = native
Added: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ocsp.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ocsp.c?rev=1188025&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ocsp.c (added)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ocsp.c Mon
Oct 24 05:46:51 2011
@@ -0,0 +1,34 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "acr/clazz.h"
+#include "acr/error.h"
+#include "acr/misc.h"
+#include "acr/dso.h"
+#include "acr/port.h"
+#include "arch_sync.h"
+#include "acr/ssl.h"
+
+#if !HAVE_OPENSSL
+#error "Cannot compile this file without HAVE_OPENSSL defined"
+#endif
+
+#ifndef OPENSSL_NO_OCSP
+
+
+
+
+#endif /* OPENSSL_NO_OCSP */
Propchange: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ocsp.c
------------------------------------------------------------------------------
svn:eol-style = native
Added: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/proxy.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/proxy.c?rev=1188025&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/proxy.c
(added)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/proxy.c Mon
Oct 24 05:46:51 2011
@@ -0,0 +1,65 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "acr/clazz.h"
+#include "acr/error.h"
+#include "acr/misc.h"
+#include "acr/string.h"
+#include "acr/port.h"
+#include "acr/ssl.h"
+#include "arch_sync.h"
+
+#if !HAVE_OPENSSL
+#error "Cannot compile this file without HAVE_OPENSSL defined"
+#endif
+
+/* NOTICE: Not implemented yet.
+ */
+
+void ssl_proxy_retain(acr_ssl_proxy_t *p)
+{
+ if (p != 0)
+ AcrAtomic32Inc(&p->refs);
+}
+
+int ssl_proxy_release(acr_ssl_proxy_t *p)
+{
+ if (p == 0)
+ return 0;
+ if (AcrAtomic32Dec(&p->refs) != 0)
+ return 0;
+ ssl_ctx_release(p->ctx);
+ ssl_bio_close(p->bio);
+ /* SSLProxy cleanup */
+ AcrFree(p);
+ return 1;
+}
+
+ACR_SSL_EXPORT(void, SSLProxy, close0)(JNI_STDARGS, jlong p)
+{
+ ssl_proxy_release(J2P(p, acr_ssl_proxy_t *));
+}
+
+ACR_SSL_EXPORT(void, SSLProxy, setbio0)(JNI_STDARGS, jlong pp, jlong bp)
+{
+ acr_ssl_proxy_t *p = J2P(pp, acr_ssl_proxy_t *);
+ BIO *bio = J2P(bp, BIO *);
+
+ if (p->bio != 0 && p->bio != bio)
+ ssl_bio_close(p->bio);
+ p->bio = bio;
+ ssl_bio_doref(bio);
+}
Propchange:
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/proxy.c
------------------------------------------------------------------------------
svn:eol-style = native
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c?rev=1188025&r1=1188024&r2=1188025&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c Mon
Oct 24 05:46:51 2011
@@ -85,6 +85,7 @@ ACR_SSL_EXPORT(void, SSLServer, setctx0)
s->ctx = c;
if (s->options != 0)
SSL_CTX_set_options(c->ctx, s->options);
+
}
}
Added: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/stapling.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/stapling.c?rev=1188025&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/stapling.c
(added)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/stapling.c
Mon Oct 24 05:46:51 2011
@@ -0,0 +1,72 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "acr/clazz.h"
+#include "acr/error.h"
+#include "acr/misc.h"
+#include "acr/dso.h"
+#include "acr/port.h"
+#include "arch_sync.h"
+#include "acr/ssl.h"
+
+#if !HAVE_OPENSSL
+#error "Cannot compile this file without HAVE_OPENSSL defined"
+#endif
+
+#ifdef HAVE_OCSP_STAPLING
+
+/**
+ * Maxiumum OCSP stapling response size. This should be the response for a
+ * single certificate and will typically include the responder certificate
chain
+ * so 10K should be more than enough.
+ *
+ */
+#define MAX_STAPLING_DER 10240
+
+/* Cached info stored in certificate ex_info. */
+typedef struct {
+ /* Index in session cache SHA1 hash of certificate */
+ UCHAR idx[20];
+ /* Certificate ID for OCSP requests or NULL if ID cannot be determined */
+ OCSP_CERTID *cid;
+ /* Responder details */
+ char *uri;
+} certinfo;
+
+static void certinfo_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ int idx, long argl, void *argp)
+{
+ certinfo *cinf = ptr;
+
+ if (!cinf)
+ return;
+ if (cinf->uri)
+ OPENSSL_free(cinf->uri);
+ OPENSSL_free(cinf);
+}
+
+static int stapling_ex_idx = -1;
+
+void ssl_stapling_ex_init(void)
+{
+ if (stapling_ex_idx != -1)
+ return;
+ stapling_ex_idx = X509_get_ex_new_index(0, "X509 cached OCSP info", 0, 0,
+ certinfo_free);
+}
+
+
+#endif /* HAVE_OCSP_STAPLING */
Propchange:
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/stapling.c
------------------------------------------------------------------------------
svn:eol-style = native
