This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
The following commit(s) were added to refs/heads/main by this push:
new eb9b8d866 Align Java code with current 12.0.x
eb9b8d866 is described below
commit eb9b8d866eba37463a1f344a2c3276b202c2cfe0
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Jun 11 16:58:05 2026 +0100
Align Java code with current 12.0.x
---
java/org/apache/tomcat/jni/AprStatus.java | 50 +++
java/org/apache/tomcat/jni/Buffer.java | 3 +
java/org/apache/tomcat/jni/Library.java | 47 +-
.../apache/tomcat/jni/LibraryNotFoundError.java | 15 +-
java/org/apache/tomcat/jni/Pool.java | 10 +-
java/org/apache/tomcat/jni/SSL.java | 478 ++++++++++++++++++++-
java/org/apache/tomcat/jni/SSLConf.java | 10 +
java/org/apache/tomcat/jni/SSLContext.java | 151 ++++---
8 files changed, 696 insertions(+), 68 deletions(-)
diff --git a/java/org/apache/tomcat/jni/AprStatus.java
b/java/org/apache/tomcat/jni/AprStatus.java
index 5b463afd6..9b2a96c7e 100644
--- a/java/org/apache/tomcat/jni/AprStatus.java
+++ b/java/org/apache/tomcat/jni/AprStatus.java
@@ -29,39 +29,87 @@ public class AprStatus {
private static volatile int openSSLVersion = 0;
private static ReentrantReadWriteLock statusLock = new
ReentrantReadWriteLock();
+ /**
+ * Prevents instantiation.
+ */
+ private AprStatus() {
+ }
+
+ /**
+ * Returns whether APR has been initialized.
+ *
+ * @return {@code true} if APR has been initialized
+ */
public static boolean isAprInitialized() {
return aprInitialized;
}
+ /**
+ * Returns whether APR is available.
+ *
+ * @return {@code true} if APR is available
+ */
public static boolean isAprAvailable() {
return aprAvailable;
}
+ /**
+ * Returns whether OpenSSL is in use.
+ *
+ * @return {@code true} if OpenSSL is in use
+ */
public static boolean getUseOpenSSL() {
return useOpenSSL;
}
+ /**
+ * Returns whether an APR instance has been created.
+ *
+ * @return {@code true} if an APR instance has been created
+ */
public static boolean isInstanceCreated() {
return instanceCreated;
}
+ /**
+ * Sets the APR initialized status.
+ *
+ * @param aprInitialized the APR initialized status to set
+ */
public static void setAprInitialized(boolean aprInitialized) {
AprStatus.aprInitialized = aprInitialized;
}
+ /**
+ * Sets the APR available status.
+ *
+ * @param aprAvailable the APR available status to set
+ */
public static void setAprAvailable(boolean aprAvailable) {
AprStatus.aprAvailable = aprAvailable;
}
+ /**
+ * Sets whether to use OpenSSL.
+ *
+ * @param useOpenSSL the use OpenSSL status to set
+ */
public static void setUseOpenSSL(boolean useOpenSSL) {
AprStatus.useOpenSSL = useOpenSSL;
}
+ /**
+ * Sets the instance created status.
+ *
+ * @param instanceCreated the instance created status to set
+ */
public static void setInstanceCreated(boolean instanceCreated) {
AprStatus.instanceCreated = instanceCreated;
}
/**
+ * Returns the OpenSSL version.
+ *
* @return the openSSLVersion
*/
public static int getOpenSSLVersion() {
@@ -69,6 +117,8 @@ public class AprStatus {
}
/**
+ * Sets the OpenSSL version.
+ *
* @param openSSLVersion the openSSLVersion to set
*/
public static void setOpenSSLVersion(int openSSLVersion) {
diff --git a/java/org/apache/tomcat/jni/Buffer.java
b/java/org/apache/tomcat/jni/Buffer.java
index 530021c5f..6e1c64d1b 100644
--- a/java/org/apache/tomcat/jni/Buffer.java
+++ b/java/org/apache/tomcat/jni/Buffer.java
@@ -23,6 +23,9 @@ import java.nio.ByteBuffer;
*/
public class Buffer {
+ /** Utility class - do not instantiate. */
+ private Buffer() { }
+
/**
* Returns the memory address of the ByteBuffer.
*
diff --git a/java/org/apache/tomcat/jni/Library.java
b/java/org/apache/tomcat/jni/Library.java
index 8b89ff73a..ed4909cc9 100644
--- a/java/org/apache/tomcat/jni/Library.java
+++ b/java/org/apache/tomcat/jni/Library.java
@@ -18,6 +18,9 @@ package org.apache.tomcat.jni;
import java.io.File;
+/**
+ * Manages loading of the Tomcat Native (tcnative) library.
+ */
public final class Library {
/* Default library names - use 2.x in preference to 1.x if both are
available */
@@ -110,27 +113,51 @@ public final class Library {
/* Internal function for loading APR Features */
private static native int version(int what);
- /* TCN_MAJOR_VERSION */
+ /**
+ * TCN major version.
+ */
public static int TCN_MAJOR_VERSION = 0;
- /* TCN_MINOR_VERSION */
+ /**
+ * TCN minor version.
+ */
public static int TCN_MINOR_VERSION = 0;
- /* TCN_PATCH_VERSION */
+ /**
+ * TCN patch version.
+ */
public static int TCN_PATCH_VERSION = 0;
- /* TCN_IS_DEV_VERSION */
+ /**
+ * TCN is development version flag.
+ */
public static int TCN_IS_DEV_VERSION = 0;
- /* APR_MAJOR_VERSION */
+ /**
+ * APR major version.
+ */
public static int APR_MAJOR_VERSION = 0;
- /* APR_MINOR_VERSION */
+ /**
+ * APR minor version.
+ */
public static int APR_MINOR_VERSION = 0;
- /* APR_PATCH_VERSION */
+ /**
+ * APR patch version.
+ */
public static int APR_PATCH_VERSION = 0;
- /* APR_IS_DEV_VERSION */
+ /**
+ * APR is development version flag.
+ */
public static int APR_IS_DEV_VERSION = 0;
- /* TCN_VERSION_STRING */
+ /**
+ * Returns the TCN version string.
+ *
+ * @return the TCN version string
+ */
public static native String versionString();
- /* APR_VERSION_STRING */
+ /**
+ * Returns the APR version string.
+ *
+ * @return the APR version string
+ */
public static native String aprVersionString();
/**
diff --git a/java/org/apache/tomcat/jni/LibraryNotFoundError.java
b/java/org/apache/tomcat/jni/LibraryNotFoundError.java
index 3d0c16003..a8d775b5e 100644
--- a/java/org/apache/tomcat/jni/LibraryNotFoundError.java
+++ b/java/org/apache/tomcat/jni/LibraryNotFoundError.java
@@ -18,22 +18,35 @@ package org.apache.tomcat.jni;
import java.io.Serial;
+/**
+ * Exception thrown when a required native library cannot be found.
+ */
public class LibraryNotFoundError extends UnsatisfiedLinkError {
@Serial
private static final long serialVersionUID = 1L;
+ /**
+ * The names of the libraries that failed to load.
+ */
private final String libraryNames;
/**
+ * Constructs an instance with the given library names and error messages.
+ *
* @param libraryNames A list of the file names of the native libraries
that failed to load
- * @param errors A list of the error messages received when trying
to load each of the libraries
+ * @param errors A list of the error messages received when trying to load
each of the libraries
*/
public LibraryNotFoundError(String libraryNames, String errors) {
super(errors);
this.libraryNames = libraryNames;
}
+ /**
+ * Returns the names of the libraries that failed to load.
+ *
+ * @return the library names
+ */
public String getLibraryNames() {
return libraryNames;
}
diff --git a/java/org/apache/tomcat/jni/Pool.java
b/java/org/apache/tomcat/jni/Pool.java
index 628f99a5b..03afd7ed7 100644
--- a/java/org/apache/tomcat/jni/Pool.java
+++ b/java/org/apache/tomcat/jni/Pool.java
@@ -17,10 +17,16 @@
package org.apache.tomcat.jni;
/**
- * Provides access to APR memory pools which are used to manage memory
allocations for natively created instances.
- */
+ * Provides access to APR memory pools which are used to manage memory
allocations for natively created instances.
+ */
public class Pool {
+ /**
+ * Default constructor required by JNI.
+ */
+ public Pool() {
+ }
+
/**
* Create a new pool.
*
diff --git a/java/org/apache/tomcat/jni/SSL.java
b/java/org/apache/tomcat/jni/SSL.java
index 24eaffb3e..8753beb09 100644
--- a/java/org/apache/tomcat/jni/SSL.java
+++ b/java/org/apache/tomcat/jni/SSL.java
@@ -16,61 +16,172 @@
*/
package org.apache.tomcat.jni;
+/**
+ * JNI bindings for OpenSSL SSL functionality.
+ */
public final class SSL {
+ /**
+ * Private constructor to prevent instantiation.
+ */
+ private SSL() {
+ }
+
/*
* Type definitions mostly from mod_ssl
*/
+ /**
+ * Unset value.
+ */
public static final int UNSET = -1;
/*
* Define the certificate algorithm types
*/
+ /**
+ * Unknown algorithm type.
+ */
public static final int SSL_ALGO_UNKNOWN = 0;
+ /**
+ * RSA algorithm type.
+ */
public static final int SSL_ALGO_RSA = (1 << 0);
+ /**
+ * DSA algorithm type.
+ */
public static final int SSL_ALGO_DSA = (1 << 1);
+ /**
+ * All algorithm types.
+ */
public static final int SSL_ALGO_ALL = (SSL_ALGO_RSA | SSL_ALGO_DSA);
+ /**
+ * RSA algorithm index.
+ */
public static final int SSL_AIDX_RSA = 0;
+ /**
+ * DSA algorithm index.
+ */
public static final int SSL_AIDX_DSA = 1;
+ /**
+ * ECC algorithm index.
+ */
public static final int SSL_AIDX_ECC = 3;
+ /**
+ * Maximum algorithm index.
+ */
public static final int SSL_AIDX_MAX = 4;
/*
* Define IDs for the temporary RSA keys and DH params
*/
+ /**
+ * 512-bit temporary RSA key.
+ */
public static final int SSL_TMP_KEY_RSA_512 = 0;
+ /**
+ * 1024-bit temporary RSA key.
+ */
public static final int SSL_TMP_KEY_RSA_1024 = 1;
+ /**
+ * 2048-bit temporary RSA key.
+ */
public static final int SSL_TMP_KEY_RSA_2048 = 2;
+ /**
+ * 4096-bit temporary RSA key.
+ */
public static final int SSL_TMP_KEY_RSA_4096 = 3;
+ /**
+ * 512-bit temporary DH key.
+ */
public static final int SSL_TMP_KEY_DH_512 = 4;
+ /**
+ * 1024-bit temporary DH key.
+ */
public static final int SSL_TMP_KEY_DH_1024 = 5;
+ /**
+ * 2048-bit temporary DH key.
+ */
public static final int SSL_TMP_KEY_DH_2048 = 6;
+ /**
+ * 4096-bit temporary DH key.
+ */
public static final int SSL_TMP_KEY_DH_4096 = 7;
+ /**
+ * Maximum temporary key ID.
+ */
public static final int SSL_TMP_KEY_MAX = 8;
/*
* Define the SSL options
*/
+ /**
+ * No SSL options.
+ */
public static final int SSL_OPT_NONE = 0;
+ /**
+ * SSL option for relative settings.
+ */
public static final int SSL_OPT_RELSET = (1 << 0);
+ /**
+ * SSL option for standard environment variables.
+ */
public static final int SSL_OPT_STDENVVARS = (1 << 1);
+ /**
+ * SSL option for exporting certificate data.
+ */
public static final int SSL_OPT_EXPORTCERTDATA = (1 << 3);
+ /**
+ * SSL option for fake basic authentication.
+ */
public static final int SSL_OPT_FAKEBASICAUTH = (1 << 4);
+ /**
+ * SSL option for strict require.
+ */
public static final int SSL_OPT_STRICTREQUIRE = (1 << 5);
+ /**
+ * SSL option for optional renegotiation.
+ */
public static final int SSL_OPT_OPTRENEGOTIATE = (1 << 6);
+ /**
+ * All SSL options combined.
+ */
public static final int SSL_OPT_ALL = (SSL_OPT_STDENVVARS |
SSL_OPT_EXPORTCERTDATA | SSL_OPT_FAKEBASICAUTH |
SSL_OPT_STRICTREQUIRE | SSL_OPT_OPTRENEGOTIATE);
/*
* Define the SSL Protocol options
*/
+ /**
+ * No protocol options.
+ */
public static final int SSL_PROTOCOL_NONE = 0;
+ /**
+ * SSLv2 protocol.
+ */
public static final int SSL_PROTOCOL_SSLV2 = (1 << 0);
+ /**
+ * SSLv3 protocol.
+ */
public static final int SSL_PROTOCOL_SSLV3 = (1 << 1);
+ /**
+ * TLSv1.0 protocol.
+ */
public static final int SSL_PROTOCOL_TLSV1 = (1 << 2);
+ /**
+ * TLSv1.1 protocol.
+ */
public static final int SSL_PROTOCOL_TLSV1_1 = (1 << 3);
+ /**
+ * TLSv1.2 protocol.
+ */
public static final int SSL_PROTOCOL_TLSV1_2 = (1 << 4);
+ /**
+ * TLSv1.3 protocol.
+ */
public static final int SSL_PROTOCOL_TLSV1_3 = (1 << 5);
+ /**
+ * All TLS protocol versions combined.
+ */
public static final int SSL_PROTOCOL_ALL =
(SSL_PROTOCOL_TLSV1 | SSL_PROTOCOL_TLSV1_1 | SSL_PROTOCOL_TLSV1_2
| SSL_PROTOCOL_TLSV1_3);
@@ -78,30 +189,87 @@ public final class SSL {
/*
* Define the SSL verify levels
*/
+ /**
+ * Client verification unset.
+ */
public static final int SSL_CVERIFY_UNSET = UNSET;
+ /**
+ * No client certificate verification.
+ */
public static final int SSL_CVERIFY_NONE = 0;
+ /**
+ * Optional client certificate verification.
+ */
public static final int SSL_CVERIFY_OPTIONAL = 1;
+ /**
+ * Required client certificate verification.
+ */
public static final int SSL_CVERIFY_REQUIRE = 2;
+ /**
+ * Optional client certificate verification without CA requirement.
+ */
public static final int SSL_CVERIFY_OPTIONAL_NO_CA = 3;
/*
* Use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options are
'ored' with SSL_VERIFY_PEER if they are
* desired
*/
+ /**
+ * No peer verification.
+ */
public static final int SSL_VERIFY_NONE = 0;
+ /**
+ * Verify peer certificate.
+ */
public static final int SSL_VERIFY_PEER = 1;
+ /**
+ * Fail if no peer certificate is presented.
+ */
public static final int SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2;
+ /**
+ * Only verify client certificate once per session.
+ */
public static final int SSL_VERIFY_CLIENT_ONCE = 4;
+ /**
+ * Strict peer verification including certificate requirement.
+ */
public static final int SSL_VERIFY_PEER_STRICT = (SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
+ /**
+ * Workaround for Microsoft session ID bug.
+ */
public static final int SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001;
+ /**
+ * Workaround for Netscape challenge bug.
+ */
public static final int SSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002;
+ /**
+ * Workaround for Netscape cipher change bug.
+ */
public static final int SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG =
0x00000008;
+ /**
+ * Workaround for SSLREF2 certificate type reuse bug.
+ */
public static final int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 0x00000010;
+ /**
+ * Workaround for Microsoft SSLv3 buffer bug.
+ */
public static final int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000020;
+ /**
+ * Workaround for MSIE SSLv2 RSA padding bug.
+ */
public static final int SSL_OP_MSIE_SSLV2_RSA_PADDING = 0x00000040;
+ /**
+ * Workaround for SSLeay 0.8.0 client DH bug.
+ */
public static final int SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000080;
+ /**
+ * Workaround for TLS D5 bug.
+ */
public static final int SSL_OP_TLS_D5_BUG = 0x00000100;
+ /**
+ * Workaround for TLS block padding bug.
+ */
public static final int SSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000200;
/*
@@ -109,140 +277,409 @@ public final class SSL {
* application protocol) the workaround is not needed. Unfortunately some
broken SSL/TLS implementations cannot
* handle it at all, which is why we include it in SSL_OP_ALL.
*/
+ /**
+ * Disable empty fragment insertion for CBC vulnerability workaround.
+ */
public static final int SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00000800;
/*
* SSL_OP_ALL: various bug workarounds that should be rather harmless.
This used to be 0x000FFFFFL before 0.9.7.
*/
+ /**
+ * All bug workaround options combined.
+ */
public static final int SSL_OP_ALL = 0x00000FFF;
- /* As server, disallow session resumption on renegotiation */
+/* As server, disallow session resumption on renegotiation */
+ /**
+ * Disallow session resumption on renegotiation.
+ */
public static final int SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION =
0x00010000;
/* Don't use compression even if supported */
+ /**
+ * Disable compression.
+ */
public static final int SSL_OP_NO_COMPRESSION = 0x00020000;
/* Permit unsafe legacy renegotiation */
+ /**
+ * Allow unsafe legacy renegotiation.
+ */
public static final int SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION =
0x00040000;
/* If set, always create a new key when using tmp_eddh parameters */
+ /**
+ * Always create a new key when using ECDH parameters.
+ */
public static final int SSL_OP_SINGLE_ECDH_USE = 0x00080000;
/* If set, always create a new key when using tmp_dh parameters */
+ /**
+ * Always create a new key when using DH parameters.
+ */
public static final int SSL_OP_SINGLE_DH_USE = 0x00100000;
/*
* Set to always use the tmp_rsa key when doing RSA operations, even when
this violates protocol specs
*/
+ /**
+ * Always use ephemeral RSA key for RSA operations.
+ */
public static final int SSL_OP_EPHEMERAL_RSA = 0x00200000;
/*
* Set on servers to choose the cipher according to the server's
preferences
*/
+ /**
+ * Server prefers its own cipher order.
+ */
public static final int SSL_OP_CIPHER_SERVER_PREFERENCE = 0x00400000;
/*
* If set, a server will allow a client to issue an SSLv3.0 version number
as latest version supported in the
* premaster secret, even when TLSv1.0 (version 3.1) was announced in the
client hello. Normally this is forbidden
* to prevent version rollback attacks.
*/
+ /**
+ * Allow TLS rollback bug workaround.
+ */
public static final int SSL_OP_TLS_ROLLBACK_BUG = 0x00800000;
+ /**
+ * Disable SSLv2 protocol.
+ */
public static final int SSL_OP_NO_SSLv2 = 0x01000000;
+ /**
+ * Disable SSLv3 protocol.
+ */
public static final int SSL_OP_NO_SSLv3 = 0x02000000;
+ /**
+ * Disable TLSv1.0 protocol.
+ */
public static final int SSL_OP_NO_TLSv1 = 0x04000000;
+ /**
+ * Disable TLSv1.2 protocol.
+ */
public static final int SSL_OP_NO_TLSv1_2 = 0x08000000;
+ /**
+ * Disable TLSv1.1 protocol.
+ */
public static final int SSL_OP_NO_TLSv1_1 = 0x10000000;
+ /**
+ * Disable TLS session tickets.
+ */
public static final int SSL_OP_NO_TICKET = 0x00004000;
+ /**
+ * Workaround for Netscape CA DN bug.
+ */
public static final int SSL_OP_NETSCAPE_CA_DN_BUG = 0x20000000;
+ /**
+ * Workaround for Netscape demo cipher change bug.
+ */
public static final int SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG =
0x40000000;
+ /**
+ * Undefined certificate format.
+ */
public static final int SSL_CRT_FORMAT_UNDEF = 0;
+ /**
+ * ASN.1 certificate format.
+ */
public static final int SSL_CRT_FORMAT_ASN1 = 1;
+ /**
+ * Text certificate format.
+ */
public static final int SSL_CRT_FORMAT_TEXT = 2;
+ /**
+ * PEM certificate format.
+ */
public static final int SSL_CRT_FORMAT_PEM = 3;
+ /**
+ * Netscape certificate format.
+ */
public static final int SSL_CRT_FORMAT_NETSCAPE = 4;
+ /**
+ * PKCS12 certificate format.
+ */
public static final int SSL_CRT_FORMAT_PKCS12 = 5;
+ /**
+ * S/MIME certificate format.
+ */
public static final int SSL_CRT_FORMAT_SMIME = 6;
+ /**
+ * Engine certificate format.
+ */
public static final int SSL_CRT_FORMAT_ENGINE = 7;
+ /**
+ * Client SSL mode.
+ */
public static final int SSL_MODE_CLIENT = 0;
+ /**
+ * Server SSL mode.
+ */
public static final int SSL_MODE_SERVER = 1;
+ /**
+ * Combined client and server SSL mode.
+ */
public static final int SSL_MODE_COMBINED = 2;
+ /**
+ * Configuration flag for command line.
+ */
public static final int SSL_CONF_FLAG_CMDLINE = 0x0001;
+ /**
+ * Configuration flag for file.
+ */
public static final int SSL_CONF_FLAG_FILE = 0x0002;
+ /**
+ * Configuration flag for client.
+ */
public static final int SSL_CONF_FLAG_CLIENT = 0x0004;
+ /**
+ * Configuration flag for server.
+ */
public static final int SSL_CONF_FLAG_SERVER = 0x0008;
+ /**
+ * Configuration flag to show errors.
+ */
public static final int SSL_CONF_FLAG_SHOW_ERRORS = 0x0010;
+ /**
+ * Configuration flag for certificate context.
+ */
public static final int SSL_CONF_FLAG_CERTIFICATE = 0x0020;
+ /**
+ * Unknown configuration type.
+ */
public static final int SSL_CONF_TYPE_UNKNOWN = 0x0000;
+ /**
+ * String configuration type.
+ */
public static final int SSL_CONF_TYPE_STRING = 0x0001;
+ /**
+ * File configuration type.
+ */
public static final int SSL_CONF_TYPE_FILE = 0x0002;
+ /**
+ * Directory configuration type.
+ */
public static final int SSL_CONF_TYPE_DIR = 0x0003;
+ /**
+ * Shutdown type unset.
+ */
public static final int SSL_SHUTDOWN_TYPE_UNSET = 0;
+ /**
+ * Standard shutdown type.
+ */
public static final int SSL_SHUTDOWN_TYPE_STANDARD = 1;
+ /**
+ * Unclean shutdown type.
+ */
public static final int SSL_SHUTDOWN_TYPE_UNCLEAN = 2;
+ /**
+ * Accurate shutdown type.
+ */
public static final int SSL_SHUTDOWN_TYPE_ACCURATE = 3;
+ /**
+ * Info flag for session ID.
+ */
public static final int SSL_INFO_SESSION_ID = 0x0001;
+ /**
+ * Info flag for cipher name.
+ */
public static final int SSL_INFO_CIPHER = 0x0002;
+ /**
+ * Info flag for cipher effective key size.
+ */
public static final int SSL_INFO_CIPHER_USEKEYSIZE = 0x0003;
+ /**
+ * Info flag for cipher algorithm key size.
+ */
public static final int SSL_INFO_CIPHER_ALGKEYSIZE = 0x0004;
+ /**
+ * Info flag for cipher version.
+ */
public static final int SSL_INFO_CIPHER_VERSION = 0x0005;
+ /**
+ * Info flag for cipher description.
+ */
public static final int SSL_INFO_CIPHER_DESCRIPTION = 0x0006;
+ /**
+ * Info flag for protocol version.
+ */
public static final int SSL_INFO_PROTOCOL = 0x0007;
/*
* To obtain the CountryName of the Client Certificate Issuer use the
SSL_INFO_CLIENT_I_DN + SSL_INFO_DN_COUNTRYNAME
*/
+ /**
+ * Info flag for client subject distinguished name.
+ */
public static final int SSL_INFO_CLIENT_S_DN = 0x0010;
+ /**
+ * Info flag for client issuer distinguished name.
+ */
public static final int SSL_INFO_CLIENT_I_DN = 0x0020;
+ /**
+ * Info flag for server subject distinguished name.
+ */
public static final int SSL_INFO_SERVER_S_DN = 0x0040;
+ /**
+ * Info flag for server issuer distinguished name.
+ */
public static final int SSL_INFO_SERVER_I_DN = 0x0080;
+ /**
+ * DN field for country name.
+ */
public static final int SSL_INFO_DN_COUNTRYNAME = 0x0001;
+ /**
+ * DN field for state or province name.
+ */
public static final int SSL_INFO_DN_STATEORPROVINCENAME = 0x0002;
+ /**
+ * DN field for locality name.
+ */
public static final int SSL_INFO_DN_LOCALITYNAME = 0x0003;
+ /**
+ * DN field for organization name.
+ */
public static final int SSL_INFO_DN_ORGANIZATIONNAME = 0x0004;
+ /**
+ * DN field for organizational unit name.
+ */
public static final int SSL_INFO_DN_ORGANIZATIONALUNITNAME = 0x0005;
+ /**
+ * DN field for common name.
+ */
public static final int SSL_INFO_DN_COMMONNAME = 0x0006;
+ /**
+ * DN field for title.
+ */
public static final int SSL_INFO_DN_TITLE = 0x0007;
+ /**
+ * DN field for initials.
+ */
public static final int SSL_INFO_DN_INITIALS = 0x0008;
+ /**
+ * DN field for given name.
+ */
public static final int SSL_INFO_DN_GIVENNAME = 0x0009;
+ /**
+ * DN field for surname.
+ */
public static final int SSL_INFO_DN_SURNAME = 0x000A;
+ /**
+ * DN field for description.
+ */
public static final int SSL_INFO_DN_DESCRIPTION = 0x000B;
+ /**
+ * DN field for unique identifier.
+ */
public static final int SSL_INFO_DN_UNIQUEIDENTIFIER = 0x000C;
+ /**
+ * DN field for email address.
+ */
public static final int SSL_INFO_DN_EMAILADDRESS = 0x000D;
+ /**
+ * Info flag for client certificate version.
+ */
public static final int SSL_INFO_CLIENT_M_VERSION = 0x0101;
+ /**
+ * Info flag for client certificate serial number.
+ */
public static final int SSL_INFO_CLIENT_M_SERIAL = 0x0102;
+ /**
+ * Info flag for client certificate validity start.
+ */
public static final int SSL_INFO_CLIENT_V_START = 0x0103;
+ /**
+ * Info flag for client certificate validity end.
+ */
public static final int SSL_INFO_CLIENT_V_END = 0x0104;
+ /**
+ * Info flag for client certificate signature algorithm.
+ */
public static final int SSL_INFO_CLIENT_A_SIG = 0x0105;
+ /**
+ * Info flag for client certificate public key algorithm.
+ */
public static final int SSL_INFO_CLIENT_A_KEY = 0x0106;
+ /**
+ * Info flag for client certificate data.
+ */
public static final int SSL_INFO_CLIENT_CERT = 0x0107;
+ /**
+ * Info flag for client certificate validity remaining.
+ */
public static final int SSL_INFO_CLIENT_V_REMAIN = 0x0108;
+ /**
+ * Info flag for server certificate version.
+ */
public static final int SSL_INFO_SERVER_M_VERSION = 0x0201;
+ /**
+ * Info flag for server certificate serial number.
+ */
public static final int SSL_INFO_SERVER_M_SERIAL = 0x0202;
+ /**
+ * Info flag for server certificate validity start.
+ */
public static final int SSL_INFO_SERVER_V_START = 0x0203;
+ /**
+ * Info flag for server certificate validity end.
+ */
public static final int SSL_INFO_SERVER_V_END = 0x0204;
+ /**
+ * Info flag for server certificate signature algorithm.
+ */
public static final int SSL_INFO_SERVER_A_SIG = 0x0205;
+ /**
+ * Info flag for server certificate public key algorithm.
+ */
public static final int SSL_INFO_SERVER_A_KEY = 0x0206;
+ /**
+ * Info flag for server certificate data.
+ */
public static final int SSL_INFO_SERVER_CERT = 0x0207;
/*
* Return client certificate chain. Add certificate chain number to that
flag (0 ... verify depth)
*/
+ /**
+ * Info flag for client certificate chain.
+ */
public static final int SSL_INFO_CLIENT_CERT_CHAIN = 0x0400;
/* Only support OFF and SERVER for now */
+ /**
+ * Session cache disabled.
+ */
public static final long SSL_SESS_CACHE_OFF = 0x0000;
+ /**
+ * Session cache enabled for server.
+ */
public static final long SSL_SESS_CACHE_SERVER = 0x0002;
+ /**
+ * Do not advertise protocol on selector failure.
+ */
public static final int SSL_SELECTOR_FAILURE_NO_ADVERTISE = 0;
+ /**
+ * Choose last protocol on selector failure.
+ */
public static final int SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL = 1;
- /* Return OpenSSL version number (run time version) */
+ /**
+ * Return OpenSSL version number (run time version).
+ *
+ * @return OpenSSL version number
+ */
public static native int version();
- /* Return OpenSSL version string (run time version) */
+ /**
+ * Return OpenSSL version string (run time version).
+ *
+ * @return OpenSSL version string
+ */
public static native String versionString();
/**
@@ -303,17 +740,50 @@ public final class SSL {
* Begin Twitter API additions
*/
+ /**
+ * Shutdown has been sent.
+ */
public static final int SSL_SENT_SHUTDOWN = 1;
+ /**
+ * Shutdown has been received.
+ */
public static final int SSL_RECEIVED_SHUTDOWN = 2;
+ /**
+ * No SSL error.
+ */
public static final int SSL_ERROR_NONE = 0;
+ /**
+ * SSL library error.
+ */
public static final int SSL_ERROR_SSL = 1;
+ /**
+ * SSL operation would block reading.
+ */
public static final int SSL_ERROR_WANT_READ = 2;
+ /**
+ * SSL operation would block writing.
+ */
public static final int SSL_ERROR_WANT_WRITE = 3;
+ /**
+ * SSL operation wants X.509 lookup.
+ */
public static final int SSL_ERROR_WANT_X509_LOOKUP = 4;
+ /**
+ * SSL syscall error.
+ */
public static final int SSL_ERROR_SYSCALL = 5; /* look at error
stack/return value/errno */
+ /**
+ * SSL connection closed cleanly (zero return).
+ */
public static final int SSL_ERROR_ZERO_RETURN = 6;
+ /**
+ * SSL operation wants connect.
+ */
public static final int SSL_ERROR_WANT_CONNECT = 7;
+ /**
+ * SSL operation wants accept.
+ */
public static final int SSL_ERROR_WANT_ACCEPT = 8;
/**
@@ -505,6 +975,8 @@ public final class SSL {
*/
public static native int getPostHandshakeAuthInProgress(long ssl);
+ public static native void markPostHandshakeAuthComplete(long ssl);
+
/**
* SSL_in_init.
*
diff --git a/java/org/apache/tomcat/jni/SSLConf.java
b/java/org/apache/tomcat/jni/SSLConf.java
index c474afe82..755416b29 100644
--- a/java/org/apache/tomcat/jni/SSLConf.java
+++ b/java/org/apache/tomcat/jni/SSLConf.java
@@ -16,8 +16,18 @@
*/
package org.apache.tomcat.jni;
+/**
+ * JNI bindings for OpenSSL SSL_CONF operations.
+ */
public final class SSLConf {
+ /**
+ * Default constructor. This class provides only static methods.
+ */
+ public SSLConf() {
+ super();
+ }
+
/**
* Create a new SSL_CONF context.
*
diff --git a/java/org/apache/tomcat/jni/SSLContext.java
b/java/org/apache/tomcat/jni/SSLContext.java
index ae307a6b2..25a3718ce 100644
--- a/java/org/apache/tomcat/jni/SSLContext.java
+++ b/java/org/apache/tomcat/jni/SSLContext.java
@@ -16,12 +16,21 @@
*/
package org.apache.tomcat.jni;
-import java.util.Locale;
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-
+/**
+ * JNI bindings for OpenSSL SSL_CTX operations.
+ */
public final class SSLContext {
+ /**
+ * Default constructor. This class provides only static methods.
+ */
+ public SSLContext() {
+ super();
+ }
+
+ /**
+ * Default session ID context value.
+ */
public static final byte[] DEFAULT_SESSION_ID_CONTEXT = new byte[] { 'd',
'e', 'f', 'a', 'u', 'l', 't' };
/**
@@ -249,28 +258,114 @@ public final class SSLContext {
/*
* Session resumption statistics methods.
http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html
*/
+
+ /**
+ * Returns the total number of session attempts accepted by the server.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of accepted sessions
+ */
public static native long sessionAccept(long ctx);
+ /**
+ * Returns the number of sessions actually reused on the server side.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of good session accepts
+ */
public static native long sessionAcceptGood(long ctx);
+ /**
+ * Returns the number of session renegotiations on the server side.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of session renegotiations accepted
+ */
public static native long sessionAcceptRenegotiate(long ctx);
+ /**
+ * Returns the number of times the session cache grew to the maximum
allowed size and therefore further entries
+ * could not be inserted.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of times the session cache was full
+ */
public static native long sessionCacheFull(long ctx);
+ /**
+ * Returns the number of sessions that were resumed by the callback.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of session callback hits
+ */
public static native long sessionCbHits(long ctx);
+ /**
+ * Returns the total number of session connection attempts by the client.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of session connects
+ */
public static native long sessionConnect(long ctx);
+ /**
+ * Returns the number of sessions that were actually reused on the client
side.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of good session connects
+ */
public static native long sessionConnectGood(long ctx);
+ /**
+ * Returns the number of session renegotiations on the client side.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of session renegotiations connected
+ */
public static native long sessionConnectRenegotiate(long ctx);
+ /**
+ * Returns the number of sessions that were actually reused (hits).
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of session hits
+ */
public static native long sessionHits(long ctx);
+ /**
+ * Returns the number of sessions that were not found in the cache
(misses).
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of session misses
+ */
public static native long sessionMisses(long ctx);
+ /**
+ * Returns the total number of sessions currently in the cache.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The total number of sessions
+ */
public static native long sessionNumber(long ctx);
+ /**
+ * Returns the number of sessions that have timed out.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of session timeouts
+ */
public static native long sessionTimeouts(long ctx);
/**
@@ -333,54 +428,6 @@ public final class SSLContext {
*/
public static native void setVerify(long ctx, int level, int depth);
- /**
- * When tc-native encounters a SNI extension in the TLS handshake it will
call this method to determine which
- * OpenSSL SSLContext to use for the connection.
- *
- * @param currentCtx The OpenSSL SSLContext that the handshake started to
use. This will be the default OpenSSL
- * SSLContext for the endpoint associated with the
socket.
- * @param sniHostName The host name requested by the client
- *
- * @return The Java representation of the pointer to the OpenSSL
SSLContext to use for the given host or zero if no
- * SSLContext could be identified
- */
- public static long sniCallBack(long currentCtx, String sniHostName) {
- SNICallBack sniCallBack = sniCallBacks.get(Long.valueOf(currentCtx));
- if (sniCallBack == null) {
- return 0;
- }
- // Can't be sure OpenSSL is going to provide the SNI value in lower
case
- // so convert it before looking up the SSLContext
- String hostName = (sniHostName == null) ? null :
sniHostName.toLowerCase(Locale.ENGLISH);
- return sniCallBack.getSslContext(hostName);
- }
-
- /**
- * A map of default SSL Contexts to SNICallBack instances (in Tomcat these
are instances of AprEndpoint) that will
- * be used to determine the SSL Context to use bases on the SNI host name.
It is structured this way since a Tomcat
- * instance may have several TLS enabled endpoints that each have
different SSL Context mappings for the same host
- * name.
- */
- private static final Map<Long,SNICallBack> sniCallBacks = new
ConcurrentHashMap<>();
-
- /**
- * Interface implemented by components that will receive the call back to
select an OpenSSL SSLContext based on the
- * host name requested by the client.
- */
- public interface SNICallBack {
-
- /**
- * This callback is made during the TLS handshake when the client uses
the SNI extension to request a specific
- * TLS host.
- *
- * @param sniHostName The host name requested by the client - must be
in lower case
- *
- * @return The Java representation of the pointer to the OpenSSL
SSLContext to use for the given host or zero if
- * no SSLContext could be identified
- */
- long getSslContext(String sniHostName);
- }
-
/**
* Allow to hook {@link CertificateVerifier} into the handshake
processing. This will call
* {@code SSL_CTX_set_cert_verify_callback} and so replace the default
verification callback used by openssl
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
