mturk 2005/06/01 01:19:39 Modified: jni/java/org/apache/tomcat/jni SSLContext.java jni/native/include ssl_private.h jni/native/src ssl.c sslcontext.c sslutils.c Log: Add functions for setting error and password prompt BIO callbacks. Revision Changes Path 1.4 +34 -1 jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java Index: SSLContext.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- SSLContext.java 1 Jun 2005 06:38:09 -0000 1.3 +++ SSLContext.java 1 Jun 2005 08:19:39 -0000 1.4 @@ -61,6 +61,39 @@ * @return APR Status code. */ public static native int free(long ctx); + + /** + * Set Virtual host id. Usually host:port combination. + * @param ctx Context to use. + * @param id String that uniquely identifies this context. + */ + public static native void setVhostId(long ctx, String id); + + /** + * Asssociate BIOCallback for error reporting. + * <br /> + * First word in the output string will contain error + * level in the form: + * <PRE> + * [ERROR] -- Critical error messages + * [WARN] -- Varning messages + * [INFO] -- Informational messages + * [DEBUG] -- Debugging messaged + * </PRE> + * Callback can use that word to determine application logging level + * by intercepting <b>write</b> call. + * If the <b>bio</b> is set to 0 no error messages will be displayed. + * Default is to use the stderr output stream. + * @param ctx Server or Client context to use. + * @param bio BIO handle to use, created with SSL.newBIO + */ + public static native void setErrBIO(long ctx, long bio); + /** + * Asssociate BIOCallback for Password prompting. + * @param ctx Server or Client context to use. + * @param bio BIO handle to use, created with SSL.newBIO + */ + public static native void setPPromptBIO(long ctx, long bio); } 1.6 +4 -2 jakarta-tomcat-connectors/jni/native/include/ssl_private.h Index: ssl_private.h =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- ssl_private.h 1 Jun 2005 06:38:09 -0000 1.5 +++ ssl_private.h 1 Jun 2005 08:19:39 -0000 1.6 @@ -110,6 +110,8 @@ struct tcn_ssl_ctxt { apr_pool_t *pool; SSL_CTX *ctx; + BIO *bio_err; + BIO *pprompt; unsigned char vhost_id[MD5_DIGEST_LENGTH]; int protocol; @@ -144,6 +146,6 @@ void SSL_init_app_data2_idx(void); void *SSL_get_app_data2(SSL *); void SSL_set_app_data2(SSL *, void *); - +int SSL_password_prompt(tcn_ssl_ctxt_t *, char *, int); #endif /* SSL_PRIVATE_H */ 1.15 +2 -2 jakarta-tomcat-connectors/jni/native/src/ssl.c Index: ssl.c =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/ssl.c,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- ssl.c 1 Jun 2005 06:38:09 -0000 1.14 +++ ssl.c 1 Jun 2005 08:19:39 -0000 1.15 @@ -438,8 +438,8 @@ TCN_UNLOAD_CLASS(j->cb.env, j->cb.obj); } bi->init = 0; + OPENSSL_free(bi->ptr); } - OPENSSL_free(bi->ptr); bi->ptr = NULL; return 1; } 1.5 +67 -4 jakarta-tomcat-connectors/jni/native/src/sslcontext.c Index: sslcontext.c =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- sslcontext.c 1 Jun 2005 06:35:26 -0000 1.4 +++ sslcontext.c 1 Jun 2005 08:19:39 -0000 1.5 @@ -53,9 +53,16 @@ } } } - else { + else if (c->pk.c.certs) { sk_X509_INFO_pop_free(c->pk.c.certs, X509_INFO_free); + c->pk.c.certs = NULL; } + if (c->pprompt) + BIO_free(c->pprompt); + c->pprompt = NULL; + if (c->bio_err) + BIO_free(c->bio_err); + c->bio_err = NULL; } return APR_SUCCESS; } @@ -98,7 +105,14 @@ c->mode = 1; c->ctx = ctx; c->pool = p; - + c->bio_err = BIO_new(BIO_s_file()); + c->pprompt = BIO_new(BIO_s_file()); + if (c->bio_err != NULL) + BIO_set_fp(c->bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); + if (c->pprompt != NULL) { + BIO_set_fp(c->bio_err, stdin, BIO_NOCLOSE | BIO_FP_TEXT); + c->pprompt->flags = BIO_FLAGS_MEM_RDONLY; + } SSL_CTX_set_options(c->ctx, SSL_OP_ALL); if (!(protocol & SSL_PROTOCOL_SSLV2)) SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2); @@ -168,7 +182,14 @@ c->mode = 0; c->ctx = ctx; c->pool = p; - + c->bio_err = BIO_new(BIO_s_file()); + c->pprompt = BIO_new(BIO_s_file()); + if (c->bio_err != NULL) + BIO_set_fp(c->bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); + if (c->pprompt != NULL) { + BIO_set_fp(c->bio_err, stdin, BIO_NOCLOSE | BIO_FP_TEXT); + c->pprompt->flags = BIO_FLAGS_MEM_RDONLY; + } SSL_CTX_set_options(c->ctx, SSL_OP_ALL); if (!(protocol & SSL_PROTOCOL_SSLV2)) SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2); @@ -209,6 +230,48 @@ return apr_pool_cleanup_run(c->pool, c, ssl_context_cleanup); } +TCN_IMPLEMENT_CALL(void, SSLContext, setVhostId)(TCN_STDARGS, jlong ctx, + jstring id) +{ + tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *); + TCN_ALLOC_CSTRING(id); + + TCN_ASSERT(ctx != 0); + UNREFERENCED(o); + if (J2S(id)) + MD5((const unsigned char *)J2S(id), (unsigned long)strlen(J2S(id)), + &(c->vhost_id[0])); + + TCN_FREE_CSTRING(id); +} + +TCN_IMPLEMENT_CALL(void, SSLContext, setErrBIO)(TCN_STDARGS, jlong ctx, + jlong bio) +{ + tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *); + BIO *bio_err = J2P(bio, BIO *); + + UNREFERENCED_STDARGS; + TCN_ASSERT(ctx != 0); + if (c->bio_err && c->bio_err != bio_err) + BIO_free(c->bio_err); + c->bio_err = bio_err; +} + +TCN_IMPLEMENT_CALL(void, SSLContext, setPPromptBIO)(TCN_STDARGS, jlong ctx, + jlong bio) +{ + tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *); + BIO *pprompt = J2P(bio, BIO *); + + UNREFERENCED_STDARGS; + TCN_ASSERT(ctx != 0); + if (c->pprompt && c->pprompt != pprompt) + BIO_free(c->pprompt); + c->pprompt = pprompt; +} + + #else /* OpenSSL is not supported * If someday we make OpenSSL optional 1.4 +15 -1 jakarta-tomcat-connectors/jni/native/src/sslutils.c Index: sslutils.c =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslutils.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- sslutils.c 1 Jun 2005 06:36:08 -0000 1.3 +++ sslutils.c 1 Jun 2005 08:19:39 -0000 1.4 @@ -100,6 +100,20 @@ return APR_SUCCESS; } +/* Simple password prompting */ +int SSL_password_prompt(tcn_ssl_ctxt_t *c, char *buf, int len) +{ + int rv = 0; + if (c && c->pprompt) { + if (c->pprompt->flags & BIO_FLAGS_MEM_RDONLY) { + /* Use error BIO in case of stdin */ + BIO_printf(c->bio_err, "Enter password: "); + } + rv = BIO_gets(c->pprompt, buf, len); + } + return rv; +} + #else /* OpenSSL is not supported * If someday we make OpenSSL optional
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]