mturk 2005/06/01 01:19:39
Modified: jni/java/org/apache/tomcat/jni SSLContext.java
jni/native/include ssl_private.h
jni/native/src ssl.c sslcontext.c sslutils.c
Log:
Add functions for setting error and password prompt BIO callbacks.
Revision Changes Path
1.4 +34 -1
jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java
Index: SSLContext.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- SSLContext.java 1 Jun 2005 06:38:09 -0000 1.3
+++ SSLContext.java 1 Jun 2005 08:19:39 -0000 1.4
@@ -61,6 +61,39 @@
* @return APR Status code.
*/
public static native int free(long ctx);
+
+ /**
+ * Set Virtual host id. Usually host:port combination.
+ * @param ctx Context to use.
+ * @param id String that uniquely identifies this context.
+ */
+ public static native void setVhostId(long ctx, String id);
+
+ /**
+ * Asssociate BIOCallback for error reporting.
+ * <br />
+ * First word in the output string will contain error
+ * level in the form:
+ * <PRE>
+ * [ERROR] -- Critical error messages
+ * [WARN] -- Varning messages
+ * [INFO] -- Informational messages
+ * [DEBUG] -- Debugging messaged
+ * </PRE>
+ * Callback can use that word to determine application logging level
+ * by intercepting <b>write</b> call.
+ * If the <b>bio</b> is set to 0 no error messages will be displayed.
+ * Default is to use the stderr output stream.
+ * @param ctx Server or Client context to use.
+ * @param bio BIO handle to use, created with SSL.newBIO
+ */
+ public static native void setErrBIO(long ctx, long bio);
+ /**
+ * Asssociate BIOCallback for Password prompting.
+ * @param ctx Server or Client context to use.
+ * @param bio BIO handle to use, created with SSL.newBIO
+ */
+ public static native void setPPromptBIO(long ctx, long bio);
}
1.6 +4 -2
jakarta-tomcat-connectors/jni/native/include/ssl_private.h
Index: ssl_private.h
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- ssl_private.h 1 Jun 2005 06:38:09 -0000 1.5
+++ ssl_private.h 1 Jun 2005 08:19:39 -0000 1.6
@@ -110,6 +110,8 @@
struct tcn_ssl_ctxt {
apr_pool_t *pool;
SSL_CTX *ctx;
+ BIO *bio_err;
+ BIO *pprompt;
unsigned char vhost_id[MD5_DIGEST_LENGTH];
int protocol;
@@ -144,6 +146,6 @@
void SSL_init_app_data2_idx(void);
void *SSL_get_app_data2(SSL *);
void SSL_set_app_data2(SSL *, void *);
-
+int SSL_password_prompt(tcn_ssl_ctxt_t *, char *, int);
#endif /* SSL_PRIVATE_H */
1.15 +2 -2 jakarta-tomcat-connectors/jni/native/src/ssl.c
Index: ssl.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/ssl.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- ssl.c 1 Jun 2005 06:38:09 -0000 1.14
+++ ssl.c 1 Jun 2005 08:19:39 -0000 1.15
@@ -438,8 +438,8 @@
TCN_UNLOAD_CLASS(j->cb.env, j->cb.obj);
}
bi->init = 0;
+ OPENSSL_free(bi->ptr);
}
- OPENSSL_free(bi->ptr);
bi->ptr = NULL;
return 1;
}
1.5 +67 -4 jakarta-tomcat-connectors/jni/native/src/sslcontext.c
Index: sslcontext.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- sslcontext.c 1 Jun 2005 06:35:26 -0000 1.4
+++ sslcontext.c 1 Jun 2005 08:19:39 -0000 1.5
@@ -53,9 +53,16 @@
}
}
}
- else {
+ else if (c->pk.c.certs) {
sk_X509_INFO_pop_free(c->pk.c.certs, X509_INFO_free);
+ c->pk.c.certs = NULL;
}
+ if (c->pprompt)
+ BIO_free(c->pprompt);
+ c->pprompt = NULL;
+ if (c->bio_err)
+ BIO_free(c->bio_err);
+ c->bio_err = NULL;
}
return APR_SUCCESS;
}
@@ -98,7 +105,14 @@
c->mode = 1;
c->ctx = ctx;
c->pool = p;
-
+ c->bio_err = BIO_new(BIO_s_file());
+ c->pprompt = BIO_new(BIO_s_file());
+ if (c->bio_err != NULL)
+ BIO_set_fp(c->bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+ if (c->pprompt != NULL) {
+ BIO_set_fp(c->bio_err, stdin, BIO_NOCLOSE | BIO_FP_TEXT);
+ c->pprompt->flags = BIO_FLAGS_MEM_RDONLY;
+ }
SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
if (!(protocol & SSL_PROTOCOL_SSLV2))
SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
@@ -168,7 +182,14 @@
c->mode = 0;
c->ctx = ctx;
c->pool = p;
-
+ c->bio_err = BIO_new(BIO_s_file());
+ c->pprompt = BIO_new(BIO_s_file());
+ if (c->bio_err != NULL)
+ BIO_set_fp(c->bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+ if (c->pprompt != NULL) {
+ BIO_set_fp(c->bio_err, stdin, BIO_NOCLOSE | BIO_FP_TEXT);
+ c->pprompt->flags = BIO_FLAGS_MEM_RDONLY;
+ }
SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
if (!(protocol & SSL_PROTOCOL_SSLV2))
SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
@@ -209,6 +230,48 @@
return apr_pool_cleanup_run(c->pool, c, ssl_context_cleanup);
}
+TCN_IMPLEMENT_CALL(void, SSLContext, setVhostId)(TCN_STDARGS, jlong ctx,
+ jstring id)
+{
+ tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
+ TCN_ALLOC_CSTRING(id);
+
+ TCN_ASSERT(ctx != 0);
+ UNREFERENCED(o);
+ if (J2S(id))
+ MD5((const unsigned char *)J2S(id), (unsigned long)strlen(J2S(id)),
+ &(c->vhost_id[0]));
+
+ TCN_FREE_CSTRING(id);
+}
+
+TCN_IMPLEMENT_CALL(void, SSLContext, setErrBIO)(TCN_STDARGS, jlong ctx,
+ jlong bio)
+{
+ tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
+ BIO *bio_err = J2P(bio, BIO *);
+
+ UNREFERENCED_STDARGS;
+ TCN_ASSERT(ctx != 0);
+ if (c->bio_err && c->bio_err != bio_err)
+ BIO_free(c->bio_err);
+ c->bio_err = bio_err;
+}
+
+TCN_IMPLEMENT_CALL(void, SSLContext, setPPromptBIO)(TCN_STDARGS, jlong ctx,
+ jlong bio)
+{
+ tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
+ BIO *pprompt = J2P(bio, BIO *);
+
+ UNREFERENCED_STDARGS;
+ TCN_ASSERT(ctx != 0);
+ if (c->pprompt && c->pprompt != pprompt)
+ BIO_free(c->pprompt);
+ c->pprompt = pprompt;
+}
+
+
#else
/* OpenSSL is not supported
* If someday we make OpenSSL optional
1.4 +15 -1 jakarta-tomcat-connectors/jni/native/src/sslutils.c
Index: sslutils.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslutils.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- sslutils.c 1 Jun 2005 06:36:08 -0000 1.3
+++ sslutils.c 1 Jun 2005 08:19:39 -0000 1.4
@@ -100,6 +100,20 @@
return APR_SUCCESS;
}
+/* Simple password prompting */
+int SSL_password_prompt(tcn_ssl_ctxt_t *c, char *buf, int len)
+{
+ int rv = 0;
+ if (c && c->pprompt) {
+ if (c->pprompt->flags & BIO_FLAGS_MEM_RDONLY) {
+ /* Use error BIO in case of stdin */
+ BIO_printf(c->bio_err, "Enter password: ");
+ }
+ rv = BIO_gets(c->pprompt, buf, len);
+ }
+ return rv;
+}
+
#else
/* OpenSSL is not supported
* If someday we make OpenSSL optional
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
