You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by mt...@apache.org on 2011/10/08 07:40:51 UTC
svn commit: r1180317 - in /commons/sandbox/runtime/trunk: ./
src/main/java/org/apache/commons/runtime/ssl/ src/main/native/include/acr/
src/main/native/modules/openssl/ src/main/test/org/apache/commons/runtime/
Author: mturk
Date: Sat Oct 8 05:40:50 2011
New Revision: 1180317
URL: http://svn.apache.org/viewvc?rev=1180317&view=rev
Log:
Rename NativePointer to SSLObject
Added:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLObject.java
- copied, changed from r1175693, commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/NativePointer.java
Removed:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/NativePointer.java
Modified:
commons/sandbox/runtime/trunk/build.xml
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/PasswordCallback.java
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLEngine.java
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLRandom.java
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSL.java
Modified: commons/sandbox/runtime/trunk/build.xml
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/build.xml?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/build.xml (original)
+++ commons/sandbox/runtime/trunk/build.xml Sat Oct 8 05:40:50 2011
@@ -392,7 +392,7 @@ The Apache Software Foundation (http://w
<macrodef name="runtest">
<attribute name="groups" default="init"/>
- <attribute name="name" default="test.runtime"/>
+ <attribute name="name" default="runtime"/>
<sequential>
<testng outputdir="${build.out}/@{name}"
workingdir="${build.out}"
Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/PasswordCallback.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/PasswordCallback.java?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/PasswordCallback.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/PasswordCallback.java Sat Oct 8 05:40:50 2011
@@ -22,10 +22,10 @@ import org.apache.commons.runtime.Callba
* Abstract password prompt handler.
*/
public abstract class PasswordCallback
- extends NativePointer implements Callback
+ extends SSLObject implements Callback
{
- // Hide NativePointer
+ // Hide SSLObject
private final long pointer = 0L;
private boolean echoOn;
Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java Sat Oct 8 05:40:50 2011
@@ -22,10 +22,10 @@ import java.io.IOException;
/**
* Interface to OpenSSL BIO.
*/
-public abstract class SSLBio extends NativePointer implements Closeable
+public abstract class SSLBio extends SSLObject implements Closeable
{
- // Hide NativePointer
+ // Hide SSLObject
private final long pointer = 0L;
private static native void init0();
private static native long new0(SSLBio thiz);
Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java Sat Oct 8 05:40:50 2011
@@ -22,10 +22,10 @@ import org.apache.commons.runtime.Invali
/**
* SSL Certificate.
*/
-public final class SSLCertificate extends NativePointer
+public final class SSLCertificate extends SSLObject
{
- // Hide NativePointer
+ // Hide SSLObject
private final long pointer = 0L;
private final String desc;
private SSLCertificateFormat format;
@@ -63,7 +63,7 @@ public final class SSLCertificate extend
// Already loaded
throw new IllegalStateException();
}
- super.pointer = load0(file, desc, format.valueOf(), ((NativePointer)cb).pointer);
+ super.pointer = load0(file, desc, format.valueOf(), ((SSLObject)cb).pointer);
this.format = format;
}
Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java Sat Oct 8 05:40:50 2011
@@ -33,31 +33,29 @@ import java.io.File;
* Each virtual host should have an unique context.
* </p>
*/
-public final class SSLContext extends NativePointer
+public final class SSLContext extends SSLObject
{
- // Hide NativePointer
+ // Hide SSLObject
private final long pointer = 0L;
private SSLKey[] keys;
private SSLCertificate[] cert;
+ private SSLRandom rand;
private static native long new0(int protocol, int mode)
throws OperationNotImplementedException;
private static native void free0(long key);
private static native void setsprefix0(long ctx, String prefix);
+ private static native void setciphers0(long ctx, String prefix);
private static native void setid0(long ctx, String id);
private static native void setscachesize0(long ctx, int size);
private static native void setcrlcheck0(long ctx, int mode);
private static native void setpasscb0(long ctx, long cb);
private static native void setvmode0(long ctx, int mode, int depth);
-
- private static final int SET_CTX_CA_CERT_FILE = 1;
- private static final int SET_CTX_CA_CERT_PATH = 2;
- private static final int SET_CTX_CRL_FILE = 3;
- private static final int SET_CTX_CRL_PATH = 4;
- private static final int SET_CTX_CIPHER_SUITE = 5;
- private static native void setstropt0(long ctx, int opt, String val);
-
+ private static native void addcastore0(long ctx, String file, String path)
+ throws SSLException;
+ private static native void addcrlstore0(long ctx, String file, String path)
+ throws SSLException;
private SSLContext()
{
@@ -113,132 +111,41 @@ public final class SSLContext extends Na
/**
* Set default locations for trusted CA certificates.
- * <p>
- * Set the path that points to a file of CA certificates
- * in PEM format. The file can contain several CA certificates
- * identified by
- * <pre>
- * -----BEGIN CERTIFICATE-----
- * ... (CA certificate in base64 encoding) ...
- * -----END CERTIFICATE-----
- * </pre>
- * sequences. Before, between, and after the certificates text is allowed
- * which can be used e.g. for descriptions of the certificates.
*
- * @param path PEM format file of CA's.
- *
- * @throws InvalidArgumentException if the file does not exist or is empty.
- * @throws ObjectNotInitializedException if context is invalid
- * @throws SecurityException if security manager denies access
- * to the file
- */
- public synchronized void setCACertificateFile(String path)
- throws InvalidArgumentException,
- ObjectNotInitializedException,
- SecurityException
- {
- if (super.pointer == 0L)
- throw new ObjectNotInitializedException();
- if (path == null)
- throw new NullPointerException();
- File file = new File(path);
- if (!file.isFile() || file.length() == 0L)
- throw new InvalidArgumentException(Local.sm.get("file.ENOTREG", path));
- setstropt0(super.pointer, SET_CTX_CA_CERT_FILE, file.getPath());
- }
-
- /**
- * Set default locations for trusted CA certificates.
- * <p>
- * Set the path that points to a directory containing
- * CA certificates in PEM format. The files each contain one CA
- * certificate. The files are looked up by the CA subject name hash
- * value, which must hence be available. If more than one CA certificate
- * with the same name hash value exist, the extension must be different
- * (e.g. {@code 9d66eef0.0, 9d66eef0.1} etc). The search is performed in
- * the ordering of the extension number, regardless of other properties
- * of the certificates. Use the {@code c_rehash} utility to create the
- * necessary links.
- * <p>
- * </p>
- * The certificates in {@code path} are only looked up when required,
- * e.g. when building the certificate chain or when actually performing
- * the verification of a peer certificate.
- * </p>
- * @param path PEM format directory of CA's.
- *
- * @throws InvalidArgumentException if the path does not exist or is not
- * an directory.
- * @throws ObjectNotInitializedException if context is invalid
- * @throws SecurityException if security manager denies access
- * to the path
- */
- public synchronized void setCACertificatePath(String path)
- throws InvalidArgumentException,
- ObjectNotInitializedException,
- SecurityException
- {
- if (super.pointer == 0L)
- throw new ObjectNotInitializedException();
- if (path == null)
- throw new NullPointerException();
- File file = new File(path);
- if (!file.isDirectory())
- throw new InvalidArgumentException(Local.sm.get("file.ENOTDIR", path));
- setstropt0(super.pointer, SET_CTX_CA_CERT_PATH, file.getPath());
- }
-
- /**
- * Sets the all-in-one file where you can assemble the Certificate
- * Revocation Lists (CRL) of Certification Authorities (CA) whose
- * clients you deal with.
- * These are used for Client Authentication. Such a file is simply the
- * concatenation of the various PEM-encoded CRL files, in order
- * of preference. This can be used alternatively and/or additionally
- * to {@code setCARevocationPath}.
+ * @param store SSLCAStore to use.
*
- * @param path file containg PEM-encoded CRL list.
+ * @throws NullPointerException if the store is {@code null}..
* @throws ObjectNotInitializedException if context is invalid
- * @throws SSLException if path cannot be set.
*/
- public synchronized void setCARevocationFile(String path)
+ public synchronized void addCAStore(SSLCAStore store)
throws InvalidArgumentException,
ObjectNotInitializedException,
- SecurityException
+ SSLException
{
if (super.pointer == 0L)
throw new ObjectNotInitializedException();
- if (path == null)
+ if (store == null)
throw new NullPointerException();
- File file = new File(path);
- if (!file.isFile() || file.length() == 0L)
- throw new InvalidArgumentException(Local.sm.get("file.ENOTREG", path));
- setstropt0(super.pointer, SET_CTX_CRL_FILE, file.getPath());
+ addcastore0(super.pointer, store.getFile(), store.getPath());
}
/**
- * Sets the directory where you keep the Certificate Revocation Lists
+ * Sets the the Certificate Revocation Lists
* (CRL) of Certification Authorities (CAs) whose clients you deal with.
* These are used to revoke the client certificate on Client
* Authentication.
*
- * @param path directory containg CRL list.
- * @throws ObjectNotInitializedException if context is invalid
- * @throws SSLException if path cannot be set.
*/
- public synchronized void setCARevocationPath(String path)
+ public synchronized void addCRLStore(SSLCRLStore store)
throws InvalidArgumentException,
ObjectNotInitializedException,
- SecurityException
+ SSLException
{
if (super.pointer == 0L)
throw new ObjectNotInitializedException();
- if (path == null)
+ if (store == null)
throw new NullPointerException();
- File file = new File(path);
- if (!file.isDirectory())
- throw new InvalidArgumentException(Local.sm.get("file.ENOTDIR", path));
- setstropt0(super.pointer, SET_CTX_CRL_PATH, file.getPath());
+ addcrlstore0(super.pointer, store.getFile(), store.getPath());
}
/**
@@ -260,6 +167,17 @@ public final class SSLContext extends Na
setcrlcheck0(super.pointer, mode.valueOf());
}
+ public synchronized void setCipherSuite(String ciphers)
+ throws InvalidArgumentException,
+ ObjectNotInitializedException
+ {
+ if (super.pointer == 0L)
+ throw new ObjectNotInitializedException();
+ if (ciphers == null || ciphers.length() < 1)
+ throw new InvalidArgumentException();
+ setciphers0(super.pointer, ciphers);
+ }
+
/**
* Sets this context's verification flags.
*
@@ -276,6 +194,13 @@ public final class SSLContext extends Na
setvmode0(super.pointer, mode.valueOf(), depth);
}
+ public void setRandom(SSLRandom rand)
+ throws NullPointerException
+ {
+ if (rand == null)
+ throw new NullPointerException();
+ this.rand = rand;
+ }
/**
* Set session id prefix.
* <p>
Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLEngine.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLEngine.java?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLEngine.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLEngine.java Sat Oct 8 05:40:50 2011
@@ -25,7 +25,7 @@ import java.io.File;
/**
* OpenSSL Engine
*/
-public final class SSLEngine extends NativePointer
+public final class SSLEngine extends SSLObject
{
private static Object lock;
private static SSLEngine global;
@@ -46,7 +46,7 @@ public final class SSLEngine extends Nat
}
- // Hide NativePointer
+ // Hide SSLObject
private final long pointer = 0L;
private static native long init0(String name)
throws SystemException;
Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java Sat Oct 8 05:40:50 2011
@@ -22,10 +22,10 @@ import org.apache.commons.runtime.Invali
/**
* SSL Key.
*/
-public final class SSLKey extends NativePointer
+public final class SSLKey extends SSLObject
{
- // Hide NativePointer
+ // Hide SSLObject
private final long pointer = 0L;
private final String desc;
private SSLKeyFormat format;
@@ -64,7 +64,7 @@ public final class SSLKey extends Native
// Already loaded
throw new IllegalStateException();
}
- super.pointer = load0(file, desc, format.valueOf(), ((NativePointer)cb).pointer);
+ super.pointer = load0(file, desc, format.valueOf(), ((SSLObject)cb).pointer);
this.format = format;
}
@@ -111,7 +111,7 @@ public final class SSLKey extends Native
// Already loaded
throw new IllegalStateException();
}
- long ep = ((NativePointer)engine).pointer;
+ long ep = ((SSLObject)engine).pointer;
if (ep == 0L)
throw new NullPointerException();
super.pointer = load2(ep, id, password);
Copied: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLObject.java (from r1175693, commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/NativePointer.java)
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLObject.java?p2=commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLObject.java&p1=commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/NativePointer.java&r1=1175693&r2=1180317&rev=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/NativePointer.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLObject.java Sat Oct 8 05:40:50 2011
@@ -22,7 +22,7 @@ import org.apache.commons.runtime.Retain
/**
* Abstract native pointer envelope.
* This is package private generic pointer wrapper.
- * Package classes can cast derived classes to NativePointer and
+ * Package classes can cast derived classes to SSLObject and
* obtain access to its native pointer.
* <p>
* Derived classes must declare {@code private final long pointer = 0L;}
@@ -31,14 +31,14 @@ import org.apache.commons.runtime.Retain
* the correct native object.
* </p>
*/
-abstract class NativePointer implements Disposable, Retainable
+abstract class SSLObject implements Disposable, Retainable
{
public long pointer;
/**
* Creates a new object instance.
*/
- protected NativePointer()
+ protected SSLObject()
{
this.pointer = 0L;
}
@@ -47,7 +47,7 @@ abstract class NativePointer implements
* Creates a new object instance with already allocated pointer.
* @param pointer already allocated native pointer.
*/
- protected NativePointer(long pointer)
+ protected SSLObject(long pointer)
{
this.pointer = pointer;
}
Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLRandom.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLRandom.java?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLRandom.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLRandom.java Sat Oct 8 05:40:50 2011
@@ -199,7 +199,7 @@ public final class SSLRandom
public boolean setEngine(SSLEngine e)
{
// TODO: Throw error if fails
- return seteng0(((NativePointer)e).pointer);
+ return seteng0(((SSLObject)e).pointer);
}
}
Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java Sat Oct 8 05:40:50 2011
@@ -31,10 +31,10 @@ import java.nio.ByteBuffer;
/**
* Represents SSL server instance.
*/
-public final class SSLServer extends NativePointer implements Closeable
+public final class SSLServer extends SSLObject implements Closeable
{
- // Hide NativePointer
+ // Hide SSLObject
private final long pointer = 0L;
private final String hostId;
private static native long new0(String name)
@@ -139,7 +139,7 @@ public final class SSLServer extends Nat
throw new ClosedObjectException();
SSLContext org = ctx1;
ctx1 = ctx;
- setctx0(super.pointer, ((NativePointer)ctx).pointer);
+ setctx0(super.pointer, ((SSLObject)ctx).pointer);
return org;
}
@@ -236,7 +236,7 @@ public final class SSLServer extends Nat
{
if (super.pointer == 0L)
throw new ClosedObjectException();
- long bh = ((NativePointer)bio).pointer;
+ long bh = ((SSLObject)bio).pointer;
if (bh == 0L)
throw new ObjectNotInitializedException();
setbio0(super.pointer, bh);
Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Sat Oct 8 05:40:50 2011
@@ -327,7 +327,10 @@ typedef struct acr_ssl_ctx_t {
acr_refcount_t refs;
int type;
SSL_CTX *ctx;
- /* Pointer to the context verify store */
+ /* Pointer to the context verify store
+ * This is cached copy of
+ * SSL_CTX_get_cert_store(this->ctx)
+ */
X509_STORE *store;
int inited;
@@ -339,7 +342,10 @@ typedef struct acr_ssl_ctx_t {
/* Back pointer to the server/proxy/client context */
void *container;
- /* Certificate revocation list */
+ /* Certificate revocation list store.
+ * Since optional it will be created when the
+ * first SSLCRLStore is added.
+ */
X509_STORE *crls;
X509 *cert; /* Main certificate */
EVP_PKEY *skey;
@@ -352,14 +358,10 @@ typedef struct acr_ssl_ctx_t {
ssl_pass_cb_t *password_callback;
/* for client or downstream server authentication */
- char *ca_cert_path;
- char *ca_cert_file;
char *cipher_suite;
int verify_depth;
int verify_mode;
- char *crl_path;
- char *crl_file;
int crl_check;
char session_id_prefix[32];
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c Sat Oct 8 05:40:50 2011
@@ -237,6 +237,7 @@ struct SSLAPIst {
/*** X509 ***/
void (*fpX509_free)(X509 *);
void (*fpX509_STORE_free)(X509_STORE *);
+ X509_STORE* (*fpX509_STORE_new)(void);
int (*fpX509_STORE_set_flags)(X509_STORE *, unsigned long);
int (*fpX509_STORE_load_locations)(X509_STORE *, const char *, const char *);
X509* (*fpd2i_X509_bio)(BIO *, X509 **);
@@ -444,6 +445,7 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
/*** X509 ***/
CRYPTO_FPLOAD(X509_free);
CRYPTO_FPLOAD(X509_STORE_free);
+ CRYPTO_FPLOAD(X509_STORE_new);
CRYPTO_FPLOAD(X509_STORE_set_flags);
CRYPTO_FPLOAD(X509_STORE_load_locations);
CRYPTO_FPLOAD(d2i_X509_bio);
@@ -1146,6 +1148,11 @@ void X509_STORE_free(X509_STORE *v)
SSLAPI_CALL(X509_STORE_free)(v);
}
+X509_STORE *X509_STORE_new()
+{
+ return SSLAPI_CALL(X509_STORE_new)();
+}
+
int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
{
return SSLAPI_CALL(X509_STORE_set_flags)(ctx, flags);
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Sat Oct 8 05:40:50 2011
@@ -26,13 +26,6 @@
#error "Cannot compile this file without HAVE_OPENSSL defined"
#endif
-#define SET_CTX_CA_CERT_FILE 1
-#define SET_CTX_CA_CERT_PATH 2
-#define SET_CTX_CRL_FILE 3
-#define SET_CTX_CRL_PATH 4
-#define SET_CTX_CIPHER_SUITE 5
-
-
#define SET_CTX_STRING(name, value) \
AcrFree(name); \
name = AcrGetJavaStringA(env, value, 0)
@@ -271,10 +264,6 @@ int ssl_ctx_release(acr_ssl_ctx_t *c)
#endif
AcrFree(c->ocsp_responder);
AcrFree(c->rand_file);
- AcrFree(c->ca_cert_file);
- AcrFree(c->ca_cert_path);
- AcrFree(c->crl_file);
- AcrFree(c->crl_path);
AcrFree(c->cipher_suite);
AcrFree(c);
return 1;
@@ -305,90 +294,42 @@ ACR_SSL_EXPORT(void, SSLContext, setspre
} DONE_WITH_STR(prefix);
}
-ACR_SSL_EXPORT(void, SSLContext, setstropt0)(JNI_STDARGS, jlong ctx,
- jint opt, jstring val)
-{
- acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
- switch (opt) {
- case SET_CTX_CA_CERT_FILE:
- SET_CTX_STRING(c->ca_cert_file, val);
- break;
- case SET_CTX_CA_CERT_PATH:
- SET_CTX_STRING(c->ca_cert_path, val);
- break;
- case SET_CTX_CRL_FILE:
- SET_CTX_STRING(c->crl_file, val);
- break;
- case SET_CTX_CRL_PATH:
- SET_CTX_STRING(c->crl_path, val);
- break;
- case SET_CTX_CIPHER_SUITE:
- SET_CTX_STRING(c->cipher_suite, val);
- break;
- default:
- break;
- }
-}
-
-ACR_SSL_EXPORT(void, SSLContext, setcafile0)(JNI_STDARGS, jlong ctx,
- jstring cafile)
-{
- acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
- SET_CTX_STRING(c->ca_cert_file, cafile);
-#if 0
- WITH_CSTR(cafile) {
- if (!SSL_CTX_load_verify_locations(c->ctx, J2S(cafile), 0))
- ssl_throw_errno(env, ACR_EX_ESSL);
- else
- c->store = SSL_CTX_get_cert_store(c->ctx);
- } DONE_WITH_STR(cafile);
-#endif
-}
-
-ACR_SSL_EXPORT(void, SSLContext, setcapath0)(JNI_STDARGS, jlong ctx,
- jstring capath)
-{
- acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
- SET_CTX_STRING(c->ca_cert_path, capath);
-#if 0
- WITH_CSTR(capath) {
- if (!SSL_CTX_load_verify_locations(c->ctx, 0, J2S(capath)))
- ssl_throw_errno(env, ACR_EX_ESSL);
- else
- c->store = SSL_CTX_get_cert_store(c->ctx);
- } DONE_WITH_STR(capath);
-#endif
+ACR_SSL_EXPORT(void, SSLContext, setciphers0)(JNI_STDARGS, jlong ctx,
+ jstring val)
+{
+ acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
+ SET_CTX_STRING(c->cipher_suite, val);
}
-ACR_SSL_EXPORT(void, SSLContext, setcacrlfile0)(JNI_STDARGS, jlong ctx,
- jstring file)
+ACR_SSL_EXPORT(void, SSLContext, addcastore0)(JNI_STDARGS, jlong ctx,
+ jstring file, jstring path)
{
acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
-
- SET_CTX_STRING(c->crl_file, file);
-#if 0
- if (c->store == 0)
- c->store = SSL_CTX_get_cert_store(c->ctx);
WITH_CSTR(file) {
- if (!X509_STORE_load_locations(c->store, J2S(file), 0))
+ WITH_CSTR(path) {
+ if (!SSL_CTX_load_verify_locations(c->ctx, J2S(file), J2S(path)))
ssl_throw_errno(env, ACR_EX_ESSL);
+ } DONE_WITH_STR(path);
} DONE_WITH_STR(file);
-#endif
}
-ACR_SSL_EXPORT(void, SSLContext, setcacrlpath0)(JNI_STDARGS, jlong ctx,
- jstring path)
+ACR_SSL_EXPORT(void, SSLContext, addcrlstore0)(JNI_STDARGS, jlong ctx,
+ jstring file, jstring path)
{
acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
- SET_CTX_STRING(c->crl_path, path);
-#if 0
- if (c->store == 0)
- c->store = SSL_CTX_get_cert_store(c->ctx);
+
+ if (c->crls == 0) {
+ if ((c->crls = X509_STORE_new()) == 0) {
+ ACR_THROW(ACR_EX_ENOMEM, 0);
+ return;
+ }
+ }
+ WITH_CSTR(file) {
WITH_CSTR(path) {
- if (!X509_STORE_load_locations(c->store, 0, J2S(path)))
+ if (!X509_STORE_load_locations(c->crls, J2S(file), J2S(path)))
ssl_throw_errno(env, ACR_EX_ESSL);
} DONE_WITH_STR(path);
-#endif
+ } DONE_WITH_STR(file);
}
ACR_SSL_EXPORT(void, SSLContext, setcrlcheck0)(JNI_STDARGS, jlong ctx,
Modified: commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSL.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSL.java?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSL.java (original)
+++ commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSL.java Sat Oct 8 05:40:50 2011
@@ -49,9 +49,9 @@ public class TestSSL extends Assert
}
}
- public abstract class AbstractTestPointer extends NativePointer
+ public abstract class AbstractTestPointer extends SSLObject
{
- // Hide NativePointer
+ // Hide SSLObject
private final long pointer = 0L;
public AbstractTestPointer()
{
@@ -63,12 +63,12 @@ public class TestSSL extends Assert
{
public TestPointer()
{
- ((NativePointer)this).pointer = 5678L;
+ ((SSLObject)this).pointer = 5678L;
}
public void dispose()
{
- ((NativePointer)this).pointer = 0L;
+ ((SSLObject)this).pointer = 0L;
}
}
@@ -94,9 +94,9 @@ public class TestSSL extends Assert
public void nativePointer()
{
TestPointer p = new TestPointer();
- assertEquals(((NativePointer)p).pointer, 5678L);
- ((NativePointer)p).pointer = 0L;
- assertEquals(((NativePointer)p).pointer, 0L);
+ assertEquals(((SSLObject)p).pointer, 5678L);
+ ((SSLObject)p).pointer = 0L;
+ assertEquals(((SSLObject)p).pointer, 0L);
}
@Test(groups = { "openssl" })