commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject svn commit: r1171920 - in /commons/sandbox/runtime/trunk/src/main: java/org/apache/commons/runtime/ssl/SSLServer.java native/include/acr/ssl.h native/modules/openssl/bio.c native/modules/openssl/ctx.c native/modules/openssl/server.c
Date Sat, 17 Sep 2011 07:02:26 GMT
Author: mturk
Date: Sat Sep 17 07:02:26 2011
New Revision: 1171920

URL: http://svn.apache.org/viewvc?rev=1171920&view=rev
Log:
Reuse bio byte arrays

Modified:
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
    commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java?rev=1171920&r1=1171919&r2=1171920&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
Sat Sep 17 07:02:26 2011
@@ -34,24 +34,28 @@ public final class SSLServer extends Nat
 
     // Hide NativePointer
     private final long  pointer = 0L;
-    private final String name;
+    private final String hostId;
     private static native long         new0(String name);
     private static native void         close0(long srv);
 
     private SSLServer()
     {
-        name = null;
+        hostId = null;
     }
 
     /**
      * Creates a new server instance.
      *
-     * @param name server name
+     * @param hostId server's host id
+     * @throws NullPointerException if hostId is {@code null}.
      */
-    public SSLServer(String name)
+    public SSLServer(String hostId)
+        throws NullPointerException
     {
-        this.name     = name;
-        super.pointer = new0(this.name);
+        if (hostId == null)
+            throw new NullPointerException();
+        this.hostId   = hostId;
+        super.pointer = new0(this.hostId);
     }
 
     /**
@@ -72,12 +76,13 @@ public final class SSLServer extends Nat
     }
 
     /**
-     * Gets this server's name.
-     * @return server name
+     * Gets this server's host id.
+     *
+     * @return server host id
      */
-    public final String getName()
+    public final String getHostId()
     {
-        return name;
+        return hostId;
     }
 }
 

Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1171920&r1=1171919&r2=1171920&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Sat Sep 17 07:02:26 2011
@@ -185,7 +185,6 @@
 #define SSL_BIO_FLAG_RDONLY     1
 #define SSL_BIO_FLAG_CALLBACK   2
 #define SSL_DEFAULT_CACHE_SIZE  256
-#define SSL_DEFAULT_VHOST_NAME  "_default_:443"
 #define SSL_MAX_STR_LEN         2048
 
 #define SSL_CVERIFY_UNSET          (-1)
@@ -291,13 +290,13 @@ typedef struct ssl_pass_cb_t {
  */
 extern ssl_pass_cb_t *acr_ssl_password_cb;
 
-typedef struct acr_ssl_server_t acr_ssl_server_t;
+typedef struct acr_ssl_srv_t acr_ssl_srv_t;
 /* Server context */
 typedef struct acr_ssl_ctxt_t {
+    acr_ssl_srv_t   *srv;
     SSL_CTX         *ctx;
     BIO             *bio_os;
     BIO             *bio_is;
-    acr_ssl_server_t *srv;
     unsigned char    context_id[MD5_DIGEST_LENGTH];
 
     int              protocol;
@@ -308,8 +307,8 @@ typedef struct acr_ssl_ctxt_t {
     X509_STORE      *crls;
     /* pointer to the context verify store */
     X509_STORE      *store;
-    X509            *certs[SSL_AIDX_MAX];
-    EVP_PKEY        *keys[SSL_AIDX_MAX];
+    X509            *cert;
+    EVP_PKEY        *skey;
 
     int              ca_certs;
     int              shutdown_type;
@@ -343,10 +342,13 @@ typedef struct acr_ssl_ctxt_t {
     
 } acr_ssl_ctxt_t;
 
-struct acr_ssl_server_t {
-    char            *name;
+struct acr_ssl_srv_t {
+    char            *hostid;
+    int              hostid_len;
     acr_ssl_ctxt_t  *ctx;
     acr_ssl_ctxt_t  *ctx2;
+    int              enabled;
+
 };
 
 #define ssl_ctx_get_extra_certs(ctx)        ((ctx)->extra_certs)
@@ -379,7 +381,7 @@ struct ssl_sd_t {
     WCHAR                  *socketfname;
 #endif
    /*** SSL struct members ***/ 
-    acr_ssl_server_t       *srv;
+    acr_ssl_srv_t          *srv;
     acr_ssl_ctxt_t         *ctx;    
     SSL                    *ssl;
     X509                   *peer;

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c?rev=1171920&r1=1171919&r2=1171920&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c Sat Sep 17 07:02:26
2011
@@ -37,13 +37,13 @@ J_DECLARE_CLAZZ = {
 J_DECLARE_M_ID(0001) = {
     0,
     "write",
-    "([B)I"
+    "([BI)I"
 };
 
 J_DECLARE_M_ID(0002) = {
     0,
     "read",
-    "([B)I"
+    "([BI)I"
 };
 
 J_DECLARE_M_ID(0003) = {
@@ -61,6 +61,10 @@ J_DECLARE_M_ID(0004) = {
 typedef struct acr_bio_t {
     volatile acr_atomic32_t refs;
     jobject                 obj;
+    jbyteArray              rdb;
+    int                     rdb_len;
+    jbyteArray              wrb;
+    int                     wrb_len;
 } acr_bio_t;
 
 ACR_SSL_EXPORT(void, SSLBio, init0)(JNI_STDARGS)
@@ -84,6 +88,10 @@ static void jni_bio_close(JNI_STDENV, BI
         acr_bio_t *bp = (acr_bio_t *)bi->ptr;
         if (bp != 0) {
             if (bp->obj != 0 && env != 0) {
+                if (bp->wrb != 0)
+                    (*env)->DeleteWeakGlobalRef(env, bp->wrb);
+                if (bp->rdb != 0)
+                    (*env)->DeleteWeakGlobalRef(env, bp->rdb);
                 (*env)->DeleteWeakGlobalRef(env, bp->obj);
                 bp->obj = 0;
             }
@@ -153,8 +161,13 @@ static int bio_j_free(BIO *bi)
             bi->init = 0;
             if (bp->obj != 0) {
                 JNIEnv *env = AcrGetJNIEnv();
-                if (env != 0)
+                if (env != 0) {
+                    if (bp->wrb != 0)
+                        (*env)->DeleteWeakGlobalRef(env, bp->wrb);
+                    if (bp->rdb != 0)
+                        (*env)->DeleteWeakGlobalRef(env, bp->rdb);
                     (*env)->DeleteWeakGlobalRef(env, bp->obj);
+                }
                 bp->obj = 0;
             }
         }
@@ -179,15 +192,24 @@ static int bio_j_write(BIO *bi, const ch
         jobject    obj;
         acr_bio_t *bp  = (acr_bio_t *)bi->ptr;
         JNIEnv    *env = AcrGetJNIEnv();
-        jbyteArray ba;
+        jbyteArray ba  = 0;;
         if (env == 0)
             return -1;
         if ((obj = (*env)->NewLocalRef(env, bp->obj)) == 0)
             return -1;
-        ba = (*env)->NewByteArray(env, inl);
+        if (bp->wrb == 0 || inl > bp->wrb_len)
+            ba = (*env)->NewByteArray(env, inl);
+        if (ba != 0) {
+            if (bp->wrb != 0)
+                (*env)->DeleteWeakGlobalRef(env, bp->wrb);
+            bp->wrb     = (*env)->NewWeakGlobalRef(env, ba);
+            bp->wrb_len = inl;
+        }
+        else if (bp->wrb != 0)
+            ba = (*env)->NewLocalRef(env, bp->wrb);
         if (ba != 0) {
             (*env)->SetByteArrayRegion(env, ba, 0, inl, (jbyte *)in);
-            rv = CALL_METHOD1(Int, 0001, obj, ba);
+            rv = CALL_METHOD2(Int, 0001, obj, ba, inl);
             (*env)->DeleteLocalRef(env, ba);
         }
         (*env)->DeleteLocalRef(env, obj);
@@ -210,14 +232,23 @@ static int bio_j_read(BIO *bi, char *in,
         jobject    obj;
         acr_bio_t *bp  = (acr_bio_t *)bi->ptr;
         JNIEnv    *env = AcrGetJNIEnv();
-        jbyteArray ba;
+        jbyteArray ba  = 0;
         if (env == 0)
             return -1;
         if ((obj = (*env)->NewLocalRef(env, bp->obj)) == 0)
             return -1;
-        ba = (*env)->NewByteArray(env, inl);
+        if (bp->rdb == 0 || inl > bp->rdb_len)
+            ba = (*env)->NewByteArray(env, inl);
+        if (ba != 0) {
+            if (bp->rdb != 0)
+                (*env)->DeleteWeakGlobalRef(env, bp->rdb);
+            bp->rdb     = (*env)->NewWeakGlobalRef(env, ba);
+            bp->rdb_len = inl;
+        }
+        else if (bp->rdb != 0)
+            ba = (*env)->NewLocalRef(env, bp->rdb);
         if (ba != 0) {
-            rv = CALL_METHOD1(Int, 0002, obj, ba);
+            rv = CALL_METHOD2(Int, 0002, obj, ba, inl);
             if (rv > 0)
                 (*env)->GetByteArrayRegion(env, ba, 0, rv, (jbyte *)in);
             (*env)->DeleteLocalRef(env, ba);

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1171920&r1=1171919&r2=1171920&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Sat Sep 17 07:02:26
2011
@@ -26,6 +26,12 @@
 #error "Cannot compile this file without HAVE_OPENSSL defined"
 #endif
 
+/* anything will do */
+static struct {
+    int id;
+    int protocol;
+    int mode;
+} context_id;
 
 ACR_SSL_EXPORT(jlong, SSLContext, new0)(JNI_STDARGS, jint protocol, jint mode)
 {
@@ -155,6 +161,10 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
         SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
     if (protocol != SSL_PROTOCOL_TLSV1)
         SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);
+#ifdef TLS1_2_VERSION
+    if (protocol != SSL_PROTOCOL_TLSV1_2)
+        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
+#endif
     /*
      * Configure additional context ingredients
      */
@@ -168,9 +178,10 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
 #endif
     /* Default session context id and cache size */
     SSL_CTX_sess_set_cache_size(c->ctx, SSL_DEFAULT_CACHE_SIZE);
-    MD5((const unsigned char *)SSL_DEFAULT_VHOST_NAME,
-        (unsigned long)(sizeof(SSL_DEFAULT_VHOST_NAME) - 1),
-        c->context_id);
+    context_id.id++;
+    context_id.protocol = protocol;
+    context_id.mode     = mode;
+    MD5((const unsigned char *)&context_id, sizeof(context_id), c->context_id);
     if (mode != SSL_MODE_CLIENT) {
         SSL_CTX_set_tmp_rsa_callback(c->ctx, ssl_callback_tmp_rsa);
         SSL_CTX_set_tmp_dh_callback(c->ctx,  ssl_callback_tmp_dh);
@@ -185,21 +196,18 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
 
 ACR_SSL_EXPORT(void, SSLContext, free0)(JNI_STDARGS, jlong ctx)
 {
-    int i;
     acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
 
     if (c == 0)
         return;
-    if (c->crl != 0)
-        X509_STORE_free(c->crl);
+    if (c->crls != 0)
+        X509_STORE_free(c->crls);
     if (c->ctx != 0)
         SSL_CTX_free(c->ctx);
-    for (i = 0; i < SSL_AIDX_MAX; i++) {
-        if (c->certs[i] != 0)
-            X509_free(c->certs[i]);
-        if (c->keys[i] != 0)
-            EVP_PKEY_free(c->keys[i]);
-    }
+    if (c->cert != 0)
+        X509_free(c->cert);
+    if (c->skey != 0)
+        EVP_PKEY_free(c->skey);
     ssl_bio_close(c->bio_is);
     ssl_bio_close(c->bio_os);
 #ifdef HAVE_OCSP_STAPLING
@@ -235,8 +243,8 @@ ACR_SSL_EXPORT(void, SSLContext, setveri
      */
     if (c->verify_mode == SSL_CVERIFY_REQUIRE)
         verify |= SSL_VERIFY_PEER_STRICT;
-    if ((c->verify_mode == SSL_CVERIFY_OPTIONAL) ||
-        (c->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA))
+    if (c->verify_mode == SSL_CVERIFY_OPTIONAL ||
+        c->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA)
         verify |= SSL_VERIFY_PEER;
     if (c->store == 0) {
         if (SSL_CTX_set_default_verify_paths(c->ctx)) {
@@ -251,8 +259,11 @@ ACR_SSL_EXPORT(void, SSLContext, setveri
 }
 
 ACR_SSL_EXPORT(void, SSLContext, setpasscb0)(JNI_STDARGS, jlong ctx,
-                                             jlong cb)
+                                             jlong cbp)
 {
-    acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
-    c->password_callback = J2P(cb, ssl_pass_cb_t *);
+    acr_ssl_ctxt_t *c    = J2P(ctx, acr_ssl_ctxt_t *);
+    c->password_callback = J2P(cbp, ssl_pass_cb_t *);
+
+    SSL_CTX_set_default_passwd_cb(c->ctx, ssl_password_callback);
+    SSL_CTX_set_default_passwd_cb_userdata(c->ctx, c->password_callback);
 }

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c?rev=1171920&r1=1171919&r2=1171920&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c Sat Sep 17 07:02:26
2011
@@ -26,26 +26,31 @@
 #error "Cannot compile this file without HAVE_OPENSSL defined"
 #endif
 
-ACR_SSL_EXPORT(jlong, SSLServer, new0)(JNI_STDARGS, jstring name)
+ACR_SSL_EXPORT(jlong, SSLServer, new0)(JNI_STDARGS, jstring hostid)
 {
-    acr_ssl_server_t *s;
+    acr_ssl_srv_t *s;
 
-    s = ACR_TALLOC(acr_ssl_server_t);
+    s = ACR_TALLOC(acr_ssl_srv_t);
     if (s == 0)
         return 0;
-
-    WITH_CSTR(name) {
-        s->name = AcrStrdup(env, J2S(name));
-    } DONE_WITH_STR(name);
+    WITH_CSTR(hostid) {
+        s->hostid = AcrStrdup(env, J2S(hostid));
+        if (s->hostid == 0) {
+            AcrFree(s);
+            s = 0;
+        }
+        else
+            s->hostid_len = strlen(s->hostid);
+    } DONE_WITH_STR(hostid);
     
     return P2J(s);
 }
 
 ACR_SSL_EXPORT(void, SSLServer, free0)(JNI_STDARGS, jlong srv)
 {
-    acr_ssl_server_t *s = J2P(srv, acr_ssl_server_t *);
+    acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
     if (s != 0) {
-        AcrFree(s->name);
+        AcrFree(s->hostid);
         /* SSLServer cleanup */
         AcrFree(s);
     }



Mime
View raw message