commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject svn commit: r1172490 - in /commons/sandbox/runtime/trunk/src/main: java/org/apache/commons/runtime/ssl/ native/include/acr/ native/modules/openssl/ native/shared/
Date Mon, 19 Sep 2011 06:56:27 GMT
Author: mturk
Date: Mon Sep 19 06:56:26 2011
New Revision: 1172490

URL: http://svn.apache.org/viewvc?rev=1172490&view=rev
Log:
Add and use SSL exceptions

Added:
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCrlCheckMode.java   (with props)
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLException.java   (with props)
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidCertificateException.java   (with props)
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidKeyException.java   (with props)
Modified:
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
    commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h
    commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/cert.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
    commons/sandbox/runtime/trunk/src/main/native/shared/error.c

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties Mon Sep 19 06:56:26 2011
@@ -13,6 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+openssl.EINIT=OpenSSL subsytem was not initialized
 fips.ENOTIMPL=FIPS was not available at build time. You will need an OpenSSL with FIPS support.
 password.PROMPT=Some of your private key files are encrypted for security reasons.\
 \nIn order to read them you have to provide the pass phrases.\

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java Mon Sep 19 06:56:26 2011
@@ -37,9 +37,14 @@ public abstract class SSLBio extends Nat
 
     /**
      * Create new object instance.
+     *
+     * @throws RuntimeException if SSL was not initialized.
      */
     protected SSLBio()
+        throws RuntimeException
     {
+        if (!SSL.initialized())
+            throw new RuntimeException(Local.sm.get("openssl.EINIT"));
         super.pointer = new0(this);
     }
 

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java Mon Sep 19 06:56:26 2011
@@ -18,7 +18,6 @@ package org.apache.commons.runtime.ssl;
 
 import org.apache.commons.runtime.InvalidArgumentException;
 import org.apache.commons.runtime.InvalidDataException;
-import java.io.File;
 
 /**
  * SSL Certificate.
@@ -27,57 +26,78 @@ public final class SSLCertificate extend
 {
 
     // Hide NativePointer
-    private final long          pointer = 0L;
-    private final String        desc;
+    private final long           pointer = 0L;
+    private final String         desc;
+    private SSLCertificateFormat format;
     
     private static native long  load0(String file, String desc, int format, long pcb)
-        throws InvalidDataException;
+        throws SSLInvalidCertificateException;
     private static native long  load1(String file, int format, String password)
-        throws InvalidDataException;
+        throws SSLInvalidCertificateException;
     private static native void  free0(long cert);
 
-    private SSLCertificate()
+    /**
+     * Creates a new object instance.
+     */
+    public SSLCertificate()
     {
         this.desc = null;
-        // No instance
     }
 
     /**
      * Creates a new object instance.
+     *
+     * @param desc this certificate's decription.
      */
     public SSLCertificate(String desc)
     {
         this.desc = desc;
     }
 
-    public void load(String file, SSLCertificateFormat format, PasswordCallback cb)
-        throws InvalidDataException
+    public synchronized void load(String file, SSLCertificateFormat format, PasswordCallback cb)
+        throws IllegalStateException, SSLInvalidCertificateException
     {
         if (super.pointer != 0L) {
             // Already loaded
-            // TODO: Throw exception
+            throw new IllegalStateException();
         }
         super.pointer = load0(file, desc, format.valueOf(), ((NativePointer)cb).pointer);
+        this.format   = format;
     }
 
-    public void load(String file, SSLCertificateFormat format)
-        throws InvalidDataException
+    public synchronized void load(String file, SSLCertificateFormat format)
+        throws IllegalStateException, SSLInvalidCertificateException
     {
         if (super.pointer != 0L) {
             // Already loaded
-            // TODO: Throw exception
+            throw new IllegalStateException();
         }
         super.pointer = load0(file, desc, format.valueOf(), 0L);
+        this.format   = format;
     }
 
-    public void load(String file, SSLCertificateFormat format, String password)
-        throws InvalidDataException
+    public synchronized void load(String file, SSLCertificateFormat format, String password)
+        throws IllegalStateException, SSLInvalidCertificateException
     {
         if (super.pointer != 0L) {
             // Already loaded
-            // TODO: Throw exception
+            throw new IllegalStateException();
         }
         super.pointer = load1(file, format.valueOf(), password);
+        this.format   = format;
+    }
+
+    public SSLCertificateFormat getFormat()
+    {
+        return format;
+    }
+
+    public synchronized void free()
+    {
+        if (super.pointer != 0L) {
+            free0(super.pointer);
+            super.pointer = 0L;
+        }
     }
 
     /**
@@ -93,8 +113,7 @@ public final class SSLCertificate extend
     protected final void finalize()
         throws Throwable
     {
-        if (super.pointer != 0L)
-            free0(super.pointer);
+        free();
     }
 
 }

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java Mon Sep 19 06:56:26 2011
@@ -17,6 +17,7 @@
 package org.apache.commons.runtime.ssl;
 
 import org.apache.commons.runtime.InvalidArgumentException;
+import org.apache.commons.runtime.InvalidDataException;
 import org.apache.commons.runtime.InvalidRangeException;
 import org.apache.commons.runtime.OperationNotImplementedException;
 import org.apache.commons.runtime.Status;
@@ -38,13 +39,23 @@ public final class SSLContext extends Na
     // Hide NativePointer
     private final long  pointer = 0L;
 
+    private SSLKey[]             keys;
+    private SSLCertificate[]     cert;
+    
     private static native long         new0(int protocol, int mode)
         throws OperationNotImplementedException;
+    private static native void         free0(long key);
     private static native void         setsprefix0(long ctx, String prefix);
     private static native void         setid0(long ctx, String id);
     private static native void         setscachesize0(long ctx, int size);
     private static native void         setpasscb0(long ctx, long cb);
-    private static native void         setverify0(long ctx, int mode, int depth);
+    private static native void         setcrlcheck0(long ctx, int mode);
+    private static native void         setcafile0(long ctx, String caPath)
+        throws SSLException;
+    private static native void         setcapath0(long ctx, String caPath)
+        throws SSLException;
+    private static native void         setvmode0(long ctx, int mode, int depth)
+        throws SSLException;
 
     private SSLContext()
     {
@@ -60,7 +71,11 @@ public final class SSLContext extends Na
     public SSLContext(SSLProtocolMethod method, SSLProtocolMode mode)
         throws OperationNotImplementedException
     {
+        if (!SSL.initialized())
+            throw new RuntimeException(Local.sm.get("openssl.EINIT"));
         super.pointer = new0(method.valueOf(), mode.valueOf());
+        keys = new SSLKey[2];
+        cert = new SSLCertificate[2];
     }
 
     /**
@@ -68,8 +83,11 @@ public final class SSLContext extends Na
      *
      * @param id unique context id string.
      */
-    public void setSessionContextId(String id)
+    public synchronized void setSessionContextId(String id)
+        throws IllegalStateException, NullPointerException
     {
+        if (super.pointer == 0L)
+            throw new IllegalStateException();
         if (id == null)
             throw new NullPointerException();
         setid0(super.pointer, id);
@@ -80,11 +98,80 @@ public final class SSLContext extends Na
      *
      * @param size cache size to use. If {@code zero} the session
      *          cache is turned off.
+     * @throws IllegalStateException if this context is closed.
      */
-    public void setSessionCacheSize(int size)
+    public synchronized void setSessionCacheSize(int size)
+        throws IllegalStateException
     {
-        if (super.pointer != 0L)
-            setscachesize0(super.pointer, size);
+        if (super.pointer == 0L)
+            throw new IllegalStateException();
+        setscachesize0(super.pointer, size);
+    }
+
+    /**
+     * Set default locations for trusted CA certificates.
+     * <p>
+     * Set the path that points to a file of CA certificates
+     * in PEM format. The file can contain several CA certificates
+     * identified by
+     * <pre>
+     * -----BEGIN CERTIFICATE-----
+     * ... (CA certificate in base64 encoding) ...
+     * -----END CERTIFICATE-----
+     * </pre>
+     * sequences. Before, between, and after the certificates text is allowed
+     * which can be used e.g. for descriptions of the certificates.
+     * 
+     * @param path PEM format file of CA's.
+     */
+    public synchronized void setCACertificateFile(String path)
+        throws SSLException, IllegalStateException
+    {
+        if (super.pointer == 0L)
+            throw new IllegalStateException();
+        if (path == 0)
+            throw new NullPointerException();
+        setcafile0(super.pointer, path);
+    }
+
+    /**
+     * Set default locations for trusted CA certificates.
+     * <p>
+     * Set the path that points to a directory containing
+     * CA certificates in PEM format. The files each contain one CA
+     * certificate. The files are looked up by the CA subject name hash
+     * value, which must hence be available. If more than one CA certificate
+     * with the same name hash value exist, the extension must be different
+     * (e.g. {@code 9d66eef0.0, 9d66eef0.1} etc). The search is performed in
+     * the ordering of the extension number, regardless of other properties
+     * of the certificates. Use the {@code c_rehash} utility to create the
+     * necessary links.
+     * <p>
+     * </p>
+     * The certificates in {@code path} are only looked up when required,
+     * e.g. when building the certificate chain or when actually performing
+     * the verification of a peer certificate.
+     * </p>
+     * @param path PEM format directory of CA's.
+     * @throws IllegalStateException if context is invalid
+     * @throws SSLException if path cannot be set
+     */
+    public synchronized void setCACertificatePath(String path)
+        throws SSLException, IllegalStateException
+    {
+        if (super.pointer == 0L)
+            throw new IllegalStateException();
+        if (path == 0)
+            throw new NullPointerException();
+        setcapath0(super.pointer, path);
+    }
+
+    public synchronized void setCrlCheckMode(SSLCrlCheckMode mode)
+        throws IllegalStateException
+    {
+        if (super.pointer == 0L)
+            throw new IllegalStateException();
+        setcrlcheck0(super.pointer, mode.valueOf());
     }
 
     /**
@@ -93,11 +180,14 @@ public final class SSLContext extends Na
      * @param mode verification mode to use.
      * @param depth sets the maximum depth for the certificate chain
      *          verification that shall be allowed for this context.
+     * @throws IllegalStateException if context is invalid
      */
-    public void setClientVerification(SSLClientVerifyMode mode, int depth)
+    public synchronized void setClientVerification(SSLClientVerifyMode mode, int depth)
+        throws SSLException, IllegalStateException
     {
-        if (super.pointer != 0L)
-            setverify0(super.pointer, mode.valueOf(), depth);
+        if (super.pointer == 0L)
+            throw new IllegalStateException();
+        setvmode0(super.pointer, mode.valueOf(), depth);
     }
 
     /**
@@ -120,12 +210,40 @@ public final class SSLContext extends Na
      * @param prefix session id prefix.
      * @throws InvalidRangeException if the length of the prefix is too large.
      */
-    public void setSessionIdPrefix(String prefix)
-        throws InvalidRangeException
+    public synchronized void setSessionIdPrefix(String prefix)
+        throws InvalidRangeException, IllegalStateException
     {
+        if (super.pointer == 0L)
+            throw new IllegalStateException();
         if (prefix.length() > 31)
             throw new InvalidRangeException();
         setsprefix0(super.pointer, prefix);
     }
+
+    /**
+     * Close this context and free resources allocated by the
+     * operating system.
+     * Closing the context will close all attached keys and certificates.
+     * After the context is closed furter attempts to use the context will
+     * throw {@code IllegalStateException} exception.
+     */
+    public synchronized void free()
+    {
+        for (int i = 0; i < keys.length; i++) {
+            if (keys[i] != null) {
+                keys[i].free();
+                keys[i] = null;
+            }
+            if (cert[i] != null) {
+                cert[i].free();
+                cert[i] = null;
+            }
+        }
+        if (super.pointer != 0L) {
+            free0(super.pointer);
+            super.pointer = 0L;
+        }
+    }
+    
 }
 

Added: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCrlCheckMode.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCrlCheckMode.java?rev=1172490&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCrlCheckMode.java (added)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCrlCheckMode.java Mon Sep 19 06:56:26 2011
@@ -0,0 +1,58 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.runtime.ssl;
+
+/**
+ * Represents the SSL client revocation list check mode.
+ */
+public enum SSLCrlCheckMode
+{
+
+    /**
+     * No check.
+     */
+    NONE(            0),
+    /**
+     * Check the peer certificate.
+     */
+    CHECK(           1),
+    /**
+     * Check the peer certificate.
+     */
+    CHECK_ALL(       2);
+
+    private int value;
+    private SSLCrlCheckMode(int v)
+    {
+        value = v;
+    }
+
+    public int valueOf()
+    {
+        return value;
+    }
+
+    public static SSLCrlCheckMode valueOf(int value)
+    {
+        for (SSLCrlCheckMode e : values()) {
+            if (e.value == value)
+                return e;
+        }
+        return NONE;
+    }
+
+}

Propchange: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCrlCheckMode.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLException.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLException.java?rev=1172490&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLException.java (added)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLException.java Mon Sep 19 06:56:26 2011
@@ -0,0 +1,39 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.runtime.ssl;
+
+import java.io.IOException;
+
+/**
+ * SSLException is base exception class for all SSL subsytem errors.
+ *
+ * @since Runtime 1.0
+ */
+
+public class SSLException extends IOException
+{
+
+    public SSLException()
+    {
+        super();
+    }
+
+    public SSLException(String msg)
+    {
+        super(msg);
+    }
+}

Propchange: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLException.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidCertificateException.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidCertificateException.java?rev=1172490&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidCertificateException.java (added)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidCertificateException.java Mon Sep 19 06:56:26 2011
@@ -0,0 +1,40 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.runtime.ssl;
+import org.apache.commons.runtime.InvalidDataException;
+
+/**
+ * Reports a bad SSL certificate.
+ * Normally, this indicates a misconfiguration of the server or
+ * client SSL certificate and private key.
+ *
+ * @since Runtime 1.0
+ */
+
+public class SSLInvalidCertificateException extends InvalidDataException
+{
+
+    public SSLInvalidCertificateException()
+    {
+        super();
+    }
+
+    public SSLInvalidCertificateException(String msg)
+    {
+        super(msg);
+    }
+}

Propchange: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidCertificateException.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidKeyException.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidKeyException.java?rev=1172490&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidKeyException.java (added)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidKeyException.java Mon Sep 19 06:56:26 2011
@@ -0,0 +1,40 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.runtime.ssl;
+import org.apache.commons.runtime.InvalidDataException;
+
+/**
+ * Reports a bad SSL key or certificate.
+ * Normally, this indicates a misconfiguration of the server or
+ * client SSL certificate and private key.
+ *
+ * @since Runtime 1.0
+ */
+
+public class SSLInvalidKeyException extends InvalidDataException
+{
+
+    public SSLInvalidKeyException()
+    {
+        super();
+    }
+
+    public SSLInvalidKeyException(String msg)
+    {
+        super(msg);
+    }
+}

Propchange: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLInvalidKeyException.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java Mon Sep 19 06:56:26 2011
@@ -18,7 +18,6 @@ package org.apache.commons.runtime.ssl;
 
 import org.apache.commons.runtime.InvalidArgumentException;
 import org.apache.commons.runtime.InvalidDataException;
-import java.io.File;
 
 /**
  * SSL Key.
@@ -29,57 +28,83 @@ public final class SSLKey extends Native
     // Hide NativePointer
     private final long          pointer = 0L;
     private final String        desc;
-    
+    private SSLKeyFormat        format;
     private static native long  load0(String file, String desc, int format, long pcb)
-        throws InvalidDataException;
+        throws SSLInvalidKeyException;
     private static native long  load1(String file, int format, String password)
-        throws InvalidDataException;
+        throws SSLInvalidKeyException;
     private static native void  free0(long key);
 
-    private SSLKey()
+    /**
+     * Creates a new object instance.
+     */
+    public SSLKey()
     {
         this.desc = null;
-        // No instance
     }
 
     /**
      * Creates a new object instance.
+     *
+     * @param desc This key's description
      */
     public SSLKey(String desc)
     {
         this.desc = desc;
     }
 
-    public void load(String file, SSLKeyFormat format, PasswordCallback cb)
-        throws InvalidDataException
+    public synchronized void load(String file, SSLKeyFormat format, PasswordCallback cb)
+        throws IllegalStateException, SSLInvalidKeyException
     {
         if (super.pointer != 0L) {
             // Already loaded
-            // TODO: Throw exception
+            throw new IllegalStateException();
         }
         super.pointer = load0(file, desc, format.valueOf(), ((NativePointer)cb).pointer);
+        this.format   = format;
     }
 
-    public void load(String file, SSLKeyFormat format, String password)
-        throws InvalidDataException
+    public synchronized void load(String file, SSLKeyFormat format, String password)
+        throws IllegalStateException, SSLInvalidKeyException
     {
         if (super.pointer != 0L) {
             // Already loaded
-            // TODO: Throw exception
+            throw new IllegalStateException();
         }
         super.pointer = load1(file, format.valueOf(), password);
+        this.format   = format;
     }
 
-    public void load(String file, SSLKeyFormat format)
-        throws InvalidDataException
+    public synchronized void load(String file, SSLKeyFormat format)
+        throws IllegalStateException, SSLInvalidKeyException
     {
         if (super.pointer != 0L) {
             // Already loaded
-            // TODO: Throw exception
+            throw new IllegalStateException();
         }
         super.pointer = load0(file, desc, format.valueOf(), 0L);
+        this.format   = format;
+    }
+
+    public void load(String file)
+        throws IllegalStateException, SSLInvalidKeyException
+    {
+        load(file, SSLKeyFormat.PEM);
+    }
+
+    public SSLKeyFormat getFormat()
+    {
+        return format;
     }
 
+    public synchronized void free()
+    {
+        if (super.pointer != 0L) {
+            free0(super.pointer);
+            super.pointer = 0L;
+        }
+    }
+    
     /**
      * Called by the garbage collector when the object is destroyed.
      * The class will free internal resources allocated by the
@@ -93,8 +118,7 @@ public final class SSLKey extends Native
     protected final void finalize()
         throws Throwable
     {
-        if (super.pointer != 0L)
-            free0(super.pointer);
+        free();
     }
 
 }

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java Mon Sep 19 06:56:26 2011
@@ -37,6 +37,11 @@ public final class SSLServer extends Nat
     private final String hostId;
     private static native long         new0(String name);
     private static native void         close0(long srv);
+    private static native void         setctx0(long srv, long ctx);
+
+
+    private SSLContext          ctx1 = null;
+    private SSLContext          ctx2 = null;
 
     private SSLServer()
     {
@@ -52,6 +57,8 @@ public final class SSLServer extends Nat
     public SSLServer(String hostId)
         throws NullPointerException
     {
+        if (!SSL.initialized())
+            throw new RuntimeException(Local.sm.get("openssl.EINIT"));        
         if (hostId == null)
             throw new NullPointerException();
         this.hostId   = hostId;
@@ -68,11 +75,22 @@ public final class SSLServer extends Nat
      * @see java.io.Closeable#close()
      * @throws IOException if an I/O error occurs.
      */
-    public final void close()
+    public synchronized final void close()
         throws IOException
     {
-        close0(super.pointer);
-        super.pointer = 0L;
+
+        if (ctx1 != null) {
+            ctx1.free();
+            ctx1 = null;
+        }        
+        if (ctx2 != null) {
+            ctx2.free();
+            ctx2 = null;
+        }
+        if (super.pointer != 0L) {
+            close0(super.pointer);
+            super.pointer = 0L;
+        }
     }
 
     /**
@@ -84,5 +102,23 @@ public final class SSLServer extends Nat
     {
         return hostId;
     }
+
+    /**
+     * Set this server's SSL context.
+     * <p>
+     *
+     * </p>
+     * @param ctx the context to set
+     * @return previous context or {@code null} if the context
+     *          was not set already.
+     */
+    public synchronized final SSLContext setContext(SSLContext ctx)
+    {
+        SSLContext org = ctx1;
+        ctx1 = ctx;
+        setctx0(super.pointer, ((NativePointer)ctx).pointer);
+        return org;
+    }
+    
 }
 

Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h Mon Sep 19 06:56:26 2011
@@ -43,6 +43,7 @@ enum {
     ACR_EX_ENULL,           /* java/lang/NullPointerException */
     ACR_EX_ENOSYS,          /* java/lang/UnsupportedOperationException */
     ACR_EX_EIO,             /* java/io/IOException */
+    ACR_EX_EBADPATH,        /* java/io/FileNotFoundException */
     ACR_EX_ESOCK,           /* java/net/SocketException */
 
     ACR_EX_EBADF,           /* io/InvalidDescriptorException */
@@ -65,6 +66,9 @@ enum {
     ACR_EX_ENORES,          /* OutOfResourcesException */
     ACR_EX_ECONNABORTED,    /* ConnectionAbortedException */
     ACR_EX_ECONNRESET,      /* ConnectionResetException */
+    ACR_EX_ESSL,            /* SSLException */
+    ACR_EX_ESSLBADCERT,     /* SSLInvalidCertificateException */
+    ACR_EX_ESSLBADKEY,      /* SSLInvalidKeyException */
     ACR_EX_LEN
 };
 

Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Mon Sep 19 06:56:26 2011
@@ -292,7 +292,7 @@ extern ssl_pass_cb_t *acr_ssl_password_c
 
 typedef struct acr_ssl_srv_t acr_ssl_srv_t;
 /* Server context */
-typedef struct acr_ssl_ctxt_t {
+typedef struct acr_ssl_ctx_t {
     acr_ssl_srv_t   *srv;
     SSL_CTX         *ctx;
     BIO             *bio_os;
@@ -320,7 +320,10 @@ typedef struct acr_ssl_ctxt_t {
     int              verify_mode;
     char             session_id_prefix[32];
     unsigned int     session_id_prefix_len;
-
+#ifndef OPENSSL_NO_TLSEXT
+    char            *servername;
+    int              extension_error;
+#endif
 #ifdef HAVE_OCSP_STAPLING
     /** OCSP stapling options */
     BOOL             stapling_enabled;
@@ -343,13 +346,13 @@ typedef struct acr_ssl_ctxt_t {
     long             ocsp_resp_maxage;
     acr_time_t       ocsp_responder_timeout;
     
-} acr_ssl_ctxt_t;
+} acr_ssl_ctx_t;
 
 struct acr_ssl_srv_t {
     char            *hostid;
     int              hostid_len;
-    acr_ssl_ctxt_t  *ctx;
-    acr_ssl_ctxt_t  *ctx2;
+    acr_ssl_ctx_t   *ctx;
+    acr_ssl_ctx_t   *ctx2;
     int              enabled;
 
 };
@@ -385,7 +388,7 @@ struct ssl_sd_t {
 #endif
    /*** SSL struct members ***/ 
     acr_ssl_srv_t          *srv;
-    acr_ssl_ctxt_t         *ctx;    
+    acr_ssl_ctx_t          *ctx;
     SSL                    *ssl;
     X509                   *peer;
     int                     shutdown_type;

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c Mon Sep 19 06:56:26 2011
@@ -170,8 +170,10 @@ struct SSLAPIst {
     void                (*fpSSL_CTX_set_tmp_dh_callback)(SSL_CTX *, DH *(*)(SSL *, int, int));
     X509_STORE*         (*fpSSL_CTX_get_cert_store)(const SSL_CTX *);
     int                 (*fpSSL_CTX_set_default_verify_paths)(SSL_CTX *);
+    int                 (*fpSSL_CTX_load_verify_locations)(SSL_CTX *, const char *, const char *);    
     void                (*fpSSL_CTX_set_verify)(SSL_CTX *, int, int (*)(int, X509_STORE_CTX *));
     int                 (*fpSSL_CTX_set_generate_session_id)(SSL_CTX *, GEN_SESSION_CB);
+    void                (*fpSSL_CTX_set_quiet_shutdown)(SSL_CTX *, int);
 
     /*** SSL      ***/
     void*               (*fpSSL_get_ex_data)(const SSL *, int);
@@ -310,8 +312,10 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
     LIBSSL_FPLOAD(SSL_CTX_set_tmp_rsa_callback);
     LIBSSL_FPLOAD(SSL_CTX_get_cert_store);
     LIBSSL_FPLOAD(SSL_CTX_set_default_verify_paths);
+    LIBSSL_FPLOAD(SSL_CTX_load_verify_locations);
     LIBSSL_FPLOAD(SSL_CTX_set_verify);
     LIBSSL_FPLOAD(SSL_CTX_set_generate_session_id);
+    LIBSSL_FPLOAD(SSL_CTX_set_quiet_shutdown);
 
     /*** BIO      ***/
     CRYPTO_FPLOAD(BIO_ctrl);
@@ -846,6 +850,12 @@ int SSL_CTX_set_default_verify_paths(SSL
     return SSLAPI_CALL(SSL_CTX_set_default_verify_paths)(ctx);
 }
 
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                  const char *CApath)
+{
+    return SSLAPI_CALL(SSL_CTX_load_verify_locations)(ctx, CAfile, CApath);
+}
+
 void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
                         int (*callback)(int, X509_STORE_CTX *))
 {
@@ -857,6 +867,11 @@ int  SSL_CTX_set_generate_session_id(SSL
     return SSLAPI_CALL(SSL_CTX_set_generate_session_id)(ctx, cb);
 }
 
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
+{
+    SSLAPI_CALL(SSL_CTX_set_quiet_shutdown)(ctx, mode);
+}
+
 void *SSL_get_ex_data(const SSL *ssl, int idx)
 {
     return SSLAPI_CALL(SSL_get_ex_data)(ssl, idx);

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/cert.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/cert.c?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/cert.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/cert.c Mon Sep 19 06:56:26 2011
@@ -44,14 +44,14 @@ static X509 *load_cert(ssl_pass_cb_t *pa
         else
             password_callback->desc = file;
     }
-    if (format == SSL_CRT_FORMAT_ASN1) {
-        cert = d2i_X509_bio(bio, 0);
-    }
-    else if (format == SSL_CRT_FORMAT_PEM) {
+    if (format == SSL_CRT_FORMAT_PEM) {
         cert = PEM_read_bio_X509_AUX(bio, 0,
                                      ssl_password_callback,
                                      password_callback);
     }
+    else if (format == SSL_CRT_FORMAT_ASN1) {
+        cert = d2i_X509_bio(bio, 0);
+    }
     else if (format == SSL_CRT_FORMAT_PKCS12) {
         if (!ssl_load_pkcs12(bio, 0, 0, &cert, 0))
             cert = 0;
@@ -73,7 +73,7 @@ ACR_SSL_EXPORT(jlong, SSLCertificate, lo
         /* Load key */
         cert = load_cert(cb, format, J2S(file), J2S(desc));
         if (cert == 0)
-            ssl_throw_errno(env, ACR_EX_EILSEQ);
+            ssl_throw_errno(env, ACR_EX_ESSLBADCERT);
     } DONE_WITH_STR(desc);
     } DONE_WITH_STR(file);
     
@@ -96,7 +96,7 @@ ACR_SSL_EXPORT(jlong, SSLCertificate, lo
         /* Load key */
         cert = load_cert(&cb, format, J2S(file), 0);
         if (cert == 0)
-            ssl_throw_errno(env, ACR_EX_EILSEQ);
+            ssl_throw_errno(env, ACR_EX_ESSLBADCERT);
     } DONE_WITH_STR(password);
     } DONE_WITH_STR(file);
 

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Mon Sep 19 06:56:26 2011
@@ -37,12 +37,23 @@ static struct {
 static int generate_session_id(const SSL *ssl, unsigned char *id,
                                unsigned int *id_len)
 {
-    unsigned int count = 0;
+    int count = 0;
     ssl_sd_t *sd = (ssl_sd_t *)SSL_get_app_data(ssl);    
+
+    if (sd == 0 || sd->ctx == 0) {
+        /* XXX: This should not happen!
+         */
+        RAND_pseudo_bytes(id, *id_len);
+        return 0;
+    }
+    if (sd->ctx->session_id_prefix_len < 1) {
+        /* No prefix set.
+         */
+        RAND_pseudo_bytes(id, *id_len);
+        return 0;
+    }
     do {
         RAND_pseudo_bytes(id, *id_len);
-        if (sd == 0 || sd->ctx == 0)
-            break;
         /* Prefix the session_id with the required prefix. NB: If our
          * prefix is too long, clip it - but there will be worse effects
          * anyway, eg. the server could only possibly create 1 session
@@ -52,7 +63,9 @@ static int generate_session_id(const SSL
         memcpy(id, sd->ctx->session_id_prefix,
                sd->ctx->session_id_prefix_len < *id_len ?
                sd->ctx->session_id_prefix_len : *id_len);
-    } while (SSL_has_matching_session_id(ssl, id, *id_len) && (++count < MAX_SESSION_ID_ATTEMPTS));
+        if (!SSL_has_matching_session_id(ssl, id, *id_len))
+            return 0;
+    } while (++count < MAX_SESSION_ID_ATTEMPTS);
 
     if (count >= MAX_SESSION_ID_ATTEMPTS)
         return 0;
@@ -62,10 +75,10 @@ static int generate_session_id(const SSL
 
 ACR_SSL_EXPORT(jlong, SSLContext, new0)(JNI_STDARGS, jint protocol, jint mode)
 {
-    acr_ssl_ctxt_t   *c;
+    acr_ssl_ctx_t   *c;
     CONST_SSL_METHOD *m = 0;
 
-    c = ACR_TALLOC(acr_ssl_ctxt_t);
+    c = ACR_TALLOC(acr_ssl_ctx_t);
     if (c == 0)
         return 0;
     switch (mode) {
@@ -181,6 +194,7 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
     c->verify_mode   = SSL_CVERIFY_UNSET;
     c->shutdown_type = SSL_SHUTDOWN_TYPE_UNSET;
 
+    SSL_CTX_set_quiet_shutdown(c->ctx, 1);
     SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
     if (protocol != SSL_PROTOCOL_SSLV2)
         SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
@@ -223,7 +237,7 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
 
 ACR_SSL_EXPORT(void, SSLContext, free0)(JNI_STDARGS, jlong ctx)
 {
-    acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
+    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
 
     if (c == 0)
         return;
@@ -231,10 +245,6 @@ ACR_SSL_EXPORT(void, SSLContext, free0)(
         X509_STORE_free(c->crls);
     if (c->ctx != 0)
         SSL_CTX_free(c->ctx);
-    if (c->cert != 0)
-        X509_free(c->cert);
-    if (c->skey != 0)
-        EVP_PKEY_free(c->skey);
     ssl_bio_close(c->bio_is);
     ssl_bio_close(c->bio_os);
 #ifdef HAVE_OCSP_STAPLING
@@ -247,7 +257,7 @@ ACR_SSL_EXPORT(void, SSLContext, free0)(
 
 ACR_SSL_EXPORT(void, SSLContext, setid0)(JNI_STDARGS, jlong ctx, jstring id)
 {
-    acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
+    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
 
     WITH_CSTR(id) {
         MD5((const unsigned char *)J2S(id), strlen(J2S(id)), c->context_id);
@@ -257,7 +267,7 @@ ACR_SSL_EXPORT(void, SSLContext, setid0)
 ACR_SSL_EXPORT(void, SSLContext, setsprefix0)(JNI_STDARGS, jlong ctx,
                                               jstring prefix)
 {
-    acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
+    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
 
     WITH_CSTR(prefix) {       
         c->session_id_prefix_len = (unsigned int)strlcpy(c->session_id_prefix, J2S(prefix), 32);
@@ -265,11 +275,55 @@ ACR_SSL_EXPORT(void, SSLContext, setspre
     } DONE_WITH_STR(prefix);
 }
 
-ACR_SSL_EXPORT(void, SSLContext, setverify0)(JNI_STDARGS, jlong ctx,
-                                             jint mode, jint depth)
+ACR_SSL_EXPORT(void, SSLContext, setcafile0)(JNI_STDARGS, jlong ctx,
+                                             jstring cafile)
+{
+    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
+    WITH_CSTR(cafile) {
+        if (!SSL_CTX_load_verify_locations(c->ctx, J2S(cafile), 0))
+            ssl_throw_errno(env, ACR_EX_ESSL);
+        else
+            c->store = SSL_CTX_get_cert_store(c->ctx);
+    } DONE_WITH_STR(cafile);
+}
+
+ACR_SSL_EXPORT(void, SSLContext, setcapath0)(JNI_STDARGS, jlong ctx,
+                                             jstring capath)
+{
+    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
+    WITH_CSTR(capath) {
+        if (!SSL_CTX_load_verify_locations(c->ctx, 0, J2S(capath)))
+            ssl_throw_errno(env, ACR_EX_ESSL);
+        else
+            c->store = SSL_CTX_get_cert_store(c->ctx);
+    } DONE_WITH_STR(capath);
+}
+
+ACR_SSL_EXPORT(void, SSLContext, setcrlcheck0)(JNI_STDARGS, jlong ctx,
+                                               jint ccmode)
+{
+    int vflags = 0;
+    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
+
+    if (c->store == 0) {
+        c->store = SSL_CTX_get_cert_store(c->ctx);
+        if (c->store == 0) {
+            /* XXX: This should never happen (TM) */
+            return;
+        }
+    }
+    if (ccmode == 1)
+        vflags |= X509_V_FLAG_CRL_CHECK;
+    else if (ccmode == 2)
+        vflags |= X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL;
+    X509_STORE_set_flags(c->store, vflags);
+}
+
+ACR_SSL_EXPORT(void, SSLContext, setvmode0)(JNI_STDARGS, jlong ctx,
+                                            jint mode, jint depth)
 {
     int verify = SSL_VERIFY_NONE;
-    acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
+    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
 
     if (depth > 0)
         c->verify_depth = depth;
@@ -285,21 +339,21 @@ ACR_SSL_EXPORT(void, SSLContext, setveri
         c->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA)
         verify |= SSL_VERIFY_PEER;
     if (c->store == 0) {
-        if (SSL_CTX_set_default_verify_paths(c->ctx)) {
-            c->store = SSL_CTX_get_cert_store(c->ctx);
-            X509_STORE_set_flags(c->store, 0);
-        }
-        else {
-            /* XXX: See if this is fatal */
+        if (c->verify_mode != 0 && !SSL_CTX_set_default_verify_paths(c->ctx)) {
+            ssl_throw_errno(env, ACR_EX_ESSL);
+            return;
         }
+        c->store = SSL_CTX_get_cert_store(c->ctx);
+        X509_STORE_set_flags(c->store, 0);
     }
+    
     SSL_CTX_set_verify(c->ctx, verify, 0 /* ssl_callback_ssl_verify */);
 }
 
 ACR_SSL_EXPORT(void, SSLContext, setpasscb0)(JNI_STDARGS, jlong ctx,
                                              jlong cbp)
 {
-    acr_ssl_ctxt_t *c    = J2P(ctx, acr_ssl_ctxt_t *);
+    acr_ssl_ctx_t *c     = J2P(ctx, acr_ssl_ctx_t *);
     c->password_callback = J2P(cbp, ssl_pass_cb_t *);
 
     SSL_CTX_set_default_passwd_cb(c->ctx, ssl_password_callback);
@@ -309,7 +363,7 @@ ACR_SSL_EXPORT(void, SSLContext, setpass
 ACR_SSL_EXPORT(void, SSLContext, setscachesize0)(JNI_STDARGS, jlong ctx,
                                                  jint size)
 {
-    acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
+    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
     if (size < 1)
         SSL_CTX_set_session_cache_mode(c->ctx, SSL_SESS_CACHE_OFF);
     else        

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c Mon Sep 19 06:56:26 2011
@@ -74,7 +74,7 @@ ACR_SSL_EXPORT(jlong, SSLKey, load0)(JNI
         /* Load key */
         key = load_key(cb, format, J2S(file), J2S(desc));
         if (key == 0)
-            ssl_throw_errno(env, ACR_EX_EILSEQ);
+            ssl_throw_errno(env, ACR_EX_ESSLBADKEY);
     } DONE_WITH_STR(desc);
     } DONE_WITH_STR(file);
     
@@ -97,7 +97,7 @@ ACR_SSL_EXPORT(jlong, SSLKey, load1)(JNI
         /* Load key */
         key = load_key(&cb, format, J2S(file), 0);
         if (key == 0)
-            ssl_throw_errno(env, ACR_EX_EILSEQ);
+            ssl_throw_errno(env, ACR_EX_ESSLBADKEY);
     } DONE_WITH_STR(password);
     } DONE_WITH_STR(file);
 

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c Mon Sep 19 06:56:26 2011
@@ -33,20 +33,18 @@ ACR_SSL_EXPORT(jlong, SSLServer, new0)(J
     s = ACR_TALLOC(acr_ssl_srv_t);
     if (s == 0)
         return 0;
-    WITH_CSTR(hostid) {
-        s->hostid = AcrStrdup(env, J2S(hostid));
-        if (s->hostid == 0) {
-            AcrFree(s);
-            s = 0;
-        }
-        else
-            s->hostid_len = strlen(s->hostid);
-    } DONE_WITH_STR(hostid);
-    
-    return P2J(s);
+    s->hostid = AcrGetJavaStringA(env, hostid, 0);
+    if (s->hostid == 0) {
+        AcrFree(s);
+        return 0;
+    }
+    else {
+        s->hostid_len = strlen(s->hostid);
+        return P2J(s);
+    }
 }
 
-ACR_SSL_EXPORT(void, SSLServer, free0)(JNI_STDARGS, jlong srv)
+ACR_SSL_EXPORT(void, SSLServer, close0)(JNI_STDARGS, jlong srv)
 {
     acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
     if (s != 0) {
@@ -55,3 +53,15 @@ ACR_SSL_EXPORT(void, SSLServer, free0)(J
         AcrFree(s);
     }
 }
+
+ACR_SSL_EXPORT(void, SSLServer, setctx0)(JNI_STDARGS, jlong srv, jlong ctx)
+{
+    acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
+    s->ctx = J2P(ctx, acr_ssl_ctx_t *);
+}
+
+ACR_SSL_EXPORT(void, SSLServer, setctx2)(JNI_STDARGS, jlong srv, jlong ctx)
+{
+    acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
+    s->ctx2 = J2P(ctx, acr_ssl_ctx_t *);
+}

Modified: commons/sandbox/runtime/trunk/src/main/native/shared/error.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/shared/error.c?rev=1172490&r1=1172489&r2=1172490&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/shared/error.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/shared/error.c Mon Sep 19 06:56:26 2011
@@ -30,13 +30,14 @@ static struct {
     jclass      clazz;
     const char *name;
 } _throw_classes[ACR_EX_LEN] = {
-    { 0, "java/lang/IllegalStateException"                      },
+    { 0, "java/lang/IllegalStateException"                      }, /* EILLEGAL  */
     { 0, "java/lang/InstatiationException"                      }, /* ENOINIT   */
     { 0, "java/lang/RuntimeException"                           }, /* EGENERAL  */
     { 0, "java/lang/OutOfMemoryError"                           }, /* ENOMEM    */
     { 0, "java/lang/NullPointerException"                       }, /* EISNULL   */
     { 0, "java/lang/UnsupportedOperationException"              }, /* ENOSYS    */
     { 0, "java/io/IOException"                                  }, /* EIO       */
+    { 0, "java/io/FileNotFoundException"                        }, /* EBADPATH  */
     { 0, "java/net/SocketException"                             }, /* ESOCK     */
 
     { 0, ACR_IO_CP      "InvalidDescriptorException"            }, /* EBADF     */
@@ -58,7 +59,9 @@ static struct {
     { 0, ACR_CLASS_PATH "OverflowException"                     }, /* EOVERFLOW */
     { 0, ACR_CLASS_PATH "OutOfResourcesException"               }, /* ENORES    */
     { 0, ACR_NET_CP     "ConnectionAbortedException"            }, /* ECONNABORTED  */
-    { 0, ACR_NET_CP     "ConnectionResetException"              }  /* ECONNRESET    */
+    { 0, ACR_NET_CP     "ConnectionResetException"              }, /* ECONNRESET    */
+    { 0, ACR_SSL_CP     "SSLException"                          }, /* ESSL          */
+    { 0, ACR_SSL_CP     "SSLInvalidKeyException"                }  /* ESSLBADKEY    */
 };
 
 static const char *const _canon_errors[] = {



Mime
View raw message