commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject svn commit: r1175693 - in /commons/sandbox/runtime/trunk: ./ src/main/java/org/apache/commons/runtime/ src/main/java/org/apache/commons/runtime/ssl/ src/main/native/ src/main/native/include/acr/ src/main/native/modules/openssl/ src/main/native/shared/ ...
Date Mon, 26 Sep 2011 06:55:11 GMT
Author: mturk
Date: Mon Sep 26 06:55:10 2011
New Revision: 1175693

URL: http://svn.apache.org/viewvc?rev=1175693&view=rev
Log:
Add certificate testing support and test

Added:
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/Retainable.java   (with props)
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ssl.c   (with props)
    commons/sandbox/runtime/trunk/src/main/test/makecerts.sh   (with props)
    commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSL.java
      - copied, changed from r1175173, commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestOpenSSL.java
    commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSLCert.java   (with props)
Removed:
    commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestOpenSSL.java
Modified:
    commons/sandbox/runtime/trunk/build.xml
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/AtomicRefcount.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/NativePointer.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCAStore.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCRLStore.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLRandom.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLStore.java
    commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in
    commons/sandbox/runtime/trunk/src/main/native/include/acr/jnidefs.h
    commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
    commons/sandbox/runtime/trunk/src/main/native/include/acr/stddefs.h
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/rand.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c
    commons/sandbox/runtime/trunk/src/main/native/shared/callback.c

Modified: commons/sandbox/runtime/trunk/build.xml
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/build.xml?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/build.xml (original)
+++ commons/sandbox/runtime/trunk/build.xml Mon Sep 26 06:55:10 2011
@@ -26,6 +26,7 @@
     <property name="build.top" value="${basedir}"/>
     <property name="build.dir" value="${basedir}/dist"/>
     <property name="build.src" value="${build.dir}/src"/>
+    <property name="build.out" value="${build.dir}/out"/>
     <property name="build.dest" value="${build.dir}/bin"/>
     <property name="src.base" value="${basedir}/src"/>
     <property name="src.docs" value="${basedir}/xdocs"/>
@@ -367,12 +368,34 @@ The Apache Software Foundation (http://w
         </taskdef>
     </target>
 
+    <target name="makecerts" depends="tests" unless="creatificates.created">
+        <delete dir="${build.out}/certificates"/>
+        <mkdir dir="${build.out}/certificates"/>
+        <copy todir="${build.src}/test" filtering="yes">
+            <fileset dir="${src.base}/main/test">
+                <include name="**/*.sh"/>
+            </fileset>
+        </copy>
+        <exec executable="sh" dir="${build.out}/certificates" osfamily="unix">
+            <arg line="${build.src}/test/makecerts.sh"/>
+        </exec>
+    </target>
+
+    <target name="certificates" depends="tests">
+        <condition property="creatificates.created">
+            <resourceexists>
+                <file file="${build.out}/certificates/ca.serial"/>
+            </resourceexists>
+        </condition>
+        <antcall target="makecerts"/>
+    </target>
+
     <macrodef name="runtest">
        <attribute name="groups" default="init"/>
        <attribute name="name" default="test.runtime"/>
        <sequential>
-            <testng outputdir="${build.dir}/out/@{name}"
-                workingdir="${build.dir}/out"
+            <testng outputdir="${build.out}/@{name}"
+                workingdir="${build.out}"
                 verbose="1"
                 haltOnfailure="true"
                 groups="@{groups}"
@@ -396,7 +419,7 @@ The Apache Software Foundation (http://w
     <target name="test" depends="tests">
         <runtest groups="init,core,private,${systemid.subsystem}"/>
     </target>
-    <target name="testopenssl" depends="tests">
+    <target name="testopenssl" depends="certificates">
         <runtest groups="init,openssl" name="openssl"/>
     </target>
     <target name="testsemaphore" depends="tests">

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/AtomicRefcount.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/AtomicRefcount.java?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/AtomicRefcount.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/AtomicRefcount.java Mon Sep 26 06:55:10 2011
@@ -24,7 +24,9 @@ import java.util.concurrent.atomic.Atomi
  * Used by the objects that need to be destroyed when reference
  * counting is zero.
  */
-public final class AtomicRefcount extends AtomicInteger
+public final class AtomicRefcount
+    extends AtomicInteger
+    implements Retainable
 {
 
     /**
@@ -54,7 +56,9 @@ public final class AtomicRefcount extend
     /**
      * Increase retention.
      */
+    @Override
     public void retain()
+        throws IllegalStateException        
     {
         incrementAndGet();
     }
@@ -66,7 +70,9 @@ public final class AtomicRefcount extend
      *
      * @return {@code true} if the object can be released.
      */
+    @Override
     public boolean release()
+        throws IllegalStateException
     {
         if (decrementAndGet() == 0)
             return true;

Added: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/Retainable.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/Retainable.java?rev=1175693&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/Retainable.java (added)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/Retainable.java Mon Sep 26 06:55:10 2011
@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+package org.apache.commons.runtime;
+
+/**
+ * The base class for all classes offerering
+ * reatin method to it's child objects.
+ */
+public interface Retainable
+{
+
+    /**
+     * Increase retention.
+     *
+     * @throws IllegalStateException if the object cannot be retained.
+     */
+    public void retain()
+        throws IllegalStateException;
+
+    /**
+     * Decrease retention by decrementing the reference counter.
+     * User of this method will usually destroy a guarded object when
+     * the reference counter value is unique.
+     *
+     * @return {@code true} if the object can be released.
+     * @throws IllegalStateException if the object is in the illegal state
+     *          for this call.
+     */
+    public boolean release()
+        throws IllegalStateException;        
+}

Propchange: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/Retainable.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/NativePointer.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/NativePointer.java?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/NativePointer.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/NativePointer.java Mon Sep 26 06:55:10 2011
@@ -17,6 +17,7 @@
 package org.apache.commons.runtime.ssl;
 
 import org.apache.commons.runtime.Disposable;
+import org.apache.commons.runtime.Retainable;
 
 /**
  * Abstract native pointer envelope.
@@ -30,7 +31,7 @@ import org.apache.commons.runtime.Dispos
  * the correct native object.
  * </p>
  */
-abstract class NativePointer implements Disposable
+abstract class NativePointer implements Disposable, Retainable
 {
     public long        pointer;
 
@@ -54,4 +55,30 @@ abstract class NativePointer implements 
     @Override
     public abstract void dispose()
         throws IllegalStateException;
+
+    @Override
+    public synchronized void retain()
+        throws IllegalStateException
+    {
+        if (pointer == 0L)
+            throw new IllegalStateException();
+        Utils.retain(pointer);
+    }
+
+    @Override
+    public synchronized boolean release()
+        throws IllegalStateException
+    {
+        if (pointer == 0L)
+            throw new IllegalStateException();
+        if (Utils.release(pointer)) {
+            pointer = 0L;
+            return true;
+        }
+        else {
+            // Pointer is still valid
+            return false;
+        }
+    }
+    
 }

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCAStore.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCAStore.java?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCAStore.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCAStore.java Mon Sep 26 06:55:10 2011
@@ -26,10 +26,4 @@ public class SSLCAStore extends SSLStore
     {
     }
     
-    @Override
-    public final void dispose()
-    {
-        // Nothing since we don't have
-        // native object wrapped.
-    }
 }

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCRLStore.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCRLStore.java?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCRLStore.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCRLStore.java Mon Sep 26 06:55:10 2011
@@ -26,10 +26,4 @@ public class SSLCRLStore extends SSLStor
     {
     }
     
-    @Override
-    public final void dispose()
-    {
-        // Nothing since we don't have
-        // native object wrapped.
-    }
 }

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java Mon Sep 26 06:55:10 2011
@@ -80,6 +80,14 @@ public final class SSLCertificate extend
         this.format   = format;
     }
 
+    public synchronized void load(String file)
+        throws IllegalStateException,
+               SSLCannotDecryptException,
+               SSLInvalidCertificateException
+    {
+        load(file, SSLCertificateFormat.PEM);
+    }
+
     public synchronized void load(String file, SSLCertificateFormat format, String password)
         throws IllegalStateException,
                SSLCannotDecryptException,

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java Mon Sep 26 06:55:10 2011
@@ -31,7 +31,7 @@ public final class SSLKey extends Native
     private SSLKeyFormat        format;
     private static native long  load0(String file, String desc, int format, long pcb)
         throws SSLCannotDecryptException, SSLInvalidKeyException;
-    private static native long  load1(String file, int format, String password)
+    private static native long  load1(String file, String desc, int format, String password)
         throws SSLCannotDecryptException, SSLInvalidKeyException;
     private static native long  load2(long engine, String id, String password)
         throws SSLCannotDecryptException, SSLInvalidKeyException;
@@ -77,7 +77,7 @@ public final class SSLKey extends Native
             // Already loaded
             throw new IllegalStateException();
         }
-        super.pointer = load1(file, format.valueOf(), password);
+        super.pointer = load1(file, desc, format.valueOf(), password);
         this.format   = format;
     }
 

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLRandom.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLRandom.java?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLRandom.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLRandom.java Mon Sep 26 06:55:10 2011
@@ -38,7 +38,18 @@ public final class SSLRandom
      */
     public SSLRandom()
     {
-        buf = new byte[1024];
+        this(512);
+    }
+
+    /**
+     * Creates a new random number generator with the given
+     * internal buffer size.
+     *
+     * @param bufferSize size of the internal buffer in bytes.
+     */
+    public SSLRandom(int bufferSize)
+    {
+        buf = new byte[bufferSize];
         pos = 0;
         siz = 0;
     }
@@ -49,8 +60,11 @@ public final class SSLRandom
     private static native String        getdef0();
     private static native void          setdef0(String path);
 
-    private static native boolean       bytes0(byte[] b, int off, int len);
-    private static native boolean       bytes1(ByteBuffer b, int off, int len);
+    private static native void          bytes0(byte[] b, int off, int len);
+    private static native void          bytes1(ByteBuffer b, int off, int len);
+    private static native void          ints0(int[] b, int off, int len);
+    private static native int           next0();
+    private static native long          next1();
     private static native boolean       seteng0(long ep);
     
     public static boolean seed(String path)
@@ -132,8 +146,8 @@ public final class SSLRandom
             int nr = buffer.remaining();
             if (nr > 0) {
                 int bp = buffer.position();
-                if (bytes1(buffer, bp, nr))
-                    buffer.position(bp + nr);
+                bytes1(buffer, bp, nr);
+                buffer.position(bp + nr);
             }
         }
         else {
@@ -163,6 +177,25 @@ public final class SSLRandom
         }
     }
 
+    public void nextIntegers(int[] b, int off, int len)
+        throws IndexOutOfBoundsException
+    {
+        if (off < 0 || off + len > b.length)
+            throw new IndexOutOfBoundsException();
+        if (len > 0)
+            ints0(b, off, len);
+    }
+
+    public int nextInteger()
+    {
+        return next0();
+    }
+
+    public long nextLong()
+    {
+        return next1();
+    }
+
     public boolean setEngine(SSLEngine e)
     {
         // TODO: Throw error if fails

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLStore.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLStore.java?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLStore.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLStore.java Mon Sep 26 06:55:10 2011
@@ -94,4 +94,12 @@ public abstract class SSLStore implement
     {
         return path == null ? null : path.getPath();
     }
+
+    @Override
+    public void dispose()
+    {
+        file = null;
+        path = null;
+    }
+
 }

Modified: commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in (original)
+++ commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in Mon Sep 26 06:55:10 2011
@@ -158,6 +158,7 @@ SSLSOURCES=\
 	$(TOPDIR)/modules/openssl/password.c \
 	$(TOPDIR)/modules/openssl/rand.c \
 	$(TOPDIR)/modules/openssl/server.c \
+	$(TOPDIR)/modules/openssl/ssl.c \
 	$(TOPDIR)/modules/openssl/util.c
 
 CXXSOURCES=

Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/jnidefs.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/jnidefs.h?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/jnidefs.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/jnidefs.h Mon Sep 26 06:55:10 2011
@@ -70,6 +70,8 @@
 #define V2I(P)                  ((int)(intptr_t)(P))
 #define V2U(P)                  ((unsigned int)(intptr_t)(P))
 #define V2Z(X)                  ((X) ? JNI_TRUE : JNI_FALSE)
+#define Z2I(X)                  ((int)(X))
+
 #define INVALID_FIELD_OFFSET    (-1)
 #define INVALID_FIELD_BASE      (-1)
 

Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Mon Sep 26 06:55:10 2011
@@ -298,6 +298,8 @@ typedef struct ssl_pass_cb_t {
 #define ACR_SSL_OBJ_EVP_PKEY    2
 #define ACR_SSL_OBJ_X509_STORE  3
 #define ACR_SSL_OBJ_X509_NAMES  4
+#define ACR_SSL_CTX             5
+#define ACR_SSL_SRV             6
 
 typedef struct ssl_obj_t {
     acr_refcount_t               refs;
@@ -323,12 +325,12 @@ typedef struct acr_ssl_srv_t    acr_ssl_
 /* SSL context */
 typedef struct acr_ssl_ctx_t {
     acr_refcount_t   refs;
-    int              inited;
-
+    int              type;
     SSL_CTX         *ctx;
     /* Pointer to the context verify store */
     X509_STORE      *store;
 
+    int              inited;
     int              protocol;
     int              mode;
     int              ssl_proxy;
@@ -393,12 +395,13 @@ typedef struct acr_ssl_ctx_t {
 /* Server context */
 struct acr_ssl_srv_t {
     acr_refcount_t  refs;
-    int             inited;
+    int             type;
     acr_ssl_ctx_t   *ctx;
     acr_ssl_ctx_t   *ctx2;    
     char            *servname;
     char            *hostid;
     BIO             *bio;
+    int             inited;
     int              hostid_len;
     long             options;
     int              enabled;

Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/stddefs.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/stddefs.h?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/stddefs.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/stddefs.h Mon Sep 26 06:55:10 2011
@@ -311,6 +311,16 @@
 #define ACR_PUTFLAG(s, f, v)    if ((v) != 0) (s)->flags |= (f); \
                                 else (s)->flags &= ~(f)
 
+#define ACR_SAFE_CALL(meth, arg)        \
+    ACR_TEST_MACRO(arg)                 \
+    (meth)(arg);                        \
+    ACR_END_MACRO
+
+#define ACR_SAFE_CALLN(meth, arg, ...)  \
+    ACR_TEST_MACRO(arg)                 \
+    (meth)(arg, ##__VA_ARGS__);         \
+    ACR_END_MACRO
+
 #define UNUSED_SOURCE_FILE(F)   \
 const char __provided_##F [] = "Using system provided " #F "()"
 

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c Mon Sep 26 06:55:10 2011
@@ -91,15 +91,18 @@ struct SSLAPIst {
     BIO*                (*fpBIO_new_file)(const char *, const char *);
     BIO*                (*fpBIO_new_fp)(FILE *, int);
     BIO*                (*fpBIO_push)(BIO *, BIO *);
-    
     BIO_METHOD*         (*fpBIO_f_base64)(void);
     BIO_METHOD*         (*fpBIO_s_file)(void);
     BIO_METHOD*         (*fpBIO_s_mem)(void);
     int                 (*fpBIO_printf)(BIO *, const char *, ...);
     int                 (*fpBIO_vprintf)(BIO *, const char *, va_list);
+    int                 (*fpBIO_write)(BIO *, const void *, int);
 
     /*** BIGNUM   ***/
+    BIGNUM*             (*fpBN_new)(void);
+    void                (*fpBN_free)(BIGNUM *);
     BIGNUM*             (*fpBN_bin2bn)(const unsigned char *, int, BIGNUM *);
+    int                 (*fpBN_set_word)(BIGNUM *, BN_ULONG);
 
     /*** CRYPTO   ***/
     void                (*fpCRYPTO_free)(void *);    
@@ -125,6 +128,7 @@ struct SSLAPIst {
     unsigned long       (*fpERR_peek_last_error)(void);
     void                (*fpERR_put_error)(int, int, int, const char *, int);
 
+    
     /*** EVP      ***/
     void                (*fpEVP_PKEY_free)(EVP_PKEY *);
     EVP_PKEY*           (*fpd2i_PrivateKey_bio)(BIO *, EVP_PKEY **);
@@ -161,7 +165,9 @@ struct SSLAPIst {
     int                 (*fpRAND_status)(void);
 
     /*** RSA      ***/
-    RSA*                (*fpRSA_generate_key)(int, unsigned long , void (*)(int,int,void *), void *);
+    RSA*                (*fpRSA_new)(void);
+    void                (*fpRSA_free)(RSA *);
+    int                 (*fpRSA_generate_key_ex)(RSA *, int, BIGNUM *, BN_GENCB *);
 
     /*** SSL_CTX  ***/
     long                (*fpSSL_CTX_ctrl)(SSL_CTX *, int, long, void *);
@@ -209,6 +215,25 @@ struct SSLAPIst {
     void                (*fpSSL_CTX_set_default_passwd_cb)(SSL_CTX *, pem_password_cb *);
     void                (*fpSSL_CTX_set_default_passwd_cb_userdata)(SSL_CTX *ctx, void *u);
 
+
+    /*** UI       ***/
+    UI_METHOD*          (*fpUI_OpenSSL)(void);
+    UI_METHOD*          (*fpUI_create_method)(char *);    
+    void                (*fpUI_destroy_method)(UI_METHOD *);
+    void*               (*fpUI_get0_user_data)(UI *);
+    int                 (*fpUI_get_input_flags)(UI_STRING *);
+    enum UI_string_types (*fpUI_get_string_type)(UI_STRING *);
+    int                 (*fpUI_set_result)(UI *, UI_STRING *, const char *);
+
+    void*               (*fpUI_method_get_opener)(UI_METHOD *);
+    void*               (*fpUI_method_get_writer)(UI_METHOD *);
+    void*               (*fpUI_method_get_reader)(UI_METHOD *);
+    void*               (*fpUI_method_get_closer)(UI_METHOD *);
+    int                 (*fpUI_method_set_opener)(UI_METHOD *, int (*)(UI *));
+    int                 (*fpUI_method_set_writer)(UI_METHOD *, int (*)(UI *, UI_STRING *));
+    int                 (*fpUI_method_set_reader)(UI_METHOD *, int (*)(UI *, UI_STRING *));
+    int                 (*fpUI_method_set_closer)(UI_METHOD *, int (*)(UI *));
+    
     /*** X509     ***/
     void                (*fpX509_free)(X509 *);
     void                (*fpX509_STORE_free)(X509_STORE *);
@@ -239,6 +264,7 @@ struct SSLOPTst {
 
     int                 (*fpENGINE_free)(ENGINE *);
     void                (*fpENGINE_load_builtin_engines)(void);
+    EVP_PKEY*           (*fpENGINE_load_private_key)(ENGINE *, const char *, UI_METHOD *, void *);
     int                 (*fpENGINE_register_all_complete)(void);
     int                 (*fpENGINE_set_default)(ENGINE *, unsigned int);
 
@@ -332,9 +358,13 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
     CRYPTO_FPLOAD(BIO_s_mem);
     CRYPTO_FPLOAD(BIO_printf);
     CRYPTO_FPLOAD(BIO_vprintf);
+    CRYPTO_FPLOAD(BIO_write);
 
     /*** BIGNUM   ***/
+    CRYPTO_FPLOAD(BN_new);
+    CRYPTO_FPLOAD(BN_free);
     CRYPTO_FPLOAD(BN_bin2bn);
+    CRYPTO_FPLOAD(BN_set_word);
 
     /*** CRYPTO   ***/
     CRYPTO_FPLOAD(CRYPTO_num_locks);
@@ -394,7 +424,22 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
     CRYPTO_FPLOAD(RAND_status);
 
     /*** RSA      ***/
-    CRYPTO_FPLOAD(RSA_generate_key);
+    CRYPTO_FPLOAD(RSA_new);
+    CRYPTO_FPLOAD(RSA_free);
+    CRYPTO_FPLOAD(RSA_generate_key_ex);
+
+    /*** UI       ***/
+    CRYPTO_FPLOAD(UI_OpenSSL);
+    CRYPTO_FPLOAD(UI_create_method);
+    CRYPTO_FPLOAD(UI_destroy_method);
+    CRYPTO_FPLOAD(UI_get0_user_data);
+    CRYPTO_FPLOAD(UI_get_input_flags);
+    CRYPTO_FPLOAD(UI_get_string_type);
+    CRYPTO_FPLOAD(UI_set_result);
+    CRYPTO_FPLOAD(UI_method_set_opener);
+    CRYPTO_FPLOAD(UI_method_set_writer);
+    CRYPTO_FPLOAD(UI_method_set_reader);
+    CRYPTO_FPLOAD(UI_method_set_closer);
 
     /*** X509     ***/
     CRYPTO_FPLOAD(X509_free);
@@ -402,6 +447,7 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
     CRYPTO_FPLOAD(X509_STORE_set_flags);
     CRYPTO_FPLOAD(X509_STORE_load_locations);
     CRYPTO_FPLOAD(d2i_X509_bio);
+
     /*** _STACK   ***/
     CRYPTO_FPLOAD(sk_pop_free);
     /* Optional functions
@@ -421,6 +467,7 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
     CRYPTO_LDDOPT(ENGINE_ctrl_cmd_string);
     CRYPTO_LDDOPT(ENGINE_free);
     CRYPTO_LDDOPT(ENGINE_load_builtin_engines);
+    CRYPTO_LDDOPT(ENGINE_load_private_key);
     CRYPTO_LDDOPT(ENGINE_register_all_complete);
     CRYPTO_LDDOPT(ENGINE_set_default);
     CRYPTO_LDDOPT(RAND_set_rand_engine);
@@ -530,12 +577,32 @@ int BIO_printf(BIO *bio, const char *for
     va_end(ap);
     return rv;
 }
-            
+
+int BIO_write(BIO *b, const void *data, int len)
+{
+    return SSLAPI_CALL(BIO_write)(b, data, len);
+}
+
+BIGNUM *BN_new(void)
+{
+    return SSLAPI_CALL(BN_new)();
+}
+
+void  BN_free(BIGNUM *bn)
+{
+    SSLAPI_CALL(BN_free)(bn);
+}
+
 BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret)
 {
     return SSLAPI_CALL(BN_bin2bn)(s, len, ret);
 }
 
+int BN_set_word(BIGNUM *a, BN_ULONG w)
+{
+    return SSLAPI_CALL(BN_set_word)(a, w);
+}
+
 void CRYPTO_free(void *p)
 {
     SSLAPI_CALL(CRYPTO_free)(p);
@@ -635,13 +702,22 @@ int ENGINE_free(ENGINE *e)
         return 0;
 }
 
-void ENGINE_load_builtin_engines(void)
+void ENGINE_load_builtin_engines()
 {
     if (SSLOPT_HAVE(ENGINE_load_builtin_engines))
         SSLOPT_CALL(ENGINE_load_builtin_engines)();
 }
 
-int ENGINE_register_all_complete(void)
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data)
+{
+    if (SSLOPT_HAVE(ENGINE_load_private_key))
+        return SSLOPT_CALL(ENGINE_load_private_key)(e, key_id, ui_method, callback_data);
+    else
+        return 0;
+}
+
+int ENGINE_register_all_complete()
 {
     if (SSLOPT_HAVE(ENGINE_register_all_complete))
         return SSLOPT_CALL(ENGINE_register_all_complete)();
@@ -818,10 +894,19 @@ int RAND_status(void)
     return SSLAPI_CALL(RAND_status)();
 }
 
-RSA *RSA_generate_key(int bits, unsigned long e,
-                      void (*callback)(int, int, void *), void *cb_arg)
+RSA *RSA_new(void)
+{
+    return SSLAPI_CALL(RSA_new)();
+}
+
+void RSA_free(RSA *r)
+{
+    SSLAPI_CALL(RSA_free)(r);
+}
+
+int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
 {
-    return SSLAPI_CALL(RSA_generate_key)(bits, e, callback, cb_arg);
+    return SSLAPI_CALL(RSA_generate_key_ex)(rsa, bits, e, cb);
 }
 
 long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
@@ -970,6 +1055,82 @@ void SSL_CTX_set_default_passwd_cb_userd
     SSLAPI_CALL(SSL_CTX_set_default_passwd_cb_userdata)(ctx, u);
 }
 
+
+UI_METHOD *UI_OpenSSL()
+{
+    return SSLAPI_CALL(UI_OpenSSL)();
+}
+
+UI_METHOD *UI_create_method(char *name)
+{
+    return SSLAPI_CALL(UI_create_method)(name);
+}
+
+void UI_destroy_method(UI_METHOD *ui_method)
+{
+    return SSLAPI_CALL(UI_destroy_method)(ui_method);
+}
+
+void *UI_get0_user_data(UI *ui)
+{
+    return SSLAPI_CALL(UI_get0_user_data)(ui);
+}
+
+enum UI_string_types UI_get_string_type(UI_STRING *uis)
+{
+    return SSLAPI_CALL(UI_get_string_type)(uis);
+}
+
+int UI_get_input_flags(UI_STRING *uis)
+{
+    return SSLAPI_CALL(UI_get_input_flags)(uis);
+}
+
+int (*UI_method_get_opener(UI_METHOD *method))(UI*)
+{
+    return SSLAPI_CALL(UI_method_get_opener)(method);
+}
+
+int (*UI_method_get_writer(UI_METHOD *method))(UI*, UI_STRING*)
+{
+    return SSLAPI_CALL(UI_method_get_writer)(method);
+}
+
+int (*UI_method_get_reader(UI_METHOD *method))(UI*, UI_STRING*)
+{
+    return SSLAPI_CALL(UI_method_get_reader)(method);
+}
+
+int (*UI_method_get_closer(UI_METHOD *method))(UI*)
+{
+    return SSLAPI_CALL(UI_method_get_closer)(method);
+}
+
+int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
+{
+    return SSLAPI_CALL(UI_set_result)(ui, uis, result);
+}
+
+int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui))
+{
+    return SSLAPI_CALL(UI_method_set_opener)(method, opener);
+}
+
+int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis))
+{
+    return SSLAPI_CALL(UI_method_set_writer)(method, writer);
+}
+
+int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis))
+{
+    return SSLAPI_CALL(UI_method_set_reader)(method, reader);
+}
+
+int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui))
+{
+    return SSLAPI_CALL(UI_method_set_closer)(method, closer);
+}
+
 void X509_free(X509 *x)
 {
     SSLAPI_CALL(X509_free)(x);

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c Mon Sep 26 06:55:10 2011
@@ -41,7 +41,7 @@ struct CRYPTO_dynlock_value {
  */
 
 #define SSL_TMP_KEY_FREE(type, idx)                     \
-    if (acr_ssl_temp_keys[idx]) {                       \
+    if (acr_ssl_temp_keys[idx] != 0) {                  \
         type##_free((type *)acr_ssl_temp_keys[idx]);    \
         acr_ssl_temp_keys[idx] = 0;                     \
     } else (void)(0)
@@ -68,15 +68,33 @@ struct CRYPTO_dynlock_value {
     R |= SSL_TMP_KEY_INIT_DH(2048);                     \
     R |= SSL_TMP_KEY_INIT_DH(4096)
 
+static RSA *ssl_new_rsa_tmp_key(int bits)
+{
+    BIGNUM *bn = 0;
+    RSA    *key;
+
+    if ((bn = BN_new()) == 0)
+        return 0;    
+    if ((key = RSA_new()) != 0) {
+        if (!BN_set_word(bn, RSA_F4) ||
+            !RSA_generate_key_ex(key, bits, bn, 0)) {
+            RSA_free(key);
+            key = 0;
+        }
+    }
+    BN_free(bn);
+    return key;
+}
+
 static int ssl_tmp_key_init_rsa(int bits, int idx)
 {
 #ifdef HAVE_FIPS
     if (FIPS_mode() && bits < 1024) {
         acr_ssl_temp_keys[idx] = 0;
-        return 1;
+        return 0;
     }
 #endif
-    if ((acr_ssl_temp_keys[idx] = RSA_generate_key(bits, RSA_F4, 0, 0)) == 0)
+    if ((acr_ssl_temp_keys[idx] = ssl_new_rsa_tmp_key(bits)) == 0)
         return 1;
     else
         return 0;
@@ -90,22 +108,6 @@ static int ssl_tmp_key_init_dh(int bits,
         return 0;
 }
 
-#ifndef OPENSSL_NO_ENGINE
-/* Try to load an engine in a shareable library */
-static ENGINE *ssl_try_load_engine(const char *engine)
-{
-    ENGINE *e = ENGINE_by_id("dynamic");
-    if (e != 0) {
-        if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0) ||
-            !ENGINE_ctrl_cmd_string(e, "LOAD", 0, 0)) {
-            ENGINE_free(e);
-            e = 0;
-        }
-    }
-    return e;
-}
-#endif
-
 /*
  * To ensure thread-safetyness in OpenSSL
  */
@@ -237,100 +239,38 @@ ACR_SSL_EXPORT(jint, SSL, init0)(JNI_STD
     return 0;
 }
 
-#define ACR_SSL_HAS_FIPS               1
-#define ACR_SSL_HAS_OCSP               2
-#define ACR_SSL_HAS_OCSP_STAPLING      3
-#define ACR_SSL_HAS_TLSEXT             4
-
-ACR_SSL_EXPORT(jboolean, SSL, has0)(JNI_STDARGS, jint what)
+ACR_SSL_EXPORT(jboolean, SSL, newrsatmpkey0)(JNI_STDARGS, jint bits)
 {
-    jboolean rv = JNI_FALSE;
-
-    switch(what) {
-        case ACR_SSL_HAS_FIPS:
-#if defined(OPENSSL_FIPS)
-            rv = JNI_TRUE;
-#endif
+    int idx = 0;
+    switch (bits) {
+        case 512:
+            idx = SSL_TMP_KEY_RSA_512;
         break;
-        case ACR_SSL_HAS_OCSP:
-#if !defined(OPENSSL_NO_OCSP)
-            rv = JNI_TRUE;
-#endif
+        case 1024:
+            idx = SSL_TMP_KEY_RSA_1024;
         break;
-        case ACR_SSL_HAS_OCSP_STAPLING:
-#if defined(HAVE_OCSP_STAPLING)
-            rv = JNI_TRUE;
-#endif
+        case 2048:
+            idx = SSL_TMP_KEY_RSA_2048;
         break;
-        case ACR_SSL_HAS_TLSEXT:
-#if !defined(OPENSSL_NO_TLSEXT)
-            rv = JNI_TRUE;
-#endif
+        case 4096:
+            idx = SSL_TMP_KEY_RSA_4096;
         break;
         default:
+            return JNI_FALSE;
         break;
     }
-    return rv;
-}
-
-
-ACR_SSL_EXPORT(jstring, SSL, errstr0)(JNI_STDARGS, jint err)
-{
-    char buf[256] = "";
-    ERR_error_string_n(err, buf, sizeof(buf));
-    return AcrNewJavaStringA(env, buf);
-}
-
-ACR_SSL_EXPORT(void, SSL, fipsmode0)(JNI_STDARGS, jboolean on)
-{
-#if defined(OPENSSL_FIPS)
-    if(FIPS_mode_set(on ? 1 : 0) == 0)
-        ssl_throw_errno(env, ACR_EX_ENOSYS);
-#else
-    ACR_THROW_MSG(ACR_EX_ENOSYS, "FIPS was not available at build time. "
-                                 "You will need an OpenSSL with FIPS support.");
+#ifdef HAVE_FIPS
+    if (!FIPS_mode() && bits >= 1024)
 #endif
-}
-
-ACR_SSL_EXPORT(jlong, SSLEngine, init0)(JNI_STDARGS, jstring name)
-{
-    jlong ep = 0;
-    int   rc = 0;
-#ifndef OPENSSL_NO_ENGINE
-    WITH_CSTR(name) {
-        ENGINE *ee = 0;
-        if (strcmp(J2S(name), "auto") == 0) {
-            ENGINE_register_all_complete();
-        }
-        else {
-            if ((ee = ENGINE_by_id(J2S(name))) == 0 &&
-                (ee = ssl_try_load_engine(J2S(name))) == 0)
-                rc = ACR_ENOTIMPL;
-            else {
-                if (strcmp(J2S(name), "chil") == 0)
-                    ENGINE_ctrl(ee, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
-                if (!ENGINE_set_default(ee, ENGINE_METHOD_ALL))
-                    rc = ACR_ENOTIMPL;
-            }
-            if (ee != 0)
-                ep = P2J(ee);
+    {
+        RSA *tmp;
+        RSA *key = acr_ssl_temp_keys[idx];
+        if ((tmp = ssl_new_rsa_tmp_key(bits)) != 0) {
+            acr_ssl_temp_keys[idx] = tmp;
+            ACR_SAFE_CALL(RSA_free, key);
+            return JNI_TRUE;
         }
-    } DONE_WITH_STR(name);
-#else
-    rc = ACR_ENOTIMPL;
-#endif
-    if (rc != 0)
-        ACR_THROW_SYS_ERROR(rc);
-    return ep;
-}
-
-ACR_SSL_EXPORT(void, SSLEngine, free0)(JNI_STDARGS, jlong ep)
-{
-#ifndef OPENSSL_NO_ENGINE
-    ENGINE *ee = J2P(ep, ENGINE *);
-    /* Free our "structural" reference. */
-    if (ee != 0)
-        ENGINE_free(ee);
-#endif
+    }
+    return JNI_FALSE;
 }
 

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c Mon Sep 26 06:55:10 2011
@@ -87,7 +87,8 @@ ACR_SSL_EXPORT(jlong, SSLKey, load0)(JNI
         key = load_key(cb, format, J2S(file), J2S(desc));
         if (key == 0) {
             int reason = ERR_GET_REASON(ERR_peek_error());
-            if (reason == EVP_R_BAD_DECRYPT)
+            if (reason == EVP_R_BAD_DECRYPT ||
+                reason == EVP_R_NO_SIGN_FUNCTION_CONFIGURED)
                 ssl_throw_errno(env, ACR_EX_ESSLBADDEC);
             else
                 ssl_throw_errno(env, ACR_EX_ESSLBADKEY);
@@ -99,6 +100,7 @@ ACR_SSL_EXPORT(jlong, SSLKey, load0)(JNI
 }
 
 ACR_SSL_EXPORT(jlong, SSLKey, load1)(JNI_STDARGS, jstring file,
+                                     jstring desc,
                                      jint format,
                                      jstring password)
 {
@@ -106,21 +108,24 @@ ACR_SSL_EXPORT(jlong, SSLKey, load1)(JNI
     EVP_PKEY *key = 0;
 
     WITH_CSTR(file) {
+    WITH_CSTR(desc) {
     WITH_CSTR(password) {
         if (J2S(password) != 0) {
             cb.password = J2S(password);
             cb.password_len = strlen(J2S(password));
         }
         /* Load key */
-        key = load_key(&cb, format, J2S(file), 0);
+        key = load_key(&cb, format, J2S(file), J2S(desc));
         if (key == 0) {
             int reason = ERR_GET_REASON(ERR_peek_error());
-            if (reason == EVP_R_BAD_DECRYPT)
+            if (reason == EVP_R_BAD_DECRYPT ||
+                reason == EVP_R_NO_SIGN_FUNCTION_CONFIGURED)
                 ssl_throw_errno(env, ACR_EX_ESSLBADDEC);
             else
                 ssl_throw_errno(env, ACR_EX_ESSLBADKEY);
         }
     } DONE_WITH_STR(password);
+    } DONE_WITH_STR(desc);
     } DONE_WITH_STR(file);
 
     return P2J(ssl_obj_new(env, ACR_SSL_OBJ_EVP_PKEY, key));
@@ -146,7 +151,8 @@ ACR_SSL_EXPORT(jlong, SSLKey, load2)(JNI
         /* Load key */
         if (key == 0) {
             int reason = ERR_GET_REASON(ERR_peek_error());
-            if (reason == EVP_R_BAD_DECRYPT)
+            if (reason == EVP_R_BAD_DECRYPT ||
+                reason == EVP_R_NO_SIGN_FUNCTION_CONFIGURED)
                 ssl_throw_errno(env, ACR_EX_ESSLBADDEC);
             else
                 ssl_throw_errno(env, ACR_EX_ESSLBADKEY);

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c Mon Sep 26 06:55:10 2011
@@ -47,6 +47,7 @@ int ssl_password_callback(char *buf, int
     if (pcb == 0)
         return -1;
     if (pcb->password == 0 && pcb->cb != 0) {
+        int rc, rv  = 0;
         jstring str = 0;
         JNIEnv *env = AcrGetJNIEnv();
         if (IS_INVALID_HANDLE(env))
@@ -56,10 +57,12 @@ int ssl_password_callback(char *buf, int
             if (str == 0)
                 return -1;
         }
-        /* Call PasswordCallback.handler()
-         */
-        if (AcrCallbackRun(env, pcb->cb, str, 0, 0) != 0)
+        /* Call PasswordCallback.handler() */
+        rc = AcrCallbackRun(env, pcb->cb, str, 0, &rv);
+        if (rc != 0 || rv == 0) {
+            /* Callback failed */
             return -1;
+        }
     }
     if (pcb->password != 0 && pcb->password_len < bufsiz) {
         /* Return already obtained password */
@@ -188,6 +191,7 @@ ACR_SSL_EXPORT(void, PasswordCallback, d
 ACR_SSL_EXPORT(void, PasswordCallback, set0)(JNI_STDARGS, jlong ph, jstring password)
 {
     ssl_pass_cb_t *pc = J2P(ph, ssl_pass_cb_t *);
+
     if (pc != 0) {
         AcrMemCleanse(pc->buf, sizeof(pc->buf));
         pc->password     = 0;
@@ -222,13 +226,13 @@ ACR_SSL_EXPORT(void, PasswordCallback, s
 }
 
 #if defined(ENABLE_TEST_PRIVATE)
-ACR_SSL_EXPORT(int, TestOpenSSL, runPasswordCallback)(JNI_STDARGS)
+ACR_SSL_EXPORT(int, TestSSL, runPasswordCallback)(JNI_STDARGS)
 {
     if (acr_ssl_password_cb != 0) {
-        jstring str = AcrNewJavaStringA(env, "/foo/bar");
+        jstring str = AcrNewJavaStringA(env, "TestCallback");
         AcrCallbackRun(env, acr_ssl_password_cb->cb, str, 0, 0);
         if (acr_ssl_password_cb->password != 0 &&
-            strcmp(acr_ssl_password_cb->password, "secret") == 0)
+            strcmp(acr_ssl_password_cb->password, "nosecret") == 0)
             return 0;
         else
             return ACR_EINVAL;

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/rand.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/rand.c?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/rand.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/rand.c Mon Sep 26 06:55:10 2011
@@ -113,12 +113,12 @@ ACR_SSL_EXPORT(jboolean, SSLRandom, seed
     WITH_CSTR(file) {
         rc = ssl_rand_seed(J2S(file));
     } DONE_WITH_STR(file);
-    return rc == 0 ? JNI_FALSE : JNI_TRUE;
+    return V2Z(rc);
 }
 
 ACR_SSL_EXPORT(jboolean, SSLRandom, seed1)(JNI_STDARGS)
 {
-    return ssl_rand_seed(0) == 0 ? JNI_FALSE : JNI_TRUE;
+    return V2Z(ssl_rand_seed(0));
 }
 
 ACR_SSL_EXPORT(jboolean, SSLRandom, seed2)(JNI_STDARGS, jbyteArray ba,
@@ -154,29 +154,51 @@ ACR_SSL_EXPORT(void, SSLRandom, setdef0)
     } DONE_WITH_STR(path);
 }
 
-ACR_SSL_EXPORT(jint, SSLRandom, bytes0)(JNI_STDARGS, jbyteArray ba,
+ACR_SSL_EXPORT(void, SSLRandom, bytes0)(JNI_STDARGS, jbyteArray ba,
                                         jint off, jint len)
 {
-    jboolean rv = JNI_FALSE;
     unsigned char *sb = (*env)->GetPrimitiveArrayCritical(env, ba, 0);
 
     if (sb != 0) {
-        if (RAND_bytes(sb + off, len) > 0)
-            rv = JNI_TRUE;
+        RAND_bytes(sb + off, len);
         (*env)->ReleasePrimitiveArrayCritical(env, ba, sb, 0);
     }
-    return rv;
 }
 
-ACR_SSL_EXPORT(jint, SSLRandom, bytes1)(JNI_STDARGS, jobject bb,
-                                       jint off, jint len)
+ACR_SSL_EXPORT(void, SSLRandom, bytes1)(JNI_STDARGS, jobject bb,
+                                        jint off, jint len)
 {
     unsigned char *sb = (*env)->GetDirectBufferAddress(env, bb);
 
-    if (sb != 0 && RAND_bytes(sb + off, len) > 0)
-        return JNI_TRUE;
-    else
-        return JNI_FALSE;
+    if (sb != 0)
+        RAND_bytes(sb + off, len);
+}
+
+ACR_SSL_EXPORT(void, SSLRandom, ints0)(JNI_STDARGS, jintArray ba,
+                                       jint off, jint len)
+{
+    int *sb = (*env)->GetPrimitiveArrayCritical(env, ba, 0);
+
+    if (sb != 0) {
+        RAND_bytes((unsigned char *)(sb + off), len * 4);
+        (*env)->ReleasePrimitiveArrayCritical(env, ba, sb, 0);
+    }
+}
+
+ACR_SSL_EXPORT(jint, SSLRandom, next0)(JNI_STDARGS)
+{
+    jint rv;
+
+    RAND_bytes((unsigned char *)&rv, 4);
+    return rv;
+}
+
+ACR_SSL_EXPORT(jlong, SSLRandom, next1)(JNI_STDARGS)
+{
+    jlong rv;
+
+    RAND_bytes((unsigned char *)&rv, 8);
+    return rv;
 }
 
 ACR_SSL_EXPORT(jboolean, SSLRandom, seteng0)(JNI_STDARGS, jlong ep)

Added: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ssl.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ssl.c?rev=1175693&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ssl.c (added)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ssl.c Mon Sep 26 06:55:10 2011
@@ -0,0 +1,144 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "acr/clazz.h"
+#include "acr/error.h"
+#include "acr/misc.h"
+#include "acr/dso.h"
+#include "acr/string.h"
+#include "acr/port.h"
+#include "arch_sync.h"
+#include "acr/ssl.h"
+
+#if !HAVE_OPENSSL
+#error "Cannot compile this file without HAVE_OPENSSL defined"
+#endif
+
+#define ACR_SSL_HAS_FIPS               1
+#define ACR_SSL_HAS_OCSP               2
+#define ACR_SSL_HAS_OCSP_STAPLING      3
+#define ACR_SSL_HAS_TLSEXT             4
+
+#ifndef OPENSSL_NO_ENGINE
+/* Try to load an engine in a shareable library */
+static ENGINE *ssl_try_load_engine(const char *engine)
+{
+    ENGINE *e = ENGINE_by_id("dynamic");
+    if (e != 0) {
+        if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0) ||
+            !ENGINE_ctrl_cmd_string(e, "LOAD", 0, 0)) {
+            ENGINE_free(e);
+            e = 0;
+        }
+    }
+    return e;
+}
+#endif
+
+ACR_SSL_EXPORT(jboolean, SSL, has0)(JNI_STDARGS, jint what)
+{
+    jboolean rv = JNI_FALSE;
+
+    switch(what) {
+        case ACR_SSL_HAS_FIPS:
+#if defined(OPENSSL_FIPS)
+            rv = JNI_TRUE;
+#endif
+        break;
+        case ACR_SSL_HAS_OCSP:
+#if !defined(OPENSSL_NO_OCSP)
+            rv = JNI_TRUE;
+#endif
+        break;
+        case ACR_SSL_HAS_OCSP_STAPLING:
+#if defined(HAVE_OCSP_STAPLING)
+            rv = JNI_TRUE;
+#endif
+        break;
+        case ACR_SSL_HAS_TLSEXT:
+#if !defined(OPENSSL_NO_TLSEXT)
+            rv = JNI_TRUE;
+#endif
+        break;
+        default:
+        break;
+    }
+    return rv;
+}
+
+ACR_SSL_EXPORT(jstring, SSL, errstr0)(JNI_STDARGS, jint err)
+{
+    char buf[256] = "";
+    ERR_error_string_n(err, buf, sizeof(buf));
+    return AcrNewJavaStringA(env, buf);
+}
+
+ACR_SSL_EXPORT(void, SSL, fipsmode0)(JNI_STDARGS, jboolean on)
+{
+#if defined(OPENSSL_FIPS)
+    if(FIPS_mode_set(Z2I(on)) == 0)
+        ssl_throw_errno(env, ACR_EX_ENOSYS);
+#else
+    ACR_THROW_MSG(ACR_EX_ENOSYS, "FIPS was not available at build time. "
+                                 "You will need an OpenSSL with FIPS support.");
+#endif
+}
+
+ACR_SSL_EXPORT(jlong, SSLEngine, init0)(JNI_STDARGS, jstring name)
+{
+    jlong ep = 0;
+    int   rc = 0;
+#ifndef OPENSSL_NO_ENGINE
+    WITH_CSTR(name) {
+        ENGINE *ee = 0;
+        if (strcmp(J2S(name), "auto") == 0) {
+            ENGINE_register_all_complete();
+        }
+        else {
+            if ((ee = ENGINE_by_id(J2S(name))) == 0 &&
+                (ee = ssl_try_load_engine(J2S(name))) == 0)
+                rc = ACR_ENOTIMPL;
+            else {
+                if (strcmp(J2S(name), "chil") == 0)
+                    ENGINE_ctrl(ee, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
+                if (!ENGINE_set_default(ee, ENGINE_METHOD_ALL)) {
+                    rc = ACR_ENOTIMPL;
+                    ENGINE_free(ee);
+                    ee = 0;
+                }
+            }
+            if (ee != 0)
+                ep = P2J(ee);
+        }
+    } DONE_WITH_STR(name);
+#else
+    rc = ACR_ENOTIMPL;
+#endif
+    if (rc != 0)
+        ACR_THROW_SYS_ERROR(rc);
+    return ep;
+}
+
+ACR_SSL_EXPORT(void, SSLEngine, free0)(JNI_STDARGS, jlong ep)
+{
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE *ee = J2P(ep, ENGINE *);
+    /* Free our "structural" reference. */
+    if (ee != 0)
+        ENGINE_free(ee);
+#endif
+}
+

Propchange: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ssl.c
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c Mon Sep 26 06:55:10 2011
@@ -47,7 +47,7 @@ void ssl_init_app_data2_idx()
     if (app_data2_idx != UNSET)
         return;
     /* we _do_ need to call this twice */
-    for (i = 0; i <= 1; i++)
+    for (i = 0; i < 2; i++)
         app_data2_idx = SSL_get_ex_new_index(0, "Second Application Data for SSL", 0, 0, 0);
 }
 
@@ -59,7 +59,6 @@ void *ssl_get_app_data2(SSL *ssl)
 void ssl_set_app_data2(SSL *ssl, void *arg)
 {
     SSL_set_ex_data(ssl, app_data2_idx, (char *)arg);
-    return;
 }
 
 static unsigned char dh0512_p[]={
@@ -520,3 +519,42 @@ void *ssl_obj_detach(ssl_obj_t *o, int d
     return p;
 }
 
+ACR_SSL_EXPORT(void, Utils, retain)(JNI_STDARGS, jlong np)
+{
+    ssl_obj_t *no = J2P(np, ssl_obj_t *);
+    if (no != 0)
+        AcrAtomic32Inc(&no->refs);
+}
+
+ACR_SSL_EXPORT(jboolean, Utils, release)(JNI_STDARGS, jlong np)
+{
+    ssl_obj_t *no = J2P(np, ssl_obj_t *);
+    if (no != 0) {
+        if (no->type == ACR_SSL_CTX)
+            return ssl_ctx_release((acr_ssl_ctx_t *)no);
+        else if (no->type == ACR_SSL_SRV)
+            return ssl_ctx_release((acr_ssl_ctx_t *)no);
+        else
+            return ssl_obj_release(no);
+    }
+    return JNI_FALSE;
+}
+
+ACR_SSL_EXPORT(jlong, Utils, membio0)(JNI_STDARGS, jbyteArray ba,
+                                      jint off, jint len)
+{
+    BIO *bio = 0;
+    char *ptr;
+
+    if ((bio = BIO_new(BIO_s_mem())) == 0)
+        return 0;
+    ptr = (*env)->GetPrimitiveArrayCritical(env, ba, 0);
+    if (ptr == 0 || BIO_write(bio, ptr + off, len) == -1) {
+        BIO_free(bio);
+        bio = 0;
+    }
+    if (ptr != 0)
+        (*env)->ReleasePrimitiveArrayCritical(env, ba, ptr, 0);
+    return P2J(bio);
+}
+

Modified: commons/sandbox/runtime/trunk/src/main/native/shared/callback.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/shared/callback.c?rev=1175693&r1=1175692&r2=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/shared/callback.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/shared/callback.c Mon Sep 26 06:55:10 2011
@@ -177,9 +177,19 @@ AcrCallbackRun(JNI_STDENV, acr_callback_
                 return ACR_ENOLOCK;
             }
         }
+        rc = 0;
+        (*env)->ExceptionClear(env);
         /* Execute the callback method
          */
         *rv = CALL_METHOD2(Int, 0000, o, d, val);
+        if ((*env)->ExceptionCheck(env)) {
+            /* Clear exceptions generated in java handler method.
+             * There is a good chance that the callee of our
+             * method will throw its own exception in such cases.
+             */
+            rc = ACR_EFAULT;
+            (*env)->ExceptionClear(env);
+        }
         if (cb->type == ACR_CALLBACK_SYNC) {
             /* Unlock */
             (*env)->MonitorExit(env, o);
@@ -188,7 +198,7 @@ AcrCallbackRun(JNI_STDENV, acr_callback_
             (*env)->DeleteLocalRef(env, d);
         (*env)->DeleteLocalRef(env, o);
 
-        return 0;
+        return rc;
     }
 }
 

Added: commons/sandbox/runtime/trunk/src/main/test/makecerts.sh
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/test/makecerts.sh?rev=1175693&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/test/makecerts.sh (added)
+++ commons/sandbox/runtime/trunk/src/main/test/makecerts.sh Mon Sep 26 06:55:10 2011
@@ -0,0 +1,216 @@
+#!/bin/sh
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+# This is the configuration file to treate the CA certificate of the
+# _DEMONSTRATION ONLY_ 'Coyote' Certificate Authority.
+# This CA is used to sign the localhost.crt and user.crt
+# because self-signed server certificates are not accepted by all browsers.
+# NEVER USE THIS CA YOURSELF FOR REAL LIFE! INSTEAD EITHER USE A PUBLICALLY
+# KNOWN CA OR CREATE YOUR OWN CA!
+
+if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
+
+PASSPHRASE="pass:secret"
+# Encrypt all keys
+GENRSA="$OPENSSL genrsa -des3"
+# Uncomment for no key encryption
+# GENRSA="$OPENSSL genrsa"
+REQ="$OPENSSL req -new"
+CA="$OPENSSL ca"
+X509="$OPENSSL x509"
+
+$OPENSSL rand -out .rnd 8192
+$GENRSA -passout $PASSPHRASE -out ca.key -rand .rnd 1024
+
+cat >ca.cfg <<EOL
+[ ca ]
+default_ca                      = default_db
+[ default_db ]
+dir                             = .
+certs                           = .
+new_certs_dir                   = ca.certs
+database                        = ca.index
+serial                          = ca.serial
+RANDFILE                        = .rnd
+certificate                     = ca.crt
+private_key                     = ca.key
+default_days                    = 365
+default_crl_days                = 30
+default_md                      = md5
+preserve                        = no
+name_opt                        = ca_default
+cert_opt                        = ca_default
+unique_subject                  = no
+[ server_policy ]
+countryName                     = supplied
+stateOrProvinceName             = supplied
+localityName                    = supplied
+organizationName                = supplied
+organizationalUnitName          = supplied
+commonName                      = supplied
+emailAddress                    = supplied
+[ server_cert ]
+subjectKeyIdentifier            = hash
+authorityKeyIdentifier          = keyid:always
+extendedKeyUsage                = serverAuth,clientAuth,msSGC,nsSGC
+basicConstraints                = critical,CA:false
+[ user_policy ]
+commonName                      = supplied
+emailAddress                    = supplied
+[ user_cert ]
+subjectAltName                  = email:copy
+basicConstraints                = critical,CA:false
+authorityKeyIdentifier          = keyid:always
+extendedKeyUsage                = clientAuth,emailProtection
+
+[ req ]
+default_bits                    = 1024
+default_keyfile                 = ca.key
+distinguished_name              = default_ca
+x509_extensions                 = extensions
+string_mask                     = nombstr
+req_extensions                  = req_extensions
+input_password                  = secret
+output_password                 = secret
+[ default_ca ]
+countryName                     = Country Code
+countryName_value               = US
+countryName_min                 = 2
+countryName_max                 = 2
+stateOrProvinceName             = State Name
+stateOrProvinceName_value       = Delaware
+localityName                    = Locality Name
+localityName_value              = Wilmington
+organizationName                = Organization Name
+organizationName_value          = Apache Software Foundation
+organizationalUnitName          = Organizational Unit Name
+organizationalUnitName_value    = Apache Commons
+commonName                      = Common Name
+commonName_value                = Apache Commons Runtime demo root CA
+commonName_max                  = 64
+emailAddress                    = Email Address
+emailAddress_value              = root@commons.apache.org
+emailAddress_max                = 40
+[ extensions ]
+subjectKeyIdentifier            = hash
+authorityKeyIdentifier          = keyid:always
+basicConstraints                = critical,CA:true
+[ req_extensions ]
+nsCertType                      = objsign,email,server
+EOL
+
+$REQ -x509 -days 3650 -batch -config ca.cfg -key ca.key -out ca.crt
+
+# Create cabundle.crt that can be used for CAfile
+cat >cabundle.crt <<EOL
+Apache Commons Runtime Demo Root CA
+=========================================
+`$X509 -noout -fingerprint -in ca.crt`
+PEM Data:
+`$X509 -in ca.crt`
+`$X509 -noout -text -in ca.crt`
+EOL
+
+$GENRSA -passout $PASSPHRASE -out localhost.key  -rand .rnd 1024
+
+cat >localhost.cfg <<EOL
+[ req ]
+default_bits                    = 1024
+distinguished_name              = localhost
+string_mask                     = nombstr
+req_extensions                  = extensions
+input_password                  = secret
+output_password                 = secret
+[ localhost ]
+countryName                     = Country Code
+countryName_value               = US
+countryName_min                 = 2
+countryName_max                 = 2
+stateOrProvinceName             = State Name
+stateOrProvinceName_value       = Delaware
+localityName                    = Locality Name
+localityName_value              = Wilmington
+organizationName                = Organization Name
+organizationName_value          = Apache Software Foundation
+organizationalUnitName          = Organizational Unit Name
+organizationalUnitName_value    = Apache Commons
+commonName                      = Common Name
+commonName_value                = Apache Commons Runtime localhost secure demo server
+commonName_max                  = 64
+emailAddress                    = Email Address
+emailAddress_value              = commons@localhost.edu
+emailAddress_max                = 40
+[ extensions ]
+nsCertType                      = server
+basicConstraints                = critical,CA:false
+EOL
+
+$REQ -passin $PASSPHRASE -batch -config localhost.cfg -key localhost.key -out localhost.csr
+rm -f localhost.cfg
+
+#  make sure environment exists
+if [ ! -d ca.certs ]; then
+    mkdir ca.certs
+    echo '01' >ca.serial
+    touch ca.index
+fi
+
+$CA -passin $PASSPHRASE -batch -config ca.cfg -extensions server_cert -policy server_policy  -out x.crt -infiles localhost.csr
+$X509 -in x.crt -out localhost.crt
+rm -f x.crt
+# Create PKCS12 localhost certificate
+$OPENSSL pkcs12 -export -passout $PASSPHRASE -passin $PASSPHRASE -in localhost.crt -inkey localhost.key -certfile ca.crt -out localhost.p12
+
+$GENRSA -passout $PASSPHRASE -out user.key -rand .rnd 1024
+
+cat >user.cfg <<EOL
+[ req ]
+default_bits            = 1024
+distinguished_name      = admin
+string_mask             = nombstr
+req_extensions          = extensions
+input_password          = secret
+output_password         = secret
+[ admin ]
+commonName              = User Name
+commonName_value        = Localhost Administrator
+commonName_max          = 64
+emailAddress            = Email Address
+emailAddress_value      = admin@localhost.edu
+emailAddress_max        = 40
+[ extensions ]
+nsCertType              = client,email
+basicConstraints        = critical,CA:false
+EOL
+
+$REQ -passin $PASSPHRASE -batch -config user.cfg -key user.key -out user.csr
+rm -f user.cfg
+$CA -passin $PASSPHRASE -batch -config ca.cfg -extensions user_cert -policy user_policy  -out x.crt -infiles user.csr
+$X509 -in x.crt -out user.crt
+rm -f x.crt
+
+# $OPENSSL verify -CAfile ca.crt localhost.crt
+# $OPENSSL verify -CAfile ca.crt user.crt
+
+# Create PKCS12 user certificate
+$OPENSSL pkcs12 -export -passout $PASSPHRASE -passin $PASSPHRASE -in user.crt -inkey user.key -certfile ca.crt -out user.p12
+
+rm -f ca.cfg
+rm -f *.old
+rm -f ca.index.attr
+rm -f .rnd

Propchange: commons/sandbox/runtime/trunk/src/main/test/makecerts.sh
------------------------------------------------------------------------------
    svn:eol-style = LF

Propchange: commons/sandbox/runtime/trunk/src/main/test/makecerts.sh
------------------------------------------------------------------------------
    svn:executable = *

Copied: commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSL.java (from r1175173, commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestOpenSSL.java)
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSL.java?p2=commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSL.java&p1=commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestOpenSSL.java&r1=1175173&r2=1175693&rev=1175693&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestOpenSSL.java (original)
+++ commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSL.java Mon Sep 26 06:55:10 2011
@@ -23,7 +23,7 @@ import java.io.File;
 import java.nio.ByteBuffer;
 import org.apache.commons.runtime.Native;
 
-public class TestOpenSSL extends Assert
+public class TestSSL extends Assert
 {
 
     private static native int runPasswordCallback();
@@ -38,14 +38,14 @@ public class TestOpenSSL extends Assert
         public String getPassword(String desc)
             throws Exception
         {
-            assertEquals(desc, "/foo/bar");
-            System.out.print(getPrompt());
-            System.out.print(" for '" + desc + "'");
-            System.out.println();
+            // System.out.print(getPrompt());
+            // System.out.print(" for '" + desc + "'");
+            // System.out.println();
+            //
             // This would be the place where application
             // would obtain the password from the user or
             // from some configuration.
-            return "secret";
+            return "nosecret";
         }
     }
 
@@ -75,6 +75,7 @@ public class TestOpenSSL extends Assert
     @BeforeSuite(groups = { "openssl" })
     public void setUp()
     {
+        System.out.println("Seetting up SSL tests");
         if (Native.HAS_OPENSSL) {
             assertTrue(Native.ldopenssl());
         }
@@ -107,6 +108,7 @@ public class TestOpenSSL extends Assert
             assertEquals(runPasswordCallback(), 0);
         } catch (UnsatisfiedLinkError e) {
             // Ignore cause its compile time defined.
+            System.out.println("Skipping native test");
         }
     }
 

Added: commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSLCert.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSLCert.java?rev=1175693&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSLCert.java (added)
+++ commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSLCert.java Mon Sep 26 06:55:10 2011
@@ -0,0 +1,88 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.runtime.ssl;
+
+import org.testng.annotations.*;
+import org.testng.Assert;
+import java.io.IOException;
+import java.io.File;
+import java.nio.ByteBuffer;
+import org.apache.commons.runtime.Native;
+
+public class TestSSLCert extends Assert
+{
+
+    private static final String pkey = "certificates/localhost.key";
+    private static final String cert = "certificates/localhost.crt";
+
+    public class SimplePasswordHandler extends PasswordCallback
+    {
+        public SimplePasswordHandler()
+        {
+        }
+
+        @Override
+        public String getPassword(String desc)
+            throws Exception
+        {
+            // System.out.println("PasswordCallback for '" + desc + "'");
+            //
+            // This would be the place where application
+            // would obtain the password from the user or
+            // from some configuration.
+            return "secret";
+        }
+    }
+
+    private SimplePasswordHandler passphrase;
+
+    @BeforeClass(groups = { "openssl" })
+    public void setUp()
+    {
+        passphrase = new SimplePasswordHandler();
+        assertNotNull(passphrase);
+    }
+
+    @Test(groups = { "openssl" }, expectedExceptions = { SSLCannotDecryptException.class })
+    public void loadKey()
+    {
+        SSLKey key = new SSLKey("Error key");
+        key.load(pkey);
+    }
+
+    @Test(groups = { "openssl" })
+    public void loadKeyWithCallback()
+    {
+        SSLKey key = new SSLKey("Demo key");
+        key.load(pkey, SSLKeyFormat.PEM, passphrase);
+    }
+
+    @Test(groups = { "openssl" })
+    public void loadKeyWithPassword()
+    {
+        SSLKey key = new SSLKey();
+        key.load(pkey, SSLKeyFormat.UNDEF, passphrase);
+    }
+
+    @Test(groups = { "openssl" })
+    public void loadCert()
+    {
+        SSLCertificate crt = new SSLCertificate("Demo certificate");
+        crt.load(cert);
+    }
+
+}

Propchange: commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSLCert.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message