commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject svn commit: r1180317 - in /commons/sandbox/runtime/trunk: ./ src/main/java/org/apache/commons/runtime/ssl/ src/main/native/include/acr/ src/main/native/modules/openssl/ src/main/test/org/apache/commons/runtime/
Date Sat, 08 Oct 2011 05:40:51 GMT
Author: mturk
Date: Sat Oct  8 05:40:50 2011
New Revision: 1180317

URL: http://svn.apache.org/viewvc?rev=1180317&view=rev
Log:
Rename NativePointer to SSLObject

Added:
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLObject.java
      - copied, changed from r1175693, commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/NativePointer.java
Removed:
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/NativePointer.java
Modified:
    commons/sandbox/runtime/trunk/build.xml
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/PasswordCallback.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLEngine.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLRandom.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
    commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
    commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSL.java

Modified: commons/sandbox/runtime/trunk/build.xml
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/build.xml?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/build.xml (original)
+++ commons/sandbox/runtime/trunk/build.xml Sat Oct  8 05:40:50 2011
@@ -392,7 +392,7 @@ The Apache Software Foundation (http://w
 
     <macrodef name="runtest">
        <attribute name="groups" default="init"/>
-       <attribute name="name" default="test.runtime"/>
+       <attribute name="name" default="runtime"/>
        <sequential>
             <testng outputdir="${build.out}/@{name}"
                 workingdir="${build.out}"

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/PasswordCallback.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/PasswordCallback.java?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/PasswordCallback.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/PasswordCallback.java
Sat Oct  8 05:40:50 2011
@@ -22,10 +22,10 @@ import org.apache.commons.runtime.Callba
  * Abstract password prompt handler.
  */
 public abstract class PasswordCallback
-    extends NativePointer implements Callback
+    extends SSLObject implements Callback
 {
 
-    // Hide NativePointer
+    // Hide SSLObject
     private final long  pointer = 0L;
 
     private boolean     echoOn;

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java
Sat Oct  8 05:40:50 2011
@@ -22,10 +22,10 @@ import java.io.IOException;
 /**
  * Interface to OpenSSL BIO.
  */
-public abstract class SSLBio extends NativePointer implements Closeable
+public abstract class SSLBio extends SSLObject implements Closeable
 {
 
-    // Hide NativePointer
+    // Hide SSLObject
     private final long  pointer = 0L;
     private static native void   init0();
     private static native long   new0(SSLBio thiz);

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLCertificate.java
Sat Oct  8 05:40:50 2011
@@ -22,10 +22,10 @@ import org.apache.commons.runtime.Invali
 /**
  * SSL Certificate.
  */
-public final class SSLCertificate extends NativePointer
+public final class SSLCertificate extends SSLObject
 {
 
-    // Hide NativePointer
+    // Hide SSLObject
     private final long           pointer = 0L;
     private final String         desc;
     private SSLCertificateFormat format;
@@ -63,7 +63,7 @@ public final class SSLCertificate extend
             // Already loaded
             throw new IllegalStateException();
         }
-        super.pointer = load0(file, desc, format.valueOf(), ((NativePointer)cb).pointer);
+        super.pointer = load0(file, desc, format.valueOf(), ((SSLObject)cb).pointer);
         this.format   = format;
     }
 

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
Sat Oct  8 05:40:50 2011
@@ -33,31 +33,29 @@ import java.io.File;
  * Each virtual host should have an unique context.
  * </p>
  */
-public final class SSLContext extends NativePointer
+public final class SSLContext extends SSLObject
 {
 
-    // Hide NativePointer
+    // Hide SSLObject
     private final long            pointer = 0L;
     private SSLKey[]              keys;
     private SSLCertificate[]      cert;
+    private SSLRandom             rand;
 
     private static native long    new0(int protocol, int mode)
         throws OperationNotImplementedException;
     private static native void    free0(long key);
     private static native void    setsprefix0(long ctx, String prefix);
+    private static native void    setciphers0(long ctx, String prefix);
     private static native void    setid0(long ctx, String id);
     private static native void    setscachesize0(long ctx, int size);
     private static native void    setcrlcheck0(long ctx, int mode);
     private static native void    setpasscb0(long ctx, long cb);
     private static native void    setvmode0(long ctx, int mode, int depth);
-
-    private static final int      SET_CTX_CA_CERT_FILE       = 1;
-    private static final int      SET_CTX_CA_CERT_PATH       = 2;
-    private static final int      SET_CTX_CRL_FILE           = 3;
-    private static final int      SET_CTX_CRL_PATH           = 4;
-    private static final int      SET_CTX_CIPHER_SUITE       = 5;    
-    private static native void    setstropt0(long ctx, int opt, String val);
-
+    private static native void    addcastore0(long ctx, String file, String path)
+        throws SSLException;
+    private static native void    addcrlstore0(long ctx, String file, String path)
+        throws SSLException;
     
     private SSLContext()
     {
@@ -113,132 +111,41 @@ public final class SSLContext extends Na
 
     /**
      * Set default locations for trusted CA certificates.
-     * <p>
-     * Set the path that points to a file of CA certificates
-     * in PEM format. The file can contain several CA certificates
-     * identified by
-     * <pre>
-     * -----BEGIN CERTIFICATE-----
-     * ... (CA certificate in base64 encoding) ...
-     * -----END CERTIFICATE-----
-     * </pre>
-     * sequences. Before, between, and after the certificates text is allowed
-     * which can be used e.g. for descriptions of the certificates.
      * 
-     * @param path PEM format file of CA's.
-     *
-     * @throws InvalidArgumentException if the file does not exist or is empty.
-     * @throws ObjectNotInitializedException if context is invalid
-     * @throws SecurityException if security manager denies access
-     *          to the file
-     */
-    public synchronized void setCACertificateFile(String path)
-        throws InvalidArgumentException,
-               ObjectNotInitializedException,
-               SecurityException
-    {
-        if (super.pointer == 0L)
-            throw new ObjectNotInitializedException();
-        if (path == null)
-            throw new NullPointerException();
-        File file = new File(path);
-        if (!file.isFile() || file.length() == 0L)
-            throw new InvalidArgumentException(Local.sm.get("file.ENOTREG", path));
-        setstropt0(super.pointer, SET_CTX_CA_CERT_FILE, file.getPath());
-    }
-
-    /**
-     * Set default locations for trusted CA certificates.
-     * <p>
-     * Set the path that points to a directory containing
-     * CA certificates in PEM format. The files each contain one CA
-     * certificate. The files are looked up by the CA subject name hash
-     * value, which must hence be available. If more than one CA certificate
-     * with the same name hash value exist, the extension must be different
-     * (e.g. {@code 9d66eef0.0, 9d66eef0.1} etc). The search is performed in
-     * the ordering of the extension number, regardless of other properties
-     * of the certificates. Use the {@code c_rehash} utility to create the
-     * necessary links.
-     * <p>
-     * </p>
-     * The certificates in {@code path} are only looked up when required,
-     * e.g. when building the certificate chain or when actually performing
-     * the verification of a peer certificate.
-     * </p>
-     * @param path PEM format directory of CA's.
-     *
-     * @throws InvalidArgumentException if the path does not exist or is not
-     *          an directory.
-     * @throws ObjectNotInitializedException if context is invalid
-     * @throws SecurityException if security manager denies access
-     *          to the path
-     */
-    public synchronized void setCACertificatePath(String path)
-        throws InvalidArgumentException,
-               ObjectNotInitializedException,
-               SecurityException
-    {
-        if (super.pointer == 0L)
-            throw new ObjectNotInitializedException();
-        if (path == null)
-            throw new NullPointerException();
-        File file = new File(path);
-        if (!file.isDirectory())
-            throw new InvalidArgumentException(Local.sm.get("file.ENOTDIR", path));
-        setstropt0(super.pointer, SET_CTX_CA_CERT_PATH, file.getPath());
-    }
-
-    /**
-     * Sets the all-in-one file where you can assemble the Certificate
-     * Revocation Lists (CRL) of Certification Authorities (CA) whose
-     * clients you deal with.
-     * These are used for Client Authentication. Such a file is simply the
-     * concatenation of the various PEM-encoded CRL files, in order
-     * of preference. This can be used alternatively and/or additionally
-     * to {@code setCARevocationPath}.
+     * @param store SSLCAStore to use.
      *
-     * @param path file containg PEM-encoded CRL list.
+     * @throws NullPointerException if the store is {@code null}..
      * @throws ObjectNotInitializedException if context is invalid
-     * @throws SSLException if path cannot be set.
      */
-    public synchronized void setCARevocationFile(String path)
+    public synchronized void addCAStore(SSLCAStore store)
         throws InvalidArgumentException,
                ObjectNotInitializedException,
-               SecurityException
+               SSLException
     {
         if (super.pointer == 0L)
             throw new ObjectNotInitializedException();
-        if (path == null)
+        if (store == null)
             throw new NullPointerException();
-        File file = new File(path);
-        if (!file.isFile() || file.length() == 0L)
-            throw new InvalidArgumentException(Local.sm.get("file.ENOTREG", path));
-        setstropt0(super.pointer, SET_CTX_CRL_FILE, file.getPath());
+        addcastore0(super.pointer, store.getFile(), store.getPath());
     }
 
     /**
-     * Sets the directory where you keep the Certificate Revocation Lists
+     * Sets the the Certificate Revocation Lists
      * (CRL) of Certification Authorities (CAs) whose clients you deal with.
      * These are used to revoke the client certificate on Client
      * Authentication.
      *
-     * @param path directory containg CRL list.
-     * @throws ObjectNotInitializedException if context is invalid
-     * @throws SSLException if path cannot be set.
      */
-    public synchronized void setCARevocationPath(String path)
+    public synchronized void addCRLStore(SSLCRLStore store)
         throws InvalidArgumentException,
                ObjectNotInitializedException,
-               SecurityException
+               SSLException
     {
         if (super.pointer == 0L)
             throw new ObjectNotInitializedException();
-        if (path == null)
+        if (store == null)
             throw new NullPointerException();
-        File file = new File(path);
-        if (!file.isDirectory())
-            throw new InvalidArgumentException(Local.sm.get("file.ENOTDIR", path));
-        setstropt0(super.pointer, SET_CTX_CRL_PATH, file.getPath());
+        addcrlstore0(super.pointer, store.getFile(), store.getPath());
     }
 
     /**
@@ -260,6 +167,17 @@ public final class SSLContext extends Na
         setcrlcheck0(super.pointer, mode.valueOf());
     }
 
+    public synchronized void setCipherSuite(String ciphers)
+        throws InvalidArgumentException,
+               ObjectNotInitializedException
+    {
+        if (super.pointer == 0L)
+            throw new ObjectNotInitializedException();
+        if (ciphers == null || ciphers.length() < 1)
+            throw new InvalidArgumentException();            
+        setciphers0(super.pointer, ciphers);
+    }
+
     /**
      * Sets this context's verification flags.
      *
@@ -276,6 +194,13 @@ public final class SSLContext extends Na
         setvmode0(super.pointer, mode.valueOf(), depth);
     }
 
+    public void setRandom(SSLRandom rand)
+        throws NullPointerException
+    {
+        if (rand == null)
+            throw new NullPointerException();
+        this.rand = rand;
+    }
     /**
      * Set session id prefix.
      * <p>

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLEngine.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLEngine.java?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLEngine.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLEngine.java
Sat Oct  8 05:40:50 2011
@@ -25,7 +25,7 @@ import java.io.File;
 /**
  * OpenSSL Engine
  */
-public final class SSLEngine extends NativePointer
+public final class SSLEngine extends SSLObject
 {
     private static Object    lock;
     private static SSLEngine global;
@@ -46,7 +46,7 @@ public final class SSLEngine extends Nat
     }
 
 
-    // Hide NativePointer
+    // Hide SSLObject
     private final long  pointer = 0L;
     private static native long         init0(String name)
         throws SystemException;

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java
Sat Oct  8 05:40:50 2011
@@ -22,10 +22,10 @@ import org.apache.commons.runtime.Invali
 /**
  * SSL Key.
  */
-public final class SSLKey extends NativePointer
+public final class SSLKey extends SSLObject
 {
 
-    // Hide NativePointer
+    // Hide SSLObject
     private final long          pointer = 0L;
     private final String        desc;
     private SSLKeyFormat        format;
@@ -64,7 +64,7 @@ public final class SSLKey extends Native
             // Already loaded
             throw new IllegalStateException();
         }
-        super.pointer = load0(file, desc, format.valueOf(), ((NativePointer)cb).pointer);
+        super.pointer = load0(file, desc, format.valueOf(), ((SSLObject)cb).pointer);
         this.format   = format;
     }
 
@@ -111,7 +111,7 @@ public final class SSLKey extends Native
             // Already loaded
             throw new IllegalStateException();
         }
-        long ep = ((NativePointer)engine).pointer;
+        long ep = ((SSLObject)engine).pointer;
         if (ep == 0L)
             throw new NullPointerException();
         super.pointer = load2(ep, id, password);

Copied: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLObject.java
(from r1175693, commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/NativePointer.java)
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLObject.java?p2=commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLObject.java&p1=commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/NativePointer.java&r1=1175693&r2=1180317&rev=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/NativePointer.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLObject.java
Sat Oct  8 05:40:50 2011
@@ -22,7 +22,7 @@ import org.apache.commons.runtime.Retain
 /**
  * Abstract native pointer envelope.
  * This is package private generic pointer wrapper.
- * Package classes can cast derived classes to NativePointer and
+ * Package classes can cast derived classes to SSLObject and
  * obtain access to its native pointer.
  * <p>
  * Derived classes must declare {@code private final long pointer = 0L;}
@@ -31,14 +31,14 @@ import org.apache.commons.runtime.Retain
  * the correct native object.
  * </p>
  */
-abstract class NativePointer implements Disposable, Retainable
+abstract class SSLObject implements Disposable, Retainable
 {
     public long        pointer;
 
     /**
      * Creates a new object instance.
      */
-    protected NativePointer()
+    protected SSLObject()
     {
         this.pointer = 0L;
     }
@@ -47,7 +47,7 @@ abstract class NativePointer implements 
      * Creates a new object instance with already allocated pointer.
      * @param pointer already allocated native pointer.
      */
-    protected NativePointer(long pointer)
+    protected SSLObject(long pointer)
     {
         this.pointer = pointer;
     }

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLRandom.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLRandom.java?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLRandom.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLRandom.java
Sat Oct  8 05:40:50 2011
@@ -199,7 +199,7 @@ public final class SSLRandom
     public boolean setEngine(SSLEngine e)
     {
         // TODO: Throw error if fails
-        return seteng0(((NativePointer)e).pointer);
+        return seteng0(((SSLObject)e).pointer);
     }
 }
 

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
Sat Oct  8 05:40:50 2011
@@ -31,10 +31,10 @@ import java.nio.ByteBuffer;
 /**
  * Represents SSL server instance.
  */
-public final class SSLServer extends NativePointer implements Closeable
+public final class SSLServer extends SSLObject implements Closeable
 {
 
-    // Hide NativePointer
+    // Hide SSLObject
     private final long            pointer = 0L;
     private final String          hostId;
     private static native long    new0(String name)
@@ -139,7 +139,7 @@ public final class SSLServer extends Nat
             throw new ClosedObjectException();
         SSLContext org = ctx1;
         ctx1 = ctx;
-        setctx0(super.pointer, ((NativePointer)ctx).pointer);
+        setctx0(super.pointer, ((SSLObject)ctx).pointer);
         return org;
     }
 
@@ -236,7 +236,7 @@ public final class SSLServer extends Nat
     {
         if (super.pointer == 0L)
             throw new ClosedObjectException();
-        long bh = ((NativePointer)bio).pointer;
+        long bh = ((SSLObject)bio).pointer;
         if (bh == 0L)
             throw new ObjectNotInitializedException();
         setbio0(super.pointer, bh);

Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Sat Oct  8 05:40:50 2011
@@ -327,7 +327,10 @@ typedef struct acr_ssl_ctx_t {
     acr_refcount_t   refs;
     int              type;
     SSL_CTX         *ctx;
-    /* Pointer to the context verify store */
+    /* Pointer to the context verify store
+     * This is cached copy of
+     * SSL_CTX_get_cert_store(this->ctx)
+     */
     X509_STORE      *store;
 
     int              inited;
@@ -339,7 +342,10 @@ typedef struct acr_ssl_ctx_t {
 
     /* Back pointer to the server/proxy/client context */
     void            *container;
-    /* Certificate revocation list */
+    /* Certificate revocation list store.
+     * Since optional it will be created when the
+     * first SSLCRLStore is added.
+     */
     X509_STORE      *crls;
     X509            *cert;      /* Main certificate       */
     EVP_PKEY        *skey;
@@ -352,14 +358,10 @@ typedef struct acr_ssl_ctx_t {
     ssl_pass_cb_t   *password_callback;
 
     /* for client or downstream server authentication */
-    char            *ca_cert_path;
-    char            *ca_cert_file;
     char            *cipher_suite;
     int              verify_depth;
     int              verify_mode;
 
-    char            *crl_path;
-    char            *crl_file;
     int              crl_check;
 
     char             session_id_prefix[32];

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c Sat Oct  8 05:40:50
2011
@@ -237,6 +237,7 @@ struct SSLAPIst {
     /*** X509     ***/
     void                (*fpX509_free)(X509 *);
     void                (*fpX509_STORE_free)(X509_STORE *);
+    X509_STORE*         (*fpX509_STORE_new)(void);
     int                 (*fpX509_STORE_set_flags)(X509_STORE *, unsigned long);
     int                 (*fpX509_STORE_load_locations)(X509_STORE *, const char *, const
char *);    
     X509*               (*fpd2i_X509_bio)(BIO *, X509 **);
@@ -444,6 +445,7 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
     /*** X509     ***/
     CRYPTO_FPLOAD(X509_free);
     CRYPTO_FPLOAD(X509_STORE_free);
+    CRYPTO_FPLOAD(X509_STORE_new);
     CRYPTO_FPLOAD(X509_STORE_set_flags);
     CRYPTO_FPLOAD(X509_STORE_load_locations);
     CRYPTO_FPLOAD(d2i_X509_bio);
@@ -1146,6 +1148,11 @@ void X509_STORE_free(X509_STORE *v)
     SSLAPI_CALL(X509_STORE_free)(v);
 }
 
+X509_STORE *X509_STORE_new()
+{
+    return SSLAPI_CALL(X509_STORE_new)();
+}
+
 int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
 {
     return SSLAPI_CALL(X509_STORE_set_flags)(ctx, flags);

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Sat Oct  8 05:40:50
2011
@@ -26,13 +26,6 @@
 #error "Cannot compile this file without HAVE_OPENSSL defined"
 #endif
 
-#define SET_CTX_CA_CERT_FILE            1
-#define SET_CTX_CA_CERT_PATH            2
-#define SET_CTX_CRL_FILE                3
-#define SET_CTX_CRL_PATH                4
-#define SET_CTX_CIPHER_SUITE            5
-
-
 #define SET_CTX_STRING(name, value)                     \
     AcrFree(name);                                      \
     name = AcrGetJavaStringA(env, value, 0)
@@ -271,10 +264,6 @@ int ssl_ctx_release(acr_ssl_ctx_t *c)
 #endif
     AcrFree(c->ocsp_responder);
     AcrFree(c->rand_file);
-    AcrFree(c->ca_cert_file);
-    AcrFree(c->ca_cert_path);
-    AcrFree(c->crl_file);
-    AcrFree(c->crl_path);
     AcrFree(c->cipher_suite);
     AcrFree(c);
     return 1;
@@ -305,90 +294,42 @@ ACR_SSL_EXPORT(void, SSLContext, setspre
     } DONE_WITH_STR(prefix);
 }
 
-ACR_SSL_EXPORT(void, SSLContext, setstropt0)(JNI_STDARGS, jlong ctx,
-                                             jint opt, jstring val)
-{
-    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
-    switch (opt) {
-        case SET_CTX_CA_CERT_FILE:
-            SET_CTX_STRING(c->ca_cert_file, val);
-        break;
-        case SET_CTX_CA_CERT_PATH:
-            SET_CTX_STRING(c->ca_cert_path, val);
-        break;
-        case SET_CTX_CRL_FILE:
-            SET_CTX_STRING(c->crl_file, val);
-        break;
-        case SET_CTX_CRL_PATH:
-            SET_CTX_STRING(c->crl_path, val);
-        break;
-        case SET_CTX_CIPHER_SUITE:
-            SET_CTX_STRING(c->cipher_suite, val);
-        break;
-        default:
-        break;
-    }
-}
-
-ACR_SSL_EXPORT(void, SSLContext, setcafile0)(JNI_STDARGS, jlong ctx,
-                                             jstring cafile)
-{
-    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
-    SET_CTX_STRING(c->ca_cert_file, cafile);
-#if 0
-    WITH_CSTR(cafile) {
-        if (!SSL_CTX_load_verify_locations(c->ctx, J2S(cafile), 0))
-            ssl_throw_errno(env, ACR_EX_ESSL);
-        else
-            c->store = SSL_CTX_get_cert_store(c->ctx);
-    } DONE_WITH_STR(cafile);
-#endif
-}
-
-ACR_SSL_EXPORT(void, SSLContext, setcapath0)(JNI_STDARGS, jlong ctx,
-                                             jstring capath)
-{
-    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
-    SET_CTX_STRING(c->ca_cert_path, capath);
-#if 0    
-    WITH_CSTR(capath) {
-        if (!SSL_CTX_load_verify_locations(c->ctx, 0, J2S(capath)))
-            ssl_throw_errno(env, ACR_EX_ESSL);
-        else
-            c->store = SSL_CTX_get_cert_store(c->ctx);
-    } DONE_WITH_STR(capath);
-#endif
+ACR_SSL_EXPORT(void, SSLContext, setciphers0)(JNI_STDARGS, jlong ctx,
+                                              jstring val)
+{    
+    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);    
+    SET_CTX_STRING(c->cipher_suite, val);
 }
 
-ACR_SSL_EXPORT(void, SSLContext, setcacrlfile0)(JNI_STDARGS, jlong ctx,
-                                                jstring file)
+ACR_SSL_EXPORT(void, SSLContext, addcastore0)(JNI_STDARGS, jlong ctx,
+                                              jstring file, jstring path)
 {
     acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
-
-    SET_CTX_STRING(c->crl_file, file);
-#if 0
-    if (c->store == 0)
-        c->store = SSL_CTX_get_cert_store(c->ctx);
     WITH_CSTR(file) {
-        if (!X509_STORE_load_locations(c->store, J2S(file), 0))
+    WITH_CSTR(path) {
+        if (!SSL_CTX_load_verify_locations(c->ctx, J2S(file), J2S(path)))
             ssl_throw_errno(env, ACR_EX_ESSL);
+    } DONE_WITH_STR(path);
     } DONE_WITH_STR(file);
-#endif
 }
 
-ACR_SSL_EXPORT(void, SSLContext, setcacrlpath0)(JNI_STDARGS, jlong ctx,
-                                                jstring path)
+ACR_SSL_EXPORT(void, SSLContext, addcrlstore0)(JNI_STDARGS, jlong ctx,
+                                               jstring file, jstring path)
 {
     acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
-    SET_CTX_STRING(c->crl_path, path);
-#if 0
-    if (c->store == 0)
-        c->store = SSL_CTX_get_cert_store(c->ctx);
+
+    if (c->crls == 0) {
+        if ((c->crls = X509_STORE_new()) == 0) {
+            ACR_THROW(ACR_EX_ENOMEM, 0);
+            return;
+        }
+    }
+    WITH_CSTR(file) {
     WITH_CSTR(path) {
-        if (!X509_STORE_load_locations(c->store, 0, J2S(path)))
+        if (!X509_STORE_load_locations(c->crls, J2S(file), J2S(path)))
             ssl_throw_errno(env, ACR_EX_ESSL);
     } DONE_WITH_STR(path);
-#endif
+    } DONE_WITH_STR(file);
 }
 
 ACR_SSL_EXPORT(void, SSLContext, setcrlcheck0)(JNI_STDARGS, jlong ctx,

Modified: commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSL.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSL.java?rev=1180317&r1=1180316&r2=1180317&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSL.java (original)
+++ commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSL.java Sat
Oct  8 05:40:50 2011
@@ -49,9 +49,9 @@ public class TestSSL extends Assert
         }
     }
 
-    public abstract class AbstractTestPointer extends NativePointer
+    public abstract class AbstractTestPointer extends SSLObject
     {
-        // Hide NativePointer
+        // Hide SSLObject
         private final long          pointer = 0L;
         public AbstractTestPointer()
         {
@@ -63,12 +63,12 @@ public class TestSSL extends Assert
     {
         public TestPointer()        
         {
-            ((NativePointer)this).pointer = 5678L;
+            ((SSLObject)this).pointer = 5678L;
         }
 
         public void dispose()
         {
-            ((NativePointer)this).pointer = 0L;
+            ((SSLObject)this).pointer = 0L;
         }
     }
 
@@ -94,9 +94,9 @@ public class TestSSL extends Assert
     public void nativePointer()
     {
         TestPointer p = new TestPointer();
-        assertEquals(((NativePointer)p).pointer, 5678L);
-        ((NativePointer)p).pointer = 0L;
-        assertEquals(((NativePointer)p).pointer, 0L);
+        assertEquals(((SSLObject)p).pointer, 5678L);
+        ((SSLObject)p).pointer = 0L;
+        assertEquals(((SSLObject)p).pointer, 0L);
     }
 
     @Test(groups = { "openssl" })



Mime
View raw message