commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject svn commit: r1187679 - in /commons/sandbox/runtime/trunk/src/main: java/org/apache/commons/runtime/ssl/ native/modules/openssl/ test/org/apache/commons/runtime/
Date Sat, 22 Oct 2011 09:33:21 GMT
Author: mturk
Date: Sat Oct 22 09:33:21 2011
New Revision: 1187679

URL: http://svn.apache.org/viewvc?rev=1187679&view=rev
Log:
Add useCertificate method

Added:
    commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSLCtx.java
  (with props)
Modified:
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties?rev=1187679&r1=1187678&r2=1187679&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties
Sat Oct 22 09:33:21 2011
@@ -20,5 +20,6 @@ password.PROMPT=Some of your private key
 \nIn order to read them you have to provide the pass phrases.\
 \nEnter password :
 sslctx.ENOCRLLOC=At least one of CARevocationFile or CARevocationPath must be configured
+sslctx.EMISSMATCH=Private key does not match the certificate public key
 store.ENOTREG=File '{0}' does not exist or is empty
 store.ENOTDIR=Path '{0}' is not directory

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java?rev=1187679&r1=1187678&r2=1187679&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
Sat Oct 22 09:33:21 2011
@@ -54,6 +54,8 @@ public final class SSLContext extends SS
         throws SSLException;
     private static native void    addcrlstore0(long ctx, String file, String path)
         throws SSLException;
+    private static native boolean usecert0(long ctx, long crt, long key)
+        throws SSLException;
     
     private SSLContext()
     {
@@ -239,6 +241,8 @@ public final class SSLContext extends SS
     public synchronized void dispose()
         throws IllegalStateException
     {
+        if (super.pointer == 0L)
+            throw new ObjectNotInitializedException();
         for (int i = 0; i < keys.length; i++) {
             if (keys[i] != null) {
                 keys[i].dispose();
@@ -255,5 +259,24 @@ public final class SSLContext extends SS
         }
     }
 
+    public synchronized void useCertificate(SSLCertificate crt, SSLKey key)
+        throws IllegalStateException,
+               ObjectNotInitializedException,
+               SSLException
+    {
+        if (super.pointer == 0L)
+            throw new ObjectNotInitializedException();
+        for (int i = 0; i < cert.length; i++) {
+            if (cert[i] == null) {
+                if (!usecert0(super.pointer, ((SSLObject)crt).pointer, ((SSLObject)key).pointer))
+                    throw new SSLException(Local.sm.get("sslctx.EMISSMATCH"));
+                cert[i] = crt;
+                keys[i] = key;
+                return;
+            }
+        }
+        throw new IllegalStateException();
+    }
+
 }
 

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c?rev=1187679&r1=1187678&r2=1187679&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c Sat Oct 22 09:33:21
2011
@@ -183,7 +183,10 @@ struct SSLAPIst {
     void                (*fpSSL_CTX_set_verify)(SSL_CTX *, int, int (*)(int, X509_STORE_CTX
*));
     int                 (*fpSSL_CTX_set_generate_session_id)(SSL_CTX *, GEN_SESSION_CB);
     void                (*fpSSL_CTX_set_quiet_shutdown)(SSL_CTX *, int);
-
+    int                 (*fpSSL_CTX_use_PrivateKey)(SSL_CTX *, EVP_PKEY *);
+    int                 (*fpSSL_CTX_use_certificate)(SSL_CTX *, X509 *);
+    int                 (*fpSSL_CTX_check_private_key)(const SSL_CTX *);
+    
     /*** SSL      ***/
     void*               (*fpSSL_get_ex_data)(const SSL *, int);
     int                 (*fpSSL_get_ex_new_index)(long, void *, CRYPTO_EX_new *, CRYPTO_EX_dup
*, CRYPTO_EX_free *);
@@ -356,6 +359,9 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
     LIBSSL_FPLOAD(SSL_CTX_set_verify);
     LIBSSL_FPLOAD(SSL_CTX_set_generate_session_id);
     LIBSSL_FPLOAD(SSL_CTX_set_quiet_shutdown);
+    LIBSSL_FPLOAD(SSL_CTX_use_PrivateKey);
+    LIBSSL_FPLOAD(SSL_CTX_use_certificate);
+    LIBSSL_FPLOAD(SSL_CTX_check_private_key);
 
     /*** BIO      ***/
     CRYPTO_FPLOAD(BIO_ctrl);
@@ -998,6 +1004,22 @@ void SSL_CTX_set_quiet_shutdown(SSL_CTX 
     SSLAPI_CALL(SSL_CTX_set_quiet_shutdown)(ctx, mode);
 }
 
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
+{
+    return SSLAPI_CALL(SSL_CTX_use_PrivateKey)(ctx, pkey);
+}
+
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
+{
+    return SSLAPI_CALL(SSL_CTX_use_certificate)(ctx, x);
+}
+
+int SSL_CTX_check_private_key(const SSL_CTX *ctx)
+{
+    return SSLAPI_CALL(SSL_CTX_check_private_key)(ctx);
+}
+
+
 void *SSL_get_ex_data(const SSL *ssl, int idx)
 {
     return SSLAPI_CALL(SSL_get_ex_data)(ssl, idx);

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1187679&r1=1187678&r2=1187679&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Sat Oct 22 09:33:21
2011
@@ -195,7 +195,7 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
 #endif
                 break;
                 case SSL_PROTOCOL_SSLV3:
-                    m = SSLv3_server_method();
+                    m = SSLv3_server_method();                    
                 break;
                 case SSL_PROTOCOL_SSLV23:
                     m = SSLv23_server_method();
@@ -252,7 +252,7 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
         default:
         break;
     }
-    if (m == 0 || (c->ctx == SSL_CTX_new(m)) == 0) {
+    if (m == 0 || (c->ctx = SSL_CTX_new(m)) == 0) {
         AcrFree(c);
         ACR_THROW(ACR_EX_ENOTIMPL, 0);
         return 0;
@@ -473,3 +473,23 @@ ACR_SSL_EXPORT(void, SSLContext, setscac
         SSL_CTX_sess_set_cache_size(c->ctx, size);
 }
 
+ACR_SSL_EXPORT(jboolean, SSLContext, usecert0)(JNI_STDARGS, jlong ctx,
+                                               jlong crt, jlong key)
+{
+    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
+    ssl_obj_t  *cert = J2P(crt, ssl_obj_t *);
+    ssl_obj_t  *pkey = J2P(key, ssl_obj_t *);
+
+    if (SSL_CTX_use_certificate(c->ctx, cert->u.x509) <= 0) {
+        ssl_throw_errno(env, ACR_EX_ESSL);
+        return JNI_FALSE;
+    }
+    if (SSL_CTX_use_PrivateKey(c->ctx, pkey->u.pkey) <= 0) {
+        ssl_throw_errno(env, ACR_EX_ESSL);
+        return JNI_FALSE;
+    }
+    if (SSL_CTX_check_private_key(c->ctx) == 0)
+        return JNI_FALSE;
+    else
+        return JNI_TRUE;
+}

Added: commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSLCtx.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSLCtx.java?rev=1187679&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSLCtx.java
(added)
+++ commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSLCtx.java
Sat Oct 22 09:33:21 2011
@@ -0,0 +1,46 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.runtime.ssl;
+
+import org.testng.annotations.*;
+import org.testng.Assert;
+import java.io.IOException;
+import java.io.File;
+import java.nio.ByteBuffer;
+import org.apache.commons.runtime.Native;
+
+public class TestSSLCtx extends Assert
+{
+
+    private static final String pkey = "certificates/localhost.key";
+    private static final String cert = "certificates/localhost.crt";
+
+    @Test(groups = { "openssl" })
+    public void simpleInit()
+        throws Exception
+    {
+        SSLKey key = new SSLKey("Demo key");
+        key.load(pkey, SSLKeyFormat.PEM, "secret");
+        SSLCertificate crt = new SSLCertificate("Demo certificate");
+        crt.load(cert);
+
+        SSLContext ctx = new SSLContext(SSLProtocolMethod.SSLv23, SSLProtocolMode.SERVER);
+        ctx.useCertificate(crt, key);
+    }
+
+
+}

Propchange: commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSLCtx.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message