Return-Path: Delivered-To: apmail-harmony-commits-archive@www.apache.org Received: (qmail 39154 invoked from network); 13 Aug 2010 12:28:44 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 13 Aug 2010 12:28:44 -0000 Received: (qmail 71562 invoked by uid 500); 13 Aug 2010 12:28:44 -0000 Delivered-To: apmail-harmony-commits-archive@harmony.apache.org Received: (qmail 71463 invoked by uid 500); 13 Aug 2010 12:28:42 -0000 Mailing-List: contact commits-help@harmony.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@harmony.apache.org Delivered-To: mailing list commits@harmony.apache.org Received: (qmail 71455 invoked by uid 99); 13 Aug 2010 12:28:41 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Aug 2010 12:28:41 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Aug 2010 12:28:40 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id B6D0A23889B9; Fri, 13 Aug 2010 12:27:23 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r985174 - in /harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main: java/org/apache/harmony/xnet/provider/jsse/ native/jsse/shared/ native/jsse/windows/ Date: Fri, 13 Aug 2010 12:27:23 -0000 To: commits@harmony.apache.org From: odeakin@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20100813122723.B6D0A23889B9@eris.apache.org> Author: odeakin Date: Fri Aug 13 12:27:22 2010 New Revision: 985174 URL: http://svn.apache.org/viewvc?rev=985174&view=rev Log: A few more changes to x-net implementation: - Modify client auth methods to pass options through to SSL_CTX_set_verify(). - Add initialisation of SSLSessionImpl in terms of SSL_SESSIONs. - Make sure handshake completion listeners are called once handshaking is successfully completed. Added: harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/shared/sslSession.c (with props) harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/shared/sslSession.h (with props) Modified: harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionImpl.java harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketImpl.java harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/shared/sslParameters.c harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/shared/sslParameters.h harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/windows/makefile Modified: harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java URL: http://svn.apache.org/viewvc/harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java?rev=985174&r1=985173&r2=985174&view=diff ============================================================================== --- harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java (original) +++ harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java Fri Aug 13 12:27:22 2010 @@ -76,6 +76,11 @@ public class SSLParameters { private static String[] supportedProtocols = new String[] { "SSLv2", "SSLv3", "TLSv1" }; private static int[] protocolFlags = new int[] { 1, 2, 4 }; // These correspond to the flags used in the natives + // These correspond to the flags used in the natives + private static short NO_CLIENT_AUTH = 1; + private static short REQUEST_CLIENT_AUTH = 2; + private static short REQUIRE_CLIENT_AUTH = 4; + // Enable all protocols by default private String[] enabledProtocols = supportedProtocols; private int enabledProtocolsFlags = 7; // TLSv1 & SSLv3 & SSLv2 @@ -377,11 +382,18 @@ public class SSLParameters { return client_mode; } + private static native void setClientAuthImpl(long context, short flag); + /** * Tunes the peer holding this parameters to require client authentication */ protected void setNeedClientAuth(boolean need) { - need_client_auth = need; + if (need) { + setClientAuthImpl(SSL_CTX, REQUIRE_CLIENT_AUTH); + } else { + setClientAuthImpl(SSL_CTX, NO_CLIENT_AUTH); + } + need_client_auth = need; // reset the want_client_auth setting want_client_auth = false; } @@ -398,6 +410,11 @@ public class SSLParameters { * Tunes the peer holding this parameters to request client authentication */ protected void setWantClientAuth(boolean want) { + if (want) { + setClientAuthImpl(SSL_CTX, REQUEST_CLIENT_AUTH); + } else { + setClientAuthImpl(SSL_CTX, NO_CLIENT_AUTH); + } want_client_auth = want; // reset the need_client_auth setting need_client_auth = false; Modified: harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionImpl.java URL: http://svn.apache.org/viewvc/harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionImpl.java?rev=985174&r1=985173&r2=985174&view=diff ============================================================================== --- harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionImpl.java (original) +++ harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionImpl.java Fri Aug 13 12:27:22 2010 @@ -162,6 +162,11 @@ public class SSLSessionImpl implements S */ final boolean isServer; + // OpenSSL SSL_SESSION pointer + private final long SSL_SESSION; + + private final SSLParameters sslParameters; + /** * Creates SSLSession implementation * @@ -187,6 +192,9 @@ public class SSLSessionImpl implements S isServer = true; } + // Add to satisfy compiler + SSL_SESSION = 0; + sslParameters = null; } /** @@ -198,6 +206,14 @@ public class SSLSessionImpl implements S this(null, sr); } + private native long initialiseSession(long SSL); + + public SSLSessionImpl(SSLParameters parms, long SSL) { + sslParameters = parms; + SSL_SESSION = initialiseSession(SSL); + this.isServer = !sslParameters.getUseClientMode(); + } + public int getApplicationBufferSize() { return SSLRecordProtocol.MAX_DATA_LENGTH; } Modified: harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketImpl.java URL: http://svn.apache.org/viewvc/harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketImpl.java?rev=985174&r1=985173&r2=985174&view=diff ============================================================================== --- harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketImpl.java (original) +++ harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketImpl.java Fri Aug 13 12:27:22 2010 @@ -441,7 +441,6 @@ public class SSLSocketImpl extends SSLSo } sslConnectImpl(SSL, impl.getFileDescriptor()); - //handshakeProtocol = new ClientHandshakeImpl(this); } else { @@ -468,6 +467,18 @@ public class SSLSocketImpl extends SSLSo //doHandshake(); + session = new SSLSessionImpl(sslParameters, SSL); + // Notify handshake completion listeners + if (listeners != null) { + HandshakeCompletedEvent event = + new HandshakeCompletedEvent(this, session); + int size = listeners.size(); + for (int i=0; iGetArrayLength(env, jtrustCerts); if (size) { @@ -73,11 +76,6 @@ JNIEXPORT jlong JNICALL Java_org_apache_ } free(certBuffer); } - - // Carry out peer cert verification - // TODO: Is this the right setting? - SSL_CTX_set_verify(context, SSL_VERIFY_PEER, NULL); - SSL_CTX_set_verify_depth(context, 1); } if (jkeyCert != NULL) { @@ -144,3 +142,28 @@ JNIEXPORT void JNICALL Java_org_apache_h SSL_CTX_clear_options(ctx, options); SSL_CTX_set_options(ctx, options ^ mask); } + +JNIEXPORT void JNICALL Java_org_apache_harmony_xnet_provider_jsse_SSLParameters_setClientAuthImpl + (JNIEnv *env, jclass clazz, jlong context, jshort flag) +{ + SSL_CTX *ctx = (SSL_CTX*)context; + int mode = 0; + + switch (flag) { + case NO_CLIENT_AUTH: + mode = SSL_VERIFY_NONE; + break; + case REQUEST_CLIENT_AUTH: + mode = SSL_VERIFY_PEER; + break; + case REQUIRE_CLIENT_AUTH: + mode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT; + break; + default: + // Should never happen + return; + } + + // Set the client authentication mode with a NULL callback + SSL_CTX_set_verify(ctx, mode, NULL); +} Modified: harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/shared/sslParameters.h URL: http://svn.apache.org/viewvc/harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/shared/sslParameters.h?rev=985174&r1=985173&r2=985174&view=diff ============================================================================== --- harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/shared/sslParameters.h (original) +++ harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/shared/sslParameters.h Fri Aug 13 12:27:22 2010 @@ -29,10 +29,17 @@ extern "C" { #define PROTOCOL_SSLv3 2 #define PROTOCOL_TLSv1 4 +// Client authentication flags - these correspond to the flags used in SSLParameters.java +#define NO_CLIENT_AUTH 1 +#define REQUEST_CLIENT_AUTH 2 +#define REQUIRE_CLIENT_AUTH 4 + JNIEXPORT jlong JNICALL Java_org_apache_harmony_xnet_provider_jsse_SSLParameters_initialiseContext (JNIEnv *, jclass, jobjectArray, jbyteArray, jbyteArray); JNIEXPORT void JNICALL Java_org_apache_harmony_xnet_provider_jsse_SSLParameters_setEnabledProtocolsImpl (JNIEnv *, jclass, jlong, jint); +JNIEXPORT void JNICALL Java_org_apache_harmony_xnet_provider_jsse_SSLParameters_setClientAuthImpl + (JNIEnv *, jclass, jlong, jshort); #ifdef __cplusplus } Added: harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/shared/sslSession.c URL: http://svn.apache.org/viewvc/harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/shared/sslSession.c?rev=985174&view=auto ============================================================================== --- harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/shared/sslSession.c (added) +++ harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/shared/sslSession.c Fri Aug 13 12:27:22 2010 @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "sslSession.h" +#include +#include "jni.h" +#include "hysock.h" +#include "openssl/bio.h" +#include "openssl/ssl.h" +#include "openssl/err.h" + +JNIEXPORT jlong JNICALL Java_org_apache_harmony_xnet_provider_jsse_SSLSessionImpl_initialiseSession + (JNIEnv *env, jobject object, jlong jssl) +{ + SSL *ssl = (SSL*)jssl; + + return (jlong)SSL_get_session(ssl); +} Propchange: harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/shared/sslSession.c ------------------------------------------------------------------------------ svn:eol-style = native Added: harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/shared/sslSession.h URL: http://svn.apache.org/viewvc/harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/shared/sslSession.h?rev=985174&view=auto ============================================================================== --- harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/shared/sslSession.h (added) +++ harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/shared/sslSession.h Fri Aug 13 12:27:22 2010 @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#ifndef _SSLSESSION_H +#define _SSLSESSION_H + +#ifdef __cplusplus +extern "C" { +#endif + +JNIEXPORT jlong JNICALL Java_org_apache_harmony_xnet_provider_jsse_SSLSessionImpl_initialiseSession + (JNIEnv *, jobject, jlong); + +#ifdef __cplusplus +} +#endif + +#endif + Propchange: harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/shared/sslSession.h ------------------------------------------------------------------------------ svn:eol-style = native Modified: harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/windows/makefile URL: http://svn.apache.org/viewvc/harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/windows/makefile?rev=985174&r1=985173&r2=985174&view=diff ============================================================================== --- harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/windows/makefile (original) +++ harmony/enhanced/java/branches/omd/classlib/modules/x-net/src/main/native/jsse/windows/makefile Fri Aug 13 12:27:22 2010 @@ -29,7 +29,7 @@ HYLDFLAGS = $(HYLDFLAGS) -def:$(LIBBASE) BUILDFILES = \ $(SHAREDSUB)jsse_copyright.obj $(SHAREDSUB)sslParameters.obj $(SHAREDSUB)sslSocket.obj \ - $(SHAREDSUB)jsse_rand.obj + $(SHAREDSUB)sslSession.obj $(SHAREDSUB)jsse_rand.obj VIRTFILES = hyjsse.res