jfclere 2005/06/10 10:15:56
Modified: jni build.xml
jni/java/org/apache/tomcat/jni SSLSocket.java
jni/native/src sslnetwork.c
Added: jni/examples/org/apache/tomcat/jni BIOSSLServer.java
Log:
Try to used apr sockets instead the openssl ones.
Revision Changes Path
1.8 +10 -0 jakarta-tomcat-connectors/jni/build.xml
Index: build.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/build.xml,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- build.xml 6 Jun 2005 08:53:06 -0000 1.7
+++ build.xml 10 Jun 2005 17:15:55 -0000 1.8
@@ -309,4 +309,14 @@
<jvmarg value="-Djava.library.path=${tc.library.path}"/>
</java>
</target>
+ <target name="bioserver-example" depends="examples">
+ <echo message="Running another Tomcat Native SSL Server example
..."/>
+ <java dir="${examples.dir}"
classname="org.apache.tomcat.jni.BIOSSLServer"
+ fork="yes" failonerror="${test.failonerror}">
+ <env key="PATH" path="${tc.library.path}:${java.library.path}"/>
+ <env key="Path" path="${tc.library.path}:${java.library.path}"/>
+ <classpath refid="examples.classpath"/>
+ <jvmarg value="-Djava.library.path=${tc.library.path}"/>
+ </java>
+ </target>
</project>
1.1
jakarta-tomcat-connectors/jni/examples/org/apache/tomcat/jni/BIOSSLServer.java
Index: BIOSSLServer.java
===================================================================
package org.apache.tomcat.jni;
import java.util.Properties;
import java.io.*;
import java.net.*;
import java.lang.*;
/** SSL Server server example
*
* @author Mladen Turk
* @version $Revision: 1.1 $, $Date: 2005/06/10 17:15:56 $
*/
public class BIOSSLServer {
public static String serverAddr = null;
public static int serverPort = 0;
public static int serverNmax = 0;
public static long serverPool = 0;
public static long serverCtx = 0;
public static String serverCert = null;
public static String serverKey = null;
public static String serverCiphers = null;
public static String serverPassword = null;
private static Object threadLock = new Object();
static {
try {
InputStream is = BIOSSLServer.class.getResourceAsStream
("/org/apache/tomcat/jni/SSL.properties");
Properties props = new Properties();
props.load(is);
is.close();
serverAddr = props.getProperty("server.ip", "127.0.0.1");
serverPort = Integer.decode(props.getProperty("server.port",
"4443")).intValue();
serverNmax = Integer.decode(props.getProperty("server.max",
"1")).intValue();
serverCert = props.getProperty("server.cert", "server.pem");
serverKey = props.getProperty("server.key", null);
serverCiphers = props.getProperty("server.ciphers", "ALL");
serverPassword = props.getProperty("server.password", null);
}
catch (Throwable t) {
; // Nothing
}
}
private class CallBack implements BIOCallback {
long clientSock = 0;
public int write(byte [] buf) {
return(Socket.send(clientSock, buf, 0, buf.length));
}
public int read(byte [] buf) {
return(Socket.recv(clientSock, buf, 0, buf.length));
}
public int puts(String data) {
System.out.println("CallBack.puts");
return -1;
}
public String gets(int len) {
System.out.println("CallBack.gets");
return "";
}
public void setsock(long sock) {
clientSock = sock;
}
}
public BIOSSLServer()
{
int i;
serverPool = Pool.create(0);
try {
/* Create SSL Context, one for each Virtual Host */
serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV2 |
SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER);
// serverCtx = SSLContext.make(serverPool,
SSL.SSL_PROTOCOL_TLSV1, SSL.SSL_MODE_SERVER);
/* List the ciphers that the client is permitted to negotiate. */
SSLContext.setCipherSuite(serverCtx, serverCiphers);
/* Load Server key and certificate */
SSLContext.setCertificate(serverCtx, serverCert, serverKey,
serverPassword, SSL.SSL_AIDX_RSA);
SSLContext.setVerify(serverCtx, SSL.SSL_CVERIFY_NONE, 0);
/*
CallBack SSLCallBack = new CallBack();
long callback = SSL.newBIO(serverPool, SSLCallBack);
SSLContext.setBIO(serverCtx, callback, 1);
SSLContext.setBIO(serverCtx, callback, 0);
long serverSSL = SSLBIO.make(serverCtx, callback, callback);
*/
long serverSock = Socket.create(Socket.APR_INET,
Socket.SOCK_STREAM,
Socket.APR_PROTO_TCP, serverPool);
long inetAddress = Address.info(BIOSSLServer.serverAddr,
Socket.APR_INET, BIOSSLServer.serverPort, 0, serverPool);
int rc = Socket.bind(serverSock, inetAddress);
if (rc != 0) {
throw(new Exception("Can't bind: " + Error.strerror(rc)));
}
Socket.listen(serverSock, 5);
long clientSock = Socket.accept(serverSock, serverPool);
long sa = Address.get(Socket.APR_REMOTE, clientSock);
Sockaddr raddr = new Sockaddr();
if (Address.fill(raddr, sa)) {
System.out.println("Remote Host: " + Address.getnameinfo(sa,
0));
System.out.println("Remote IP: " + Address.getip(sa) +
":" + raddr.port);
}
// SSLCallBack.setsock(clientSock);
int retcode = SSLSocket.accept(serverCtx, clientSock, serverPool);
if (retcode<=0) {
throw(new Exception("Can't SSL accept: " +
SSLBIO.geterror(serverSSL, retcode)));
}
} catch (Exception e) {
e.printStackTrace();
}
}
public static void main(String [] args) {
try {
Library.initialize(null);
SSL.initialize(null);
BIOSSLServer server = new BIOSSLServer();
} catch (Exception e) {
e.printStackTrace();
}
}
}
1.4 +7 -2
jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLSocket.java
Index: SSLSocket.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLSocket.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- SSLSocket.java 10 Jun 2005 11:34:03 -0000 1.3
+++ SSLSocket.java 10 Jun 2005 17:15:56 -0000 1.4
@@ -72,5 +72,10 @@
*/
public static native int close(long thesocket);
-
+ /**
+ * Get the SSL error code.
+ * @param thesocket The SSL socket to use.
+ * @retcode the "local" error code returned by SSL.
+ * @return the error code.
+ public static native int geterror(long thesocket, int retcode);
}
1.5 +142 -1 jakarta-tomcat-connectors/jni/native/src/sslnetwork.c
Index: sslnetwork.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslnetwork.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- sslnetwork.c 10 Jun 2005 11:30:54 -0000 1.4
+++ sslnetwork.c 10 Jun 2005 17:15:56 -0000 1.5
@@ -151,6 +151,87 @@
return con;
}
+/*
+ * Use APR sockets directly
+ */
+
+static int jbs_apr_new(BIO *bi)
+{
+ printf("jbs_apr_new\n");
+ fflush(stdout);
+ bi->shutdown = 1;
+ bi->init = 0;
+ bi->num = -1;
+ bi->ptr = NULL;
+ return 1;
+}
+
+static int jbs_apr_free(BIO *bi)
+{
+ if (bi == NULL)
+ return 0;
+ else
+ return 1;
+}
+
+static int jbs_apr_write(BIO *b, const char *in, int inl)
+{
+ apr_size_t j = inl;
+ apr_socket_t *sock=b->ptr;
+ printf("jbs_apr_write\n");
+ fflush(stdout);
+ return(apr_socket_send(sock, in, &j));
+}
+
+static int jbs_apr_read(BIO *b, char *out, int outl)
+{
+ apr_size_t j = outl;
+ apr_socket_t *sock=b->ptr;
+ int ret;
+ printf("jbs_apr_read\n");
+ fflush(stdout);
+ ret = apr_socket_recv(sock, out, &j);
+ if (ret == APR_SUCCESS)
+ return(j);
+ return(-1);
+}
+
+static int jbs_apr_puts(BIO *b, const char *in)
+{
+ return 0;
+}
+
+static int jbs_apr_gets(BIO *b, char *out, int outl)
+{
+ return 0;
+}
+
+static long jbs_apr_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ printf("jbs_apr_ctrl\n");
+ fflush(stdout);
+ if (cmd==BIO_CTRL_FLUSH || cmd==BIO_CTRL_DUP)
+ return 1;
+ else
+ return 0;
+}
+static BIO_METHOD jbs_apr_methods = {
+ BIO_TYPE_FILE,
+ "APR Callback",
+ jbs_apr_write,
+ jbs_apr_read,
+ jbs_apr_puts,
+ jbs_apr_gets,
+ jbs_apr_ctrl,
+ jbs_apr_new,
+ jbs_apr_free,
+ NULL
+};
+static BIO_METHOD *BIO_jbs_apr()
+{
+ return(&jbs_apr_methods);
+}
+
TCN_IMPLEMENT_CALL(jint, SSLSocket, shutdown)(TCN_STDARGS, jlong sock,
jint how)
{
@@ -199,6 +280,65 @@
return (jint)rv;
}
+#define JFC_TEST 1
+#ifdef JFC_TEST
+
+TCN_IMPLEMENT_CALL(jint, SSLSocket, geterror)(TCN_STDARGS, jlong ctx, jint
retcode)
+{
+ tcn_ssl_conn_t *c = J2P(ctx, tcn_ssl_conn_t *);
+ UNREFERENCED_STDARGS;
+ TCN_ASSERT(ctx != 0);
+ printf("geterror for %d state: %.08x\n", retcode, c->ssl->state);
+ perror("geterror");
+ fflush(stdout);
+ return SSL_get_error(c->ssl, retcode);
+}
+
+TCN_IMPLEMENT_CALL(jlong, SSLSocket, accept)(TCN_STDARGS, jlong ctx,
+ jlong sock, jlong pool)
+{
+ tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
+ apr_socket_t *s = J2P(sock, apr_socket_t *);
+ apr_pool_t *p = J2P(pool, apr_pool_t *);
+ tcn_ssl_conn_t *con;
+ BIO *bio = NULL;
+ int retcode;
+
+ UNREFERENCED(o);
+ TCN_ASSERT(pool != 0);
+ TCN_ASSERT(ctx != 0);
+ TCN_ASSERT(sock != 0);
+
+ if ((con = ssl_create(e, c, p)) == NULL) {
+ tcn_ThrowException(e, "Create SSL failed");
+ return 0;
+ }
+ con->sock = s;
+
+ if ((bio = BIO_new(BIO_jbs_apr())) == NULL) {
+ tcn_ThrowException(e, "Create BIO failed");
+ return 0;
+ }
+ bio->ptr = s;
+
+ /* XXX cleanup ??? */
+
+ /* the bio */
+ SSL_set_bio(con->ssl, bio, bio);
+
+ /* do the handshake*/
+ retcode = SSL_accept(con->ssl);
+ if (retcode<=0) {
+ printf("SSL_accept failed %d state: %.08x\n", retcode,
con->ssl->state);
+ printf("SSL_accept %p cert\n", con->ssl->cert);
+ tcn_ThrowException(e, "Create SSL_accept failed");
+ return 0;
+ }
+
+cleanup:
+ return P2J(con);
+}
+#else
TCN_IMPLEMENT_CALL(jlong, SSLSocket, accept)(TCN_STDARGS, jlong ctx,
jlong sock, jlong pool)
{
@@ -225,6 +365,7 @@
cleanup:
return P2J(con);
}
+#endif
TCN_IMPLEMENT_CALL(jlong, SSLSocket, connect)(TCN_STDARGS, jlong ctx,
jlong sock, jlong pool)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
