mturk 2005/06/15 05:08:02
Modified: jni/java/org/apache/tomcat/jni SSL.java SSLSocket.java
jni/native/include ssl_private.h
jni/native/src sslinfo.c
Log:
Update sslinfo to use the indexed approach to the params instead
a name based. This way we'll keep the lower number of native functions.
Revision Changes Path
1.19 +7 -2
jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java
Index: SSL.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- SSL.java 12 Jun 2005 07:33:08 -0000 1.18
+++ SSL.java 15 Jun 2005 12:08:02 -0000 1.19
@@ -158,6 +158,11 @@
public static final int SSL_SHUTDOWN_TYPE_UNCLEAN = 2;
public static final int SSL_SHUTDOWN_TYPE_ACCURATE = 3;
+ public static final int SSL_INFO_SESSION_ID = 1;
+ public static final int SSL_INFO_CIPHER = 2;
+ public static final int SSL_INFO_CIPHER_USEKEYSIZE = 3;
+ public static final int SSL_INFO_CIPHER_ALGKEYSIZE = 4;
+
/* Return OpenSSL version number */
public static native int version();
@@ -261,7 +266,7 @@
* @param file File contatining DH params.
*/
public static native boolean loadDSATempKey(int idx, String file);
-
+
/**
* Return last SSL error string
*/
1.12 +27 -4
jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLSocket.java
Index: SSLSocket.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLSocket.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- SSLSocket.java 14 Jun 2005 20:59:33 -0000 1.11
+++ SSLSocket.java 15 Jun 2005 12:08:02 -0000 1.12
@@ -234,10 +234,33 @@
int offset, int nbytes, long timeout);
/**
- * Retrun SSL SESSION id.
+ * Retrun SSL Info parameter as byte array.
*
* @param sock The socket to read the data from.
- * @return Byte array containing session id.
+ * @param id Parameter id.
+ * @return Byte array containing info id value.
*/
- public static native byte[] getSessionId(long sock);
+ public static native byte[] getInfoB(long sock, int id)
+ throws Exception;
+
+ /**
+ * Retrun SSL Info parameter as String.
+ *
+ * @param sock The socket to read the data from.
+ * @param id Parameter id.
+ * @return String containing info id value.
+ */
+ public static native String getInfoS(long sock, int id)
+ throws Exception;
+
+ /**
+ * Retrun SSL Info parameter as integer.
+ *
+ * @param sock The socket to read the data from.
+ * @param id Parameter id.
+ * @return Integer containing info id value or -1 on error.
+ */
+ public static native int getInfoI(long sock, int id)
+ throws Exception;
+
}
1.29 +6 -1
jakarta-tomcat-connectors/jni/native/include/ssl_private.h
Index: ssl_private.h
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- ssl_private.h 12 Jun 2005 10:31:16 -0000 1.28
+++ ssl_private.h 15 Jun 2005 12:08:02 -0000 1.29
@@ -141,6 +141,11 @@
#define SSL_TO_APR_ERROR(X) (APR_OS_START_USERERR + 1000 + X)
+#define SSL_INFO_SESSION_ID (1)
+#define SSL_INFO_CIPHER (2)
+#define SSL_INFO_CIPHER_USEKEYSIZE (3)
+#define SSL_INFO_CIPHER_ALGKEYSIZE (4)
+
#define SSL_VERIFY_ERROR_IS_OPTIONAL(errnum) \
((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
|| (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
1.2 +103 -13 jakarta-tomcat-connectors/jni/native/src/sslinfo.c
Index: sslinfo.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslinfo.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sslinfo.c 14 Jun 2005 11:55:54 -0000 1.1
+++ sslinfo.c 15 Jun 2005 12:08:02 -0000 1.2
@@ -31,27 +31,117 @@
#ifdef HAVE_OPENSSL
#include "ssl_private.h"
-TCN_IMPLEMENT_CALL(jobject, SSLSocket, getSessionId)(TCN_STDARGS, jlong sock)
+static const char *hex_basis = "0123456789ABCDEF";
+
+static char *convert_to_hex(const void *buf, size_t len)
+{
+ const unsigned char *p = ( const unsigned char *)buf;
+ char *str, *s;
+ size_t i;
+
+ if ((len < 1) || ((str = malloc(len * 2 + 1)) == NULL))
+ return NULL;
+ for (i = 0, s = str; i < len; i++) {
+ unsigned char c = *p++;
+ *s++ = hex_basis[c >> 4];
+ *s++ = hex_basis[c & 0x0F];
+ }
+ *s = '\0';
+ return str;
+}
+
+TCN_IMPLEMENT_CALL(jobject, SSLSocket, getInfoB)(TCN_STDARGS, jlong sock,
+ jint what)
{
tcn_ssl_conn_t *s = J2P(sock, tcn_ssl_conn_t *);
- SSL_SESSION *session;
+ jbyteArray array = NULL;
UNREFERENCED(o);
TCN_ASSERT(sock != 0);
- if ((session = SSL_get_session(s->ssl)) != NULL) {
- jbyteArray array;
- jsize len = (jsize)session->session_id_length;
- array = (*e)->NewByteArray(e, len);
- if (array) {
- (*e)->SetByteArrayRegion(e, array, 0, len,
- (jbyte *)(&session->session_id[0]));
+
+ switch (what) {
+ case SSL_INFO_SESSION_ID:
+ {
+ SSL_SESSION *session = SSL_get_session(s->ssl);
+ if (session) {
+ jsize len = (jsize)session->session_id_length;
+ if ((array = (*e)->NewByteArray(e, len)) != NULL)
+ (*e)->SetByteArrayRegion(e, array, 0, len,
+ (jbyte *)(&session->session_id[0]));
+ }
}
- return array;
+ break;
+ default:
+ tcn_ThrowAPRException(e, APR_EINVAL);
+ break;
}
- else
- return NULL;
+
+ return array;
}
+TCN_IMPLEMENT_CALL(jstring, SSLSocket, getInfoS)(TCN_STDARGS, jlong sock,
+ jint what)
+{
+ tcn_ssl_conn_t *s = J2P(sock, tcn_ssl_conn_t *);
+ jstring value = NULL;
+
+ UNREFERENCED(o);
+ TCN_ASSERT(sock != 0);
+
+ switch (what) {
+ case SSL_INFO_SESSION_ID:
+ {
+ SSL_SESSION *session = SSL_get_session(s->ssl);
+ if (session) {
+ char *hs = convert_to_hex(&session->session_id[0],
+ session->session_id_length);
+ if (hs) {
+ value = tcn_new_string(e, hs, -1);
+ free(hs);
+ }
+ }
+ }
+ break;
+ default:
+ tcn_ThrowAPRException(e, APR_EINVAL);
+ break;
+ }
+
+ return value;
+}
+
+TCN_IMPLEMENT_CALL(jint, SSLSocket, getInfoI)(TCN_STDARGS, jlong sock,
+ jint what)
+{
+ tcn_ssl_conn_t *s = J2P(sock, tcn_ssl_conn_t *);
+ jint value = -1;
+
+ UNREFERENCED(o);
+ TCN_ASSERT(sock != 0);
+
+ switch (what) {
+ case SSL_INFO_CIPHER_USEKEYSIZE:
+ case SSL_INFO_CIPHER_ALGKEYSIZE:
+ {
+ int usekeysize = 0;
+ int algkeysize = 0;
+ SSL_CIPHER *cipher = SSL_get_current_cipher(s->ssl);
+ if (cipher) {
+ usekeysize = SSL_CIPHER_get_bits(cipher, &algkeysize);
+ if (what == SSL_INFO_CIPHER_USEKEYSIZE)
+ value = usekeysize;
+ else
+ value = algkeysize;
+ }
+ }
+ break;
+ default:
+ tcn_ThrowAPRException(e, APR_EINVAL);
+ break;
+ }
+
+ return value;
+}
#else
/* OpenSSL is not supported
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
