Author: mturk
Date: Sat Sep 24 16:31:45 2011
New Revision: 1175192
URL: http://svn.apache.org/viewvc?rev=1175192&view=rev
Log:
Add support to load the key via engine
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSL.java
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java
commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSL.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSL.java?rev=1175192&r1=1175191&r2=1175192&view=diff
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSL.java
(original)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSL.java
Sat Sep 24 16:31:45 2011
@@ -46,6 +46,13 @@ public final class SSL
private static native void fipsmode0(boolean enable)
throws UnsupportedOperationException;
+ private static final int HAS_FIPS = 1;
+ private static final int HAS_OCSP = 2;
+ private static final int HAS_OCSP_STAPLING = 3;
+ private static final int HAS_TLSEXT = 4;
+
+ private static native boolean has0(int what);
+
public static void initialize()
throws SystemException
{
@@ -66,16 +73,34 @@ public final class SSL
}
}
- public static native boolean hasFipsMode();
+ public static boolean hasFIPS()
+ {
+ return has0(HAS_FIPS);
+ }
+
+ public static boolean hasOCSP()
+ {
+ return has0(HAS_OCSP);
+ }
+
+ public static boolean hasOCSPStapling()
+ {
+ return has0(HAS_OCSP_STAPLING);
+ }
+
+ public static boolean hasTLSExtensions()
+ {
+ return has0(HAS_TLSEXT);
+ }
- public static void enableFipsMode(boolean enable)
+ public static void enableFIPSMode(boolean enable)
throws RuntimeException,
UnsupportedOperationException
{
synchronized(lock) {
if (!inited)
throw new RuntimeException(Local.sm.get("openssl.EINIT"));
- if (!hasFipsMode())
+ if (!hasFIPS())
throw new
UnsupportedOperationException(Local.sm.get("fips.ENOTIMPL"));
fipsmode0(enable);
}
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java?rev=1175192&r1=1175191&r2=1175192&view=diff
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java
(original)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLKey.java
Sat Sep 24 16:31:45 2011
@@ -33,6 +33,8 @@ public final class SSLKey extends Native
throws SSLCannotDecryptException, SSLInvalidKeyException;
private static native long load1(String file, int format, String password)
throws SSLCannotDecryptException, SSLInvalidKeyException;
+ private static native long load2(long engine, String id, String password)
+ throws SSLCannotDecryptException, SSLInvalidKeyException;
private static native void free0(long key);
/**
@@ -100,6 +102,22 @@ public final class SSLKey extends Native
load(file, SSLKeyFormat.PEM);
}
+ public void load(SSLEngine engine, String id, String password)
+ throws IllegalStateException,
+ SSLCannotDecryptException,
+ SSLInvalidKeyException
+ {
+ if (super.pointer != 0L) {
+ // Already loaded
+ throw new IllegalStateException();
+ }
+ long ep = ((NativePointer)engine).pointer;
+ if (ep == 0L)
+ throw new NullPointerException();
+ super.pointer = load2(ep, id, password);
+ this.format = SSLKeyFormat.UNDEF;
+ }
+
public SSLKeyFormat getFormat()
{
return format;
Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1175192&r1=1175191&r2=1175192&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Sat Sep 24
16:31:45 2011
@@ -313,9 +313,10 @@ typedef struct ssl_obj_t {
/* Default password callback that
- * directly prompts the console
+ * does no propts.
*/
extern ssl_pass_cb_t *acr_ssl_password_cb;
+extern UI_METHOD *acr_ssl_password_ui;
typedef struct acr_ssl_srv_t acr_ssl_srv_t;
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c?rev=1175192&r1=1175191&r2=1175192&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c Sat Sep
24 16:31:45 2011
@@ -329,7 +329,7 @@ static int bio_j_gets(BIO *bi, char *in,
static BIO_METHOD bio_j_methods = {
BIO_TYPE_FILE,
- "Java OpenSSL BIO",
+ "ACR OpenSSL BIO",
bio_j_write,
bio_j_read,
bio_j_puts,
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c?rev=1175192&r1=1175191&r2=1175192&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c Sat
Sep 24 16:31:45 2011
@@ -237,15 +237,43 @@ ACR_SSL_EXPORT(jint, SSL, init0)(JNI_STD
return 0;
}
-ACR_SSL_EXPORT(jboolean, SSL, hasFipsMode)(JNI_STDARGS)
+#define ACR_SSL_HAS_FIPS 1
+#define ACR_SSL_HAS_OCSP 2
+#define ACR_SSL_HAS_OCSP_STAPLING 3
+#define ACR_SSL_HAS_TLSEXT 4
+
+ACR_SSL_EXPORT(jboolean, SSL, has0)(JNI_STDARGS, jint what)
{
+ jboolean rv = JNI_FALSE;
+
+ switch(what) {
+ case ACR_SSL_HAS_FIPS:
#if defined(OPENSSL_FIPS)
- return JNI_TRUE;
-#else
- return JNI_FALSE;
+ rv = JNI_TRUE;
+#endif
+ break;
+ case ACR_SSL_HAS_OCSP:
+#if !defined(OPENSSL_NO_OCSP)
+ rv = JNI_TRUE;
#endif
+ break;
+ case ACR_SSL_HAS_OCSP_STAPLING:
+#if defined(HAVE_OCSP_STAPLING)
+ rv = JNI_TRUE;
+#endif
+ break;
+ case ACR_SSL_HAS_TLSEXT:
+#if !defined(OPENSSL_NO_TLSEXT)
+ rv = JNI_TRUE;
+#endif
+ break;
+ default:
+ break;
+ }
+ return rv;
}
+
ACR_SSL_EXPORT(jstring, SSL, errstr0)(JNI_STDARGS, jint err)
{
char buf[256] = "";
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c?rev=1175192&r1=1175191&r2=1175192&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c Sat Sep
24 16:31:45 2011
@@ -34,10 +34,8 @@ static EVP_PKEY *load_key(ssl_pass_cb_t
if ((bio = BIO_new(BIO_s_file())) == 0)
return 0;
- if (BIO_read_filename(bio, file) <= 0) {
- BIO_free(bio);
- return 0;
- }
+ if (BIO_read_filename(bio, file) <= 0)
+ goto finished;
if (password_callback != 0) {
if (desc != 0)
password_callback->desc = desc;
@@ -70,6 +68,7 @@ static EVP_PKEY *load_key(ssl_pass_cb_t
else {
/* TODO: Setup unsupported error */
}
+finished:
BIO_free(bio);
return key;
}
@@ -127,6 +126,41 @@ ACR_SSL_EXPORT(jlong, SSLKey, load1)(JNI
return P2J(ssl_obj_new(env, ACR_SSL_OBJ_EVP_PKEY, key));
}
+ACR_SSL_EXPORT(jlong, SSLKey, load2)(JNI_STDARGS, jlong ep,
+ jstring id,
+ jstring password)
+{
+#ifndef OPENSSL_NO_ENGINE
+ ssl_pass_cb_t cb = { 0, -1, 0, 0 };
+ EVP_PKEY *key = 0;
+
+ WITH_CSTR(id) {
+ WITH_CSTR(password) {
+ cb.desc = J2S(id);
+ if (J2S(password) != 0) {
+ cb.password = J2S(password);
+ cb.password_len = strlen(J2S(password));
+ }
+ key = ENGINE_load_private_key(J2P(ep, ENGINE *), J2S(id),
+ acr_ssl_password_ui, &cb);
+ /* Load key */
+ if (key == 0) {
+ int reason = ERR_GET_REASON(ERR_peek_error());
+ if (reason == EVP_R_BAD_DECRYPT)
+ ssl_throw_errno(env, ACR_EX_ESSLBADDEC);
+ else
+ ssl_throw_errno(env, ACR_EX_ESSLBADKEY);
+ }
+ } DONE_WITH_STR(password);
+ } DONE_WITH_STR(id);
+
+ return P2J(ssl_obj_new(env, ACR_SSL_OBJ_EVP_PKEY, key));
+#else
+ ACR_THROW(ACR_EX_ENOTIMPL, 0);
+ return 0;
+#endif
+}
+
ACR_SSL_EXPORT(void, SSLKey, free0)(JNI_STDARGS, jlong key)
{
ssl_obj_release(J2P(key, void *));
Modified:
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c?rev=1175192&r1=1175191&r2=1175192&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c
Sat Sep 24 16:31:45 2011
@@ -28,6 +28,7 @@
/* Global password callback */
ssl_pass_cb_t *acr_ssl_password_cb = 0;
+UI_METHOD *acr_ssl_password_ui = 0;
int ssl_no_password_callback(char *buf, int bufsiz, int verify, void *cb)
{
@@ -81,6 +82,71 @@ int ssl_password_set(ssl_pass_cb_t *pcb,
return 0;
}
+static int ui_open(UI *ui)
+{
+ return UI_method_get_opener(UI_OpenSSL())(ui);
+}
+static int ui_read(UI *ui, UI_STRING *uis)
+{
+ if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD &&
+ UI_get0_user_data(ui) != 0) {
+ switch(UI_get_string_type(uis)) {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ {
+ const char *password = ((ssl_pass_cb_t
*)UI_get0_user_data(ui))->password;
+ if (password != 0 && password[0] != '\0') {
+ UI_set_result(ui, uis, password);
+ return 1;
+ }
+ }
+ default:
+ break;
+ }
+ }
+ return UI_method_get_reader(UI_OpenSSL())(ui, uis);
+}
+
+static int ui_write(UI *ui, UI_STRING *uis)
+{
+ if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD &&
+ UI_get0_user_data(ui) != 0) {
+ switch(UI_get_string_type(uis)) {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ {
+ const char *password = ((ssl_pass_cb_t
*)UI_get0_user_data(ui))->password;
+ if (password != 0 && password[0] != '\0')
+ return 1;
+ }
+ default:
+ break;
+ }
+ }
+ return UI_method_get_writer(UI_OpenSSL())(ui, uis);
+}
+
+static int ui_close(UI *ui)
+{
+ return UI_method_get_closer(UI_OpenSSL())(ui);
+}
+
+void ssl_setup_ui_method()
+{
+ acr_ssl_password_ui = UI_create_method("ACR OpenSSL user interface");
+ UI_method_set_opener(acr_ssl_password_ui, ui_open);
+ UI_method_set_reader(acr_ssl_password_ui, ui_read);
+ UI_method_set_writer(acr_ssl_password_ui, ui_write);
+ UI_method_set_closer(acr_ssl_password_ui, ui_close);
+}
+
+void ssl_destroy_ui_method()
+{
+ if(acr_ssl_password_ui != 0) {
+ UI_destroy_method(acr_ssl_password_ui);
+ acr_ssl_password_ui = 0;
+ }
+}
ACR_SSL_EXPORT(jlong, PasswordCallback, new0)(JNI_STDARGS)
{
