Author: mturk
Date: Sat Oct 22 09:33:21 2011
New Revision: 1187679
URL: http://svn.apache.org/viewvc?rev=1187679&view=rev
Log:
Add useCertificate method
Added:
commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSLCtx.java
(with props)
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties?rev=1187679&r1=1187678&r2=1187679&view=diff
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties
(original)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties
Sat Oct 22 09:33:21 2011
@@ -20,5 +20,6 @@ password.PROMPT=Some of your private key
\nIn order to read them you have to provide the pass phrases.\
\nEnter password :
sslctx.ENOCRLLOC=At least one of CARevocationFile or CARevocationPath must be
configured
+sslctx.EMISSMATCH=Private key does not match the certificate public key
store.ENOTREG=File '{0}' does not exist or is empty
store.ENOTDIR=Path '{0}' is not directory
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java?rev=1187679&r1=1187678&r2=1187679&view=diff
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
(original)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
Sat Oct 22 09:33:21 2011
@@ -54,6 +54,8 @@ public final class SSLContext extends SS
throws SSLException;
private static native void addcrlstore0(long ctx, String file, String
path)
throws SSLException;
+ private static native boolean usecert0(long ctx, long crt, long key)
+ throws SSLException;
private SSLContext()
{
@@ -239,6 +241,8 @@ public final class SSLContext extends SS
public synchronized void dispose()
throws IllegalStateException
{
+ if (super.pointer == 0L)
+ throw new ObjectNotInitializedException();
for (int i = 0; i < keys.length; i++) {
if (keys[i] != null) {
keys[i].dispose();
@@ -255,5 +259,24 @@ public final class SSLContext extends SS
}
}
+ public synchronized void useCertificate(SSLCertificate crt, SSLKey key)
+ throws IllegalStateException,
+ ObjectNotInitializedException,
+ SSLException
+ {
+ if (super.pointer == 0L)
+ throw new ObjectNotInitializedException();
+ for (int i = 0; i < cert.length; i++) {
+ if (cert[i] == null) {
+ if (!usecert0(super.pointer, ((SSLObject)crt).pointer,
((SSLObject)key).pointer))
+ throw new SSLException(Local.sm.get("sslctx.EMISSMATCH"));
+ cert[i] = crt;
+ keys[i] = key;
+ return;
+ }
+ }
+ throw new IllegalStateException();
+ }
+
}
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c?rev=1187679&r1=1187678&r2=1187679&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c Sat Oct
22 09:33:21 2011
@@ -183,7 +183,10 @@ struct SSLAPIst {
void (*fpSSL_CTX_set_verify)(SSL_CTX *, int, int (*)(int,
X509_STORE_CTX *));
int (*fpSSL_CTX_set_generate_session_id)(SSL_CTX *,
GEN_SESSION_CB);
void (*fpSSL_CTX_set_quiet_shutdown)(SSL_CTX *, int);
-
+ int (*fpSSL_CTX_use_PrivateKey)(SSL_CTX *, EVP_PKEY *);
+ int (*fpSSL_CTX_use_certificate)(SSL_CTX *, X509 *);
+ int (*fpSSL_CTX_check_private_key)(const SSL_CTX *);
+
/*** SSL ***/
void* (*fpSSL_get_ex_data)(const SSL *, int);
int (*fpSSL_get_ex_new_index)(long, void *, CRYPTO_EX_new
*, CRYPTO_EX_dup *, CRYPTO_EX_free *);
@@ -356,6 +359,9 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
LIBSSL_FPLOAD(SSL_CTX_set_verify);
LIBSSL_FPLOAD(SSL_CTX_set_generate_session_id);
LIBSSL_FPLOAD(SSL_CTX_set_quiet_shutdown);
+ LIBSSL_FPLOAD(SSL_CTX_use_PrivateKey);
+ LIBSSL_FPLOAD(SSL_CTX_use_certificate);
+ LIBSSL_FPLOAD(SSL_CTX_check_private_key);
/*** BIO ***/
CRYPTO_FPLOAD(BIO_ctrl);
@@ -998,6 +1004,22 @@ void SSL_CTX_set_quiet_shutdown(SSL_CTX
SSLAPI_CALL(SSL_CTX_set_quiet_shutdown)(ctx, mode);
}
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
+{
+ return SSLAPI_CALL(SSL_CTX_use_PrivateKey)(ctx, pkey);
+}
+
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
+{
+ return SSLAPI_CALL(SSL_CTX_use_certificate)(ctx, x);
+}
+
+int SSL_CTX_check_private_key(const SSL_CTX *ctx)
+{
+ return SSLAPI_CALL(SSL_CTX_check_private_key)(ctx);
+}
+
+
void *SSL_get_ex_data(const SSL *ssl, int idx)
{
return SSLAPI_CALL(SSL_get_ex_data)(ssl, idx);
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1187679&r1=1187678&r2=1187679&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Sat Oct
22 09:33:21 2011
@@ -195,7 +195,7 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
#endif
break;
case SSL_PROTOCOL_SSLV3:
- m = SSLv3_server_method();
+ m = SSLv3_server_method();
break;
case SSL_PROTOCOL_SSLV23:
m = SSLv23_server_method();
@@ -252,7 +252,7 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
default:
break;
}
- if (m == 0 || (c->ctx == SSL_CTX_new(m)) == 0) {
+ if (m == 0 || (c->ctx = SSL_CTX_new(m)) == 0) {
AcrFree(c);
ACR_THROW(ACR_EX_ENOTIMPL, 0);
return 0;
@@ -473,3 +473,23 @@ ACR_SSL_EXPORT(void, SSLContext, setscac
SSL_CTX_sess_set_cache_size(c->ctx, size);
}
+ACR_SSL_EXPORT(jboolean, SSLContext, usecert0)(JNI_STDARGS, jlong ctx,
+ jlong crt, jlong key)
+{
+ acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
+ ssl_obj_t *cert = J2P(crt, ssl_obj_t *);
+ ssl_obj_t *pkey = J2P(key, ssl_obj_t *);
+
+ if (SSL_CTX_use_certificate(c->ctx, cert->u.x509) <= 0) {
+ ssl_throw_errno(env, ACR_EX_ESSL);
+ return JNI_FALSE;
+ }
+ if (SSL_CTX_use_PrivateKey(c->ctx, pkey->u.pkey) <= 0) {
+ ssl_throw_errno(env, ACR_EX_ESSL);
+ return JNI_FALSE;
+ }
+ if (SSL_CTX_check_private_key(c->ctx) == 0)
+ return JNI_FALSE;
+ else
+ return JNI_TRUE;
+}
Added:
commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSLCtx.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSLCtx.java?rev=1187679&view=auto
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSLCtx.java
(added)
+++
commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSLCtx.java
Sat Oct 22 09:33:21 2011
@@ -0,0 +1,46 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.runtime.ssl;
+
+import org.testng.annotations.*;
+import org.testng.Assert;
+import java.io.IOException;
+import java.io.File;
+import java.nio.ByteBuffer;
+import org.apache.commons.runtime.Native;
+
+public class TestSSLCtx extends Assert
+{
+
+ private static final String pkey = "certificates/localhost.key";
+ private static final String cert = "certificates/localhost.crt";
+
+ @Test(groups = { "openssl" })
+ public void simpleInit()
+ throws Exception
+ {
+ SSLKey key = new SSLKey("Demo key");
+ key.load(pkey, SSLKeyFormat.PEM, "secret");
+ SSLCertificate crt = new SSLCertificate("Demo certificate");
+ crt.load(cert);
+
+ SSLContext ctx = new SSLContext(SSLProtocolMethod.SSLv23,
SSLProtocolMode.SERVER);
+ ctx.useCertificate(crt, key);
+ }
+
+
+}
Propchange:
commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestSSLCtx.java
------------------------------------------------------------------------------
svn:eol-style = native
