Author: rjung Date: Tue Feb 5 14:32:10 2013 New Revision: 1442608 URL: http://svn.apache.org/viewvc?rev=1442608&view=rev Log: Port all changes to jni java classes from TC 7:
= r815418 | markt | 2009-09-15 19:50:54 +0200 (Tue, 15 Sep 2009) | 4 lines Fix Tomcat side of https://issues.apache.org/bugzilla/show_bug.cgi?id=46950 - adds new setVerify() method - uses it before renegotiation to change the cert verification level for the connection - increments minimum tc native version to 1.1.17 as it requires the new setVerify() method = r832198 | rjung | 2009-11-03 00:34:48 +0100 (Tue, 03 Nov 2009) | 2 lines Trivial typo fix in comment. = r1001939 | markt | 2010-09-28 00:29:30 +0200 (Tue, 28 Sep 2010) | 2 lines Remaining fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=48644 Some Throwables must always be re-thrown = r1033916 | markt | 2010-11-11 13:41:54 +0100 (Thu, 11 Nov 2010) | 1 line Clean-up = r1043103 | markt | 2010-12-07 16:40:06 +0100 (Tue, 07 Dec 2010) | 1 line Fix modifier order in org.apache.tomcat.* = r1044729 | markt | 2010-12-11 22:48:22 +0100 (Sat, 11 Dec 2010) | 2 lines o.a.tomcat.jni should not have any external dependencies OK for o.a.naming to have dependencies = r1078522 | markt | 2011-03-06 18:35:12 +0100 (Sun, 06 Mar 2011) | 1 line Make more efficient / fix FindBugs nag = r1145209 | rjung | 2011-07-11 17:44:10 +0200 (Mon, 11 Jul 2011) | 13 lines BZ 51477: Support all SSL protocol combinations in the APR/native connector. This only works when using the native library version 1.1.21 or later which is not yet released. Older tcnative versions will use an unchanged config parser. Otherwise non-supported protocol combinations would be unnoticed. For easier review of the changes in AprEndpoint use "svn -x -w" to ignore white space. = r1145285 | kkolinko | 2011-07-11 20:40:48 +0200 (Mon, 11 Jul 2011) | 4 lines Followup to r1145209 Do not expose TCN_FULL_VERSION as a public constant, but calculate it when needed. Using this way it will be easier to throw away the code in AprEndpoint when it becomes unneeded. I do not mind reintroducing the constant if it were used in two or more places. = r1149092 | jfclere | 2011-07-21 11:40:03 +0200 (Thu, 21 Jul 2011) | 5 lines Fix for 51056. remove SSLv2 from all. Needs native 1.1.21. Now to allow SSLv2 you have to use: SSLProtocol="SSLv2+SSLv3" for example. = r1199985 | schultz | 2011-11-09 22:43:23 +0100 (Wed, 09 Nov 2011) | 3 lines Fixed bug #50570 - Allow explicit use of FIPS mode in APR lifecycle listener - Added "FIPSMode" attribute to AprLifecycleListener that causes OpenSSL to go into FIPS mode = r1200164 | kkolinko | 2011-11-10 06:46:02 +0100 (Thu, 10 Nov 2011) | 5 lines Merging revision 1187781 from tomcat/trunk: Whitespace removal from /java/org/apache/tomcat I won't merge all of it (as it spans bcel etc.), but only our code. Part 1. = r1349932 | markt | 2012-06-13 17:59:02 +0200 (Wed, 13 Jun 2012) | 1 line Add per socket timeout to JNI API = r1434887 | schultz | 2013-01-17 21:13:27 +0100 (Thu, 17 Jan 2013) | 5 lines Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=54324 Allow APR connector to disable TLS compression if OpenSSL supports it. = r1435769 | markt | 2013-01-20 01:09:48 +0100 (Sun, 20 Jan 2013) | 1 line Fix broken Javadoc Modified: tomcat/native/branches/1.1.x/ (props changed) tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Directory.java tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Error.java tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/File.java tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Library.java tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Poll.java tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSL.java tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSLSocket.java Propchange: tomcat/native/branches/1.1.x/ ------------------------------------------------------------------------------ Merged /tomcat/trunk:r815418,832198,1001939,1033916,1043103,1044729,1078522,1145209,1145285,1149092 Merged /tomcat/tc7.0.x/trunk:r1199985,1200164,1349932,1434887,1435769 Modified: tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Directory.java URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Directory.java?rev=1442608&r1=1442607&r2=1442608&view=diff ============================================================================== --- tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Directory.java (original) +++ tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Directory.java Tue Feb 5 14:32:10 2013 @@ -53,7 +53,7 @@ public class Directory { * Find an existing directory suitable as a temporary storage location. * @param pool The pool to use for any necessary allocations. * @return The temp directory. - * + * * This function uses an algorithm to search for a directory that an * an application can use for temporary storage. Once such a * directory is found, that location is cached by the library. Thus, Modified: tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Error.java URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Error.java?rev=1442608&r1=1442607&r2=1442608&view=diff ============================================================================== --- tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Error.java (original) +++ tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Error.java Tue Feb 5 14:32:10 2013 @@ -25,6 +25,8 @@ package org.apache.tomcat.jni; public class Error extends Exception { + private static final long serialVersionUID = 1L; + /** * APR error type. */ @@ -43,7 +45,7 @@ public class Error extends Exception { */ private Error(int error, String description) { - super(description); + super(error + ": " + description); this.error = error; this.description = description; } Modified: tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/File.java URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/File.java?rev=1442608&r1=1442607&r2=1442608&view=diff ============================================================================== --- tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/File.java (original) +++ tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/File.java Tue Feb 5 14:32:10 2013 @@ -242,7 +242,7 @@ public class File { * APR_CREATE | APR_READ | APR_WRITE | APR_EXCL | APR_DELONCLOSE * @param pool The pool to allocate the file out of. * @return The apr file to use as a temporary file. - * + * * This function generates a unique temporary file name from template. * The last six characters of template must be XXXXXX and these are replaced * with a string that makes the filename unique. Since it will be modified, Modified: tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Library.java URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Library.java?rev=1442608&r1=1442607&r2=1442608&view=diff ============================================================================== --- tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Library.java (original) +++ tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Library.java Tue Feb 5 14:32:10 2013 @@ -30,19 +30,25 @@ public final class Library { /* * A handle to the unique Library singleton instance. */ - static private Library _instance = null; + private static Library _instance = null; private Library() throws Exception { boolean loaded = false; - String err = ""; + StringBuilder err = new StringBuilder(); for (int i = 0; i < NAMES.length; i++) { try { System.loadLibrary(NAMES[i]); loaded = true; } - catch (Throwable e) { + catch (Throwable t) { + if (t instanceof ThreadDeath) { + throw (ThreadDeath) t; + } + if (t instanceof VirtualMachineError) { + throw (VirtualMachineError) t; + } String name = System.mapLibraryName(NAMES[i]); String path = System.getProperty("java.library.path"); String sep = System.getProperty("path.separator"); @@ -50,21 +56,21 @@ public final class Library { for (int j=0; j<paths.length; j++) { java.io.File fd = new java.io.File(paths[j] , name); if (fd.exists()) { - e.printStackTrace(); + t.printStackTrace(); } } if ( i > 0) - err += ", "; - err += e.getMessage(); + err.append(", "); + err.append(t.getMessage()); } if (loaded) break; } if (!loaded) { - err += "("; - err += System.getProperty("java.library.path"); - err += ")"; - throw new UnsatisfiedLinkError(err); + err.append('('); + err.append(System.getProperty("java.library.path")); + err.append(')'); + throw new UnsatisfiedLinkError(err.toString()); } } @@ -160,7 +166,7 @@ public final class Library { * called for any APR library. * @param libraryName the name of the library to load */ - static public boolean initialize(String libraryName) + public static boolean initialize(String libraryName) throws Exception { if (_instance == null) { Modified: tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Poll.java URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Poll.java?rev=1442608&r1=1442607&r2=1442608&view=diff ============================================================================== --- tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Poll.java (original) +++ tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Poll.java Tue Feb 5 14:32:10 2013 @@ -73,11 +73,8 @@ public class Poll { public static native int destroy(long pollset); /** - * Add a socket or to a pollset - * If you set client_data in the descriptor, that value - * will be returned in the client_data field whenever this - * descriptor is signaled in apr_pollset_poll(). - * @param pollset The pollset to which to add the descriptor + * Add a socket to a pollset with the default timeout. + * @param pollset The pollset to which to add the socket * @param sock The sockets to add * @param reqevents requested events */ @@ -85,6 +82,16 @@ public class Poll { int reqevents); /** + * Add a socket to a pollset with a specific timeout. + * @param pollset The pollset to which to add the socket + * @param sock The sockets to add + * @param reqevents requested events + * @param timeout requested timeout in microseconds (-1 for infinite) + */ + public static native int addWithTimeout(long pollset, long sock, + int reqevents, long timeout); + + /** * Remove a descriptor from a pollset * @param pollset The pollset from which to remove the descriptor * @param sock The socket to remove Modified: tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSL.java URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSL.java?rev=1442608&r1=1442607&r2=1442608&view=diff ============================================================================== --- tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSL.java (original) +++ tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSL.java Tue Feb 5 14:32:10 2013 @@ -73,7 +73,7 @@ public final class SSL { public static final int SSL_PROTOCOL_SSLV2 = (1<<0); public static final int SSL_PROTOCOL_SSLV3 = (1<<1); public static final int SSL_PROTOCOL_TLSV1 = (1<<2); - public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1); + public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1); /* * Define the SSL verify levels @@ -115,6 +115,8 @@ public final class SSL { public static final int SSL_OP_ALL = 0x00000FFF; /* As server, disallow session resumption on renegotiation */ public static final int SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00010000; + /* Don't use compression even if supported */ + public static final int SSL_OP_NO_COMPRESSION = 0x00020000; /* Permit unsafe legacy renegotiation */ public static final int SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION = 0x00040000; /* If set, always create a new key when using tmp_eddh parameters */ @@ -230,6 +232,15 @@ public final class SSL { public static native int initialize(String engine); /** + * Enable/Disable FIPS Mode. + * + * @param mode 1 - enable, 0 - disable + * + * @return FIPS_mode_set return code + */ + public static native int fipsModeSet(int mode); + + /** * Add content of the file to the PRNG * @param filename Filename containing random data. * If null the default file will be tested. @@ -330,21 +341,16 @@ public final class SSL { public static native String getLastError(); /** - * Return true if SSL_OP_ was defined at compile time. - * <p> - * In Tomcat Native 1.1.21 - 1.1.24 this method can be used to test whether - * the SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is supported by OpenSSL. - * Calling it with any other SSL_OP flag returns false. - * <p> - * Since Tomcat Native 1.1.25 this method can be used with any SSL_OP flag - * and with any or'ed combination of SSL_OP flags to test that all of the - * flags were defined at compile time. It returns true if all of the flags - * specified by <code>op</code> were defined, and false otherwise. - * @param op SSL_OP to test. - * @return true if SSL_OP is supported by OpenSSL library. - * @since Tomcat Native 1.1.21 + * Return true if all the requested SSL_OP_* are supported by OpenSSL. + * + * <i>Note that for versions of tcnative < 1.1.25, this method will + * return <code>true</code> if and only if <code>op</code>= + * {@link #SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION} and tcnative + * supports that flag.</i> + * + * @param op Bitwise-OR of all SSL_OP_* to test. + * + * @return true if all SSL_OP_* are supported by OpenSSL library. */ public static native boolean hasOp(int op); - } - Modified: tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSLSocket.java URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSLSocket.java?rev=1442608&r1=1442607&r2=1442608&view=diff ============================================================================== --- tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSLSocket.java (original) +++ tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSLSocket.java Tue Feb 5 14:32:10 2013 @@ -57,6 +57,29 @@ public class SSLSocket { public static native int renegotiate(long thesocket); /** + * Set Type of Client Certificate verification and Maximum depth of CA + * Certificates in Client Certificate verification. + * <br /> + * This is used to change the verification level for a connection prior to + * starting a re-negotiation. + * <br /> + * The following levels are available for level: + * <PRE> + * SSL_CVERIFY_NONE - No client Certificate is required at all + * SSL_CVERIFY_OPTIONAL - The client may present a valid Certificate + * SSL_CVERIFY_REQUIRE - The client has to present a valid + * Certificate + * SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate + * but it need not to be (successfully) + * verifiable + * </PRE> + * <br /> + * @param sock The socket to change. + * @param level Type of Client Certificate verification. + */ + public static native void setVerify(long sock, int level, int depth); + + /** * Return SSL Info parameter as byte array. * * @param sock The socket to read the data from. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
