OLD | NEW |
| (Empty) |
1 /* | |
2 * Licensed to the Apache Software Foundation (ASF) under one or more | |
3 * contributor license agreements. See the NOTICE file distributed with | |
4 * this work for additional information regarding copyright ownership. | |
5 * The ASF licenses this file to You under the Apache License, Version 2.0 | |
6 * (the "License"); you may not use this file except in compliance with | |
7 * the License. You may obtain a copy of the License at | |
8 * | |
9 * http://www.apache.org/licenses/LICENSE-2.0 | |
10 * | |
11 * Unless required by applicable law or agreed to in writing, software | |
12 * distributed under the License is distributed on an "AS IS" BASIS, | |
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
14 * See the License for the specific language governing permissions and | |
15 * limitations under the License. | |
16 */ | |
17 package org.apache.tomcat.jni; | |
18 | |
19 /** SSL | |
20 * | |
21 * @author Mladen Turk | |
22 */ | |
23 public final class SSL { | |
24 | |
25 /* | |
26 * Type definitions mostly from mod_ssl | |
27 */ | |
28 public static final int UNSET = -1; | |
29 /* | |
30 * Define the certificate algorithm types | |
31 */ | |
32 public static final int SSL_ALGO_UNKNOWN = 0; | |
33 public static final int SSL_ALGO_RSA = (1<<0); | |
34 public static final int SSL_ALGO_DSA = (1<<1); | |
35 public static final int SSL_ALGO_ALL = (SSL_ALGO_RSA|SSL_ALGO_DSA); | |
36 | |
37 public static final int SSL_AIDX_RSA = 0; | |
38 public static final int SSL_AIDX_DSA = 1; | |
39 public static final int SSL_AIDX_MAX = 2; | |
40 /* | |
41 * Define IDs for the temporary RSA keys and DH params | |
42 */ | |
43 | |
44 public static final int SSL_TMP_KEY_RSA_512 = 0; | |
45 public static final int SSL_TMP_KEY_RSA_1024 = 1; | |
46 public static final int SSL_TMP_KEY_RSA_2048 = 2; | |
47 public static final int SSL_TMP_KEY_RSA_4096 = 3; | |
48 public static final int SSL_TMP_KEY_DH_512 = 4; | |
49 public static final int SSL_TMP_KEY_DH_1024 = 5; | |
50 public static final int SSL_TMP_KEY_DH_2048 = 6; | |
51 public static final int SSL_TMP_KEY_DH_4096 = 7; | |
52 public static final int SSL_TMP_KEY_MAX = 8; | |
53 | |
54 /* | |
55 * Define the SSL options | |
56 */ | |
57 public static final int SSL_OPT_NONE = 0; | |
58 public static final int SSL_OPT_RELSET = (1<<0); | |
59 public static final int SSL_OPT_STDENVVARS = (1<<1); | |
60 public static final int SSL_OPT_EXPORTCERTDATA = (1<<3); | |
61 public static final int SSL_OPT_FAKEBASICAUTH = (1<<4); | |
62 public static final int SSL_OPT_STRICTREQUIRE = (1<<5); | |
63 public static final int SSL_OPT_OPTRENEGOTIATE = (1<<6); | |
64 public static final int SSL_OPT_ALL = (SSL_OPT_STDENVVARS|SSL_OPT
_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIA
TE); | |
65 | |
66 /* | |
67 * Define the SSL Protocol options | |
68 */ | |
69 public static final int SSL_PROTOCOL_NONE = 0; | |
70 public static final int SSL_PROTOCOL_SSLV2 = (1<<0); | |
71 public static final int SSL_PROTOCOL_SSLV3 = (1<<1); | |
72 public static final int SSL_PROTOCOL_TLSV1 = (1<<2); | |
73 public static final int SSL_PROTOCOL_TLSV1_1 = (1<<3); | |
74 public static final int SSL_PROTOCOL_TLSV1_2 = (1<<4); | |
75 public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_TLSV1 | SSL_PROTO
COL_TLSV1_1 | SSL_PROTOCOL_TLSV1_2); | |
76 | |
77 /* | |
78 * Define the SSL verify levels | |
79 */ | |
80 public static final int SSL_CVERIFY_UNSET = UNSET; | |
81 public static final int SSL_CVERIFY_NONE = 0; | |
82 public static final int SSL_CVERIFY_OPTIONAL = 1; | |
83 public static final int SSL_CVERIFY_REQUIRE = 2; | |
84 public static final int SSL_CVERIFY_OPTIONAL_NO_CA = 3; | |
85 | |
86 /* Use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options | |
87 * are 'ored' with SSL_VERIFY_PEER if they are desired | |
88 */ | |
89 public static final int SSL_VERIFY_NONE = 0; | |
90 public static final int SSL_VERIFY_PEER = 1; | |
91 public static final int SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2; | |
92 public static final int SSL_VERIFY_CLIENT_ONCE = 4; | |
93 public static final int SSL_VERIFY_PEER_STRICT = (SSL_VERIFY_PEER|S
SL_VERIFY_FAIL_IF_NO_PEER_CERT); | |
94 | |
95 public static final int SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001
; | |
96 public static final int SSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002
; | |
97 public static final int SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 0x00000008
; | |
98 public static final int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 0x00000010
; | |
99 public static final int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000020
; | |
100 public static final int SSL_OP_MSIE_SSLV2_RSA_PADDING = 0x00000040
; | |
101 public static final int SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000080
; | |
102 public static final int SSL_OP_TLS_D5_BUG = 0x00000100
; | |
103 public static final int SSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000200
; | |
104 | |
105 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added | |
106 * in OpenSSL 0.9.6d. Usually (depending on the application protocol) | |
107 * the workaround is not needed. Unfortunately some broken SSL/TLS | |
108 * implementations cannot handle it at all, which is why we include | |
109 * it in SSL_OP_ALL. */ | |
110 public static final int SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00000800
; | |
111 | |
112 /* SSL_OP_ALL: various bug workarounds that should be rather harmless. | |
113 * This used to be 0x000FFFFFL before 0.9.7. */ | |
114 public static final int SSL_OP_ALL = 0x00000FFF
; | |
115 /* As server, disallow session resumption on renegotiation */ | |
116 public static final int SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00
010000; | |
117 /* Don't use compression even if supported */ | |
118 public static final int SSL_OP_NO_COMPRESSION = 0x00
020000; | |
119 /* Permit unsafe legacy renegotiation */ | |
120 public static final int SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION = 0x00
040000; | |
121 /* If set, always create a new key when using tmp_eddh parameters */ | |
122 public static final int SSL_OP_SINGLE_ECDH_USE = 0x00080000
; | |
123 /* If set, always create a new key when using tmp_dh parameters */ | |
124 public static final int SSL_OP_SINGLE_DH_USE = 0x00100000
; | |
125 /* Set to always use the tmp_rsa key when doing RSA operations, | |
126 * even when this violates protocol specs */ | |
127 public static final int SSL_OP_EPHEMERAL_RSA = 0x00200000
; | |
128 /* Set on servers to choose the cipher according to the server's | |
129 * preferences */ | |
130 public static final int SSL_OP_CIPHER_SERVER_PREFERENCE = 0x00400000
; | |
131 /* If set, a server will allow a client to issue a SSLv3.0 version number | |
132 * as latest version supported in the premaster secret, even when TLSv1.0 | |
133 * (version 3.1) was announced in the client hello. Normally this is | |
134 * forbidden to prevent version rollback attacks. */ | |
135 public static final int SSL_OP_TLS_ROLLBACK_BUG = 0x00800000
; | |
136 | |
137 public static final int SSL_OP_NO_SSLv2 = 0x01000000
; | |
138 public static final int SSL_OP_NO_SSLv3 = 0x02000000
; | |
139 public static final int SSL_OP_NO_TLSv1 = 0x04000000
; | |
140 public static final int SSL_OP_NO_TLSv1_2 = 0x08000000
; | |
141 public static final int SSL_OP_NO_TLSv1_1 = 0x10000000
; | |
142 | |
143 public static final int SSL_OP_NO_TICKET = 0x00004000
; | |
144 | |
145 // SSL_OP_PKCS1_CHECK_1 and SSL_OP_PKCS1_CHECK_2 flags are unsupported | |
146 // in the current version of OpenSSL library. See ssl.h changes in commit | |
147 // 7409d7ad517650db332ae528915a570e4e0ab88b (30 Apr 2011) of OpenSSL. | |
148 /** | |
149 * @deprecated Unsupported in the current version of OpenSSL | |
150 */ | |
151 @Deprecated | |
152 public static final int SSL_OP_PKCS1_CHECK_1 = 0x08000000
; | |
153 /** | |
154 * @deprecated Unsupported in the current version of OpenSSL | |
155 */ | |
156 @Deprecated | |
157 public static final int SSL_OP_PKCS1_CHECK_2 = 0x10000000
; | |
158 public static final int SSL_OP_NETSCAPE_CA_DN_BUG = 0x20000000
; | |
159 public static final int SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x40000000
; | |
160 | |
161 public static final int SSL_CRT_FORMAT_UNDEF = 0; | |
162 public static final int SSL_CRT_FORMAT_ASN1 = 1; | |
163 public static final int SSL_CRT_FORMAT_TEXT = 2; | |
164 public static final int SSL_CRT_FORMAT_PEM = 3; | |
165 public static final int SSL_CRT_FORMAT_NETSCAPE = 4; | |
166 public static final int SSL_CRT_FORMAT_PKCS12 = 5; | |
167 public static final int SSL_CRT_FORMAT_SMIME = 6; | |
168 public static final int SSL_CRT_FORMAT_ENGINE = 7; | |
169 | |
170 public static final int SSL_MODE_CLIENT = 0; | |
171 public static final int SSL_MODE_SERVER = 1; | |
172 public static final int SSL_MODE_COMBINED = 2; | |
173 | |
174 public static final int SSL_SHUTDOWN_TYPE_UNSET = 0; | |
175 public static final int SSL_SHUTDOWN_TYPE_STANDARD = 1; | |
176 public static final int SSL_SHUTDOWN_TYPE_UNCLEAN = 2; | |
177 public static final int SSL_SHUTDOWN_TYPE_ACCURATE = 3; | |
178 | |
179 public static final int SSL_INFO_SESSION_ID = 0x0001; | |
180 public static final int SSL_INFO_CIPHER = 0x0002; | |
181 public static final int SSL_INFO_CIPHER_USEKEYSIZE = 0x0003; | |
182 public static final int SSL_INFO_CIPHER_ALGKEYSIZE = 0x0004; | |
183 public static final int SSL_INFO_CIPHER_VERSION = 0x0005; | |
184 public static final int SSL_INFO_CIPHER_DESCRIPTION = 0x0006; | |
185 public static final int SSL_INFO_PROTOCOL = 0x0007; | |
186 | |
187 /* To obtain the CountryName of the Client Certificate Issuer | |
188 * use the SSL_INFO_CLIENT_I_DN + SSL_INFO_DN_COUNTRYNAME | |
189 */ | |
190 public static final int SSL_INFO_CLIENT_S_DN = 0x0010; | |
191 public static final int SSL_INFO_CLIENT_I_DN = 0x0020; | |
192 public static final int SSL_INFO_SERVER_S_DN = 0x0040; | |
193 public static final int SSL_INFO_SERVER_I_DN = 0x0080; | |
194 | |
195 public static final int SSL_INFO_DN_COUNTRYNAME = 0x0001; | |
196 public static final int SSL_INFO_DN_STATEORPROVINCENAME = 0x0002; | |
197 public static final int SSL_INFO_DN_LOCALITYNAME = 0x0003; | |
198 public static final int SSL_INFO_DN_ORGANIZATIONNAME = 0x0004; | |
199 public static final int SSL_INFO_DN_ORGANIZATIONALUNITNAME = 0x0005; | |
200 public static final int SSL_INFO_DN_COMMONNAME = 0x0006; | |
201 public static final int SSL_INFO_DN_TITLE = 0x0007; | |
202 public static final int SSL_INFO_DN_INITIALS = 0x0008; | |
203 public static final int SSL_INFO_DN_GIVENNAME = 0x0009; | |
204 public static final int SSL_INFO_DN_SURNAME = 0x000A; | |
205 public static final int SSL_INFO_DN_DESCRIPTION = 0x000B; | |
206 public static final int SSL_INFO_DN_UNIQUEIDENTIFIER = 0x000C; | |
207 public static final int SSL_INFO_DN_EMAILADDRESS = 0x000D; | |
208 | |
209 public static final int SSL_INFO_CLIENT_M_VERSION = 0x0101; | |
210 public static final int SSL_INFO_CLIENT_M_SERIAL = 0x0102; | |
211 public static final int SSL_INFO_CLIENT_V_START = 0x0103; | |
212 public static final int SSL_INFO_CLIENT_V_END = 0x0104; | |
213 public static final int SSL_INFO_CLIENT_A_SIG = 0x0105; | |
214 public static final int SSL_INFO_CLIENT_A_KEY = 0x0106; | |
215 public static final int SSL_INFO_CLIENT_CERT = 0x0107; | |
216 public static final int SSL_INFO_CLIENT_V_REMAIN = 0x0108; | |
217 | |
218 public static final int SSL_INFO_SERVER_M_VERSION = 0x0201; | |
219 public static final int SSL_INFO_SERVER_M_SERIAL = 0x0202; | |
220 public static final int SSL_INFO_SERVER_V_START = 0x0203; | |
221 public static final int SSL_INFO_SERVER_V_END = 0x0204; | |
222 public static final int SSL_INFO_SERVER_A_SIG = 0x0205; | |
223 public static final int SSL_INFO_SERVER_A_KEY = 0x0206; | |
224 public static final int SSL_INFO_SERVER_CERT = 0x0207; | |
225 /* Return client certificate chain. | |
226 * Add certificate chain number to that flag (0 ... verify depth) | |
227 */ | |
228 public static final int SSL_INFO_CLIENT_CERT_CHAIN = 0x0400; | |
229 | |
230 /* Only support OFF and SERVER for now */ | |
231 public static final long SSL_SESS_CACHE_OFF = 0x0000; | |
232 public static final long SSL_SESS_CACHE_SERVER = 0x0002; | |
233 | |
234 public static final int SSL_SELECTOR_FAILURE_NO_ADVERTISE = 0; | |
235 public static final int SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL = 1; | |
236 | |
237 public static final int SSL_ST_CONNECT = 0x1000; | |
238 public static final int SSL_ST_ACCEPT = 0x2000; | |
239 | |
240 /* Return OpenSSL version number */ | |
241 public static native int version(); | |
242 | |
243 /* Return OpenSSL version string */ | |
244 public static native String versionString(); | |
245 | |
246 /** | |
247 * Initialize OpenSSL support. | |
248 * This function needs to be called once for the | |
249 * lifetime of JVM. Library.init() has to be called before. | |
250 * @param engine Support for external a Crypto Device ("engine"), | |
251 * usually | |
252 * a hardware accelerator card for crypto operations. | |
253 * @return APR status code | |
254 */ | |
255 public static native int initialize(String engine); | |
256 | |
257 /** | |
258 * Get the status of FIPS Mode. | |
259 * | |
260 * @return FIPS_mode return code. It is <code>0</code> if OpenSSL is not | |
261 * in FIPS mode, <code>1</code> if OpenSSL is in FIPS Mode. | |
262 * @throws Exception If tcnative was not compiled with FIPS Mode available. | |
263 * @see <a href="http://wiki.openssl.org/index.php/FIPS_mode%28%29">OpenSSL
method FIPS_mode()</a> | |
264 */ | |
265 public static native int fipsModeGet() throws Exception; | |
266 | |
267 /** | |
268 * Enable/Disable FIPS Mode. | |
269 * | |
270 * @param mode 1 - enable, 0 - disable | |
271 * | |
272 * @return FIPS_mode_set return code | |
273 * @throws Exception If tcnative was not compiled with FIPS Mode available, | |
274 * or if {@code FIPS_mode_set()} call returned an error value. | |
275 * @see <a href="http://wiki.openssl.org/index.php/FIPS_mode_set%28%29">Open
SSL method FIPS_mode_set()</a> | |
276 */ | |
277 public static native int fipsModeSet(int mode) throws Exception; | |
278 | |
279 /** | |
280 * Add content of the file to the PRNG | |
281 * @param filename Filename containing random data. | |
282 * If null the default file will be tested. | |
283 * The seed file is $RANDFILE if that environment variable is | |
284 * set, $HOME/.rnd otherwise. | |
285 * In case both files are unavailable builtin | |
286 * random seed generator is used. | |
287 */ | |
288 public static native boolean randLoad(String filename); | |
289 | |
290 /** | |
291 * Writes a number of random bytes (currently 1024) to | |
292 * file <code>filename</code> which can be used to initialize the PRNG | |
293 * by calling randLoad in a later session. | |
294 * @param filename Filename to save the data | |
295 */ | |
296 public static native boolean randSave(String filename); | |
297 | |
298 /** | |
299 * Creates random data to filename | |
300 * @param filename Filename to save the data | |
301 * @param len The length of random sequence in bytes | |
302 * @param base64 Output the data in Base64 encoded format | |
303 */ | |
304 public static native boolean randMake(String filename, int len, | |
305 boolean base64); | |
306 | |
307 /** | |
308 * Sets global random filename. | |
309 * @param filename Filename to use. | |
310 * If set it will be used for SSL initialization | |
311 * and all contexts where explicitly not set. | |
312 */ | |
313 public static native void randSet(String filename); | |
314 | |
315 /** | |
316 * Initialize new BIO | |
317 * @param pool The pool to use. | |
318 * @param callback BIOCallback to use | |
319 * @return new BIO handle | |
320 */ | |
321 public static native long newBIO(long pool, BIOCallback callback) | |
322 throws Exception; | |
323 | |
324 /** | |
325 * Initialize new in-memory BIO that is located in the secure heap. | |
326 * @return New BIO handle | |
327 */ | |
328 public static native long newMemBIO() throws Exception; | |
329 | |
330 /** | |
331 * Close BIO and dereference callback object | |
332 * @param bio BIO to close and destroy. | |
333 * @return APR Status code | |
334 */ | |
335 public static native int closeBIO(long bio); | |
336 | |
337 /** | |
338 * Set global Password callback for obtaining passwords. | |
339 * @param callback PasswordCallback implementation to use. | |
340 */ | |
341 public static native void setPasswordCallback(PasswordCallback callback); | |
342 | |
343 /** | |
344 * Set global Password for decrypting certificates and keys. | |
345 * @param password Password to use. | |
346 */ | |
347 public static native void setPassword(String password); | |
348 | |
349 /** | |
350 * Generate temporary RSA key. | |
351 * <br> | |
352 * Index can be one of: | |
353 * <PRE> | |
354 * SSL_TMP_KEY_RSA_512 | |
355 * SSL_TMP_KEY_RSA_1024 | |
356 * SSL_TMP_KEY_RSA_2048 | |
357 * SSL_TMP_KEY_RSA_4096 | |
358 * </PRE> | |
359 * By default 512 and 1024 keys are generated on startup. | |
360 * You can use a low priority thread to generate them on the fly. | |
361 * @param idx temporary key index. | |
362 */ | |
363 public static native boolean generateRSATempKey(int idx); | |
364 | |
365 /** | |
366 * Load temporary DSA key from file | |
367 * <br> | |
368 * Index can be one of: | |
369 * <PRE> | |
370 * SSL_TMP_KEY_DH_512 | |
371 * SSL_TMP_KEY_DH_1024 | |
372 * SSL_TMP_KEY_DH_2048 | |
373 * SSL_TMP_KEY_DH_4096 | |
374 * </PRE> | |
375 * @param idx temporary key index. | |
376 * @param file File containing DH params. | |
377 */ | |
378 public static native boolean loadDSATempKey(int idx, String file); | |
379 | |
380 /** | |
381 * Return last SSL error string | |
382 */ | |
383 public static native String getLastError(); | |
384 | |
385 /** | |
386 * Return true if all the requested SSL_OP_* are supported by OpenSSL. | |
387 * | |
388 * <i>Note that for versions of tcnative < 1.1.25, this method will | |
389 * return <code>true</code> if and only if <code>op</code>= | |
390 * {@link #SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION} and tcnative | |
391 * supports that flag.</i> | |
392 * | |
393 * @param op Bitwise-OR of all SSL_OP_* to test. | |
394 * | |
395 * @return true if all SSL_OP_* are supported by OpenSSL library. | |
396 */ | |
397 public static native boolean hasOp(int op); | |
398 | |
399 /* | |
400 * Begin Twitter API additions | |
401 */ | |
402 | |
403 public static final int SSL_SENT_SHUTDOWN = 1; | |
404 public static final int SSL_RECEIVED_SHUTDOWN = 2; | |
405 | |
406 public static final int SSL_ERROR_NONE = 0; | |
407 public static final int SSL_ERROR_SSL = 1; | |
408 public static final int SSL_ERROR_WANT_READ = 2; | |
409 public static final int SSL_ERROR_WANT_WRITE = 3; | |
410 public static final int SSL_ERROR_WANT_X509_LOOKUP = 4; | |
411 public static final int SSL_ERROR_SYSCALL = 5; /* look at error sta
ck/return value/errno */ | |
412 public static final int SSL_ERROR_ZERO_RETURN = 6; | |
413 public static final int SSL_ERROR_WANT_CONNECT = 7; | |
414 public static final int SSL_ERROR_WANT_ACCEPT = 8; | |
415 | |
416 /** | |
417 * SSL_new | |
418 * @param ctx Server or Client context to use. | |
419 * @param server if true configure SSL instance to use accept handshake rout
ines | |
420 * if false configure SSL instance to use connect handshake ro
utines | |
421 * @return pointer to SSL instance (SSL *) | |
422 */ | |
423 public static native long newSSL(long ctx, boolean server); | |
424 | |
425 /** | |
426 * SSL_set_bio | |
427 * @param ssl SSL pointer (SSL *) | |
428 * @param rbio read BIO pointer (BIO *) | |
429 * @param wbio write BIO pointer (BIO *) | |
430 */ | |
431 public static native void setBIO(long ssl, long rbio, long wbio); | |
432 | |
433 /** | |
434 * SSL_get_error | |
435 * @param ssl SSL pointer (SSL *) | |
436 * @param ret TLS/SSL I/O return value | |
437 */ | |
438 public static native int getError(long ssl, int ret); | |
439 | |
440 /** | |
441 * BIO_ctrl_pending | |
442 * @param bio BIO pointer (BIO *) | |
443 * @return | |
444 */ | |
445 public static native int pendingWrittenBytesInBIO(long bio); | |
446 | |
447 /** | |
448 * SSL_pending | |
449 * @param ssl SSL pointer (SSL *) | |
450 * @return | |
451 */ | |
452 public static native int pendingReadableBytesInSSL(long ssl); | |
453 | |
454 /** | |
455 * BIO_write | |
456 * @param bio | |
457 * @param wbuf | |
458 * @param wlen | |
459 * @return | |
460 */ | |
461 public static native int writeToBIO(long bio, long wbuf, int wlen); | |
462 | |
463 /** | |
464 * BIO_read | |
465 * @param bio | |
466 * @param rbuf | |
467 * @param rlen | |
468 * @return | |
469 */ | |
470 public static native int readFromBIO(long bio, long rbuf, int rlen); | |
471 | |
472 /** | |
473 * SSL_write | |
474 * @param ssl the SSL instance (SSL *) | |
475 * @param wbuf | |
476 * @param wlen | |
477 * @return | |
478 */ | |
479 public static native int writeToSSL(long ssl, long wbuf, int wlen); | |
480 | |
481 /** | |
482 * SSL_read | |
483 * @param ssl the SSL instance (SSL *) | |
484 * @param rbuf | |
485 * @param rlen | |
486 * @return | |
487 */ | |
488 public static native int readFromSSL(long ssl, long rbuf, int rlen); | |
489 | |
490 /** | |
491 * SSL_get_shutdown | |
492 * @param ssl the SSL instance (SSL *) | |
493 * @return | |
494 */ | |
495 public static native int getShutdown(long ssl); | |
496 | |
497 /** | |
498 * SSL_set_shutdown | |
499 * @param ssl the SSL instance (SSL *) | |
500 * @param mode | |
501 */ | |
502 public static native void setShutdown(long ssl, int mode); | |
503 | |
504 /** | |
505 * SSL_free | |
506 * @param ssl the SSL instance (SSL *) | |
507 */ | |
508 public static native void freeSSL(long ssl); | |
509 | |
510 /** | |
511 * Wire up internal and network BIOs for the given SSL instance. | |
512 * | |
513 * <b>Warning: you must explicitly free this resource by calling freeBIO</b> | |
514 * | |
515 * While the SSL's internal/application data BIO will be freed when freeSSL
is called on | |
516 * the provided SSL instance, you must call freeBIO on the returned network
BIO. | |
517 * | |
518 * @param ssl the SSL instance (SSL *) | |
519 * @return pointer to the Network BIO (BIO *) | |
520 */ | |
521 public static native long makeNetworkBIO(long ssl); | |
522 | |
523 /** | |
524 * BIO_free | |
525 * @param bio | |
526 */ | |
527 public static native void freeBIO(long bio); | |
528 | |
529 /** | |
530 * BIO_flush | |
531 * @param bio | |
532 */ | |
533 public static native void flushBIO(long bio); | |
534 | |
535 /** | |
536 * SSL_shutdown | |
537 * @param ssl the SSL instance (SSL *) | |
538 * @return | |
539 */ | |
540 public static native int shutdownSSL(long ssl); | |
541 | |
542 /** | |
543 * Get the error number representing the last error OpenSSL encountered on t
his thread. | |
544 * @return | |
545 */ | |
546 public static native int getLastErrorNumber(); | |
547 | |
548 /** | |
549 * SSL_get_cipher | |
550 * @param ssl the SSL instance (SSL *) | |
551 * @return | |
552 */ | |
553 public static native String getCipherForSSL(long ssl); | |
554 | |
555 /** | |
556 * SSL_get_version | |
557 * @param ssl the SSL instance (SSL *) | |
558 * @return | |
559 */ | |
560 public static native String getVersion(long ssl); | |
561 | |
562 /** | |
563 * SSL_do_handshake | |
564 * @param ssl the SSL instance (SSL *) | |
565 */ | |
566 public static native int doHandshake(long ssl); | |
567 | |
568 /** | |
569 * SSL_in_init | |
570 * @param SSL | |
571 * @return | |
572 */ | |
573 public static native int isInInit(long SSL); | |
574 | |
575 /** | |
576 * SSL_get0_next_proto_negotiated | |
577 * @param ssl the SSL instance (SSL *) | |
578 * @return | |
579 */ | |
580 public static native String getNextProtoNegotiated(long ssl); | |
581 | |
582 /* | |
583 * End Twitter API Additions | |
584 */ | |
585 | |
586 /** | |
587 * SSL_get0_alpn_selected | |
588 * @param ssl the SSL instance (SSL *) | |
589 * @return | |
590 */ | |
591 public static native String getAlpnSelected(long ssl); | |
592 | |
593 /** | |
594 * Get the peer certificate chain or {@code null} if non was send. | |
595 */ | |
596 public static native byte[][] getPeerCertChain(long ssl); | |
597 | |
598 /** | |
599 * Get the peer certificate or {@code null} if non was send. | |
600 */ | |
601 public static native byte[] getPeerCertificate(long ssl); | |
602 /* | |
603 * Get the error number representing for the given {@code errorNumber}. | |
604 */ | |
605 public static native String getErrorString(long errorNumber); | |
606 | |
607 /** | |
608 * SSL_get_time | |
609 * @param ssl the SSL instance (SSL *) | |
610 * @return returns the time at which the session ssl was established. The ti
me is given in seconds since the Epoch | |
611 */ | |
612 public static native long getTime(long ssl); | |
613 | |
614 /** | |
615 * SSL_get_timeout | |
616 * @param ssl the SSL instance (SSL *) | |
617 * @return returns the timeout for the session ssl The time is given in seco
nds since the Epoch | |
618 */ | |
619 public static native long getTimeout(long ssl); | |
620 | |
621 /** | |
622 * SSL_set_timeout | |
623 * @param ssl the SSL instance (SSL *) | |
624 * @param seconds timeout in seconds | |
625 * @return returns the timeout for the session ssl before this call. The tim
e is given in seconds since the Epoch | |
626 */ | |
627 public static native long setTimeout(long ssl, long seconds); | |
628 | |
629 /** | |
630 * Set Type of Client Certificate verification and Maximum depth of CA Certi
ficates | |
631 * in Client Certificate verification. | |
632 * <br /> | |
633 * This directive sets the Certificate verification level for the Client | |
634 * Authentication. Notice that this directive can be used both in per-server | |
635 * and per-directory context. In per-server context it applies to the client | |
636 * authentication process used in the standard SSL handshake when a connecti
on | |
637 * is established. In per-directory context it forces a SSL renegotiation wi
th | |
638 * the reconfigured client verification level after the HTTP request was rea
d | |
639 * but before the HTTP response is sent. | |
640 * <br /> | |
641 * The following levels are available for level: | |
642 * <pre> | |
643 * SSL_CVERIFY_NONE - No client Certificate is required at all | |
644 * SSL_CVERIFY_OPTIONAL - The client may present a valid Certificate | |
645 * SSL_CVERIFY_REQUIRE - The client has to present a valid Certificat
e | |
646 * SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate | |
647 * but it need not to be (successfully) verifia
ble | |
648 * </pre> | |
649 * <br /> | |
650 * The depth actually is the maximum number of intermediate certificate issu
ers, | |
651 * i.e. the number of CA certificates which are max allowed to be followed w
hile | |
652 * verifying the client certificate. A depth of 0 means that self-signed cli
ent | |
653 * certificates are accepted only, the default depth of 1 means the client | |
654 * certificate can be self-signed or has to be signed by a CA which is direc
tly | |
655 * known to the server (i.e. the CA's certificate is under | |
656 * {@code setCACertificatePath}, etc. | |
657 * | |
658 * @param ssl the SSL instance (SSL *) | |
659 * @param level Type of Client Certificate verification. | |
660 * @param depth Maximum depth of CA Certificates in Client Certificate | |
661 * verification. | |
662 */ | |
663 public static native void setVerify(long ssl, int level, int depth); | |
664 | |
665 /** | |
666 * Set OpenSSL Option. | |
667 * @param ssl the SSL instance (SSL *) | |
668 * @param options See SSL.SSL_OP_* for option flags. | |
669 */ | |
670 public static native void setOptions(long ssl, int options); | |
671 | |
672 /** | |
673 * Get OpenSSL Option. | |
674 * @param ssl the SSL instance (SSL *) | |
675 * @return options See SSL.SSL_OP_* for option flags. | |
676 */ | |
677 public static native int getOptions(long ssl); | |
678 | |
679 /** | |
680 * Returns all Returns the cipher suites that are available for negotiation
in an SSL handshake. | |
681 * @param ssl the SSL instance (SSL *) | |
682 * @return ciphers | |
683 */ | |
684 public static native String[] getCiphers(long ssl); | |
685 | |
686 /** | |
687 * Returns the cipher suites available for negotiation in SSL handshake. | |
688 * <br /> | |
689 * This complex directive uses a colon-separated cipher-spec string consisti
ng | |
690 * of OpenSSL cipher specifications to configure the Cipher Suite the client | |
691 * is permitted to negotiate in the SSL handshake phase. Notice that this | |
692 * directive can be used both in per-server and per-directory context. | |
693 * In per-server context it applies to the standard SSL handshake when a | |
694 * connection is established. In per-directory context it forces a SSL | |
695 * renegotiation with the reconfigured Cipher Suite after the HTTP request | |
696 * was read but before the HTTP response is sent. | |
697 * @param ssl the SSL instance (SSL *) | |
698 * @param ciphers an SSL cipher specification | |
699 */ | |
700 public static native boolean setCipherSuites(long ssl, String ciphers) | |
701 throws Exception; | |
702 | |
703 /** | |
704 * Returns the ID of the session as byte array representation. | |
705 * | |
706 * @param ssl the SSL instance (SSL *) | |
707 * @return the session as byte array representation obtained via SSL_SESSION
_get_id. | |
708 */ | |
709 public static native byte[] getSessionId(long ssl); | |
710 | |
711 /** | |
712 * Returns the number of handshakes done for this SSL instance. This also in
cludes renegations. | |
713 * | |
714 * @param ssl the SSL instance (SSL *) | |
715 * @return the number of handshakes done for this SSL instance. | |
716 */ | |
717 public static native int getHandshakeCount(long ssl); | |
718 | |
719 /** | |
720 * Clear all the errors from the error queue that OpenSSL encountered on thi
s thread. | |
721 */ | |
722 public static native void clearError(); | |
723 | |
724 /** | |
725 * Call SSL_renegotiate. | |
726 * | |
727 * @param ssl the SSL instance (SSL *) | |
728 * @return the result of the operation | |
729 */ | |
730 public static native int renegotiate(long ssl); | |
731 | |
732 /** | |
733 * Call SSL_set_state. | |
734 * | |
735 * @param ssl the SSL instance (SSL *) | |
736 */ | |
737 public static native void setState(long ssl, int state); | |
738 } | |
OLD | NEW |