| OLD | NEW |
|---|
| (Empty) |
| 1 /* | |
| 2 * Licensed to the Apache Software Foundation (ASF) under one or more | |
| 3 * contributor license agreements. See the NOTICE file distributed with | |
| 4 * this work for additional information regarding copyright ownership. | |
| 5 * The ASF licenses this file to You under the Apache License, Version 2.0 | |
| 6 * (the "License"); you may not use this file except in compliance with | |
| 7 * the License. You may obtain a copy of the License at | |
| 8 * | |
| 9 * http://www.apache.org/licenses/LICENSE-2.0 | |
| 10 * | |
| 11 * Unless required by applicable law or agreed to in writing, software | |
| 12 * distributed under the License is distributed on an "AS IS" BASIS, | |
| 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 14 * See the License for the specific language governing permissions and | |
| 15 * limitations under the License. | |
| 16 */ | |
| 17 package org.apache.tomcat.jni; | |
| 18 | |
| 19 /** SSL | |
| 20 * | |
| 21 * @author Mladen Turk | |
| 22 */ | |
| 23 public final class SSL { | |
| 24 | |
| 25 /* | |
| 26 * Type definitions mostly from mod_ssl | |
| 27 */ | |
| 28 public static final int UNSET = -1; | |
| 29 /* | |
| 30 * Define the certificate algorithm types | |
| 31 */ | |
| 32 public static final int SSL_ALGO_UNKNOWN = 0; | |
| 33 public static final int SSL_ALGO_RSA = (1<<0); | |
| 34 public static final int SSL_ALGO_DSA = (1<<1); | |
| 35 public static final int SSL_ALGO_ALL = (SSL_ALGO_RSA|SSL_ALGO_DSA); | |
| 36 | |
| 37 public static final int SSL_AIDX_RSA = 0; | |
| 38 public static final int SSL_AIDX_DSA = 1; | |
| 39 public static final int SSL_AIDX_MAX = 2; | |
| 40 /* | |
| 41 * Define IDs for the temporary RSA keys and DH params | |
| 42 */ | |
| 43 | |
| 44 public static final int SSL_TMP_KEY_RSA_512 = 0; | |
| 45 public static final int SSL_TMP_KEY_RSA_1024 = 1; | |
| 46 public static final int SSL_TMP_KEY_RSA_2048 = 2; | |
| 47 public static final int SSL_TMP_KEY_RSA_4096 = 3; | |
| 48 public static final int SSL_TMP_KEY_DH_512 = 4; | |
| 49 public static final int SSL_TMP_KEY_DH_1024 = 5; | |
| 50 public static final int SSL_TMP_KEY_DH_2048 = 6; | |
| 51 public static final int SSL_TMP_KEY_DH_4096 = 7; | |
| 52 public static final int SSL_TMP_KEY_MAX = 8; | |
| 53 | |
| 54 /* | |
| 55 * Define the SSL options | |
| 56 */ | |
| 57 public static final int SSL_OPT_NONE = 0; | |
| 58 public static final int SSL_OPT_RELSET = (1<<0); | |
| 59 public static final int SSL_OPT_STDENVVARS = (1<<1); | |
| 60 public static final int SSL_OPT_EXPORTCERTDATA = (1<<3); | |
| 61 public static final int SSL_OPT_FAKEBASICAUTH = (1<<4); | |
| 62 public static final int SSL_OPT_STRICTREQUIRE = (1<<5); | |
| 63 public static final int SSL_OPT_OPTRENEGOTIATE = (1<<6); | |
| 64 public static final int SSL_OPT_ALL = (SSL_OPT_STDENVVARS|SSL_OPT
_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIA
TE); | |
| 65 | |
| 66 /* | |
| 67 * Define the SSL Protocol options | |
| 68 */ | |
| 69 public static final int SSL_PROTOCOL_NONE = 0; | |
| 70 public static final int SSL_PROTOCOL_SSLV2 = (1<<0); | |
| 71 public static final int SSL_PROTOCOL_SSLV3 = (1<<1); | |
| 72 public static final int SSL_PROTOCOL_TLSV1 = (1<<2); | |
| 73 public static final int SSL_PROTOCOL_TLSV1_1 = (1<<3); | |
| 74 public static final int SSL_PROTOCOL_TLSV1_2 = (1<<4); | |
| 75 public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_TLSV1 | SSL_PROTO
COL_TLSV1_1 | SSL_PROTOCOL_TLSV1_2); | |
| 76 | |
| 77 /* | |
| 78 * Define the SSL verify levels | |
| 79 */ | |
| 80 public static final int SSL_CVERIFY_UNSET = UNSET; | |
| 81 public static final int SSL_CVERIFY_NONE = 0; | |
| 82 public static final int SSL_CVERIFY_OPTIONAL = 1; | |
| 83 public static final int SSL_CVERIFY_REQUIRE = 2; | |
| 84 public static final int SSL_CVERIFY_OPTIONAL_NO_CA = 3; | |
| 85 | |
| 86 /* Use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options | |
| 87 * are 'ored' with SSL_VERIFY_PEER if they are desired | |
| 88 */ | |
| 89 public static final int SSL_VERIFY_NONE = 0; | |
| 90 public static final int SSL_VERIFY_PEER = 1; | |
| 91 public static final int SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2; | |
| 92 public static final int SSL_VERIFY_CLIENT_ONCE = 4; | |
| 93 public static final int SSL_VERIFY_PEER_STRICT = (SSL_VERIFY_PEER|S
SL_VERIFY_FAIL_IF_NO_PEER_CERT); | |
| 94 | |
| 95 public static final int SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001
; | |
| 96 public static final int SSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002
; | |
| 97 public static final int SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 0x00000008
; | |
| 98 public static final int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 0x00000010
; | |
| 99 public static final int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000020
; | |
| 100 public static final int SSL_OP_MSIE_SSLV2_RSA_PADDING = 0x00000040
; | |
| 101 public static final int SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000080
; | |
| 102 public static final int SSL_OP_TLS_D5_BUG = 0x00000100
; | |
| 103 public static final int SSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000200
; | |
| 104 | |
| 105 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added | |
| 106 * in OpenSSL 0.9.6d. Usually (depending on the application protocol) | |
| 107 * the workaround is not needed. Unfortunately some broken SSL/TLS | |
| 108 * implementations cannot handle it at all, which is why we include | |
| 109 * it in SSL_OP_ALL. */ | |
| 110 public static final int SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00000800
; | |
| 111 | |
| 112 /* SSL_OP_ALL: various bug workarounds that should be rather harmless. | |
| 113 * This used to be 0x000FFFFFL before 0.9.7. */ | |
| 114 public static final int SSL_OP_ALL = 0x00000FFF
; | |
| 115 /* As server, disallow session resumption on renegotiation */ | |
| 116 public static final int SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00
010000; | |
| 117 /* Don't use compression even if supported */ | |
| 118 public static final int SSL_OP_NO_COMPRESSION = 0x00
020000; | |
| 119 /* Permit unsafe legacy renegotiation */ | |
| 120 public static final int SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION = 0x00
040000; | |
| 121 /* If set, always create a new key when using tmp_eddh parameters */ | |
| 122 public static final int SSL_OP_SINGLE_ECDH_USE = 0x00080000
; | |
| 123 /* If set, always create a new key when using tmp_dh parameters */ | |
| 124 public static final int SSL_OP_SINGLE_DH_USE = 0x00100000
; | |
| 125 /* Set to always use the tmp_rsa key when doing RSA operations, | |
| 126 * even when this violates protocol specs */ | |
| 127 public static final int SSL_OP_EPHEMERAL_RSA = 0x00200000
; | |
| 128 /* Set on servers to choose the cipher according to the server's | |
| 129 * preferences */ | |
| 130 public static final int SSL_OP_CIPHER_SERVER_PREFERENCE = 0x00400000
; | |
| 131 /* If set, a server will allow a client to issue a SSLv3.0 version number | |
| 132 * as latest version supported in the premaster secret, even when TLSv1.0 | |
| 133 * (version 3.1) was announced in the client hello. Normally this is | |
| 134 * forbidden to prevent version rollback attacks. */ | |
| 135 public static final int SSL_OP_TLS_ROLLBACK_BUG = 0x00800000
; | |
| 136 | |
| 137 public static final int SSL_OP_NO_SSLv2 = 0x01000000
; | |
| 138 public static final int SSL_OP_NO_SSLv3 = 0x02000000
; | |
| 139 public static final int SSL_OP_NO_TLSv1 = 0x04000000
; | |
| 140 public static final int SSL_OP_NO_TLSv1_2 = 0x08000000
; | |
| 141 public static final int SSL_OP_NO_TLSv1_1 = 0x10000000
; | |
| 142 | |
| 143 public static final int SSL_OP_NO_TICKET = 0x00004000
; | |
| 144 | |
| 145 // SSL_OP_PKCS1_CHECK_1 and SSL_OP_PKCS1_CHECK_2 flags are unsupported | |
| 146 // in the current version of OpenSSL library. See ssl.h changes in commit | |
| 147 // 7409d7ad517650db332ae528915a570e4e0ab88b (30 Apr 2011) of OpenSSL. | |
| 148 /** | |
| 149 * @deprecated Unsupported in the current version of OpenSSL | |
| 150 */ | |
| 151 @Deprecated | |
| 152 public static final int SSL_OP_PKCS1_CHECK_1 = 0x08000000
; | |
| 153 /** | |
| 154 * @deprecated Unsupported in the current version of OpenSSL | |
| 155 */ | |
| 156 @Deprecated | |
| 157 public static final int SSL_OP_PKCS1_CHECK_2 = 0x10000000
; | |
| 158 public static final int SSL_OP_NETSCAPE_CA_DN_BUG = 0x20000000
; | |
| 159 public static final int SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x40000000
; | |
| 160 | |
| 161 public static final int SSL_CRT_FORMAT_UNDEF = 0; | |
| 162 public static final int SSL_CRT_FORMAT_ASN1 = 1; | |
| 163 public static final int SSL_CRT_FORMAT_TEXT = 2; | |
| 164 public static final int SSL_CRT_FORMAT_PEM = 3; | |
| 165 public static final int SSL_CRT_FORMAT_NETSCAPE = 4; | |
| 166 public static final int SSL_CRT_FORMAT_PKCS12 = 5; | |
| 167 public static final int SSL_CRT_FORMAT_SMIME = 6; | |
| 168 public static final int SSL_CRT_FORMAT_ENGINE = 7; | |
| 169 | |
| 170 public static final int SSL_MODE_CLIENT = 0; | |
| 171 public static final int SSL_MODE_SERVER = 1; | |
| 172 public static final int SSL_MODE_COMBINED = 2; | |
| 173 | |
| 174 public static final int SSL_SHUTDOWN_TYPE_UNSET = 0; | |
| 175 public static final int SSL_SHUTDOWN_TYPE_STANDARD = 1; | |
| 176 public static final int SSL_SHUTDOWN_TYPE_UNCLEAN = 2; | |
| 177 public static final int SSL_SHUTDOWN_TYPE_ACCURATE = 3; | |
| 178 | |
| 179 public static final int SSL_INFO_SESSION_ID = 0x0001; | |
| 180 public static final int SSL_INFO_CIPHER = 0x0002; | |
| 181 public static final int SSL_INFO_CIPHER_USEKEYSIZE = 0x0003; | |
| 182 public static final int SSL_INFO_CIPHER_ALGKEYSIZE = 0x0004; | |
| 183 public static final int SSL_INFO_CIPHER_VERSION = 0x0005; | |
| 184 public static final int SSL_INFO_CIPHER_DESCRIPTION = 0x0006; | |
| 185 public static final int SSL_INFO_PROTOCOL = 0x0007; | |
| 186 | |
| 187 /* To obtain the CountryName of the Client Certificate Issuer | |
| 188 * use the SSL_INFO_CLIENT_I_DN + SSL_INFO_DN_COUNTRYNAME | |
| 189 */ | |
| 190 public static final int SSL_INFO_CLIENT_S_DN = 0x0010; | |
| 191 public static final int SSL_INFO_CLIENT_I_DN = 0x0020; | |
| 192 public static final int SSL_INFO_SERVER_S_DN = 0x0040; | |
| 193 public static final int SSL_INFO_SERVER_I_DN = 0x0080; | |
| 194 | |
| 195 public static final int SSL_INFO_DN_COUNTRYNAME = 0x0001; | |
| 196 public static final int SSL_INFO_DN_STATEORPROVINCENAME = 0x0002; | |
| 197 public static final int SSL_INFO_DN_LOCALITYNAME = 0x0003; | |
| 198 public static final int SSL_INFO_DN_ORGANIZATIONNAME = 0x0004; | |
| 199 public static final int SSL_INFO_DN_ORGANIZATIONALUNITNAME = 0x0005; | |
| 200 public static final int SSL_INFO_DN_COMMONNAME = 0x0006; | |
| 201 public static final int SSL_INFO_DN_TITLE = 0x0007; | |
| 202 public static final int SSL_INFO_DN_INITIALS = 0x0008; | |
| 203 public static final int SSL_INFO_DN_GIVENNAME = 0x0009; | |
| 204 public static final int SSL_INFO_DN_SURNAME = 0x000A; | |
| 205 public static final int SSL_INFO_DN_DESCRIPTION = 0x000B; | |
| 206 public static final int SSL_INFO_DN_UNIQUEIDENTIFIER = 0x000C; | |
| 207 public static final int SSL_INFO_DN_EMAILADDRESS = 0x000D; | |
| 208 | |
| 209 public static final int SSL_INFO_CLIENT_M_VERSION = 0x0101; | |
| 210 public static final int SSL_INFO_CLIENT_M_SERIAL = 0x0102; | |
| 211 public static final int SSL_INFO_CLIENT_V_START = 0x0103; | |
| 212 public static final int SSL_INFO_CLIENT_V_END = 0x0104; | |
| 213 public static final int SSL_INFO_CLIENT_A_SIG = 0x0105; | |
| 214 public static final int SSL_INFO_CLIENT_A_KEY = 0x0106; | |
| 215 public static final int SSL_INFO_CLIENT_CERT = 0x0107; | |
| 216 public static final int SSL_INFO_CLIENT_V_REMAIN = 0x0108; | |
| 217 | |
| 218 public static final int SSL_INFO_SERVER_M_VERSION = 0x0201; | |
| 219 public static final int SSL_INFO_SERVER_M_SERIAL = 0x0202; | |
| 220 public static final int SSL_INFO_SERVER_V_START = 0x0203; | |
| 221 public static final int SSL_INFO_SERVER_V_END = 0x0204; | |
| 222 public static final int SSL_INFO_SERVER_A_SIG = 0x0205; | |
| 223 public static final int SSL_INFO_SERVER_A_KEY = 0x0206; | |
| 224 public static final int SSL_INFO_SERVER_CERT = 0x0207; | |
| 225 /* Return client certificate chain. | |
| 226 * Add certificate chain number to that flag (0 ... verify depth) | |
| 227 */ | |
| 228 public static final int SSL_INFO_CLIENT_CERT_CHAIN = 0x0400; | |
| 229 | |
| 230 /* Only support OFF and SERVER for now */ | |
| 231 public static final long SSL_SESS_CACHE_OFF = 0x0000; | |
| 232 public static final long SSL_SESS_CACHE_SERVER = 0x0002; | |
| 233 | |
| 234 public static final int SSL_SELECTOR_FAILURE_NO_ADVERTISE = 0; | |
| 235 public static final int SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL = 1; | |
| 236 | |
| 237 public static final int SSL_ST_CONNECT = 0x1000; | |
| 238 public static final int SSL_ST_ACCEPT = 0x2000; | |
| 239 | |
| 240 /* Return OpenSSL version number */ | |
| 241 public static native int version(); | |
| 242 | |
| 243 /* Return OpenSSL version string */ | |
| 244 public static native String versionString(); | |
| 245 | |
| 246 /** | |
| 247 * Initialize OpenSSL support. | |
| 248 * This function needs to be called once for the | |
| 249 * lifetime of JVM. Library.init() has to be called before. | |
| 250 * @param engine Support for external a Crypto Device ("engine"), | |
| 251 * usually | |
| 252 * a hardware accelerator card for crypto operations. | |
| 253 * @return APR status code | |
| 254 */ | |
| 255 public static native int initialize(String engine); | |
| 256 | |
| 257 /** | |
| 258 * Get the status of FIPS Mode. | |
| 259 * | |
| 260 * @return FIPS_mode return code. It is <code>0</code> if OpenSSL is not | |
| 261 * in FIPS mode, <code>1</code> if OpenSSL is in FIPS Mode. | |
| 262 * @throws Exception If tcnative was not compiled with FIPS Mode available. | |
| 263 * @see <a href="http://wiki.openssl.org/index.php/FIPS_mode%28%29">OpenSSL
method FIPS_mode()</a> | |
| 264 */ | |
| 265 public static native int fipsModeGet() throws Exception; | |
| 266 | |
| 267 /** | |
| 268 * Enable/Disable FIPS Mode. | |
| 269 * | |
| 270 * @param mode 1 - enable, 0 - disable | |
| 271 * | |
| 272 * @return FIPS_mode_set return code | |
| 273 * @throws Exception If tcnative was not compiled with FIPS Mode available, | |
| 274 * or if {@code FIPS_mode_set()} call returned an error value. | |
| 275 * @see <a href="http://wiki.openssl.org/index.php/FIPS_mode_set%28%29">Open
SSL method FIPS_mode_set()</a> | |
| 276 */ | |
| 277 public static native int fipsModeSet(int mode) throws Exception; | |
| 278 | |
| 279 /** | |
| 280 * Add content of the file to the PRNG | |
| 281 * @param filename Filename containing random data. | |
| 282 * If null the default file will be tested. | |
| 283 * The seed file is $RANDFILE if that environment variable is | |
| 284 * set, $HOME/.rnd otherwise. | |
| 285 * In case both files are unavailable builtin | |
| 286 * random seed generator is used. | |
| 287 */ | |
| 288 public static native boolean randLoad(String filename); | |
| 289 | |
| 290 /** | |
| 291 * Writes a number of random bytes (currently 1024) to | |
| 292 * file <code>filename</code> which can be used to initialize the PRNG | |
| 293 * by calling randLoad in a later session. | |
| 294 * @param filename Filename to save the data | |
| 295 */ | |
| 296 public static native boolean randSave(String filename); | |
| 297 | |
| 298 /** | |
| 299 * Creates random data to filename | |
| 300 * @param filename Filename to save the data | |
| 301 * @param len The length of random sequence in bytes | |
| 302 * @param base64 Output the data in Base64 encoded format | |
| 303 */ | |
| 304 public static native boolean randMake(String filename, int len, | |
| 305 boolean base64); | |
| 306 | |
| 307 /** | |
| 308 * Sets global random filename. | |
| 309 * @param filename Filename to use. | |
| 310 * If set it will be used for SSL initialization | |
| 311 * and all contexts where explicitly not set. | |
| 312 */ | |
| 313 public static native void randSet(String filename); | |
| 314 | |
| 315 /** | |
| 316 * Initialize new BIO | |
| 317 * @param pool The pool to use. | |
| 318 * @param callback BIOCallback to use | |
| 319 * @return new BIO handle | |
| 320 */ | |
| 321 public static native long newBIO(long pool, BIOCallback callback) | |
| 322 throws Exception; | |
| 323 | |
| 324 /** | |
| 325 * Initialize new in-memory BIO that is located in the secure heap. | |
| 326 * @return New BIO handle | |
| 327 */ | |
| 328 public static native long newMemBIO() throws Exception; | |
| 329 | |
| 330 /** | |
| 331 * Close BIO and dereference callback object | |
| 332 * @param bio BIO to close and destroy. | |
| 333 * @return APR Status code | |
| 334 */ | |
| 335 public static native int closeBIO(long bio); | |
| 336 | |
| 337 /** | |
| 338 * Set global Password callback for obtaining passwords. | |
| 339 * @param callback PasswordCallback implementation to use. | |
| 340 */ | |
| 341 public static native void setPasswordCallback(PasswordCallback callback); | |
| 342 | |
| 343 /** | |
| 344 * Set global Password for decrypting certificates and keys. | |
| 345 * @param password Password to use. | |
| 346 */ | |
| 347 public static native void setPassword(String password); | |
| 348 | |
| 349 /** | |
| 350 * Generate temporary RSA key. | |
| 351 * <br> | |
| 352 * Index can be one of: | |
| 353 * <PRE> | |
| 354 * SSL_TMP_KEY_RSA_512 | |
| 355 * SSL_TMP_KEY_RSA_1024 | |
| 356 * SSL_TMP_KEY_RSA_2048 | |
| 357 * SSL_TMP_KEY_RSA_4096 | |
| 358 * </PRE> | |
| 359 * By default 512 and 1024 keys are generated on startup. | |
| 360 * You can use a low priority thread to generate them on the fly. | |
| 361 * @param idx temporary key index. | |
| 362 */ | |
| 363 public static native boolean generateRSATempKey(int idx); | |
| 364 | |
| 365 /** | |
| 366 * Load temporary DSA key from file | |
| 367 * <br> | |
| 368 * Index can be one of: | |
| 369 * <PRE> | |
| 370 * SSL_TMP_KEY_DH_512 | |
| 371 * SSL_TMP_KEY_DH_1024 | |
| 372 * SSL_TMP_KEY_DH_2048 | |
| 373 * SSL_TMP_KEY_DH_4096 | |
| 374 * </PRE> | |
| 375 * @param idx temporary key index. | |
| 376 * @param file File containing DH params. | |
| 377 */ | |
| 378 public static native boolean loadDSATempKey(int idx, String file); | |
| 379 | |
| 380 /** | |
| 381 * Return last SSL error string | |
| 382 */ | |
| 383 public static native String getLastError(); | |
| 384 | |
| 385 /** | |
| 386 * Return true if all the requested SSL_OP_* are supported by OpenSSL. | |
| 387 * | |
| 388 * <i>Note that for versions of tcnative < 1.1.25, this method will | |
| 389 * return <code>true</code> if and only if <code>op</code>= | |
| 390 * {@link #SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION} and tcnative | |
| 391 * supports that flag.</i> | |
| 392 * | |
| 393 * @param op Bitwise-OR of all SSL_OP_* to test. | |
| 394 * | |
| 395 * @return true if all SSL_OP_* are supported by OpenSSL library. | |
| 396 */ | |
| 397 public static native boolean hasOp(int op); | |
| 398 | |
| 399 /* | |
| 400 * Begin Twitter API additions | |
| 401 */ | |
| 402 | |
| 403 public static final int SSL_SENT_SHUTDOWN = 1; | |
| 404 public static final int SSL_RECEIVED_SHUTDOWN = 2; | |
| 405 | |
| 406 public static final int SSL_ERROR_NONE = 0; | |
| 407 public static final int SSL_ERROR_SSL = 1; | |
| 408 public static final int SSL_ERROR_WANT_READ = 2; | |
| 409 public static final int SSL_ERROR_WANT_WRITE = 3; | |
| 410 public static final int SSL_ERROR_WANT_X509_LOOKUP = 4; | |
| 411 public static final int SSL_ERROR_SYSCALL = 5; /* look at error sta
ck/return value/errno */ | |
| 412 public static final int SSL_ERROR_ZERO_RETURN = 6; | |
| 413 public static final int SSL_ERROR_WANT_CONNECT = 7; | |
| 414 public static final int SSL_ERROR_WANT_ACCEPT = 8; | |
| 415 | |
| 416 /** | |
| 417 * SSL_new | |
| 418 * @param ctx Server or Client context to use. | |
| 419 * @param server if true configure SSL instance to use accept handshake rout
ines | |
| 420 * if false configure SSL instance to use connect handshake ro
utines | |
| 421 * @return pointer to SSL instance (SSL *) | |
| 422 */ | |
| 423 public static native long newSSL(long ctx, boolean server); | |
| 424 | |
| 425 /** | |
| 426 * SSL_set_bio | |
| 427 * @param ssl SSL pointer (SSL *) | |
| 428 * @param rbio read BIO pointer (BIO *) | |
| 429 * @param wbio write BIO pointer (BIO *) | |
| 430 */ | |
| 431 public static native void setBIO(long ssl, long rbio, long wbio); | |
| 432 | |
| 433 /** | |
| 434 * SSL_get_error | |
| 435 * @param ssl SSL pointer (SSL *) | |
| 436 * @param ret TLS/SSL I/O return value | |
| 437 */ | |
| 438 public static native int getError(long ssl, int ret); | |
| 439 | |
| 440 /** | |
| 441 * BIO_ctrl_pending | |
| 442 * @param bio BIO pointer (BIO *) | |
| 443 * @return | |
| 444 */ | |
| 445 public static native int pendingWrittenBytesInBIO(long bio); | |
| 446 | |
| 447 /** | |
| 448 * SSL_pending | |
| 449 * @param ssl SSL pointer (SSL *) | |
| 450 * @return | |
| 451 */ | |
| 452 public static native int pendingReadableBytesInSSL(long ssl); | |
| 453 | |
| 454 /** | |
| 455 * BIO_write | |
| 456 * @param bio | |
| 457 * @param wbuf | |
| 458 * @param wlen | |
| 459 * @return | |
| 460 */ | |
| 461 public static native int writeToBIO(long bio, long wbuf, int wlen); | |
| 462 | |
| 463 /** | |
| 464 * BIO_read | |
| 465 * @param bio | |
| 466 * @param rbuf | |
| 467 * @param rlen | |
| 468 * @return | |
| 469 */ | |
| 470 public static native int readFromBIO(long bio, long rbuf, int rlen); | |
| 471 | |
| 472 /** | |
| 473 * SSL_write | |
| 474 * @param ssl the SSL instance (SSL *) | |
| 475 * @param wbuf | |
| 476 * @param wlen | |
| 477 * @return | |
| 478 */ | |
| 479 public static native int writeToSSL(long ssl, long wbuf, int wlen); | |
| 480 | |
| 481 /** | |
| 482 * SSL_read | |
| 483 * @param ssl the SSL instance (SSL *) | |
| 484 * @param rbuf | |
| 485 * @param rlen | |
| 486 * @return | |
| 487 */ | |
| 488 public static native int readFromSSL(long ssl, long rbuf, int rlen); | |
| 489 | |
| 490 /** | |
| 491 * SSL_get_shutdown | |
| 492 * @param ssl the SSL instance (SSL *) | |
| 493 * @return | |
| 494 */ | |
| 495 public static native int getShutdown(long ssl); | |
| 496 | |
| 497 /** | |
| 498 * SSL_set_shutdown | |
| 499 * @param ssl the SSL instance (SSL *) | |
| 500 * @param mode | |
| 501 */ | |
| 502 public static native void setShutdown(long ssl, int mode); | |
| 503 | |
| 504 /** | |
| 505 * SSL_free | |
| 506 * @param ssl the SSL instance (SSL *) | |
| 507 */ | |
| 508 public static native void freeSSL(long ssl); | |
| 509 | |
| 510 /** | |
| 511 * Wire up internal and network BIOs for the given SSL instance. | |
| 512 * | |
| 513 * <b>Warning: you must explicitly free this resource by calling freeBIO</b> | |
| 514 * | |
| 515 * While the SSL's internal/application data BIO will be freed when freeSSL
is called on | |
| 516 * the provided SSL instance, you must call freeBIO on the returned network
BIO. | |
| 517 * | |
| 518 * @param ssl the SSL instance (SSL *) | |
| 519 * @return pointer to the Network BIO (BIO *) | |
| 520 */ | |
| 521 public static native long makeNetworkBIO(long ssl); | |
| 522 | |
| 523 /** | |
| 524 * BIO_free | |
| 525 * @param bio | |
| 526 */ | |
| 527 public static native void freeBIO(long bio); | |
| 528 | |
| 529 /** | |
| 530 * BIO_flush | |
| 531 * @param bio | |
| 532 */ | |
| 533 public static native void flushBIO(long bio); | |
| 534 | |
| 535 /** | |
| 536 * SSL_shutdown | |
| 537 * @param ssl the SSL instance (SSL *) | |
| 538 * @return | |
| 539 */ | |
| 540 public static native int shutdownSSL(long ssl); | |
| 541 | |
| 542 /** | |
| 543 * Get the error number representing the last error OpenSSL encountered on t
his thread. | |
| 544 * @return | |
| 545 */ | |
| 546 public static native int getLastErrorNumber(); | |
| 547 | |
| 548 /** | |
| 549 * SSL_get_cipher | |
| 550 * @param ssl the SSL instance (SSL *) | |
| 551 * @return | |
| 552 */ | |
| 553 public static native String getCipherForSSL(long ssl); | |
| 554 | |
| 555 /** | |
| 556 * SSL_get_version | |
| 557 * @param ssl the SSL instance (SSL *) | |
| 558 * @return | |
| 559 */ | |
| 560 public static native String getVersion(long ssl); | |
| 561 | |
| 562 /** | |
| 563 * SSL_do_handshake | |
| 564 * @param ssl the SSL instance (SSL *) | |
| 565 */ | |
| 566 public static native int doHandshake(long ssl); | |
| 567 | |
| 568 /** | |
| 569 * SSL_in_init | |
| 570 * @param SSL | |
| 571 * @return | |
| 572 */ | |
| 573 public static native int isInInit(long SSL); | |
| 574 | |
| 575 /** | |
| 576 * SSL_get0_next_proto_negotiated | |
| 577 * @param ssl the SSL instance (SSL *) | |
| 578 * @return | |
| 579 */ | |
| 580 public static native String getNextProtoNegotiated(long ssl); | |
| 581 | |
| 582 /* | |
| 583 * End Twitter API Additions | |
| 584 */ | |
| 585 | |
| 586 /** | |
| 587 * SSL_get0_alpn_selected | |
| 588 * @param ssl the SSL instance (SSL *) | |
| 589 * @return | |
| 590 */ | |
| 591 public static native String getAlpnSelected(long ssl); | |
| 592 | |
| 593 /** | |
| 594 * Get the peer certificate chain or {@code null} if non was send. | |
| 595 */ | |
| 596 public static native byte[][] getPeerCertChain(long ssl); | |
| 597 | |
| 598 /** | |
| 599 * Get the peer certificate or {@code null} if non was send. | |
| 600 */ | |
| 601 public static native byte[] getPeerCertificate(long ssl); | |
| 602 /* | |
| 603 * Get the error number representing for the given {@code errorNumber}. | |
| 604 */ | |
| 605 public static native String getErrorString(long errorNumber); | |
| 606 | |
| 607 /** | |
| 608 * SSL_get_time | |
| 609 * @param ssl the SSL instance (SSL *) | |
| 610 * @return returns the time at which the session ssl was established. The ti
me is given in seconds since the Epoch | |
| 611 */ | |
| 612 public static native long getTime(long ssl); | |
| 613 | |
| 614 /** | |
| 615 * SSL_get_timeout | |
| 616 * @param ssl the SSL instance (SSL *) | |
| 617 * @return returns the timeout for the session ssl The time is given in seco
nds since the Epoch | |
| 618 */ | |
| 619 public static native long getTimeout(long ssl); | |
| 620 | |
| 621 /** | |
| 622 * SSL_set_timeout | |
| 623 * @param ssl the SSL instance (SSL *) | |
| 624 * @param seconds timeout in seconds | |
| 625 * @return returns the timeout for the session ssl before this call. The tim
e is given in seconds since the Epoch | |
| 626 */ | |
| 627 public static native long setTimeout(long ssl, long seconds); | |
| 628 | |
| 629 /** | |
| 630 * Set Type of Client Certificate verification and Maximum depth of CA Certi
ficates | |
| 631 * in Client Certificate verification. | |
| 632 * <br /> | |
| 633 * This directive sets the Certificate verification level for the Client | |
| 634 * Authentication. Notice that this directive can be used both in per-server | |
| 635 * and per-directory context. In per-server context it applies to the client | |
| 636 * authentication process used in the standard SSL handshake when a connecti
on | |
| 637 * is established. In per-directory context it forces a SSL renegotiation wi
th | |
| 638 * the reconfigured client verification level after the HTTP request was rea
d | |
| 639 * but before the HTTP response is sent. | |
| 640 * <br /> | |
| 641 * The following levels are available for level: | |
| 642 * <pre> | |
| 643 * SSL_CVERIFY_NONE - No client Certificate is required at all | |
| 644 * SSL_CVERIFY_OPTIONAL - The client may present a valid Certificate | |
| 645 * SSL_CVERIFY_REQUIRE - The client has to present a valid Certificat
e | |
| 646 * SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate | |
| 647 * but it need not to be (successfully) verifia
ble | |
| 648 * </pre> | |
| 649 * <br /> | |
| 650 * The depth actually is the maximum number of intermediate certificate issu
ers, | |
| 651 * i.e. the number of CA certificates which are max allowed to be followed w
hile | |
| 652 * verifying the client certificate. A depth of 0 means that self-signed cli
ent | |
| 653 * certificates are accepted only, the default depth of 1 means the client | |
| 654 * certificate can be self-signed or has to be signed by a CA which is direc
tly | |
| 655 * known to the server (i.e. the CA's certificate is under | |
| 656 * {@code setCACertificatePath}, etc. | |
| 657 * | |
| 658 * @param ssl the SSL instance (SSL *) | |
| 659 * @param level Type of Client Certificate verification. | |
| 660 * @param depth Maximum depth of CA Certificates in Client Certificate | |
| 661 * verification. | |
| 662 */ | |
| 663 public static native void setVerify(long ssl, int level, int depth); | |
| 664 | |
| 665 /** | |
| 666 * Set OpenSSL Option. | |
| 667 * @param ssl the SSL instance (SSL *) | |
| 668 * @param options See SSL.SSL_OP_* for option flags. | |
| 669 */ | |
| 670 public static native void setOptions(long ssl, int options); | |
| 671 | |
| 672 /** | |
| 673 * Get OpenSSL Option. | |
| 674 * @param ssl the SSL instance (SSL *) | |
| 675 * @return options See SSL.SSL_OP_* for option flags. | |
| 676 */ | |
| 677 public static native int getOptions(long ssl); | |
| 678 | |
| 679 /** | |
| 680 * Returns all Returns the cipher suites that are available for negotiation
in an SSL handshake. | |
| 681 * @param ssl the SSL instance (SSL *) | |
| 682 * @return ciphers | |
| 683 */ | |
| 684 public static native String[] getCiphers(long ssl); | |
| 685 | |
| 686 /** | |
| 687 * Returns the cipher suites available for negotiation in SSL handshake. | |
| 688 * <br /> | |
| 689 * This complex directive uses a colon-separated cipher-spec string consisti
ng | |
| 690 * of OpenSSL cipher specifications to configure the Cipher Suite the client | |
| 691 * is permitted to negotiate in the SSL handshake phase. Notice that this | |
| 692 * directive can be used both in per-server and per-directory context. | |
| 693 * In per-server context it applies to the standard SSL handshake when a | |
| 694 * connection is established. In per-directory context it forces a SSL | |
| 695 * renegotiation with the reconfigured Cipher Suite after the HTTP request | |
| 696 * was read but before the HTTP response is sent. | |
| 697 * @param ssl the SSL instance (SSL *) | |
| 698 * @param ciphers an SSL cipher specification | |
| 699 */ | |
| 700 public static native boolean setCipherSuites(long ssl, String ciphers) | |
| 701 throws Exception; | |
| 702 | |
| 703 /** | |
| 704 * Returns the ID of the session as byte array representation. | |
| 705 * | |
| 706 * @param ssl the SSL instance (SSL *) | |
| 707 * @return the session as byte array representation obtained via SSL_SESSION
_get_id. | |
| 708 */ | |
| 709 public static native byte[] getSessionId(long ssl); | |
| 710 | |
| 711 /** | |
| 712 * Returns the number of handshakes done for this SSL instance. This also in
cludes renegations. | |
| 713 * | |
| 714 * @param ssl the SSL instance (SSL *) | |
| 715 * @return the number of handshakes done for this SSL instance. | |
| 716 */ | |
| 717 public static native int getHandshakeCount(long ssl); | |
| 718 | |
| 719 /** | |
| 720 * Clear all the errors from the error queue that OpenSSL encountered on thi
s thread. | |
| 721 */ | |
| 722 public static native void clearError(); | |
| 723 | |
| 724 /** | |
| 725 * Call SSL_renegotiate. | |
| 726 * | |
| 727 * @param ssl the SSL instance (SSL *) | |
| 728 * @return the result of the operation | |
| 729 */ | |
| 730 public static native int renegotiate(long ssl); | |
| 731 | |
| 732 /** | |
| 733 * Call SSL_set_state. | |
| 734 * | |
| 735 * @param ssl the SSL instance (SSL *) | |
| 736 */ | |
| 737 public static native void setState(long ssl, int state); | |
| 738 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2842333002:
Updated netty-tcnative to version 2.0.0.Final (Closed)
