| OLD | NEW |
|---|
| (Empty) |
| 1 /* | |
| 2 * Licensed to the Apache Software Foundation (ASF) under one or more | |
| 3 * contributor license agreements. See the NOTICE file distributed with | |
| 4 * this work for additional information regarding copyright ownership. | |
| 5 * The ASF licenses this file to You under the Apache License, Version 2.0 | |
| 6 * (the "License"); you may not use this file except in compliance with | |
| 7 * the License. You may obtain a copy of the License at | |
| 8 * | |
| 9 * http://www.apache.org/licenses/LICENSE-2.0 | |
| 10 * | |
| 11 * Unless required by applicable law or agreed to in writing, software | |
| 12 * distributed under the License is distributed on an "AS IS" BASIS, | |
| 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 14 * See the License for the specific language governing permissions and | |
| 15 * limitations under the License. | |
| 16 */ | |
| 17 package org.apache.tomcat.jni; | |
| 18 | |
| 19 /** | |
| 20 * Support TLS extensions and extra methods. | |
| 21 * | |
| 22 * The methods are separated to make it easier for java code to | |
| 23 * support existing native library - it can check if this class can | |
| 24 * be loaded in order to use the exensions. | |
| 25 * | |
| 26 * @author Costin Manolache | |
| 27 */ | |
| 28 public final class SSLExt { | |
| 29 | |
| 30 | |
| 31 /** | |
| 32 * Set advertised NPN protocol. | |
| 33 * This is only available for recent or patched openssl. | |
| 34 * | |
| 35 * Example: "\x06spdy/2" | |
| 36 * | |
| 37 * Works with TLS1, doesn't with SSL2/SSL3 | |
| 38 * | |
| 39 * Servers sends list in ServerHelo, client selects it and | |
| 40 * sends it back after ChangeChipher | |
| 41 * | |
| 42 * Not supported in 1.0.0, seems to be in 1.0.1 and after | |
| 43 */ | |
| 44 public static native int setNPN(long tcctx, byte[] proto, int len); | |
| 45 | |
| 46 /** | |
| 47 * Get other side's advertised protocols. | |
| 48 * Only works after handshake. | |
| 49 */ | |
| 50 public static native int getNPN(long tcsock, byte[] proto); | |
| 51 | |
| 52 /** | |
| 53 * Enabling dump/debugging on the socket. Both raw and decrypted | |
| 54 * packets will be logged. | |
| 55 */ | |
| 56 public static native int debug(long tcsock); | |
| 57 | |
| 58 /** | |
| 59 * Server: Extract the session data associated with the socket. | |
| 60 * Must be saved, keyed by session ID. | |
| 61 */ | |
| 62 public static native byte[] getSessionData(long tcsock); | |
| 63 | |
| 64 /** | |
| 65 * Server: Set the session data for a socket. | |
| 66 */ | |
| 67 public static native int setSessionData(long tcsock, byte[] data, int len); | |
| 68 | |
| 69 | |
| 70 /** | |
| 71 * Client: get the ticket received from server, if tickets are supported. | |
| 72 */ | |
| 73 public static native int getTicket(long tcsock, byte[] resBuf); | |
| 74 | |
| 75 /** | |
| 76 * Client: set the previously received ticket. | |
| 77 */ | |
| 78 public static native int setTicket(long tcsock, byte[] data, int len); | |
| 79 | |
| 80 /** | |
| 81 * Set the key used by server to generate tickets. | |
| 82 * Key must be 48 bytes. | |
| 83 */ | |
| 84 public static native int setTicketKeys(long ctx, byte[] data, int len); | |
| 85 | |
| 86 /** | |
| 87 * For client side calls. Data should be a \0 terminated string | |
| 88 */ | |
| 89 public static native int setSNI(long tcsock, byte[] data, int len); | |
| 90 | |
| 91 /** | |
| 92 * Return the last openssl error | |
| 93 */ | |
| 94 public static native String sslErrReasonErrorString(); | |
| 95 | |
| 96 public static native long sslCtxSetMode(long ctx, long mode); | |
| 97 | |
| 98 /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success | |
| 99 * when just a single record has been written): */ | |
| 100 public static final int SSL_MODE_ENABLE_PARTIAL_WRITE = 0x1; | |
| 101 | |
| 102 /* Make it possible to retry SSL_write() with changed buffer location | |
| 103 * (buffer contents must stay the same!); this is not the default to avoid | |
| 104 * the misconception that non-blocking SSL_write() behaves like | |
| 105 * non-blocking write(): */ | |
| 106 public static final int SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 0x2; | |
| 107 | |
| 108 /* Don't attempt to automatically build certificate chain */ | |
| 109 static final int SSL_MODE_NO_AUTO_CHAIN = 0x8; | |
| 110 | |
| 111 /* Save RAM by releasing read and write buffers when they're empty. (SSL3 an
d | |
| 112 * TLS only.) "Released" buffers are put onto a free-list in the context | |
| 113 * or just freed (depending on the context's setting for freelist_max_len).
*/ | |
| 114 public static final int SSL_MODE_RELEASE_BUFFERS = 0x10; | |
| 115 | |
| 116 // 1.1 | |
| 117 //static final int SSL_MODE_HANDSHAKE_CUTTHROUGH = ..; | |
| 118 | |
| 119 /** | |
| 120 * SSL_set_mode | |
| 121 */ | |
| 122 public static native long sslSetMode(long tcsock, long mode); | |
| 123 | |
| 124 public static int setNPN(long sslContext, byte[] spdyNPN) { | |
| 125 try { | |
| 126 return SSLExt.setNPN(sslContext, spdyNPN, spdyNPN.length); | |
| 127 } catch (Throwable t) { | |
| 128 t.printStackTrace(); | |
| 129 return -1; | |
| 130 } | |
| 131 } | |
| 132 | |
| 133 /** | |
| 134 * Higher level method, checking if the specified protocol has been | |
| 135 * negotiated. | |
| 136 */ | |
| 137 public static boolean checkNPN(long tcsocket, byte[] expected) { | |
| 138 byte[] npn = new byte[expected.length + 1]; | |
| 139 int npnLen = 0; | |
| 140 try { | |
| 141 npnLen = SSLExt.getNPN(tcsocket, npn); | |
| 142 if (npnLen != expected.length) { | |
| 143 return false; | |
| 144 } | |
| 145 } catch (Throwable t) { | |
| 146 // ignore | |
| 147 return false; | |
| 148 } | |
| 149 for (int i = 0; i < expected.length; i++) { | |
| 150 if (expected[i] != npn[i]) { | |
| 151 return false; | |
| 152 } | |
| 153 } | |
| 154 return true; | |
| 155 } | |
| 156 | |
| 157 | |
| 158 | |
| 159 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2842333002:
Updated netty-tcnative to version 2.0.0.Final (Closed)
