Attachment #35069 for bug #60461

View | Details | Raw Unified | Return to bug 60461
Collapse All | Expand All




import java.security.cert.X509Certificate;

import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLSocket;

/**
 * Implementation of SSLSupport for APR.

 */
public class AprSSLSupport implements SSLSupport {

    private final AprEndpoint.AprSocketWrapper socketWrapper;
    private final String clientCertProvider;


    public AprSSLSupport(AprEndpoint.AprSocketWrapper socketWrapper, String clientCertProvider) {
        this.socketWrapper = socketWrapper;
        this.clientCertProvider = clientCertProvider;
    }


    @Override
    public String getCipherSuite() throws IOException {
        long socketRef = socketWrapper.getSocket().longValue();
        if (socketRef == 0) {
            return null;
        }
        try {
            return socketWrapper.getSSLInfoS(SSL.SSL_INFO_CIPHER);
        } catch (Exception e) {
            throw new IOException(e);
        }


    @Override
    public X509Certificate[] getPeerCertificateChain() throws IOException {
        long socketRef = socketWrapper.getSocket().longValue();
        if (socketRef == 0) {
            return null;
        }

        try {
            // certLength == -1 indicates an error
            int certLength = socketWrapper.getSSLInfoI(SSL.SSL_INFO_CLIENT_CERT_CHAIN);
            byte[] clientCert = socketWrapper.getSSLInfoB(SSL.SSL_INFO_CLIENT_CERT);
            X509Certificate[] certs = null;
            if (clientCert != null  && certLength > -1) {
                certs = new X509Certificate[certLength + 1];

                }
                certs[0] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(clientCert));
                for (int i = 0; i < certLength; i++) {
                    byte[] data = socketWrapper.getSSLInfoB(SSL.SSL_INFO_CLIENT_CERT_CHAIN + i);
                    certs[i+1] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(data));
                }
            }


    @Override
    public Integer getKeySize() throws IOException {
        long socketRef = socketWrapper.getSocket().longValue();
        if (socketRef == 0) {
            return null;
        }

        try {
            return Integer.valueOf(socketWrapper.getSSLInfoI(SSL.SSL_INFO_CIPHER_USEKEYSIZE));
        } catch (Exception e) {
            throw new IOException(e);
        }


    @Override
    public String getSessionId() throws IOException {
        long socketRef = socketWrapper.getSocket().longValue();
        if (socketRef == 0) {
            return null;
        }

        try {
            return socketWrapper.getSSLInfoS(SSL.SSL_INFO_SESSION_ID);
        } catch (Exception e) {
            throw new IOException(e);
        }


    @Override
    public String getProtocol() throws IOException {
        long socketRef = socketWrapper.getSocket().longValue();
        if (socketRef == 0) {
            return null;
        }

        try {
            return socketWrapper.getSSLInfoS(SSL.SSL_INFO_PROTOCOL);
        } catch (Exception e) {
            throw new IOException(e);
        }




        public void setAppReadBufHandler(ApplicationBufferHandler handler) {
            // no-op
        }

        String getSSLInfoS(int id) {
            synchronized (closedLock) {
                if (closed) {
                    return null;
                }
                try {
                    return SSLSocket.getInfoS(getSocket().longValue(), id);
                } catch (Exception e) {
                    throw new IllegalStateException(e);
                }
            }
        }

        int getSSLInfoI(int id) {
            synchronized (closedLock) {
                if (closed) {
                    return 0;
                }
                try {
                    return SSLSocket.getInfoI(getSocket().longValue(), id);
                } catch (Exception e) {
                    throw new IllegalStateException(e);
                }
            }
        }

        byte[] getSSLInfoB(int id) {
            synchronized (closedLock) {
                if (closed) {
                    return null;
                }
                try {
                    return SSLSocket.getInfoB(getSocket().longValue(), id);
                } catch (Exception e) {
                    throw new IllegalStateException(e);
                }
            }
        }
    }
}

Return to bug 60461

Lines 22-28 Link Here

(-)java/org/apache/tomcat/util/net/AprSSLSupport.java (-34 / +9 lines)
22	import java.security.cert.X509Certificate;	22	import java.security.cert.X509Certificate;
23		23
24	import org.apache.tomcat.jni.SSL;	24	import org.apache.tomcat.jni.SSL;
25	import org.apache.tomcat.jni.SSLSocket;
26		25
27	/**	26	/**
28	* Implementation of SSLSupport for APR.	27	* Implementation of SSLSupport for APR.
Lines 32-42 Link Here
32	*/	31	*/
33	public class AprSSLSupport implements SSLSupport {	32	public class AprSSLSupport implements SSLSupport {
34		33
35	private final SocketWrapperBase<Long> socketWrapper;	34	private final AprEndpoint.AprSocketWrapper socketWrapper;
36	private final String clientCertProvider;	35	private final String clientCertProvider;
37		36
38		37
39	public AprSSLSupport(SocketWrapperBase<Long> socketWrapper, String clientCertProvider) {	38	public AprSSLSupport(AprEndpoint.AprSocketWrapper socketWrapper, String clientCertProvider) {
40	this.socketWrapper = socketWrapper;	39	this.socketWrapper = socketWrapper;
41	this.clientCertProvider = clientCertProvider;	40	this.clientCertProvider = clientCertProvider;
42	}	41	}
Lines 44-55 Link Here
44		43
45	@Override	44	@Override
46	public String getCipherSuite() throws IOException {	45	public String getCipherSuite() throws IOException {
47	long socketRef = socketWrapper.getSocket().longValue();
48	if (socketRef == 0) {
49	return null;
50	}
51	try {	46	try {
52	return SSLSocket.getInfoS(socketRef, SSL.SSL_INFO_CIPHER);	47	return socketWrapper.getSSLInfoS(SSL.SSL_INFO_CIPHER);
53	} catch (Exception e) {	48	} catch (Exception e) {
54	throw new IOException(e);	49	throw new IOException(e);
55	}	50	}
Lines 58-72 Link Here
58		53
59	@Override	54	@Override
60	public X509Certificate[] getPeerCertificateChain() throws IOException {	55	public X509Certificate[] getPeerCertificateChain() throws IOException {
61	long socketRef = socketWrapper.getSocket().longValue();
62	if (socketRef == 0) {
63	return null;
64	}
65
66	try {	56	try {
67	// certLength == -1 indicates an error	57	// certLength == -1 indicates an error
68	int certLength = SSLSocket.getInfoI(socketRef, SSL.SSL_INFO_CLIENT_CERT_CHAIN);	58	int certLength = socketWrapper.getSSLInfoI(SSL.SSL_INFO_CLIENT_CERT_CHAIN);
69	byte[] clientCert = SSLSocket.getInfoB(socketRef, SSL.SSL_INFO_CLIENT_CERT);	59	byte[] clientCert = socketWrapper.getSSLInfoB(SSL.SSL_INFO_CLIENT_CERT);
70	X509Certificate[] certs = null;	60	X509Certificate[] certs = null;
71	if (clientCert != null && certLength > -1) {	61	if (clientCert != null && certLength > -1) {
72	certs = new X509Certificate[certLength + 1];	62	certs = new X509Certificate[certLength + 1];
Lines 78-84 Link Here
78	}	68	}
79	certs[0] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(clientCert));	69	certs[0] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(clientCert));
80	for (int i = 0; i < certLength; i++) {	70	for (int i = 0; i < certLength; i++) {
81	byte[] data = SSLSocket.getInfoB(socketRef, SSL.SSL_INFO_CLIENT_CERT_CHAIN + i);	71	byte[] data = socketWrapper.getSSLInfoB(SSL.SSL_INFO_CLIENT_CERT_CHAIN + i);
82	certs[i+1] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(data));	72	certs[i+1] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(data));
83	}	73	}
84	}	74	}
Lines 91-103 Link Here
91		81
92	@Override	82	@Override
93	public Integer getKeySize() throws IOException {	83	public Integer getKeySize() throws IOException {
94	long socketRef = socketWrapper.getSocket().longValue();
95	if (socketRef == 0) {
96	return null;
97	}
98
99	try {	84	try {
100	return Integer.valueOf(SSLSocket.getInfoI(socketRef, SSL.SSL_INFO_CIPHER_USEKEYSIZE));	85	return Integer.valueOf(socketWrapper.getSSLInfoI(SSL.SSL_INFO_CIPHER_USEKEYSIZE));
101	} catch (Exception e) {	86	} catch (Exception e) {
102	throw new IOException(e);	87	throw new IOException(e);
103	}	88	}
Lines 106-118 Link Here
106		91
107	@Override	92	@Override
108	public String getSessionId() throws IOException {	93	public String getSessionId() throws IOException {
109	long socketRef = socketWrapper.getSocket().longValue();
110	if (socketRef == 0) {
111	return null;
112	}
113
114	try {	94	try {
115	return SSLSocket.getInfoS(socketRef, SSL.SSL_INFO_SESSION_ID);	95	return socketWrapper.getSSLInfoS(SSL.SSL_INFO_SESSION_ID);
116	} catch (Exception e) {	96	} catch (Exception e) {
117	throw new IOException(e);	97	throw new IOException(e);
118	}	98	}
Lines 120-132 Link Here
120		100
121	@Override	101	@Override
122	public String getProtocol() throws IOException {	102	public String getProtocol() throws IOException {
123	long socketRef = socketWrapper.getSocket().longValue();
124	if (socketRef == 0) {
125	return null;
126	}
127
128	try {	103	try {
129	return SSLSocket.getInfoS(socketRef, SSL.SSL_INFO_PROTOCOL);	104	return socketWrapper.getSSLInfoS(SSL.SSL_INFO_PROTOCOL);
130	} catch (Exception e) {	105	} catch (Exception e) {
131	throw new IOException(e);	106	throw new IOException(e);
132	}	107	}

Lines 2761-2765 Link Here

(-)java/org/apache/tomcat/util/net/AprEndpoint.java (+39 lines)
2761	public void setAppReadBufHandler(ApplicationBufferHandler handler) {	2761	public void setAppReadBufHandler(ApplicationBufferHandler handler) {
2762	// no-op	2762	// no-op
2763	}	2763	}
		2764
		2765	String getSSLInfoS(int id) {
		2766	synchronized (closedLock) {
		2767	if (closed) {
		2768	return null;
		2769	}
		2770	try {
		2771	return SSLSocket.getInfoS(getSocket().longValue(), id);
		2772	} catch (Exception e) {
		2773	throw new IllegalStateException(e);
		2774	}
		2775	}
		2776	}
		2777
		2778	int getSSLInfoI(int id) {
		2779	synchronized (closedLock) {
		2780	if (closed) {
		2781	return 0;
		2782	}
		2783	try {
		2784	return SSLSocket.getInfoI(getSocket().longValue(), id);
		2785	} catch (Exception e) {
		2786	throw new IllegalStateException(e);
		2787	}
		2788	}
		2789	}
		2790
		2791	byte[] getSSLInfoB(int id) {
		2792	synchronized (closedLock) {
		2793	if (closed) {
		2794	return null;
		2795	}
		2796	try {
		2797	return SSLSocket.getInfoB(getSocket().longValue(), id);
		2798	} catch (Exception e) {
		2799	throw new IllegalStateException(e);
		2800	}
		2801	}
		2802	}
2764	}	2803	}
2765	}	2804	}