File: SSLSocket.java

package info (click to toggle)
tomcat-native 1.3.1-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 1,956 kB
  • sloc: ansic: 12,920; sh: 3,809; java: 2,432; xml: 709; perl: 327; makefile: 46
file content (137 lines) | stat: -rw-r--r-- 5,210 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
 
/*
 *  Licensed to the Apache Software Foundation (ASF) under one or more
 *  contributor license agreements.  See the NOTICE file distributed with
 *  this work for additional information regarding copyright ownership.
 *  The ASF licenses this file to You under the Apache License, Version 2.0
 *  (the "License"); you may not use this file except in compliance with
 *  the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package org.apache.tomcat.jni;

/**
 * SSL Socket
 *
 * @author Mladen Turk
 *
 * @deprecated  The scope of the APR/Native Library will be reduced in Tomcat
 *              10.1.x / Tomcat Native 2.x onwards to only include those
 *              components required to provide OpenSSL integration with the NIO
 *              and NIO2 connectors.
 */
@Deprecated
public class SSLSocket {

    /**
     * Attach APR socket on an SSL connection.
     * @param ctx SSLContext to use.
     * @param sock APR Socket that already did physical connect or accept.
     * @return APR_STATUS code.
     * @throws Exception An error occurred
     */
    public static native int attach(long ctx, long sock)
        throws Exception;

    /**
     * Do an SSL handshake.
     * @param thesocket The socket to use
     * @return the handshake status
     */
    public static native int handshake(long thesocket);

    /**
     * Do an SSL renegotiation.
     * SSL supports per-directory re-configuration of SSL parameters.
     * This is implemented by performing an SSL renegotiation of the
     * re-configured parameters after the request is read, but before the
     * response is sent. In more detail: the renegotiation happens after the
     * request line and MIME headers were read, but _before_ the attached
     * request body is read. The reason simply is that in the HTTP protocol
     * usually there is no acknowledgment step between the headers and the
     * body (there is the 100-continue feature and the chunking facility
     * only), so Apache has no API hook for this step.
     *
     * @param thesocket The socket to use
     * @return the operation status
     */
    public static native int renegotiate(long thesocket);

    /**
     * Set Type of Client Certificate verification and Maximum depth of CA
     * Certificates in Client Certificate verification.
     * <br>
     * This is used to change the verification level for a connection prior to
     * starting a re-negotiation.
     * <br>
     * The following levels are available for level:
     * <PRE>
     * SSL_CVERIFY_NONE           - No client Certificate is required at all
     * SSL_CVERIFY_OPTIONAL       - The client may present a valid Certificate
     * SSL_CVERIFY_REQUIRE        - The client has to present a valid
     *                              Certificate
     * SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate
     *                              but it need not to be (successfully)
     *                              verifiable
     * </PRE>
     * <br>
     * @param sock  The socket to change.
     * @param level Type of Client Certificate verification.
     * @param depth Maximum number of certificates to permit in chain from
     *              client to trusted CA. Use a value of 0 or less to leave the
     *              current value unchanged
     */
    public static native void setVerify(long sock, int level, int depth);

    /**
     * Return SSL Info parameter as byte array.
     *
     * @param sock The socket to read the data from.
     * @param id Parameter id.
     * @return Byte array containing info id value.
     * @throws Exception An error occurred
     */
    public static native byte[] getInfoB(long sock, int id)
        throws Exception;

    /**
     * Return SSL Info parameter as String.
     *
     * @param sock The socket to read the data from.
     * @param id Parameter id.
     * @return String containing info id value.
     * @throws Exception An error occurred
     */
    public static native String getInfoS(long sock, int id)
        throws Exception;

    /**
     * Return SSL Info parameter as integer.
     *
     * @param sock The socket to read the data from.
     * @param id Parameter id.
     * @return Integer containing info id value or -1 on error.
     * @throws Exception An error occurred
     */
    public static native int getInfoI(long sock, int id)
        throws Exception;


    /**
     * Obtain the name of the protocol negotiated via ALPN. Only valid after the
     * TLS handshake has completed.
     *
     * @param sock                  Socket
     * @param negotiatedProtocol    Byte array in which to store agreed protocol
     *
     * @return Length of agreed protocol. Zero means no protocol agreed.
     */
    public static native int getALPN(long sock, byte[] negotiatedProtocol);

}