KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > tomcat > jni > SSL


1 /*
2  * Licensed to the Apache Software Foundation (ASF) under one or more
3  * contributor license agreements. See the NOTICE file distributed with
4  * this work for additional information regarding copyright ownership.
5  * The ASF licenses this file to You under the Apache License, Version 2.0
6  * (the "License"); you may not use this file except in compliance with
7  * the License. You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */

17
18 package org.apache.tomcat.jni;
19
20 /** SSL
21  *
22  * @author Mladen Turk
23  * @version $Revision: 467222 $, $Date: 2006-10-24 05:17:11 +0200 (mar., 24 oct. 2006) $
24  */

25
26 public final class SSL {
27
28     /*
29      * Type definitions mostly from mod_ssl
30      */

31     public static final int UNSET = -1;
32     /*
33      * Define the certificate algorithm types
34      */

35     public static final int SSL_ALGO_UNKNOWN = 0;
36     public static final int SSL_ALGO_RSA = (1<<0);
37     public static final int SSL_ALGO_DSA = (1<<1);
38     public static final int SSL_ALGO_ALL = (SSL_ALGO_RSA|SSL_ALGO_DSA);
39
40     public static final int SSL_AIDX_RSA = 0;
41     public static final int SSL_AIDX_DSA = 1;
42     public static final int SSL_AIDX_MAX = 2;
43     /*
44      * Define IDs for the temporary RSA keys and DH params
45      */

46
47     public static final int SSL_TMP_KEY_RSA_512 = 0;
48     public static final int SSL_TMP_KEY_RSA_1024 = 1;
49     public static final int SSL_TMP_KEY_RSA_2048 = 2;
50     public static final int SSL_TMP_KEY_RSA_4096 = 3;
51     public static final int SSL_TMP_KEY_DH_512 = 4;
52     public static final int SSL_TMP_KEY_DH_1024 = 5;
53     public static final int SSL_TMP_KEY_DH_2048 = 6;
54     public static final int SSL_TMP_KEY_DH_4096 = 7;
55     public static final int SSL_TMP_KEY_MAX = 8;
56
57     /*
58      * Define the SSL options
59      */

60     public static final int SSL_OPT_NONE = 0;
61     public static final int SSL_OPT_RELSET = (1<<0);
62     public static final int SSL_OPT_STDENVVARS = (1<<1);
63     public static final int SSL_OPT_EXPORTCERTDATA = (1<<3);
64     public static final int SSL_OPT_FAKEBASICAUTH = (1<<4);
65     public static final int SSL_OPT_STRICTREQUIRE = (1<<5);
66     public static final int SSL_OPT_OPTRENEGOTIATE = (1<<6);
67     public static final int SSL_OPT_ALL = (SSL_OPT_STDENVVARS|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE);
68
69     /*
70      * Define the SSL Protocol options
71      */

72     public static final int SSL_PROTOCOL_NONE = 0;
73     public static final int SSL_PROTOCOL_SSLV2 = (1<<0);
74     public static final int SSL_PROTOCOL_SSLV3 = (1<<1);
75     public static final int SSL_PROTOCOL_TLSV1 = (1<<2);
76     public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1);
77
78     /*
79      * Define the SSL verify levels
80      */

81     public static final int SSL_CVERIFY_UNSET = UNSET;
82     public static final int SSL_CVERIFY_NONE = 0;
83     public static final int SSL_CVERIFY_OPTIONAL = 1;
84     public static final int SSL_CVERIFY_REQUIRE = 2;
85     public static final int SSL_CVERIFY_OPTIONAL_NO_CA = 3;
86
87     /* Use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
88      * are 'ored' with SSL_VERIFY_PEER if they are desired
89      */

90     public static final int SSL_VERIFY_NONE = 0;
91     public static final int SSL_VERIFY_PEER = 1;
92     public static final int SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2;
93     public static final int SSL_VERIFY_CLIENT_ONCE = 4;
94     public static final int SSL_VERIFY_PEER_STRICT = (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
95
96     public static final int SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001;
97     public static final int SSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002;
98     public static final int SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 0x00000008;
99     public static final int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 0x00000010;
100     public static final int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000020;
101     public static final int SSL_OP_MSIE_SSLV2_RSA_PADDING = 0x00000040;
102     public static final int SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000080;
103     public static final int SSL_OP_TLS_D5_BUG = 0x00000100;
104     public static final int SSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000200;
105
106     /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
107      * in OpenSSL 0.9.6d. Usually (depending on the application protocol)
108      * the workaround is not needed. Unfortunately some broken SSL/TLS
109      * implementations cannot handle it at all, which is why we include
110      * it in SSL_OP_ALL. */

111     public static final int SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00000800;
112
113     /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
114      * This used to be 0x000FFFFFL before 0.9.7. */

115     public static final int SSL_OP_ALL = 0x00000FFF;
116
117     /* As server, disallow session resumption on renegotiation */
118     public static final int SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00010000;
119     /* If set, always create a new key when using tmp_dh parameters */
120     public static final int SSL_OP_SINGLE_DH_USE = 0x00100000;
121     /* Set to always use the tmp_rsa key when doing RSA operations,
122      * even when this violates protocol specs */

123     public static final int SSL_OP_EPHEMERAL_RSA = 0x00200000;
124     /* Set on servers to choose the cipher according to the server's
125      * preferences */

126     public static final int SSL_OP_CIPHER_SERVER_PREFERENCE = 0x00400000;
127     /* If set, a server will allow a client to issue a SSLv3.0 version number
128      * as latest version supported in the premaster secret, even when TLSv1.0
129      * (version 3.1) was announced in the client hello. Normally this is
130      * forbidden to prevent version rollback attacks. */

131     public static final int SSL_OP_TLS_ROLLBACK_BUG = 0x00800000;
132
133     public static final int SSL_OP_NO_SSLv2 = 0x01000000;
134     public static final int SSL_OP_NO_SSLv3 = 0x02000000;
135     public static final int SSL_OP_NO_TLSv1 = 0x04000000;
136
137     /* The next flag deliberately changes the ciphertest, this is a check
138      * for the PKCS#1 attack */

139     public static final int SSL_OP_PKCS1_CHECK_1 = 0x08000000;
140     public static final int SSL_OP_PKCS1_CHECK_2 = 0x10000000;
141     public static final int SSL_OP_NETSCAPE_CA_DN_BUG = 0x20000000;
142     public static final int SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x40000000;
143
144     public static final int SSL_CRT_FORMAT_UNDEF = 0;
145     public static final int SSL_CRT_FORMAT_ASN1 = 1;
146     public static final int SSL_CRT_FORMAT_TEXT = 2;
147     public static final int SSL_CRT_FORMAT_PEM = 3;
148     public static final int SSL_CRT_FORMAT_NETSCAPE = 4;
149     public static final int SSL_CRT_FORMAT_PKCS12 = 5;
150     public static final int SSL_CRT_FORMAT_SMIME = 6;
151     public static final int SSL_CRT_FORMAT_ENGINE = 7;
152
153     public static final int SSL_MODE_CLIENT = 0;
154     public static final int SSL_MODE_SERVER = 1;
155     public static final int SSL_MODE_COMBINED = 2;
156
157     public static final int SSL_SHUTDOWN_TYPE_UNSET = 0;
158     public static final int SSL_SHUTDOWN_TYPE_STANDARD = 1;
159     public static final int SSL_SHUTDOWN_TYPE_UNCLEAN = 2;
160     public static final int SSL_SHUTDOWN_TYPE_ACCURATE = 3;
161
162     public static final int SSL_INFO_SESSION_ID = 0x0001;
163     public static final int SSL_INFO_CIPHER = 0x0002;
164     public static final int SSL_INFO_CIPHER_USEKEYSIZE = 0x0003;
165     public static final int SSL_INFO_CIPHER_ALGKEYSIZE = 0x0004;
166     public static final int SSL_INFO_CIPHER_VERSION = 0x0005;
167     public static final int SSL_INFO_CIPHER_DESCRIPTION = 0x0006;
168     public static final int SSL_INFO_PROTOCOL = 0x0007;
169
170     /* To obtain the CountryName of the Client Certificate Issuer
171      * use the SSL_INFO_CLIENT_I_DN + SSL_INFO_DN_COUNTRYNAME
172      */

173     public static final int SSL_INFO_CLIENT_S_DN = 0x0010;
174     public static final int SSL_INFO_CLIENT_I_DN = 0x0020;
175     public static final int SSL_INFO_SERVER_S_DN = 0x0040;
176     public static final int SSL_INFO_SERVER_I_DN = 0x0080;
177
178     public static final int SSL_INFO_DN_COUNTRYNAME = 0x0001;
179     public static final int SSL_INFO_DN_STATEORPROVINCENAME = 0x0002;
180     public static final int SSL_INFO_DN_LOCALITYNAME = 0x0003;
181     public static final int SSL_INFO_DN_ORGANIZATIONNAME = 0x0004;
182     public static final int SSL_INFO_DN_ORGANIZATIONALUNITNAME = 0x0005;
183     public static final int SSL_INFO_DN_COMMONNAME = 0x0006;
184     public static final int SSL_INFO_DN_TITLE = 0x0007;
185     public static final int SSL_INFO_DN_INITIALS = 0x0008;
186     public static final int SSL_INFO_DN_GIVENNAME = 0x0009;
187     public static final int SSL_INFO_DN_SURNAME = 0x000A;
188     public static final int SSL_INFO_DN_DESCRIPTION = 0x000B;
189     public static final int SSL_INFO_DN_UNIQUEIDENTIFIER = 0x000C;
190     public static final int SSL_INFO_DN_EMAILADDRESS = 0x000D;
191
192     public static final int SSL_INFO_CLIENT_M_VERSION = 0x0101;
193     public static final int SSL_INFO_CLIENT_M_SERIAL = 0x0102;
194     public static final int SSL_INFO_CLIENT_V_START = 0x0103;
195     public static final int SSL_INFO_CLIENT_V_END = 0x0104;
196     public static final int SSL_INFO_CLIENT_A_SIG = 0x0105;
197     public static final int SSL_INFO_CLIENT_A_KEY = 0x0106;
198     public static final int SSL_INFO_CLIENT_CERT = 0x0107;
199     public static final int SSL_INFO_CLIENT_V_REMAIN = 0x0108;
200
201     public static final int SSL_INFO_SERVER_M_VERSION = 0x0201;
202     public static final int SSL_INFO_SERVER_M_SERIAL = 0x0202;
203     public static final int SSL_INFO_SERVER_V_START = 0x0203;
204     public static final int SSL_INFO_SERVER_V_END = 0x0204;
205     public static final int SSL_INFO_SERVER_A_SIG = 0x0205;
206     public static final int SSL_INFO_SERVER_A_KEY = 0x0206;
207     public static final int SSL_INFO_SERVER_CERT = 0x0207;
208     /* Return client certificate chain.
209      * Add certificate chain number to that flag (0 ... verify depth)
210      */

211     public static final int SSL_INFO_CLIENT_CERT_CHAIN = 0x0400;
212     /* Return OpenSSL version number */
213     public static native int version();
214
215     /* Return OpenSSL version string */
216     public static native String JavaDoc versionString();
217
218     /**
219      * Initialize OpenSSL support.
220      * This function needs to be called once for the
221      * lifetime of JVM. Library.init() has to be called before.
222      * @param engine Support for external a Crypto Device ("engine"),
223      * usually
224      * a hardware accellerator card for crypto operations.
225      * @return APR status code
226      */

227     public static native int initialize(String JavaDoc engine);
228
229     /**
230      * Add content of the file to the PRNG
231      * @param filename Filename containing random data.
232      * If null the default file will be tested.
233      * The seed file is $RANDFILE if that environment variable is
234      * set, $HOME/.rnd otherwise.
235      * In case both files are unavailable builtin
236      * random seed generator is used.
237      */

238     public static native boolean randLoad(String JavaDoc filename);
239
240     /**
241      * Writes a number of random bytes (currently 1024) to
242      * file <code>filename</code> which can be used to initialize the PRNG
243      * by calling randLoad in a later session.
244      * @param filename Filename to save the data
245      */

246     public static native boolean randSave(String JavaDoc filename);
247
248     /**
249      * Creates random data to filename
250      * @param filename Filename to save the data
251      * @param len The length of random sequence in bytes
252      * @param base64 Output the data in Base64 encoded format
253      */

254     public static native boolean randMake(String JavaDoc filename, int len,
255                                           boolean base64);
256
257     /**
258      * Initialize new BIO
259      * @param pool The pool to use.
260      * @param callback BIOCallback to use
261      * @return New BIO handle
262      */

263      public static native long newBIO(long pool, BIOCallback callback)
264             throws Exception JavaDoc;
265
266     /**
267      * Close BIO and derefrence callback object
268      * @param bio BIO to close and destroy.
269      * @return APR Status code
270      */

271      public static native int closeBIO(long bio);
272
273     /**
274      * Set global Password callback for obtaining passwords.
275      * @param callback PasswordCallback implementation to use.
276      */

277      public static native void setPasswordCallback(PasswordCallback callback);
278
279     /**
280      * Set global Password for decrypting certificates and keys.
281      * @param password Password to use.
282      */

283      public static native void setPassword(String JavaDoc password);
284
285     /**
286      * Generate temporary RSA key.
287      * <br />
288      * Index can be one of:
289      * <PRE>
290      * SSL_TMP_KEY_RSA_512
291      * SSL_TMP_KEY_RSA_1024
292      * SSL_TMP_KEY_RSA_2048
293      * SSL_TMP_KEY_RSA_4096
294      * </PRE>
295      * By default 512 and 1024 keys are generated on startup.
296      * You can use a low priority thread to generate them on the fly.
297      * @param idx temporary key index.
298      */

299     public static native boolean generateRSATempKey(int idx);
300
301     /**
302      * Load temporary DSA key from file
303      * <br />
304      * Index can be one of:
305      * <PRE>
306      * SSL_TMP_KEY_DH_512
307      * SSL_TMP_KEY_DH_1024
308      * SSL_TMP_KEY_DH_2048
309      * SSL_TMP_KEY_DH_4096
310      * </PRE>
311      * @param idx temporary key index.
312      * @param file File contatining DH params.
313      */

314     public static native boolean loadDSATempKey(int idx, String JavaDoc file);
315
316     /**
317      * Return last SSL error string
318      */

319     public static native String JavaDoc getLastError();
320 }
321
Popular Tags