/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.tomcat.jni;
/** SSL Socket
*
* @author Mladen Turk
*/
public class SSLSocket {
/**
* Attach APR socket on a SSL connection.
* @param ctx SSLContext to use.
* @param sock APR Socket that already did physical connect or accept.
* @return APR_STATUS code.
* @throws Exception An error occurred
*/
public static native int attach(long ctx, long sock)
throws Exception;
/**
* Do a SSL handshake.
* @param thesocket The socket to use
* @return the handshake status
*/
public static native int handshake(long thesocket);
/**
* Do a SSL renegotiation.
* SSL supports per-directory re-configuration of SSL parameters.
* This is implemented by performing an SSL renegotiation of the
* re-configured parameters after the request is read, but before the
* response is sent. In more detail: the renegotiation happens after the
* request line and MIME headers were read, but _before_ the attached
* request body is read. The reason simply is that in the HTTP protocol
* usually there is no acknowledgment step between the headers and the
* body (there is the 100-continue feature and the chunking facility
* only), so Apache has no API hook for this step.
*
* @param thesocket The socket to use
* @return the operation status
*/
public static native int renegotiate(long thesocket);
/**
* Set Type of Client Certificate verification and Maximum depth of CA
* Certificates in Client Certificate verification.
* <br>
* This is used to change the verification level for a connection prior to
* starting a re-negotiation.
* <br>
* The following levels are available for level:
* <PRE>
* SSL_CVERIFY_NONE - No client Certificate is required at all
* SSL_CVERIFY_OPTIONAL - The client may present a valid Certificate
* SSL_CVERIFY_REQUIRE - The client has to present a valid
* Certificate
* SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate
* but it need not to be (successfully)
* verifiable
* </PRE>
* <br>
* @param sock The socket to change.
* @param level Type of Client Certificate verification.
* @param depth Maximum number of certificates to permit in chain from
* client to trusted CA. Use a value of 0 or less to leave the
* current value unchanged
*/
public static native void setVerify(long sock, int level, int depth);
/**
* Return SSL Info parameter as byte array.
*
* @param sock The socket to read the data from.
* @param id Parameter id.
* @return Byte array containing info id value.
* @throws Exception An error occurred
*/
public static native byte[] getInfoB(long sock, int id)
throws Exception;
/**
* Return SSL Info parameter as String.
*
* @param sock The socket to read the data from.
* @param id Parameter id.
* @return String containing info id value.
* @throws Exception An error occurred
*/
public static native String getInfoS(long sock, int id)
throws Exception;
/**
* Return SSL Info parameter as integer.
*
* @param sock The socket to read the data from.
* @param id Parameter id.
* @return Integer containing info id value or -1 on error.
* @throws Exception An error occurred
*/
public static native int getInfoI(long sock, int id)
throws Exception;
/**
* Obtain the name of the protocol negotiated via ALPN. Only valid after the
* TLS handshake has completed.
*
* @param sock Socket
* @param negotiatedProtocol Byte array in which to store agreed protocol
*
* @return Length of agreed protocol. Zero means no protocol agreed.
*/
public static native int getALPN(long sock, byte[] negotiatedProtocol);
}