| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package org.apache.tomcat.jni; |
| |
| /** SSL Socket |
| * |
| * @author Mladen Turk |
| */ |
| public class SSLSocket { |
| |
| /** |
| * Attach APR socket on a SSL connection. |
| * @param ctx SSLContext to use. |
| * @param sock APR Socket that already did physical connect or accept. |
| * @return APR_STATUS code. |
| */ |
| public static native int attach(long ctx, long sock) |
| throws Exception; |
| |
| /** |
| * Do a SSL handshake. |
| * @param thesocket The socket to use |
| */ |
| public static native int handshake(long thesocket); |
| |
| /** |
| * Do a SSL renegotiation. |
| * SSL supports per-directory re-configuration of SSL parameters. |
| * This is implemented by performing an SSL renegotiation of the |
| * re-configured parameters after the request is read, but before the |
| * response is sent. In more detail: the renegotiation happens after the |
| * request line and MIME headers were read, but _before_ the attached |
| * request body is read. The reason simply is that in the HTTP protocol |
| * usually there is no acknowledgment step between the headers and the |
| * body (there is the 100-continue feature and the chunking facility |
| * only), so Apache has no API hook for this step. |
| * |
| * @param thesocket The socket to use |
| */ |
| public static native int renegotiate(long thesocket); |
| |
| /** |
| * Set Type of Client Certificate verification and Maximum depth of CA |
| * Certificates in Client Certificate verification. |
| * <br> |
| * This is used to change the verification level for a connection prior to |
| * starting a re-negotiation. |
| * <br> |
| * The following levels are available for level: |
| * <PRE> |
| * SSL_CVERIFY_NONE - No client Certificate is required at all |
| * SSL_CVERIFY_OPTIONAL - The client may present a valid Certificate |
| * SSL_CVERIFY_REQUIRE - The client has to present a valid |
| * Certificate |
| * SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate |
| * but it need not to be (successfully) |
| * verifiable |
| * </PRE> |
| * <br> |
| * @param sock The socket to change. |
| * @param level Type of Client Certificate verification. |
| */ |
| public static native void setVerify(long sock, int level, int depth); |
| |
| /** |
| * Return SSL Info parameter as byte array. |
| * |
| * @param sock The socket to read the data from. |
| * @param id Parameter id. |
| * @return Byte array containing info id value. |
| */ |
| public static native byte[] getInfoB(long sock, int id) |
| throws Exception; |
| |
| /** |
| * Return SSL Info parameter as String. |
| * |
| * @param sock The socket to read the data from. |
| * @param id Parameter id. |
| * @return String containing info id value. |
| */ |
| public static native String getInfoS(long sock, int id) |
| throws Exception; |
| |
| /** |
| * Return SSL Info parameter as integer. |
| * |
| * @param sock The socket to read the data from. |
| * @param id Parameter id. |
| * @return Integer containing info id value or -1 on error. |
| */ |
| public static native int getInfoI(long sock, int id) |
| throws Exception; |
| |
| } |
