WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #142 from cconlon/sessionLocks 

Add synchronization locks around native pointer use and active state
pull/143/head
JacobBarthelmeh 2023-08-02 09:38:05 -06:00 committed by GitHub
parent ee65bcd5eb aa0af3d527
commit f2e2a2f985
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 613 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
src/java/com/wolfssl/WolfSSLCertManager.java
View File

@ -40,6 +40,12 @@ public class WolfSSLCertManager {
private boolean active = false; private boolean active = false;
private long cmPtr = 0; private long cmPtr = 0;
/* lock around active state */
private final Object stateLock = new Object();
/* lock around native WOLFSSL_CERT_MANAGER pointer use */
private final Object cmLock = new Object();
static native long CertManagerNew(); static native long CertManagerNew();
static native void CertManagerFree(long cm); static native void CertManagerFree(long cm);
static native int CertManagerLoadCA(long cm, String f, String d); static native int CertManagerLoadCA(long cm, String f, String d);
@ -62,6 +68,22 @@ public class WolfSSLCertManager {
this.active = true; this.active = true;
} }
/**
* Verifies that the current WolfSSLCertManager object is active.
*
* @throws IllegalStateException if object has been freed
*/
private synchronized void confirmObjectIsActive()
throws IllegalStateException {
synchronized (stateLock) {
if (this.active == false) {
throw new IllegalStateException(
"WolfSSLCertManager object has been freed");
}
}
}
/** /**
* Load CA into CertManager * Load CA into CertManager
* *
@ -69,13 +91,17 @@ public class WolfSSLCertManager {
* @param d directory of X.509 certs to load, or null * @param d directory of X.509 certs to load, or null
* *
* @return WolfSSL.SSL_SUCESS on success, negative on error * @return WolfSSL.SSL_SUCESS on success, negative on error
* @throws IllegalStateException WolfSSLContext has been freed
*/ */
public synchronized int CertManagerLoadCA(String f, String d) { public synchronized int CertManagerLoadCA(String f, String d)
if (this.active == false) throws IllegalStateException {
throw new IllegalStateException("Object has been freed");
confirmObjectIsActive();
synchronized (cmLock) {
return CertManagerLoadCA(this.cmPtr, f, d); return CertManagerLoadCA(this.cmPtr, f, d);
} }
}
/** /**
* Load CA into CertManager from byte array * Load CA into CertManager from byte array
@ -87,33 +113,34 @@ public class WolfSSLCertManager {
* WolfSSL.SSL_FILETYPE_ASN1 (ASN.1/DER). * WolfSSL.SSL_FILETYPE_ASN1 (ASN.1/DER).
* *
* @return WolfSSL.SSL_SUCCESS on success, negative on error * @return WolfSSL.SSL_SUCCESS on success, negative on error
* @throws IllegalStateException WolfSSLContext has been freed
*/ */
public synchronized int CertManagerLoadCABuffer( public synchronized int CertManagerLoadCABuffer(
byte[] in, long sz, int format) { byte[] in, long sz, int format) throws IllegalStateException {
if (this.active == false) confirmObjectIsActive();
throw new IllegalStateException("Object has been freed");
synchronized (cmLock) {
return CertManagerLoadCABuffer(this.cmPtr, in, sz, format); return CertManagerLoadCABuffer(this.cmPtr, in, sz, format);
} }
}
/** /**
* Loads KeyStore certificates into WolfSSLCertManager object. * Loads KeyStore certificates into WolfSSLCertManager object.
* *
* @param ks - input KeyStore from which to load CA certs * @param ks - input KeyStore from which to load CA certs
* @throws WolfSSLException on exception working with KeyStore
* @return WolfSSL.SSL_SUCCESS if at least one cert was loaded * @return WolfSSL.SSL_SUCCESS if at least one cert was loaded
* successfully, otherwise WolfSSL.SSL_FAILURE. * successfully, otherwise WolfSSL.SSL_FAILURE.
* @throws WolfSSLException on exception working with KeyStore
* @throws IllegalStateException WolfSSLContext has been freed
*/ */
public synchronized int CertManagerLoadCAKeyStore(KeyStore ks) public synchronized int CertManagerLoadCAKeyStore(KeyStore ks)
throws WolfSSLException { throws WolfSSLException, IllegalStateException {
int ret = 0; int ret = 0;
int loadedCerts = 0; int loadedCerts = 0;
if (this.active == false) { confirmObjectIsActive();
throw new IllegalStateException("Object has been freed");
}
if (ks == null) { if (ks == null) {
throw new WolfSSLException("Input KeyStore is null"); throw new WolfSSLException("Input KeyStore is null");
@ -159,14 +186,17 @@ public class WolfSSLCertManager {
* Unload any CAs that have been loaded into WolfSSLCertManager object. * Unload any CAs that have been loaded into WolfSSLCertManager object.
* *
* @return WolfSSL.SSL_SUCCESS on success, negative on error. * @return WolfSSL.SSL_SUCCESS on success, negative on error.
* @throws IllegalStateException WolfSSLContext has been freed
*/ */
public synchronized int CertManagerUnloadCAs() { public synchronized int CertManagerUnloadCAs()
if (this.active == false) { throws IllegalStateException {
throw new IllegalStateException("Object has been freed");
}
confirmObjectIsActive();
synchronized (cmLock) {
return CertManagerUnloadCAs(this.cmPtr); return CertManagerUnloadCAs(this.cmPtr);
} }
}
/** /**
* Verify X.509 certificate held in byte array * Verify X.509 certificate held in byte array
@ -179,27 +209,31 @@ public class WolfSSLCertManager {
* *
* @return WolfSSL.SSL_SUCCESS on successful verification, otherwise * @return WolfSSL.SSL_SUCCESS on successful verification, otherwise
* negative on error. * negative on error.
* @throws IllegalStateException WolfSSLContext has been freed
*/ */
public synchronized int CertManagerVerifyBuffer( public synchronized int CertManagerVerifyBuffer(
byte[] in, long sz, int format) { byte[] in, long sz, int format) throws IllegalStateException {
if (this.active == false) confirmObjectIsActive();
throw new IllegalStateException("Object has been freed");
synchronized (cmLock) {
return CertManagerVerifyBuffer(this.cmPtr, in, sz, format); return CertManagerVerifyBuffer(this.cmPtr, in, sz, format);
} }
}
/** /**
* Frees CertManager object * Frees CertManager object
*
* @throws IllegalStateException WolfSSLContext has been freed
* @see WolfSSLSession#freeSSL() * @see WolfSSLSession#freeSSL()
*/ */
public synchronized void free() throws IllegalStateException { public synchronized void free() throws IllegalStateException {
if (this.active == false) synchronized (stateLock) {
throw new IllegalStateException("Object has been freed"); if (this.active == false) {
/* already freed, just return */
return;
}
synchronized (cmLock) {
/* free native resources */ /* free native resources */
CertManagerFree(this.cmPtr); CertManagerFree(this.cmPtr);
@ -207,6 +241,8 @@ public class WolfSSLCertManager {
this.active = false; this.active = false;
this.cmPtr = 0; this.cmPtr = 0;
} }
}
}
@SuppressWarnings("deprecation") @SuppressWarnings("deprecation")
@Override @Override

120
src/java/com/wolfssl/WolfSSLContext.java
View File

@ -72,6 +72,12 @@ public class WolfSSLContext {
/* is this context active, or has it been freed? */ /* is this context active, or has it been freed? */
private boolean active = false; private boolean active = false;
/* lock around active state */
private final Object stateLock = new Object();
/* lock around native WOLFSSL_CTX pointer use */
private final Object ctxLock = new Object();
/** /**
* Creates a new SSL/TLS context for the desired SSL/TLS protocol level. * Creates a new SSL/TLS context for the desired SSL/TLS protocol level.
* *
@ -93,11 +99,7 @@ public class WolfSSLContext {
/* ------------------- private/protected methods -------------------- */ /* ------------------- private/protected methods -------------------- */
protected synchronized long getContextPtr() protected synchronized long getContextPtr() {
{
if (this.active == false) {
return 0;
}
return sslCtxPtr; return sslCtxPtr;
} }
@ -314,11 +316,13 @@ public class WolfSSLContext {
private synchronized void confirmObjectIsActive() private synchronized void confirmObjectIsActive()
throws IllegalStateException { throws IllegalStateException {
synchronized (stateLock) {
if (this.active == false) { if (this.active == false) {
throw new IllegalStateException( throw new IllegalStateException(
"WolfSSLContext object has been freed"); "WolfSSLContext object has been freed");
} }
} }
}
/* ------------------ native method declarations -------------------- */ /* ------------------ native method declarations -------------------- */
@ -408,8 +412,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return useCertificateFile(getContextPtr(), file, format); return useCertificateFile(getContextPtr(), file, format);
} }
}
/** /**
* Loads a private key file into the SSL context. * Loads a private key file into the SSL context.
@ -441,8 +447,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return usePrivateKeyFile(getContextPtr(), file, format); return usePrivateKeyFile(getContextPtr(), file, format);
} }
}
/** /**
* Loads PEM-formatted CA certificates into the SSL context. * Loads PEM-formatted CA certificates into the SSL context.
@ -492,8 +500,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return loadVerifyLocations(getContextPtr(), file, path); return loadVerifyLocations(getContextPtr(), file, path);
} }
}
/** /**
* Loads a chain of certificates into the SSL context. * Loads a chain of certificates into the SSL context.
@ -520,8 +530,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return useCertificateChainFile(getContextPtr(), file); return useCertificateChainFile(getContextPtr(), file);
} }
}
/** /**
@ -563,8 +575,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
setVerify(getContextPtr(), mode, callback); setVerify(getContextPtr(), mode, callback);
} }
}
/** /**
* Sets the options to use for the WOLFSSL structure. * Sets the options to use for the WOLFSSL structure.
@ -580,8 +594,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return setOptions(getContextPtr(), op); return setOptions(getContextPtr(), op);
} }
}
/** /**
* Gets the options to use for the WOLFSSL structure. * Gets the options to use for the WOLFSSL structure.
@ -596,8 +612,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return getOptions(getContextPtr()); return getOptions(getContextPtr());
} }
}
/** /**
* Frees an allocated SSL context. * Frees an allocated SSL context.
@ -611,6 +629,13 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (stateLock) {
if (this.active == false) {
/* already freed, just return */
return;
}
synchronized (ctxLock) {
/* free native resources */ /* free native resources */
freeContext(this.sslCtxPtr); freeContext(this.sslCtxPtr);
@ -618,6 +643,8 @@ public class WolfSSLContext {
this.active = false; this.active = false;
this.sslCtxPtr = 0; this.sslCtxPtr = 0;
} }
}
}
/** /**
* Persists the certificate cache to memory. * Persists the certificate cache to memory.
@ -649,8 +676,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return memsaveCertCache(getContextPtr(), mem, sz, used); return memsaveCertCache(getContextPtr(), mem, sz, used);
} }
}
/** /**
* Restores the certificate cache from memory. * Restores the certificate cache from memory.
@ -682,8 +711,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return memrestoreCertCache(getContextPtr(), mem, sz); return memrestoreCertCache(getContextPtr(), mem, sz);
} }
}
/** /**
* Gets how big the certificate cache save buffer needs to be. * Gets how big the certificate cache save buffer needs to be.
@ -704,8 +735,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return getCertCacheMemsize(getContextPtr()); return getCertCacheMemsize(getContextPtr());
} }
}
/** /**
* Cache size is set at compile time.This function returns the current cache * Cache size is set at compile time.This function returns the current cache
@ -721,8 +754,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return setCacheSize(getContextPtr(), sz); return setCacheSize(getContextPtr(), sz);
} }
}
/** /**
* Gets the cache size is set at compile time. * Gets the cache size is set at compile time.
@ -736,8 +771,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return getCacheSize(getContextPtr()); return getCacheSize(getContextPtr());
} }
}
/** /**
* Sets the cipher suite list for a given SSL context. * Sets the cipher suite list for a given SSL context.
@ -770,8 +807,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return setCipherList(getContextPtr(), list); return setCipherList(getContextPtr(), list);
} }
}
/** /**
* Sets up the group parameters to be used if the server negotiates * Sets up the group parameters to be used if the server negotiates
@ -793,8 +832,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return setTmpDH(getContextPtr(), p, pSz, g, gSz); return setTmpDH(getContextPtr(), p, pSz, g, gSz);
} }
}
/** /**
* Sets up the group parameters from the specified file to be used if the * Sets up the group parameters from the specified file to be used if the
@ -820,8 +861,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return setTmpDHFile(getContextPtr(), fname, format); return setTmpDHFile(getContextPtr(), fname, format);
} }
}
/** /**
* Loads a CA certificate buffer into the SSL context. * Loads a CA certificate buffer into the SSL context.
@ -865,8 +908,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return loadVerifyBuffer(getContextPtr(), in, sz, format); return loadVerifyBuffer(getContextPtr(), in, sz, format);
} }
}
/** /**
* Loads a certificate buffer into the SSL context. * Loads a certificate buffer into the SSL context.
@ -901,8 +946,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return useCertificateBuffer(getContextPtr(), in, sz, format); return useCertificateBuffer(getContextPtr(), in, sz, format);
} }
}
/** /**
* Loads a private key buffer into the SSL context. * Loads a private key buffer into the SSL context.
@ -940,8 +987,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return usePrivateKeyBuffer(getContextPtr(), in, sz, format); return usePrivateKeyBuffer(getContextPtr(), in, sz, format);
} }
}
/** /**
* Loads a certificate chain buffer into the SSL context. * Loads a certificate chain buffer into the SSL context.
@ -979,8 +1028,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return useCertificateChainBuffer(getContextPtr(), in, sz); return useCertificateChainBuffer(getContextPtr(), in, sz);
} }
}
/** /**
* Loads a certificate chain buffer into the SSL context in specific format. * Loads a certificate chain buffer into the SSL context in specific format.
@ -1022,7 +1073,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
return useCertificateChainBufferFormat(getContextPtr(), in, sz, format); synchronized (ctxLock) {
return useCertificateChainBufferFormat(
getContextPtr(), in, sz, format);
}
} }
/** /**
@ -1038,8 +1092,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return setGroupMessages(getContextPtr()); return setGroupMessages(getContextPtr());
} }
}
/** /**
* Registers a receive callback for wolfSSL to get input data. * Registers a receive callback for wolfSSL to get input data.
@ -1070,8 +1126,10 @@ public class WolfSSLContext {
internRecvCb = callback; internRecvCb = callback;
/* register internal callback with native library */ /* register internal callback with native library */
synchronized (ctxLock) {
setIORecv(getContextPtr()); setIORecv(getContextPtr());
} }
}
/** /**
* Registers a send callback for wolfSSL to write output data. * Registers a send callback for wolfSSL to write output data.
@ -1102,8 +1160,10 @@ public class WolfSSLContext {
internSendCb = callback; internSendCb = callback;
/* register internal callback with native library */ /* register internal callback with native library */
synchronized (ctxLock) {
setIOSend(getContextPtr()); setIOSend(getContextPtr());
} }
}
/** /**
* Registers a DTLS cookie generation callback. * Registers a DTLS cookie generation callback.
@ -1134,8 +1194,10 @@ public class WolfSSLContext {
internCookieCb = callback; internCookieCb = callback;
/* register internal callback with native library */ /* register internal callback with native library */
synchronized (ctxLock) {
setGenCookie(getContextPtr()); setGenCookie(getContextPtr());
} }
}
/** /**
* Turns on Certificate Revocation List (CRL) checking when * Turns on Certificate Revocation List (CRL) checking when
@ -1164,8 +1226,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return enableCRL(getContextPtr(), options); return enableCRL(getContextPtr(), options);
} }
}
/** /**
* Turns off Certificate Revocation List (CRL) checking for the * Turns off Certificate Revocation List (CRL) checking for the
@ -1188,8 +1252,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return disableCRL(getContextPtr()); return disableCRL(getContextPtr());
} }
}
/** /**
* Loads CRL files into wolfSSL from the specified path, using the * Loads CRL files into wolfSSL from the specified path, using the
@ -1235,8 +1301,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return loadCRL(getContextPtr(), path, type, monitor); return loadCRL(getContextPtr(), path, type, monitor);
} }
}
/** /**
* Registers CRL callback to be called when CRL lookup fails, using * Registers CRL callback to be called when CRL lookup fails, using
@ -1260,8 +1328,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return setCRLCb(getContextPtr(), cb); return setCRLCb(getContextPtr(), cb);
} }
}
/** /**
* Enable OCSP functionality for this context, set options. * Enable OCSP functionality for this context, set options.
@ -1290,8 +1360,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return enableOCSP(getContextPtr(), options); return enableOCSP(getContextPtr(), options);
} }
}
/** /**
* Disable OCSP for this context. * Disable OCSP for this context.
@ -1305,8 +1377,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return disableOCSP(getContextPtr()); return disableOCSP(getContextPtr());
} }
}
/** /**
* Manually sets the URL for OCSP to use. * Manually sets the URL for OCSP to use.
@ -1330,8 +1404,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return setOCSPOverrideUrl(getContextPtr(), url); return setOCSPOverrideUrl(getContextPtr(), url);
} }
}
/** /**
* Allows caller to set the Atomic User Record Processing Mac/Encrypt * Allows caller to set the Atomic User Record Processing Mac/Encrypt
@ -1367,8 +1443,10 @@ public class WolfSSLContext {
internMacEncryptCb = callback; internMacEncryptCb = callback;
/* register internal callback with native library */ /* register internal callback with native library */
synchronized (ctxLock) {
setMacEncryptCb(getContextPtr()); setMacEncryptCb(getContextPtr());
} }
}
/** /**
* Allows caller to set the Atomic Record Processing Decrypt/Verify * Allows caller to set the Atomic Record Processing Decrypt/Verify
@ -1404,8 +1482,10 @@ public class WolfSSLContext {
internDecryptVerifyCb = callback; internDecryptVerifyCb = callback;
/* register internal callback with native library */ /* register internal callback with native library */
synchronized (ctxLock) {
setDecryptVerifyCb(getContextPtr()); setDecryptVerifyCb(getContextPtr());
} }
}
/** /**
* Allows caller to set the Public Key Callback for ECC Signing. * Allows caller to set the Public Key Callback for ECC Signing.
@ -1438,8 +1518,10 @@ public class WolfSSLContext {
internEccSignCb = callback; internEccSignCb = callback;
/* register internal callback with native library */ /* register internal callback with native library */
synchronized (ctxLock) {
setEccSignCb(getContextPtr()); setEccSignCb(getContextPtr());
} }
}
/** /**
* Allows caller to set the Public Key Callback for ECC Verification. * Allows caller to set the Public Key Callback for ECC Verification.
@ -1472,8 +1554,10 @@ public class WolfSSLContext {
internEccVerifyCb = callback; internEccVerifyCb = callback;
/* register internal callback with native library */ /* register internal callback with native library */
synchronized (ctxLock) {
setEccVerifyCb(getContextPtr()); setEccVerifyCb(getContextPtr());
} }
}
/** /**
* Allows caller to set the Public Key Callback for ECC shared secret. * Allows caller to set the Public Key Callback for ECC shared secret.
@ -1521,8 +1605,10 @@ public class WolfSSLContext {
internEccSharedSecretCb = callback; internEccSharedSecretCb = callback;
/* register internal callback with native library */ /* register internal callback with native library */
synchronized (ctxLock) {
setEccSharedSecretCb(getContextPtr()); setEccSharedSecretCb(getContextPtr());
} }
}
/** /**
* Allows caller to set the Public Key Callback for RSA Signing. * Allows caller to set the Public Key Callback for RSA Signing.
@ -1555,8 +1641,10 @@ public class WolfSSLContext {
internRsaSignCb = callback; internRsaSignCb = callback;
/* register internal callback with native library */ /* register internal callback with native library */
synchronized (ctxLock) {
setRsaSignCb(getContextPtr()); setRsaSignCb(getContextPtr());
} }
}
/** /**
* Allows caller to set the Public Key Callback for RSA Verification. * Allows caller to set the Public Key Callback for RSA Verification.
@ -1589,8 +1677,10 @@ public class WolfSSLContext {
internRsaVerifyCb = callback; internRsaVerifyCb = callback;
/* register internal callback with native library */ /* register internal callback with native library */
synchronized (ctxLock) {
setRsaVerifyCb(getContextPtr()); setRsaVerifyCb(getContextPtr());
} }
}
/** /**
* Allows caller to set the Public Key Callback for RSA Public Encrypt. * Allows caller to set the Public Key Callback for RSA Public Encrypt.
@ -1623,8 +1713,10 @@ public class WolfSSLContext {
internRsaEncCb = callback; internRsaEncCb = callback;
/* register internal callback with native library */ /* register internal callback with native library */
synchronized (ctxLock) {
setRsaEncCb(getContextPtr()); setRsaEncCb(getContextPtr());
} }
}
/** /**
* Allows caller to set the Public Key for RSA Private Decrypt. * Allows caller to set the Public Key for RSA Private Decrypt.
@ -1656,8 +1748,10 @@ public class WolfSSLContext {
internRsaDecCb = callback; internRsaDecCb = callback;
/* register internal callback with native library */ /* register internal callback with native library */
synchronized (ctxLock) {
setRsaDecCb(getContextPtr()); setRsaDecCb(getContextPtr());
} }
}
/** /**
* Allows caller to set the PSK client identity, hint, and key. * Allows caller to set the PSK client identity, hint, and key.
@ -1693,8 +1787,10 @@ public class WolfSSLContext {
internPskClientCb = callback; internPskClientCb = callback;
/* register internal callback with native library */ /* register internal callback with native library */
synchronized (ctxLock) {
setPskClientCb(getContextPtr()); setPskClientCb(getContextPtr());
} }
}
/** /**
* Allows caller to set the PSK server identity and key. * Allows caller to set the PSK server identity and key.
@ -1729,8 +1825,10 @@ public class WolfSSLContext {
internPskServerCb = callback; internPskServerCb = callback;
/* register internal callback with native library */ /* register internal callback with native library */
synchronized (ctxLock) {
setPskServerCb(getContextPtr()); setPskServerCb(getContextPtr());
} }
}
/** /**
* Sets the identity hint for this context. * Sets the identity hint for this context.
@ -1752,8 +1850,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return usePskIdentityHint(getContextPtr(), hint); return usePskIdentityHint(getContextPtr(), hint);
} }
}
/** /**
* Enable use of secure renegotiation on this session. Calling this * Enable use of secure renegotiation on this session. Calling this
@ -1770,8 +1870,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return useSecureRenegotiation(getContextPtr()); return useSecureRenegotiation(getContextPtr());
} }
}
/** /**
* Set minimum supported DH key size for this WOLFSSL_CTX. * Set minimum supported DH key size for this WOLFSSL_CTX.
@ -1789,8 +1891,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return setMinDhKeySz(getContextPtr(), minKeySizeBits); return setMinDhKeySz(getContextPtr(), minKeySizeBits);
} }
}
/** /**
* Set minimum supported RSA key size for this WOLFSSL_CTX. * Set minimum supported RSA key size for this WOLFSSL_CTX.
@ -1808,8 +1912,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return setMinRsaKeySz(getContextPtr(), minKeySizeBits); return setMinRsaKeySz(getContextPtr(), minKeySizeBits);
} }
}
/** /**
* Set minimum supported ECC key size for this WOLFSSL_CTX. * Set minimum supported ECC key size for this WOLFSSL_CTX.
@ -1827,8 +1933,10 @@ public class WolfSSLContext {
confirmObjectIsActive(); confirmObjectIsActive();
synchronized (ctxLock) {
return setMinEccKeySz(getContextPtr(), minKeySizeBits); return setMinEccKeySz(getContextPtr(), minKeySizeBits);
} }
}
@SuppressWarnings("deprecation") @SuppressWarnings("deprecation")
@Override @Override

214
src/java/com/wolfssl/WolfSSLSession.java
View File

File diff suppressed because it is too large Load Diff

31
src/java/com/wolfssl/WolfSSLX509StoreCtx.java
View File

@ -30,6 +30,12 @@ public class WolfSSLX509StoreCtx {
private boolean active = false; private boolean active = false;
private long ctxPtr = 0; private long ctxPtr = 0;
/* lock around active state */
private final Object stateLock = new Object();
/* lock around native WOLFSSL_X509_STORE_CTX pointer use */
private final Object ctxLock = new Object();
static native byte[][] X509_STORE_CTX_getDerCerts(long ctxPtr); static native byte[][] X509_STORE_CTX_getDerCerts(long ctxPtr);
/** /**
@ -48,20 +54,38 @@ public class WolfSSLX509StoreCtx {
this.ctxPtr = ctxPtr; this.ctxPtr = ctxPtr;
} }
/**
* Verifies that the current WolfSSLX509StoreCtx object is active.
*
* @throws IllegalStateException if object has been freed
*/
private synchronized void confirmObjectIsActive()
throws IllegalStateException {
synchronized (stateLock) {
if (this.active == false) {
throw new IllegalStateException(
"WolfSSLX509StoreCtx object has been freed");
}
}
}
/** /**
* Get certificates in WOLFSSL_X509_STORE_CTX as an array of * Get certificates in WOLFSSL_X509_STORE_CTX as an array of
* WolfSSLCertificate objects. * WolfSSLCertificate objects.
* *
* @return array of certificates * @return array of certificates
* @throws WolfSSLException on error * @throws WolfSSLException on error
* @throws IllegalStateException if object has been freed
*/ */
public WolfSSLCertificate[] getCerts() throws WolfSSLException { public WolfSSLCertificate[] getCerts()
throws WolfSSLException, IllegalStateException {
WolfSSLCertificate[] certs = null; WolfSSLCertificate[] certs = null;
if (this.active == false) confirmObjectIsActive();
throw new IllegalStateException("Object is not active");
synchronized (ctxLock) {
byte[][] derCerts = X509_STORE_CTX_getDerCerts(this.ctxPtr); byte[][] derCerts = X509_STORE_CTX_getDerCerts(this.ctxPtr);
if (derCerts != null) { if (derCerts != null) {
@ -72,6 +96,7 @@ public class WolfSSLX509StoreCtx {
certs[i] = new WolfSSLCertificate(derCert); certs[i] = new WolfSSLCertificate(derCert);
} }
} }
}
return certs; return certs;
} }

9
src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java
View File

@ -69,6 +69,9 @@ public class WolfSSLImplementSSLSession implements SSLSession {
private String nullCipher = "SSL_NULL_WITH_NULL_NULL"; private String nullCipher = "SSL_NULL_WITH_NULL_NULL";
private String nullProtocol = "NONE"; private String nullProtocol = "NONE";
/* Lock around access to WOLFSSL_SESSION pointer */
private final Object sesPtrLock = new Object();
/** /**
* Create new WolfSSLImplementSSLSession * Create new WolfSSLImplementSSLSession
* *
@ -510,9 +513,11 @@ public class WolfSSLImplementSSLSession implements SSLSession {
protected synchronized void resume(WolfSSLSession in) { protected synchronized void resume(WolfSSLSession in) {
/* Set session (WOLFSSL_SESSION) into native WOLFSSL, makes /* Set session (WOLFSSL_SESSION) into native WOLFSSL, makes
* a copy of the session so this object can free sesPtr when ready */ * a copy of the session so this object can free sesPtr when ready */
synchronized (sesPtrLock) {
in.setSession(this.sesPtr); in.setSession(this.sesPtr);
ssl = in; ssl = in;
} }
}
/** /**
@ -520,12 +525,14 @@ public class WolfSSLImplementSSLSession implements SSLSession {
*/ */
protected synchronized void setResume() { protected synchronized void setResume() {
if (ssl != null) { if (ssl != null) {
synchronized (sesPtrLock) {
if (this.sesPtr != 0) { if (this.sesPtr != 0) {
WolfSSLSession.freeSession(this.sesPtr); WolfSSLSession.freeSession(this.sesPtr);
} }
this.sesPtr = ssl.getSession(); this.sesPtr = ssl.getSession();
} }
} }
}
/** /**
* Sets the native WOLFSSL_SESSION timeout * Sets the native WOLFSSL_SESSION timeout
@ -567,10 +574,12 @@ public class WolfSSLImplementSSLSession implements SSLSession {
@Override @Override
protected void finalize() throws Throwable protected void finalize() throws Throwable
{ {
synchronized (sesPtrLock) {
if (this.sesPtr != 0) { if (this.sesPtr != 0) {
WolfSSLSession.freeSession(this.sesPtr); WolfSSLSession.freeSession(this.sesPtr);
this.sesPtr = 0; this.sesPtr = 0;
} }
}
super.finalize(); super.finalize();
} }