📄 sslinfo.c
字号:
TCN_IMPLEMENT_CALL(jstring, SSLSocket, getInfoS)(TCN_STDARGS, jlong sock,
jint what)
{
tcn_socket_t *a = J2P(sock, tcn_socket_t *);
tcn_ssl_conn_t *s;
jstring value = NULL;
apr_status_t rv = APR_SUCCESS;
UNREFERENCED(o);
TCN_ASSERT(sock != 0);
s = (tcn_ssl_conn_t *)(a->opaque);
switch (what) {
case SSL_INFO_SESSION_ID:
{
SSL_SESSION *session = SSL_get_session(s->ssl);
if (session) {
char *hs = convert_to_hex(&session->session_id[0],
session->session_id_length);
if (hs) {
value = tcn_new_string(e, hs);
free(hs);
}
}
}
break;
case SSL_INFO_PROTOCOL:
value = tcn_new_string(e, SSL_get_version(s->ssl));
break;
case SSL_INFO_CIPHER:
value = tcn_new_string(e, SSL_get_cipher_name(s->ssl));
break;
case SSL_INFO_CIPHER_VERSION:
value = tcn_new_string(e, SSL_get_cipher_version(s->ssl));
break;
case SSL_INFO_CIPHER_DESCRIPTION:
{
SSL_CIPHER *cipher = SSL_get_current_cipher(s->ssl);
if (cipher) {
char buf[256];
char *desc = SSL_CIPHER_description(cipher, buf, 256);
value = tcn_new_string(e, desc);
}
}
break;
default:
rv = APR_EINVAL;
break;
}
if (what & (SSL_INFO_CLIENT_S_DN | SSL_INFO_CLIENT_I_DN)) {
X509 *xs;
X509_NAME *xsname;
if ((xs = SSL_get_peer_certificate(s->ssl)) != NULL) {
char *result;
int idx = what & 0x0F;
if (what & SSL_INFO_CLIENT_S_DN)
xsname = X509_get_subject_name(xs);
else
xsname = X509_get_issuer_name(xs);
if (idx) {
result = lookup_ssl_cert_dn(xsname, idx);
if (result) {
value = tcn_new_string(e, result);
free(result);
}
}
else
value = tcn_new_string(e, X509_NAME_oneline(xsname, NULL, 0));
X509_free(xs);
}
rv = APR_SUCCESS;
}
else if (what & (SSL_INFO_SERVER_S_DN | SSL_INFO_SERVER_I_DN)) {
X509 *xs;
X509_NAME *xsname;
if ((xs = SSL_get_certificate(s->ssl)) != NULL) {
char *result;
int idx = what & 0x0F;
if (what & SSL_INFO_SERVER_S_DN)
xsname = X509_get_subject_name(xs);
else
xsname = X509_get_issuer_name(xs);
if (idx) {
result = lookup_ssl_cert_dn(xsname, what & 0x0F);
if (result) {
value = tcn_new_string(e, result);
free(result);
}
}
else
value = tcn_new_string(e, X509_NAME_oneline(xsname, NULL, 0));
/* XXX: No need to call the X509_free(xs); */
}
rv = APR_SUCCESS;
}
else if (what & SSL_INFO_CLIENT_MASK) {
X509 *xs;
char *result;
int nid;
if ((xs = SSL_get_peer_certificate(s->ssl)) != NULL) {
switch (what) {
case SSL_INFO_CLIENT_V_START:
if ((result = get_cert_valid(X509_get_notBefore(xs)))) {
value = tcn_new_string(e, result);
free(result);
}
break;
case SSL_INFO_CLIENT_V_END:
if ((result = get_cert_valid(X509_get_notAfter(xs)))) {
value = tcn_new_string(e, result);
free(result);
}
break;
case SSL_INFO_CLIENT_A_SIG:
nid = OBJ_obj2nid((ASN1_OBJECT *)xs->cert_info->signature->algorithm);
if (nid == NID_undef)
value = tcn_new_string(e, "UNKNOWN");
else
value = tcn_new_string(e, OBJ_nid2ln(nid));
break;
case SSL_INFO_CLIENT_A_KEY:
nid = OBJ_obj2nid((ASN1_OBJECT *)xs->cert_info->key->algor->algorithm);
if (nid == NID_undef)
value = tcn_new_string(e, "UNKNOWN");
else
value = tcn_new_string(e, OBJ_nid2ln(nid));
break;
case SSL_INFO_CLIENT_CERT:
if ((result = get_cert_PEM(xs))) {
value = tcn_new_string(e, result);
free(result);
}
break;
case SSL_INFO_CLIENT_M_SERIAL:
if ((result = get_cert_serial(xs))) {
value = tcn_new_string(e, result);
free(result);
}
break;
}
X509_free(xs);
}
rv = APR_SUCCESS;
}
else if (what & SSL_INFO_SERVER_MASK) {
X509 *xs;
char *result;
int nid;
if ((xs = SSL_get_certificate(s->ssl)) != NULL) {
switch (what) {
case SSL_INFO_SERVER_V_START:
if ((result = get_cert_valid(X509_get_notBefore(xs)))) {
value = tcn_new_string(e, result);
free(result);
}
break;
case SSL_INFO_SERVER_V_END:
if ((result = get_cert_valid(X509_get_notAfter(xs)))) {
value = tcn_new_string(e, result);
free(result);
}
break;
case SSL_INFO_SERVER_A_SIG:
nid = OBJ_obj2nid((ASN1_OBJECT *)xs->cert_info->signature->algorithm);
if (nid == NID_undef)
value = tcn_new_string(e, "UNKNOWN");
else
value = tcn_new_string(e, OBJ_nid2ln(nid));
break;
case SSL_INFO_SERVER_A_KEY:
nid = OBJ_obj2nid((ASN1_OBJECT *)xs->cert_info->key->algor->algorithm);
if (nid == NID_undef)
value = tcn_new_string(e, "UNKNOWN");
else
value = tcn_new_string(e, OBJ_nid2ln(nid));
break;
case SSL_INFO_SERVER_CERT:
if ((result = get_cert_PEM(xs))) {
value = tcn_new_string(e, result);
free(result);
}
break;
case SSL_INFO_SERVER_M_SERIAL:
if ((result = get_cert_serial(xs))) {
value = tcn_new_string(e, result);
free(result);
}
break;
}
/* XXX: No need to call the X509_free(xs); */
}
rv = APR_SUCCESS;
}
else if (what & SSL_INFO_CLIENT_CERT_CHAIN) {
X509 *xs;
char *result;
STACK_OF(X509) *sk = SSL_get_peer_cert_chain(s->ssl);
int n = what & 0x0F;
if (n < sk_X509_num(sk)) {
xs = sk_X509_value(sk, n);
if ((result = get_cert_PEM(xs))) {
value = tcn_new_string(e, result);
free(result);
}
}
rv = APR_SUCCESS;
}
if (rv != APR_SUCCESS)
tcn_ThrowAPRException(e, rv);
return value;
}
TCN_IMPLEMENT_CALL(jint, SSLSocket, getInfoI)(TCN_STDARGS, jlong sock,
jint what)
{
tcn_socket_t *a = J2P(sock, tcn_socket_t *);
tcn_ssl_conn_t *s;
apr_status_t rv = APR_SUCCESS;
jint value = -1;
UNREFERENCED(o);
TCN_ASSERT(sock != 0);
s = (tcn_ssl_conn_t *)(a->opaque);
switch (what) {
case SSL_INFO_CIPHER_USEKEYSIZE:
case SSL_INFO_CIPHER_ALGKEYSIZE:
{
int usekeysize = 0;
int algkeysize = 0;
SSL_CIPHER *cipher = SSL_get_current_cipher(s->ssl);
if (cipher) {
usekeysize = SSL_CIPHER_get_bits(cipher, &algkeysize);
if (what == SSL_INFO_CIPHER_USEKEYSIZE)
value = usekeysize;
else
value = algkeysize;
}
}
break;
case SSL_INFO_CLIENT_CERT_CHAIN:
{
STACK_OF(X509) *sk = SSL_get_peer_cert_chain(s->ssl);
value = sk_X509_num(sk);
}
break;
default:
rv = APR_EINVAL;
break;
}
if (what & SSL_INFO_CLIENT_MASK) {
X509 *xs;
if ((xs = SSL_get_peer_certificate(s->ssl)) != NULL) {
switch (what) {
case SSL_INFO_CLIENT_V_REMAIN:
value = get_days_remaining(X509_get_notAfter(xs));
rv = APR_SUCCESS;
break;
default:
rv = APR_EINVAL;
break;
}
X509_free(xs);
}
}
if (rv != APR_SUCCESS)
tcn_ThrowAPRException(e, rv);
return value;
}
#else
/* OpenSSL is not supported
* If someday we make OpenSSL optional
* APR_ENOTIMPL will go here
*/
#error "No OpenSSL Toolkit defined."
#endif
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -