Sync FFM code

apache · Jan 11, 2024 · 86d1b1d · 86d1b1d
1 parent aa50220
commit 86d1b1d
Show file tree

Hide file tree

Showing 13 changed files with 666 additions and 586 deletions.
diff --git a/...enssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java b/...enssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
diff --git a/...penssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java b/...penssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -1096,7 +1096,6 @@ private void setClientAuth(ClientAuthMode mode) {
                 case REQUIRE -> SSL_VERIFY_FAIL_IF_NO_PEER_CERT();
                 case OPTIONAL -> certificateVerificationOptionalNoCA ? OpenSSLContext.OPTIONAL_NO_CA : SSL_VERIFY_PEER();
             };
-            // SSL.setVerify(state.ssl, value, certificateVerificationDepth);
             // Set int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) callback
             int value = switch (mode) {
                 case NONE -> SSL_VERIFY_NONE();
@@ -1209,7 +1208,6 @@ public int apply(int preverify_ok, MemorySegment /*X509_STORE_CTX*/ x509ctx) {
 
     private static int processOCSP(MemorySegment /*X509_STORE_CTX*/ x509ctx) {
         int ocspResponse = V_OCSP_CERTSTATUS_UNKNOWN();
-        // ocspResponse = ssl_verify_OCSP(x509_ctx);
         MemorySegment x509 = X509_STORE_CTX_get_current_cert(x509ctx);
         if (!MemorySegment.NULL.equals(x509)) {
             // No need to check cert->valid, because ssl_verify_OCSP() only
@@ -1322,7 +1320,7 @@ private static int processOCSPRequest(URL url, MemorySegment issuer, MemorySegme
                 return V_OCSP_CERTSTATUS_UNKNOWN();
             }
             MemorySegment buf = bufPointer.get(ValueLayout.ADDRESS, 0);
-            // HTTP request with the following header
+            // HTTP request with the following header:
             // POST urlPath HTTP/1.1
             // Host: urlHost:urlPort
             // Content-Type: application/ocsp-request
@@ -1534,7 +1532,6 @@ public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
                     if (!clientMode) {
                         // if used on the server side SSL_get_peer_cert_chain(...) will not include the remote peer certificate.
                         // We use SSL_get_peer_certificate to get it in this case and add it to our array later.
-                        //
                         // See https://www.openssl.org/docs/ssl/SSL_get_peer_cert_chain.html
                         clientCert = getPeerCertificate();
                     } else {

diff --git a/...nssl-foreign/src/main/java/org/apache/tomcat/util/openssl/PEM_read_bio_PrivateKey$cb.java b/...nssl-foreign/src/main/java/org/apache/tomcat/util/openssl/PEM_read_bio_PrivateKey$cb.java
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// Generated by jextract
+
+package org.apache.tomcat.util.openssl;
+
+import java.lang.foreign.Arena;
+import java.lang.foreign.FunctionDescriptor;
+import java.lang.foreign.Linker;
+import java.lang.foreign.MemorySegment;
+import java.lang.invoke.MethodHandle;
+
+/**
+ * {@snippet lang = c : * int (*PEM_read_bio_PrivateKey$cb)(char* buf,int size,int rwflag,void* userdata);
+ * }
+ */
+@SuppressWarnings("javadoc")
+public interface PEM_read_bio_PrivateKey$cb {
+
+    int apply(MemorySegment buf, int size, int rwflag, MemorySegment userdata);
+
+    FunctionDescriptor $DESC = FunctionDescriptor.of(openssl_h.C_INT, openssl_h.C_POINTER, openssl_h.C_INT,
+            openssl_h.C_INT, openssl_h.C_POINTER);
+
+    MethodHandle UP$MH = openssl_h.upcallHandle(PEM_read_bio_PrivateKey$cb.class, "apply", $DESC);
+
+    static MemorySegment allocate(PEM_read_bio_PrivateKey$cb fi, Arena scope) {
+        return Linker.nativeLinker().upcallStub(UP$MH.bindTo(fi), $DESC, scope);
+    }
+
+    MethodHandle DOWN$MH = Linker.nativeLinker().downcallHandle($DESC);
+
+    static PEM_read_bio_PrivateKey$cb ofAddress(MemorySegment addr, Arena arena) {
+        MemorySegment symbol = addr.reinterpret(arena, null);
+        return (MemorySegment _buf, int _size, int _rwflag, MemorySegment _userdata) -> {
+            try {
+                return (int) DOWN$MH.invokeExact(symbol, _buf, _size, _rwflag, _userdata);
+            } catch (Throwable ex$) {
+                throw new AssertionError("should not reach here", ex$);
+            }
+        };
+    }
+}
+
diff --git a/...penssl-foreign/src/main/java/org/apache/tomcat/util/openssl/PEM_read_bio_X509_AUX$cb.java b/...penssl-foreign/src/main/java/org/apache/tomcat/util/openssl/PEM_read_bio_X509_AUX$cb.java
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// Generated by jextract
+
+package org.apache.tomcat.util.openssl;
+
+import java.lang.foreign.Arena;
+import java.lang.foreign.FunctionDescriptor;
+import java.lang.foreign.Linker;
+import java.lang.foreign.MemorySegment;
+import java.lang.invoke.MethodHandle;
+
+/**
+ * {@snippet lang = c : * int (*PEM_read_bio_X509_AUX$cb)(char* buf,int size,int rwflag,void* userdata);
+ * }
+ */
+@SuppressWarnings("javadoc")
+public interface PEM_read_bio_X509_AUX$cb {
+
+    int apply(MemorySegment buf, int size, int rwflag, MemorySegment userdata);
+
+    FunctionDescriptor $DESC = FunctionDescriptor.of(openssl_h.C_INT, openssl_h.C_POINTER, openssl_h.C_INT,
+            openssl_h.C_INT, openssl_h.C_POINTER);
+
+    MethodHandle UP$MH = openssl_h.upcallHandle(PEM_read_bio_X509_AUX$cb.class, "apply", $DESC);
+
+    static MemorySegment allocate(PEM_read_bio_X509_AUX$cb fi, Arena scope) {
+        return Linker.nativeLinker().upcallStub(UP$MH.bindTo(fi), $DESC, scope);
+    }
+
+    MethodHandle DOWN$MH = Linker.nativeLinker().downcallHandle($DESC);
+
+    static PEM_read_bio_X509_AUX$cb ofAddress(MemorySegment addr, Arena arena) {
+        MemorySegment symbol = addr.reinterpret(arena, null);
+        return (MemorySegment _buf, int _size, int _rwflag, MemorySegment _userdata) -> {
+            try {
+                return (int) DOWN$MH.invokeExact(symbol, _buf, _size, _rwflag, _userdata);
+            } catch (Throwable ex$) {
+                throw new AssertionError("should not reach here", ex$);
+            }
+        };
+    }
+}
+
diff --git a/...l-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_alpn_select_cb$cb.java b/...l-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_alpn_select_cb$cb.java
@@ -30,6 +30,7 @@
  * : * int (*SSL_CTX_set_alpn_select_cb$cb)(struct ssl_st*,unsigned char**,unsigned char*,unsigned char*,unsigned int,void*);
  * }
  */
+@SuppressWarnings("javadoc")
 public interface SSL_CTX_set_alpn_select_cb$cb {
 
     FunctionDescriptor $DESC = FunctionDescriptor.of(openssl_h.C_INT, openssl_h.C_POINTER, openssl_h.C_POINTER,

diff --git a/...ign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_cert_verify_callback$cb.java b/...ign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_cert_verify_callback$cb.java
@@ -29,6 +29,7 @@
  * {@snippet lang = c : * int (*SSL_CTX_set_cert_verify_callback$cb)(X509_STORE_CTX*,void*);
  * }
  */
+@SuppressWarnings("javadoc")
 public interface SSL_CTX_set_cert_verify_callback$cb {
 
     FunctionDescriptor $DESC = FunctionDescriptor.of(openssl_h.C_INT, openssl_h.C_POINTER, openssl_h.C_POINTER);

diff --git a/...oreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_default_passwd_cb$cb.java b/...oreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_default_passwd_cb$cb.java
@@ -29,6 +29,7 @@
  * {@snippet lang = c : * int (*SSL_CTX_set_default_passwd_cb$cb)(char* buf,int size,int rwflag,void* userdata);
  * }
  */
+@SuppressWarnings("javadoc")
 public interface SSL_CTX_set_default_passwd_cb$cb {
 
     FunctionDescriptor $DESC = FunctionDescriptor.of(openssl_h.C_INT, openssl_h.C_POINTER, openssl_h.C_INT,

diff --git a/...-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_tmp_dh_callback$dh.java b/...-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_tmp_dh_callback$dh.java
@@ -29,6 +29,7 @@
  * {@snippet lang = c : * DH* (*SSL_CTX_set_tmp_dh_callback$dh)(SSL*,int,int);
  * }
  */
+@SuppressWarnings("javadoc")
 public interface SSL_CTX_set_tmp_dh_callback$dh {
 
     FunctionDescriptor $DESC = FunctionDescriptor.of(openssl_h.C_POINTER, openssl_h.C_POINTER, openssl_h.C_INT,

diff --git a/...ssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_verify$callback.java b/...ssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_verify$callback.java
@@ -29,6 +29,7 @@
  * {@snippet lang = c : * int (*SSL_CTX_set_verify$callback)(int,struct x509_store_ctx_st*);
  * }
  */
+@SuppressWarnings("javadoc")
 public interface SSL_CTX_set_verify$callback {
 
     FunctionDescriptor $DESC = FunctionDescriptor.of(openssl_h.C_INT, openssl_h.C_INT, openssl_h.C_POINTER);

diff --git a/...penssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_set_info_callback$cb.java b/...penssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_set_info_callback$cb.java
@@ -29,6 +29,7 @@
  * {@snippet lang = c : * void (*SSL_set_info_callback$cb)(SSL*,int,int);
  * }
  */
+@SuppressWarnings("javadoc")
 public interface SSL_set_info_callback$cb {
 
     FunctionDescriptor $DESC = FunctionDescriptor.ofVoid(openssl_h.C_POINTER, openssl_h.C_INT, openssl_h.C_INT);

diff --git a/...openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_set_verify$callback.java b/...openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_set_verify$callback.java
@@ -29,6 +29,7 @@
  * {@snippet lang = c : * int (*SSL_set_verify$callback)(int,struct x509_store_ctx_st*);
  * }
  */
+@SuppressWarnings("javadoc")
 public interface SSL_set_verify$callback {
 
     FunctionDescriptor $DESC = FunctionDescriptor.of(openssl_h.C_INT, openssl_h.C_INT, openssl_h.C_POINTER);