diff --git a/README.md b/README.md index 3e4e5217..2d2a7b94 100644 --- a/README.md +++ b/README.md @@ -218,6 +218,7 @@ and what each enables. | System Property | Default | To Enable | Description | | --- | --- | --- | --- | | wolfssl.debug | "false" | "true" | Enables native wolfSSL debug logging | +| wolfssljni.debug | "false" | "true" | Enables wolfJNI debug logging | | wolfjsse.debug | "false" | "true | Enables wolfJSSE debug logging | | wolfjsse.debugFormat | | "JSON" | Switches debug output format | | wolfsslengine.debug | "false" | "true" | Enables SSLEngine debug logging | @@ -239,6 +240,15 @@ System.setProperty("wolfjsse.debug", "true"); System.setProperty("wolfsslengine.debug", "true); ``` +If wolfSSL JNI/JSSE debug System properties are changed at runtime after +the WolfSSLDebug class has already been initialized/used, applications need +to refresh the debug property values inside the WolfSSLDebug class. To do so, +after setting System properties, call: + +``` +WolfSSLDebug.refreshDebugFlags() +``` + JDK debug logging can be enabled using the `-Djavax.net.debug=all` option. ### JSON Log Message Format diff --git a/examples/Client.java b/examples/Client.java index a8fa186b..8c56fe9c 100644 --- a/examples/Client.java +++ b/examples/Client.java @@ -230,7 +230,6 @@ public void run(String[] args) { /* init library */ WolfSSL sslLib = new WolfSSL(); - sslLib.debuggingON(); /* set logging callback */ if (logCallback == 1) { diff --git a/examples/Server.java b/examples/Server.java index 672949a1..adb7c253 100644 --- a/examples/Server.java +++ b/examples/Server.java @@ -217,7 +217,6 @@ public void run(String[] args) { /* init library */ WolfSSL sslLib = new WolfSSL(); - sslLib.debuggingON(); /* set logging callback */ if (logCallback == 1) { diff --git a/examples/provider/ClientJSSE.java b/examples/provider/ClientJSSE.java index bd515b52..6509316f 100644 --- a/examples/provider/ClientJSSE.java +++ b/examples/provider/ClientJSSE.java @@ -50,7 +50,7 @@ import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.TrustManagerFactory; -import com.wolfssl.provider.jsse.WolfSSLDebug; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.provider.jsse.WolfSSLProvider; import com.wolfssl.WolfSSL; import java.security.PrivateKey; diff --git a/examples/provider/ServerJSSE.java b/examples/provider/ServerJSSE.java index b6a1e5ef..1abd1f80 100644 --- a/examples/provider/ServerJSSE.java +++ b/examples/provider/ServerJSSE.java @@ -35,7 +35,7 @@ import javax.net.ssl.TrustManagerFactory; import com.wolfssl.WolfSSLException; -import com.wolfssl.provider.jsse.WolfSSLDebug; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.provider.jsse.WolfSSLProvider; public class ServerJSSE { diff --git a/src/java/com/wolfssl/WolfSSL.java b/src/java/com/wolfssl/WolfSSL.java index b4c8be24..247c4395 100644 --- a/src/java/com/wolfssl/WolfSSL.java +++ b/src/java/com/wolfssl/WolfSSL.java @@ -568,7 +568,12 @@ public enum TLS_VERSION { * initialize correctly */ public WolfSSL() throws WolfSSLException { - int ret = init(); + int ret; + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "initializing wolfSSL library"); + + ret = init(); if (ret != SSL_SUCCESS) { throw new WolfSSLException("Failed to initialize wolfSSL library: " + ret); @@ -663,6 +668,9 @@ public static void loadLibrary() throws UnsatisfiedLinkError { int fipsLoaded = 0; + WolfSSLDebug.log(WolfSSL.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "loading native library: wolfssl"); + String osName = System.getProperty("os.name"); if (osName != null && osName.toLowerCase().contains("win")) { try { @@ -680,6 +688,9 @@ public static void loadLibrary() throws UnsatisfiedLinkError { } } + WolfSSLDebug.log(WolfSSL.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "loading native library: wolfssljni"); + /* Load wolfssljni library */ System.loadLibrary("wolfssljni"); } @@ -695,6 +706,10 @@ public static void loadLibrary() throws UnsatisfiedLinkError { * @throws UnsatisfiedLinkError if the library is not found. */ public static void loadLibrary(String libName) throws UnsatisfiedLinkError { + + WolfSSLDebug.log(WolfSSL.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "loading native library by name: " + libName); + System.loadLibrary(libName); } @@ -716,6 +731,10 @@ public static void loadLibrary(String libName) throws UnsatisfiedLinkError { */ public static void loadLibraryAbsolute(String libPath) throws UnsatisfiedLinkError { + + WolfSSLDebug.log(WolfSSL.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "loading native library by path: " + libPath); + System.load(libPath); } @@ -1489,6 +1508,9 @@ public static String[] getCiphersAvailableIana(TLS_VERSION version) { */ public static int cryptoCbRegisterDevice(int devId) { + WolfSSLDebug.log(WolfSSL.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "registering crypto cb devId: " + devId); + return wc_CryptoCb_RegisterDevice(devId); } @@ -1500,6 +1522,9 @@ public static int cryptoCbRegisterDevice(int devId) { */ public static int cryptoCbUnRegisterDevice(int devId) { + WolfSSLDebug.log(WolfSSL.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "unregistering crypto cb devId: " + devId); + wc_CryptoCb_UnRegisterDevice(devId); return 0; diff --git a/src/java/com/wolfssl/WolfSSLCertManager.java b/src/java/com/wolfssl/WolfSSLCertManager.java index a9273008..b1622660 100644 --- a/src/java/com/wolfssl/WolfSSLCertManager.java +++ b/src/java/com/wolfssl/WolfSSLCertManager.java @@ -27,6 +27,7 @@ import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.security.cert.CertificateEncodingException; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.WolfSSLException; /** @@ -61,11 +62,15 @@ static native int CertManagerVerifyBuffer(long cm, byte[] in, long sz, * @throws WolfSSLException if unable to create new manager */ public WolfSSLCertManager() throws WolfSSLException { + cmPtr = CertManagerNew(); if (cmPtr == 0) { throw new WolfSSLException("Failed to create WolfSSLCertManager"); } this.active = true; + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, cmPtr, "creating new WolfSSLCertManager"); } /** @@ -99,6 +104,10 @@ public synchronized int CertManagerLoadCA(String f, String d) confirmObjectIsActive(); synchronized (cmLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.cmPtr, "entered CertManagerLoadCA(" + + f + ", " + d + ""); + return CertManagerLoadCA(this.cmPtr, f, d); } } @@ -121,6 +130,11 @@ public synchronized int CertManagerLoadCABuffer( confirmObjectIsActive(); synchronized (cmLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.cmPtr, + "entered CertManagerLoadCABuffer(sz: " + sz + + ", format: " + format + ""); + return CertManagerLoadCABuffer(this.cmPtr, in, sz, format); } } @@ -142,6 +156,10 @@ public synchronized int CertManagerLoadCAKeyStore(KeyStore ks) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.cmPtr, + "entered CertManagerLoadCAKeyStore(" + ks + ")"); + if (ks == null) { throw new WolfSSLException("Input KeyStore is null"); } @@ -194,6 +212,10 @@ public synchronized int CertManagerUnloadCAs() confirmObjectIsActive(); synchronized (cmLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.cmPtr, + "entered CertManagerUnloadCAs()"); + return CertManagerUnloadCAs(this.cmPtr); } } @@ -217,6 +239,11 @@ public synchronized int CertManagerVerifyBuffer( confirmObjectIsActive(); synchronized (cmLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.cmPtr, + "entered CertManagerVerifyBuffer(sz: " + sz + ", format: " + + format + ")"); + return CertManagerVerifyBuffer(this.cmPtr, in, sz, format); } } @@ -228,12 +255,16 @@ public synchronized int CertManagerVerifyBuffer( public synchronized void free() throws IllegalStateException { synchronized (stateLock) { + if (this.active == false) { /* already freed, just return */ return; } synchronized (cmLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.cmPtr, "entered free()"); + /* free native resources */ CertManagerFree(this.cmPtr); diff --git a/src/java/com/wolfssl/WolfSSLCertRequest.java b/src/java/com/wolfssl/WolfSSLCertRequest.java index 5fca5877..47056a1d 100644 --- a/src/java/com/wolfssl/WolfSSLCertRequest.java +++ b/src/java/com/wolfssl/WolfSSLCertRequest.java @@ -29,6 +29,7 @@ import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.ECPublicKey; import java.security.interfaces.ECPrivateKey; +import com.wolfssl.WolfSSLDebug; /** * WolfSSLCertRequest class, wraps native X509_REQ functionality. @@ -86,6 +87,9 @@ public WolfSSLCertRequest() throws WolfSSLException { throw new WolfSSLException("Failed to create WolfSSLCertRequest"); } + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, x509ReqPtr, "creating new WolfSSLCertRequest"); + synchronized (stateLock) { this.active = true; } @@ -128,6 +132,10 @@ public void setSubjectName(WolfSSLX509Name name) confirmObjectIsActive(); synchronized (x509ReqLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, + "entered setSubjectName(" + name + ")"); + /* TODO somehow lock WolfSSLX509Name object while using pointer? */ ret = X509_REQ_set_subject_name(this.x509ReqPtr, name.getNativeX509NamePtr()); @@ -164,6 +172,10 @@ public void addAttribute(int nid, byte[] value) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, + "entered addAttribute(nid: " + nid + ", byte[])"); + if (nid != WolfSSL.NID_pkcs9_challengePassword && nid != WolfSSL.NID_serialNumber && nid != WolfSSL.NID_pkcs9_unstructuredName && @@ -212,6 +224,10 @@ public void setVersion(long version) confirmObjectIsActive(); synchronized (x509ReqLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, + "entered setVersion(" + version + ")"); + ret = X509_REQ_set_version(this.x509ReqPtr, version); } @@ -246,6 +262,10 @@ public void setPublicKey(String filePath, int keyType, int format) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, "entered setPublicKey(" + + filePath + ", type: " + keyType + ", format: " + format + ")"); + if (filePath == null || filePath.isEmpty()) { throw new WolfSSLException("File path is null or empty"); } @@ -289,6 +309,11 @@ public void setPublicKey(byte[] key, int keyType, int format) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, + "entered setPublicKey(byte[], type: " + keyType + ", format: " + + format + ")"); + if (key == null || key.length == 0) { throw new WolfSSLException("Key array is null or empty"); } @@ -341,6 +366,10 @@ public void setPublicKey(PublicKey key) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, + "entered setPublicKey(" + key + ")"); + if (key instanceof RSAPublicKey) { keyType = WolfSSL.RSAk; } @@ -413,6 +442,10 @@ public void addExtension(int nid, String value, boolean isCritical) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, "entered addExtension(nid: " + + nid + ", value: " + value + ", isCritical: " + isCritical + ")"); + if (nid != WolfSSL.NID_key_usage && nid != WolfSSL.NID_subject_alt_name && nid != WolfSSL.NID_ext_key_usage) { @@ -469,6 +502,10 @@ public void addExtension(int nid, boolean value, boolean isCritical) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, "entered addExtension(nid: " + + nid + ", value: " + value + ", isCritical: " + isCritical + ")"); + if (nid != WolfSSL.NID_basic_constraints) { throw new WolfSSLException( "Unsupported X509v3 extension NID: " + nid); @@ -516,6 +553,11 @@ public void signRequest(String filePath, int keyType, int format, confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, "entered signRequest(" + + filePath + ", keyType: " + keyType + ", format: " + format + + ", digestAlg: " + digestAlg + ")"); + if (filePath == null || filePath.isEmpty()) { throw new WolfSSLException("File path is null or empty"); } @@ -562,6 +604,11 @@ public void signRequest(byte[] key, int keyType, int format, confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, + "entered signRequest(byte[], keyType: " + keyType + ", format: " + + format + ", digestAlg: " + digestAlg + ")"); + if (key == null || key.length == 0) { throw new WolfSSLException("Key array is null or empty"); } @@ -618,6 +665,10 @@ public void signRequest(PrivateKey key, String digestAlg) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, "entered signRequest(key: " + + key + ", digestAlg: " + digestAlg + ")"); + if (key == null) { throw new WolfSSLException("Key object is null"); } @@ -664,6 +715,9 @@ public byte[] getDer() throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); synchronized (x509ReqLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, "entered getDer()"); + return X509_REQ_get_der(this.x509ReqPtr); } } @@ -681,6 +735,9 @@ public byte[] getPem() throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); synchronized (x509ReqLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, "entered getPem()"); + return X509_REQ_get_pem(this.x509ReqPtr); } } @@ -715,12 +772,17 @@ public String toString() { public synchronized void free() { synchronized (stateLock) { + if (this.active == false) { /* already freed, just return */ return; } synchronized (x509ReqLock) { + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, "entered free()"); + /* free native resources */ X509_REQ_free(this.x509ReqPtr); diff --git a/src/java/com/wolfssl/WolfSSLCertificate.java b/src/java/com/wolfssl/WolfSSLCertificate.java index dd94599a..8f7daf1a 100644 --- a/src/java/com/wolfssl/WolfSSLCertificate.java +++ b/src/java/com/wolfssl/WolfSSLCertificate.java @@ -46,6 +46,7 @@ import java.security.cert.X509Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateEncodingException; +import com.wolfssl.WolfSSLDebug; /** * WolfSSLCertificate class, wraps native wolfSSL WOLFSSL_X509 functionality. @@ -141,6 +142,9 @@ public WolfSSLCertificate() throws WolfSSLException { /* x509Ptr has been allocated natively, mark as owned */ this.weOwnX509Ptr = true; + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, x509Ptr, "creating new WolfSSLCertificate"); + synchronized (stateLock) { this.active = true; } @@ -166,6 +170,10 @@ public WolfSSLCertificate(byte[] der) throws WolfSSLException { throw new WolfSSLException("Failed to create WolfSSLCertificate"); } + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, x509Ptr, + "creating new WolfSSLCertificate(byte[])"); + /* x509Ptr has been allocated natively, mark as owned */ this.weOwnX509Ptr = true; @@ -204,6 +212,10 @@ public WolfSSLCertificate(byte[] in, int format) throws WolfSSLException { throw new WolfSSLException("Failed to create WolfSSLCertificate"); } + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, x509Ptr, + "creating new WolfSSLCertificate(byte[], format: " + format +")"); + /* x509Ptr has been allocated natively, mark as owned */ this.weOwnX509Ptr = true; @@ -232,6 +244,10 @@ public WolfSSLCertificate(String fileName) throws WolfSSLException { throw new WolfSSLException("Failed to create WolfSSLCertificate"); } + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, x509Ptr, "creating new WolfSSLCertificate(" + + fileName + ")"); + /* x509Ptr has been allocated natively, mark as owned */ this.weOwnX509Ptr = true; @@ -271,6 +287,10 @@ public WolfSSLCertificate(String fileName, int format) throw new WolfSSLException("Failed to create WolfSSLCertificate"); } + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, x509Ptr, "creating new WolfSSLCertificate(" + + fileName + ", format: " + format + ")"); + /* x509Ptr has been allocated natively, mark as owned */ this.weOwnX509Ptr = true; @@ -298,6 +318,11 @@ public WolfSSLCertificate(long x509, boolean doFree) } x509Ptr = x509; + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, x509Ptr, + "creating new WolfSSLCertificate(ptr, doFree: " + doFree + ")"); + + if (!doFree) { /* x509Ptr has NOT been allocated natively, do not mark as owned. * Original owner is responsible for freeing. */ @@ -365,6 +390,10 @@ public void setSubjectName(WolfSSLX509Name name) confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, + "entering getSubjectName(" + name + ")"); + /* TODO somehow lock WolfSSLX509Name object while using pointer? */ ret = X509_set_subject_name(this.x509Ptr, name.getNativeX509NamePtr()); @@ -397,6 +426,10 @@ public void setIssuerName(WolfSSLX509Name name) confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, + "entering getIssuerName(" + name + ")"); + /* TODO somehow lock WolfSSLX509Name object while using pointer? */ ret = X509_set_issuer_name(this.x509Ptr, name.getNativeX509NamePtr()); @@ -429,6 +462,10 @@ public void setIssuerName(WolfSSLCertificate cert) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering setIssuerName(" + + cert + ")"); + x509NamePtr = X509_get_issuer_name_ptr(cert.getX509Ptr()); if (x509NamePtr == 0) { throw new WolfSSLException("Error getting issuer name from " + @@ -468,6 +505,10 @@ public void setIssuerName(X509Certificate cert) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering setIssuerName(" + + cert + ")"); + /* Get DER encoding of certificate */ certDer = cert.getEncoded(); @@ -506,6 +547,10 @@ public void setPublicKey(String filePath, int keyType, int format) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering setPublicKey(" + + filePath + ", keyType: " + keyType + ", format: " + format + ")"); + if (filePath == null || filePath.isEmpty()) { throw new WolfSSLException("File path is null or empty"); } @@ -549,6 +594,11 @@ public void setPublicKey(byte[] key, int keyType, int format) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, + "entering setPublicKey(byte[], keyType: " + + keyType + ", format: " + format + ")"); + if (key == null || key.length == 0) { throw new WolfSSLException("Key array is null or empty"); } @@ -601,6 +651,10 @@ public void setPublicKey(PublicKey key) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering setPublicKey(" + + key + ")"); + if (key instanceof RSAPublicKey) { keyType = WolfSSL.RSAk; } @@ -639,6 +693,10 @@ public void setSerialNumber(BigInteger serial) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering setSerialNumber(" + + serial + ")"); + if (serial == null) { throw new WolfSSLException("Input BigInteger is null"); } @@ -676,6 +734,10 @@ public void setNotBefore(Date notBefore) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering setNotBefore(" + + notBefore + ")"); + synchronized (x509Lock) { ret = X509_set_notBefore(this.x509Ptr, notBefore.getTime() / 1000); } @@ -703,6 +765,10 @@ public void setNotAfter(Date notAfter) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering setNotAfter(" + + notAfter + ")"); + synchronized (x509Lock) { ret = X509_set_notAfter(this.x509Ptr, notAfter.getTime() / 1000); } @@ -735,6 +801,10 @@ public void addAltName(String name, int type) confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering addAltName(" + + name + ", type: " + type + ")"); + ret = X509_add_altname(this.x509Ptr, name, type); } @@ -796,6 +866,10 @@ public void addExtension(int nid, String value, boolean isCritical) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering addExtension(nid: " + + nid + ", value: " + value + ", isCritical: " + isCritical + ")"); + if (nid != WolfSSL.NID_key_usage && nid != WolfSSL.NID_subject_alt_name && nid != WolfSSL.NID_ext_key_usage) { @@ -852,6 +926,10 @@ public void addExtension(int nid, boolean value, boolean isCritical) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering addExtension(nid: " + + nid + ", value: " + value + ", isCritical: " + isCritical + ")"); + if (nid != WolfSSL.NID_basic_constraints) { throw new WolfSSLException( "Unsupported X509v3 extension NID: " + nid); @@ -899,6 +977,11 @@ public void signCert(String filePath, int keyType, int format, confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering signCert(" + filePath + + ", keyType: " + keyType + ", format: " + format + ", digestAlg: " + + digestAlg + ")"); + if (filePath == null || filePath.isEmpty()) { throw new WolfSSLException("File path is null or empty"); } @@ -945,6 +1028,11 @@ public void signCert(byte[] key, int keyType, int format, confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, + "entering signCert(byte[], keyType: " + keyType + ", format: " + + format + ", digestAlg: " + digestAlg + ")"); + if (key == null || key.length == 0) { throw new WolfSSLException("Key array is null or empty"); } @@ -1000,6 +1088,10 @@ public void signCert(PrivateKey key, String digestAlg) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering signCert(" + key + + ", digestAlg: " + digestAlg + ")"); + if (key == null) { throw new WolfSSLException("Key object is null"); } @@ -1046,6 +1138,9 @@ public byte[] getDer() throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering getDer()"); + return X509_get_der(this.x509Ptr); } } @@ -1063,6 +1158,9 @@ public byte[] getPem() throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering getPem()"); + return X509_get_pem(this.x509Ptr); } } @@ -1079,6 +1177,9 @@ public byte[] getTbs() throws IllegalStateException { confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering getTbs()"); + return X509_get_tbs(this.x509Ptr); } } @@ -1098,7 +1199,10 @@ public BigInteger getSerial() throws IllegalStateException { confirmObjectIsActive(); synchronized (x509Lock) { - sz = X509_get_serial_number(this.x509Ptr, out); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering getSerial()"); + + sz = X509_get_serial_number(this.x509Ptr, out); } if (sz <= 0) { return null; @@ -1123,6 +1227,9 @@ public Date notBefore() throws IllegalStateException { confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering notBefore()"); + nb = X509_notBefore(this.x509Ptr); } if (nb != null) { @@ -1152,6 +1259,9 @@ public Date notAfter() throws IllegalStateException { confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering notAfter()"); + nb = X509_notAfter(this.x509Ptr); } if (nb != null) { @@ -1179,6 +1289,9 @@ public int getVersion() throws IllegalStateException { confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering getVersion()"); + return X509_version(this.x509Ptr); } } @@ -1195,6 +1308,9 @@ public byte[] getSignature() throws IllegalStateException { confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering getSignature()"); + return X509_get_signature(this.x509Ptr); } } @@ -1211,6 +1327,9 @@ public String getSignatureType() throws IllegalStateException { confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering getSignatureType()"); + return X509_get_signature_type(this.x509Ptr); } } @@ -1227,6 +1346,9 @@ public String getSignatureOID() throws IllegalStateException { confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering getSignatureOID)"); + return X509_get_signature_OID(this.x509Ptr); } } @@ -1243,6 +1365,9 @@ public byte[] getPubkey() throws IllegalStateException { confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering getPubkey()"); + return X509_get_pubkey(this.x509Ptr); } } @@ -1259,6 +1384,9 @@ public String getPubkeyType() throws IllegalStateException { confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering getPubkeyType()"); + return X509_get_pubkey_type(this.x509Ptr); } } @@ -1275,6 +1403,9 @@ public int isCA() throws IllegalStateException { confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering isCA()"); + return X509_get_isCA(this.x509Ptr); } } @@ -1291,6 +1422,9 @@ public int getPathLen() throws IllegalStateException { confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering getPathLen()"); + return X509_get_pathLength(this.x509Ptr); } } @@ -1307,6 +1441,9 @@ public String getSubject() throws IllegalStateException { confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering getSubject()"); + return X509_get_subject_name(this.x509Ptr); } } @@ -1323,6 +1460,9 @@ public String getIssuer() throws IllegalStateException { confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering getIssuer()"); + return X509_get_issuer_name(this.x509Ptr); } } @@ -1345,6 +1485,10 @@ public boolean verify(byte[] pubKey, int pubKeySz) confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, + "entering verify(byte[], pubKeySz: " + pubKeySz + ")"); + ret = X509_verify(this.x509Ptr, pubKey, pubKeySz); } if (ret == WolfSSL.SSL_SUCCESS) { @@ -1377,6 +1521,9 @@ public boolean[] getKeyUsage() throws IllegalStateException { confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering getKeyUsage()"); + return X509_get_key_usage(this.x509Ptr); } } @@ -1394,11 +1541,15 @@ public byte[] getExtension(String oid) throws IllegalStateException { confirmObjectIsActive(); - if (oid == null) { - return null; - } - synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, + "entering getExtension(oid: " + oid + ")"); + + if (oid == null) { + return null; + } + return X509_get_extension(this.x509Ptr, oid); } } @@ -1420,6 +1571,10 @@ public int getExtensionSet(String oid) throws IllegalStateException { confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, + "entering getExtensionSet(oid: " + oid + ")"); + return X509_is_extension_set(this.x509Ptr, oid); } } @@ -1464,6 +1619,10 @@ public int checkHost(String hostname, long flags) confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering checkHost(" + + hostname + ", flags: " + flags + ")"); + return X509_check_host(this.x509Ptr, hostname, flags, 0); } } @@ -1489,6 +1648,10 @@ public Collection> getSubjectAltNames() confirmObjectIsActive(); synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, + "entering getSubjectAltNames()"); + if (this.altNames != null) { /* already gathered, return cached version */ return Collections.unmodifiableCollection(this.altNames); @@ -1534,6 +1697,9 @@ public X509Certificate getX509Certificate() confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering getX509Certificate()"); + try { in = new ByteArrayInputStream(this.getDer()); cert = (X509Certificate)cf.generateCertificate(in); @@ -1601,6 +1767,7 @@ public String toString() { public synchronized void free() { synchronized (stateLock) { + if (this.active == false) { /* already freed, just return */ return; @@ -1612,9 +1779,17 @@ public synchronized void free() { synchronized (x509Lock) { /* only free native resources if we own pointer */ if (this.weOwnX509Ptr == true) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering free()"); + /* free native resources */ X509_free(this.x509Ptr); } + else { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, + "entering free(not freeing ptr, we do not own)"); + } /* free Java resources */ this.active = false; diff --git a/src/java/com/wolfssl/WolfSSLContext.java b/src/java/com/wolfssl/WolfSSLContext.java index fe4d2f7e..529f4859 100644 --- a/src/java/com/wolfssl/WolfSSLContext.java +++ b/src/java/com/wolfssl/WolfSSLContext.java @@ -21,8 +21,10 @@ package com.wolfssl; +import java.util.Arrays; import java.nio.ByteBuffer; import com.wolfssl.wolfcrypt.EccKey; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.WolfSSLException; import com.wolfssl.WolfSSLJNIException; @@ -90,11 +92,21 @@ public class WolfSSLContext { * @throws com.wolfssl.WolfSSLException when creation of SSL context fails */ public WolfSSLContext(long method) throws WolfSSLException { + sslCtxPtr = newContext(method); if (sslCtxPtr == 0) { throw new WolfSSLException("Failed to create SSL Context"); } this.active = true; + + WolfSSLDebug.log(WolfSSL.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, sslCtxPtr, "creating new WolfSSLContext"); + + /* Enable native wolfSSL debug logging if 'wolfssl.debug' + * System property is set. Also attempted in WolfSSLProvider + * but System property may not have been set by user yet at that + * point. */ + WolfSSLDebug.setNativeWolfSSLDebugging(); } /* ------------------- private/protected methods -------------------- */ @@ -425,6 +437,10 @@ public int useCertificateFile(String file, int format) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered useCertificateFile(" + file + ", " + format +")"); + return useCertificateFile(getContextPtr(), file, format); } } @@ -459,8 +475,12 @@ public int usePrivateKeyFile(String file, int format) confirmObjectIsActive(); - synchronized (ctxLock) { - return usePrivateKeyFile(getContextPtr(), file, format); + synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered usePrivateKeyFile(" + file + ", " + format +")"); + + return usePrivateKeyFile(getContextPtr(), file, format); } } @@ -513,6 +533,10 @@ public int loadVerifyLocations(String file, String path) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered loadVerifyLocations(" + file + ", " + path +")"); + return loadVerifyLocations(getContextPtr(), file, path); } } @@ -543,6 +567,10 @@ public int useCertificateChainFile(String file) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered useCertificateChainFile(" + file + ")"); + return useCertificateChainFile(getContextPtr(), file); } } @@ -588,6 +616,10 @@ public void setVerify(int mode, WolfSSLVerifyCallback callback) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setVerify(" + mode + ", " + callback + ")"); + setVerify(getContextPtr(), mode, callback); } } @@ -607,6 +639,10 @@ public long setOptions(long op) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setOptions(" + op + ")"); + return setOptions(getContextPtr(), op); } } @@ -625,6 +661,9 @@ public long getOptions() confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), "entered getOptions()"); + return getOptions(getContextPtr()); } } @@ -648,6 +687,9 @@ public synchronized void free() throws IllegalStateException { } synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslCtxPtr, "entered free()"); + /* free native resources */ freeContext(this.sslCtxPtr); @@ -689,6 +731,10 @@ public int memsaveCertCache(byte[] mem, int sz, int[] used) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered memsaveCertCache()"); + return memsaveCertCache(getContextPtr(), mem, sz, used); } } @@ -724,6 +770,10 @@ public int memrestoreCertCache(byte[] mem, int sz) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered memrestoreCertCache()"); + return memrestoreCertCache(getContextPtr(), mem, sz); } } @@ -748,6 +798,10 @@ public int getCertCacheMemsize() confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered getCertCacheMemsize()"); + return getCertCacheMemsize(getContextPtr()); } } @@ -767,6 +821,9 @@ public long setCacheSize(long sz) throws IllegalStateException { confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), "entered setCacheSize()"); + return setCacheSize(getContextPtr(), sz); } } @@ -784,6 +841,9 @@ public long getCacheSize() throws IllegalStateException { confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), "entered getCacheSize()"); + return getCacheSize(getContextPtr()); } } @@ -820,6 +880,10 @@ public int setCipherList(String list) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setCipherList(" + list + ")"); + return setCipherList(getContextPtr(), list); } } @@ -845,6 +909,10 @@ public int setTmpDH(byte[] p, int pSz, byte[] g, int gSz) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setTmpDh(pSz: " + pSz + ", gSz: " + gSz + ")"); + return setTmpDH(getContextPtr(), p, pSz, g, gSz); } } @@ -874,6 +942,10 @@ public int setTmpDHFile(String fname, int format) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setTmpDhFile(" + fname + ", " + format + ")"); + return setTmpDHFile(getContextPtr(), fname, format); } } @@ -921,6 +993,11 @@ public int loadVerifyBuffer(byte[] in, long sz, int format) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered loadVerifyBuffer(sz: " + sz + ", format: " + + format +")"); + return loadVerifyBuffer(getContextPtr(), in, sz, format); } } @@ -959,6 +1036,11 @@ public int useCertificateBuffer(byte[] in, long sz, int format) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered useCertificateBuffer(sz: " + sz + ", format: " + + format + ")"); + return useCertificateBuffer(getContextPtr(), in, sz, format); } } @@ -1000,6 +1082,11 @@ public int usePrivateKeyBuffer(byte[] in, long sz, int format) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered usePrivateKeyBuffer(sz: " + sz + ", format: " + + format + ")"); + return usePrivateKeyBuffer(getContextPtr(), in, sz, format); } } @@ -1041,6 +1128,10 @@ public int useCertificateChainBuffer(byte[] in, long sz) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered useCertificateChainBuffer(sz: " + sz + ")"); + return useCertificateChainBuffer(getContextPtr(), in, sz); } } @@ -1086,6 +1177,11 @@ public int useCertificateChainBufferFormat(byte[] in, long sz, int format) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered useCertificateChainBufferFormat(sz: " + + sz + ", format: " + format + ")"); + return useCertificateChainBufferFormat( getContextPtr(), in, sz, format); } @@ -1105,6 +1201,10 @@ public int setGroupMessages() throws IllegalStateException { confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setGroupMessages()"); + return setGroupMessages(getContextPtr()); } } @@ -1134,11 +1234,15 @@ public synchronized void setIORecv(WolfSSLIORecvCallback callback) confirmObjectIsActive(); - /* set user I/O recv */ - internRecvCb = callback; - - /* register internal callback with native library */ synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setIORecv(" + callback + ")"); + + /* set user I/O recv */ + internRecvCb = callback; + + /* register internal callback with native library */ setIORecv(getContextPtr()); } } @@ -1168,11 +1272,15 @@ public synchronized void setIOSend(WolfSSLIOSendCallback callback) confirmObjectIsActive(); - /* set user I/O send */ - internSendCb = callback; - - /* register internal callback with native library */ synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setIOSend(" + callback + ")"); + + /* set user I/O send */ + internSendCb = callback; + + /* register internal callback with native library */ setIOSend(getContextPtr()); } } @@ -1202,11 +1310,15 @@ public synchronized void setGenCookie(WolfSSLGenCookieCallback callback) confirmObjectIsActive(); - /* set DTLS cookie generation callback */ - internCookieCb = callback; - - /* register internal callback with native library */ synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setGenCookie(" + callback + ")"); + + /* set DTLS cookie generation callback */ + internCookieCb = callback; + + /* register internal callback with native library */ setGenCookie(getContextPtr()); } } @@ -1239,6 +1351,10 @@ public int enableCRL(int options) throws IllegalStateException { confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered enableCRL(" + options + ")"); + return enableCRL(getContextPtr(), options); } } @@ -1265,6 +1381,9 @@ public int disableCRL() throws IllegalStateException { confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), "entered disableCRL()"); + return disableCRL(getContextPtr()); } } @@ -1314,6 +1433,10 @@ public int loadCRL(String path, int type, int monitor) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered loadCRL(" + path + ", " + type + ", " + monitor); + return loadCRL(getContextPtr(), path, type, monitor); } } @@ -1341,6 +1464,10 @@ public int setCRLCb(WolfSSLMissingCRLCallback cb) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setCRLCb(" + cb + ")"); + return setCRLCb(getContextPtr(), cb); } } @@ -1373,6 +1500,10 @@ public int enableOCSP(long options) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered enableOCSP(" + options + ")"); + return enableOCSP(getContextPtr(), options); } } @@ -1390,6 +1521,9 @@ public int disableOCSP() throws IllegalStateException { confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), "entered disableOCSP()"); + return disableOCSP(getContextPtr()); } } @@ -1417,6 +1551,10 @@ public int setOCSPOverrideUrl(String url) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setOCSPOverrideUrl(" + url + ")"); + return setOCSPOverrideUrl(getContextPtr(), url); } } @@ -1451,11 +1589,15 @@ public synchronized void setMacEncryptCb(WolfSSLMacEncryptCallback callback) confirmObjectIsActive(); - /* set MAC encrypt callback */ - internMacEncryptCb = callback; - - /* register internal callback with native library */ synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setMacEncryptCb(" + callback + ")"); + + /* set MAC encrypt callback */ + internMacEncryptCb = callback; + + /* register internal callback with native library */ setMacEncryptCb(getContextPtr()); } } @@ -1491,11 +1633,15 @@ public synchronized void setDecryptVerifyCb( confirmObjectIsActive(); - /* set decrypt/verify callback */ - internDecryptVerifyCb = callback; - - /* register internal callback with native library */ synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setDecryptVerifyCb(" + callback + ")"); + + /* set decrypt/verify callback */ + internDecryptVerifyCb = callback; + + /* register internal callback with native library */ setDecryptVerifyCb(getContextPtr()); } } @@ -1527,11 +1673,15 @@ public synchronized void setEccSignCb(WolfSSLEccSignCallback callback) confirmObjectIsActive(); - /* set ecc sign callback */ - internEccSignCb = callback; - - /* register internal callback with native library */ synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setEccSignCb(" + callback + ")"); + + /* set ecc sign callback */ + internEccSignCb = callback; + + /* register internal callback with native library */ setEccSignCb(getContextPtr()); } } @@ -1563,11 +1713,15 @@ public synchronized void setEccVerifyCb(WolfSSLEccVerifyCallback callback) confirmObjectIsActive(); - /* set ecc verify callback */ - internEccVerifyCb = callback; - - /* register internal callback with native library */ synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setEccVerifyCb(" + callback + ")"); + + /* set ecc verify callback */ + internEccVerifyCb = callback; + + /* register internal callback with native library */ setEccVerifyCb(getContextPtr()); } } @@ -1615,11 +1769,15 @@ public synchronized void setEccSharedSecretCb( confirmObjectIsActive(); - /* set ecc shared secret callback */ - internEccSharedSecretCb = callback; - - /* register internal callback with native library */ synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setEccSharedSecretCb(" + callback + ")"); + + /* set ecc shared secret callback */ + internEccSharedSecretCb = callback; + + /* register internal callback with native library */ setEccSharedSecretCb(getContextPtr()); } } @@ -1651,11 +1809,15 @@ public synchronized void setRsaSignCb(WolfSSLRsaSignCallback callback) confirmObjectIsActive(); - /* set rsa sign callback */ - internRsaSignCb = callback; - - /* register internal callback with native library */ synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setRsaSignCb(" + callback + ")"); + + /* set rsa sign callback */ + internRsaSignCb = callback; + + /* register internal callback with native library */ setRsaSignCb(getContextPtr()); } } @@ -1687,11 +1849,15 @@ public synchronized void setRsaVerifyCb(WolfSSLRsaVerifyCallback callback) confirmObjectIsActive(); - /* set rsa verify callback */ - internRsaVerifyCb = callback; - - /* register internal callback with native library */ synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setRsaVerifyCb(" + callback + ")"); + + /* set rsa verify callback */ + internRsaVerifyCb = callback; + + /* register internal callback with native library */ setRsaVerifyCb(getContextPtr()); } } @@ -1723,11 +1889,15 @@ public synchronized void setRsaEncCb(WolfSSLRsaEncCallback callback) confirmObjectIsActive(); - /* set rsa public encrypt callback */ - internRsaEncCb = callback; - - /* register internal callback with native library */ synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setRsaEncCb(" + callback + ")"); + + /* set rsa public encrypt callback */ + internRsaEncCb = callback; + + /* register internal callback with native library */ setRsaEncCb(getContextPtr()); } } @@ -1758,11 +1928,15 @@ public synchronized void setRsaDecCb(WolfSSLRsaDecCallback callback) confirmObjectIsActive(); - /* set rsa private decrypt callback */ - internRsaDecCb = callback; - - /* register internal callback with native library */ synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setRsaDecCb(" + callback + ")"); + + /* set rsa private decrypt callback */ + internRsaDecCb = callback; + + /* register internal callback with native library */ setRsaDecCb(getContextPtr()); } } @@ -1797,11 +1971,15 @@ public synchronized void setPskClientCb(WolfSSLPskClientCallback callback) confirmObjectIsActive(); - /* set PSK client callback */ - internPskClientCb = callback; - - /* register internal callback with native library */ synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setPskClientCb(" + callback + ")"); + + /* set PSK client callback */ + internPskClientCb = callback; + + /* register internal callback with native library */ setPskClientCb(getContextPtr()); } } @@ -1835,11 +2013,15 @@ public synchronized void setPskServerCb(WolfSSLPskServerCallback callback) confirmObjectIsActive(); - /* set PSK server callback */ - internPskServerCb = callback; - - /* register internal callback with native library */ synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setPskServerCb(" + callback + ")"); + + /* set PSK server callback */ + internPskServerCb = callback; + + /* register internal callback with native library */ setPskServerCb(getContextPtr()); } } @@ -1865,6 +2047,10 @@ public int usePskIdentityHint(String hint) { confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered usePskIdentityHint()"); + return usePskIdentityHint(getContextPtr(), hint); } } @@ -1897,6 +2083,10 @@ public int useSupportedCurves(String[] curveNames) int ret = 0; int curveEnum = 0; + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), "entered useSupportedCurves(" + + Arrays.asList(curveNames) + ")"); + for (String curve : curveNames) { curveEnum = WolfSSL.getNamedGroupFromString(curve); synchronized (ctxLock) { @@ -1960,6 +2150,10 @@ public int setGroups(int[] groups) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), "entered setGroups(" + + Arrays.asList(groups) + ")"); + return setGroups(getContextPtr(), groups); } } @@ -1981,6 +2175,10 @@ public int set1SigAlgsList(String list) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered set1SigAlgsList(" + list + ")"); + return set1SigAlgsList(getContextPtr(), list); } } @@ -2001,6 +2199,10 @@ public int useSecureRenegotiation() throws IllegalStateException { confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered useSecureRenegotiation()"); + return useSecureRenegotiation(getContextPtr()); } } @@ -2022,6 +2224,10 @@ public int setMinDHKeySize(int minKeySizeBits) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setMinDHKeySize(" + minKeySizeBits + ")"); + return setMinDhKeySz(getContextPtr(), minKeySizeBits); } } @@ -2043,6 +2249,10 @@ public int setMinRSAKeySize(int minKeySizeBits) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setMinRSAKeySize(" + minKeySizeBits + ")"); + return setMinRsaKeySz(getContextPtr(), minKeySizeBits); } } @@ -2064,6 +2274,10 @@ public int setMinECCKeySize(int minKeySizeBits) confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setMinECCKeySize(" + minKeySizeBits + ")"); + return setMinEccKeySz(getContextPtr(), minKeySizeBits); } } @@ -2082,6 +2296,10 @@ public int setDevId(int devId) throws IllegalStateException { confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered setDevId(" + devId + ")"); + return setDevId(getContextPtr(), devId); } @@ -2098,6 +2316,10 @@ public void flushSessions(int tm) throws IllegalStateException { confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, getContextPtr(), + "entered flushSessions(" + tm + ")"); + flushSessions(getContextPtr(), tm); } diff --git a/src/java/com/wolfssl/WolfSSLDebug.java b/src/java/com/wolfssl/WolfSSLDebug.java new file mode 100644 index 00000000..1dc4eb85 --- /dev/null +++ b/src/java/com/wolfssl/WolfSSLDebug.java @@ -0,0 +1,562 @@ +/* WolfSSLDebug.java + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +package com.wolfssl; + +import java.util.Date; +import java.sql.Timestamp; + +import com.wolfssl.WolfSSL; +import com.wolfssl.WolfSSLLoggingCallback; + +/** + * Central location for all debugging messages + * + * This class is used internally for displaying debug message. + * + * @author wolfSSL + */ +public class WolfSSLDebug { + + /** + * Check if JSSE level debug logging has been enabled. + * This could have been named "DEBUG_JSSE", but was originally called + * "DEBUG" prior to JNI debug being enabled. Thus for backwards + * compatibility it has been left as "DEBUG". + * + * Is true if "wolfjsse.debug" is set to "true", otherwise false. + */ + public static volatile boolean DEBUG = checkJSSEDebugProperty(); + + /** + * Check if JNI level debug logging has been enabled. + * + * Is true if "wolfssljni.debug" is set to "true", otherwise false. + */ + public static volatile boolean DEBUG_JNI = checkJNIDebugProperty(); + + /** + * Check if JSON debug logging format has been enabled. + * + * Is true if "wolfjsse.debugFormat" is set to "JSON", otherwise false. + */ + public static volatile boolean DEBUG_JSON = jsonOutEnabled(); + + /** + * wolfSSL JNI/JSSE component level being logged. + * Will be used to determine what string gets put into log messages. + */ + public enum Component { + JNI("wolfJNI"), + JSSE("wolfJSSE"); + + private final String componentString; + + Component(String compString) { + this.componentString = compString; + } + + public String toString() { + return this.componentString; + } + } + + /** + * Error level debug message + */ + public static final String ERROR = "ERROR"; + + /** + * Info level debug message + */ + public static final String INFO = "INFO"; + + /** + * Native wolfSSL logging callback. + * Used to print native wolfSSL debug logs when 'wolfssl.debug' System + * property is set to "true". + */ + private static WolfSSLNativeLoggingCallback nativeLogCb = null; + + /** + * Default constructor for wolfJSSE debug class. + */ + public WolfSSLDebug() { + } + + /** + * Check if "wolfssljni.debug" System property is set to "true". + * + * @return true if set to "true", otherwise return false + */ + private static boolean checkJNIDebugProperty() { + + String enabled = System.getProperty("wolfssljni.debug"); + + if ((enabled != null) && (enabled.equalsIgnoreCase("true"))) { + return true; + } + + return false; + } + + /** + * Check if "wolfjsse.debug" System property is set to "true". + * + * @return true if set to "true", otherwise return false + */ + private static boolean checkJSSEDebugProperty() { + + String enabled = System.getProperty("wolfjsse.debug"); + + if ((enabled != null) && (enabled.equalsIgnoreCase("true"))) { + return true; + } + + return false; + } + + /** + * Check if "wolfjsse.debugFormat" is set to "JSON". + * + * @return true if set to "JSON", otherwise false. + */ + private static boolean jsonOutEnabled() { + + String enabled = System.getProperty("wolfjsse.debugFormat"); + + if ((enabled != null) && (enabled.equalsIgnoreCase("JSON"))) { + return true; + } + + return false; + } + + /** + * Check if debug logging is enabled for the specified component, based + * on the System properties that are set. + * + * @param Component to check if debug is enabled for + * + * @return true if debug is enabled for this Component, otherwise false + */ + private static boolean isDebugEnabled(Component component) { + + /* JSSE debug enabled and component is JSSE */ + if (DEBUG && (component == Component.JSSE)) { + return true; + } + + /* JSSE debug enabled and component null (backwards compat) */ + if (DEBUG && (component == null)) { + return true; + } + + /* JNI debug enabled and component is JNI */ + if (DEBUG_JNI && (component == Component.JNI)) { + return true; + } + + return false; + } + + /** + * Refresh debug enabled/disabled flags based on current + * System properties. + * + * Applications may need to call this if they adjust debug + * System properties after the WolfSSLDebug class has been called + * and initialized the first time. Debug flags (DEBUG, DEBUG_JNI, and + * DEBUG_JSON are static class variables. + */ + public static void refreshDebugFlags() { + DEBUG = checkJSSEDebugProperty(); + DEBUG_JNI = checkJNIDebugProperty(); + DEBUG_JSON = jsonOutEnabled(); + } + + /** + * Prints out a message to the console + * @param string message to be printed + */ + public static void print(String string) { + print(string, null); + } + + /** + * Prints out a message to the console + * @param string message to be printed + * @param component JNI/JSSE component being logged, from Component enum + */ + public static void print(String string, Component component) { + /* Default to wolfJSSE for backwards compatibility log() method */ + String componentName = "wolfJSSE"; + + if (!isDebugEnabled(component)) { + /* Debug logs not enabled for this component */ + return; + } + + if (component != null) { + componentName = component.toString(); + } + + System.out.println(componentName + ": " + string); + } + + /** + * Internal method to print debug message as JSON for consumption by + * tools such as DataDog. + */ + private static synchronized void logJSON(String tag, String msg, + long threadID, String threadName, String className) { + + System.out.printf( + "{\n" + + " \"@timestamp\": \"%s\",\n" + + " \"level\": \"%s\",\n" + + " \"logger_name\": \"wolfJSSE\",\n" + + " \"message\": \"%s\",\n" + + " \"thread_name\": \"%s\",:\n" + + " \"thread_id\": \"%s\"\n" + + "}\n", + new Timestamp(new java.util.Date().getTime()), + tag, "[" + className + "] " + msg, + threadID, threadName + ); + } + + /** + * Internal method to print debug message with byte array hex as JSON, + * for consumption by tools such as DataDog. + */ + private static synchronized void logJSONHex(String tag, String label, + long threadID, String threadName, String className, byte[] in, int sz) { + + /* Convert byte[] to hex string */ + StringBuilder builder = new StringBuilder(); + for (byte b: in) { + builder.append(String.format("%02X", b)); + } + + logJSON(tag, label + " [" + sz + "]: " + builder.toString(), threadID, + threadName, className); + } + + /** + * Checks if debugging is turned on and prints out the message. + * + * Output format can be controlled with the "wolfjsse.debugFormat" + * System property. If not set, default debug output format will be used. + * If set to "JSON", all debug logs will be output in the following JSON + * format, which can be read by DataDog: + * + * { + * "@timestamp": "2024-04-05 11:13:07.193", + * "level": "INFO", + * "logger_name": "wolfJSSE", + * "message": "debug message", + * "thread_name": "thread_name",: + * "thread_id": "thread_ID" + * } + * + * @param class type of cl + * @param cl class being called from to get debug info + * @param tag level of debug message i.e. WolfSSLDebug.INFO + * @param string message to be printed out + */ + public static synchronized void log(Class cl, String tag, + String string) { + + log(cl, null, tag, 0, string); + } + + /** + * Checks if debugging is turned on and prints out the message, + * includes component that is passed in. + * + * Output format can be controlled with the "wolfjsse.debugFormat" + * System property. If not set, default debug output format will be used. + * If set to "JSON", all debug logs will be output in the following JSON + * format, which can be read by DataDog: + * + * { + * "@timestamp": "2024-04-05 11:13:07.193", + * "level": "INFO", + * "logger_name": "wolfJSSE", + * "message": "debug message", + * "thread_name": "thread_name",: + * "thread_id": "thread_ID" + * } + * + * @param class type of cl + * @param component JNI/JSSE component being logged, from Component enum + * @param cl class being called from to get debug info + * @param tag level of debug message i.e. WolfSSLDebug.INFO + * @param string message to be printed out + */ + public static synchronized void log(Class cl, Component component, + String tag, String string) { + + log(cl, component, tag, 0, string); + } + + /** + * Checks if debugging is turned on and prints out the message, including + * native pointer that is passed in. + * + * Output format can be controlled with the "wolfjsse.debugFormat" + * System property. If not set, default debug output format will be used. + * If set to "JSON", all debug logs will be output in the following JSON + * format, which can be read by DataDog: + * + * { + * "@timestamp": "2024-04-05 11:13:07.193", + * "level": "INFO", + * "logger_name": "wolfJSSE", + * "message": "debug message", + * "thread_name": "thread_name",: + * "thread_id": "thread_ID" + * } + * + * @param class type of cl + * @param component JNI/JSSE component being logged, from Component enum + * @param cl class being called from to get debug info + * @param tag level of debug message i.e. WolfSSLDebug.INFO + * @param nativePtr native pointer of class object, if available + * @param string message to be printed out + */ + public static synchronized void log(Class cl, Component component, + String tag, long nativePtr, String string) { + + long threadID; + String threadName; + String className; + String componentName; + + if (!isDebugEnabled(component)) { + /* Debug logs not enabled for this component */ + return; + } + + threadID = Thread.currentThread().getId(); + threadName = Thread.currentThread().getName(); + + className = cl.getSimpleName(); + if (nativePtr != 0) { + className = className + ": " + nativePtr; + } + + /* Default to wolfJSSE for backwards compatibility log() method */ + componentName = "wolfJSSE"; + if (component != null) { + componentName = component.toString(); + } + + if (DEBUG_JSON) { + logJSON(tag, string, threadID, threadName, className); + } + else { + System.out.println( + new Timestamp(new java.util.Date().getTime()) + + " [" + componentName + " " + tag + ": TID " + threadID + + ": " + className + "] " + string); + } + } + + /** + * Print out a byte array in hex if debugging is enabled. + * + * Output format can be controlled with the "wolfjsse.debugFormat" + * System property. If not set, default debug output format will be used. + * If set to "JSON", all debug logs will be output in the following JSON + * format, which can be read by DataDog: + * + * { + * "@timestamp": "2024-04-05 11:13:07.193", + * "level": "INFO", + * "logger_name": "wolfJSSE", + * "message": "label [sz]: array hex string", + * "thread_name": "thread_name",: + * "thread_id": "thread_ID" + * } + * + * @param class type for cl + * @param cl class this method is being called from + * @param tag level of debug message i.e. WolfSSLDebug.INFO + * @param label label string to print with hex + * @param in byte array to be printed as hex + * @param sz number of bytes from in array to be printed + */ + public static synchronized void logHex(Class cl, String tag, + String label, byte[] in, int sz) { + + logHex(cl, null, tag, 0, label, in, sz); + } + + /** + * Print out a byte array in hex if debugging is enabled, including + * component name passed in. + * + * Output format can be controlled with the "wolfjsse.debugFormat" + * System property. If not set, default debug output format will be used. + * If set to "JSON", all debug logs will be output in the following JSON + * format, which can be read by DataDog: + * + * { + * "@timestamp": "2024-04-05 11:13:07.193", + * "level": "INFO", + * "logger_name": "wolfJSSE", + * "message": "label [sz]: array hex string", + * "thread_name": "thread_name",: + * "thread_id": "thread_ID" + * } + * + * @param class type for cl + * @param cl class this method is being called from + * @param component JNI/JSSE component being logged, from Component enum + * @param tag level of debug message i.e. WolfSSLDebug.INFO + * @param label label string to print with hex + * @param in byte array to be printed as hex + * @param sz number of bytes from in array to be printed + */ + public static synchronized void logHex(Class cl, Component component, + String tag, String label, byte[] in, int sz) { + + logHex(cl, component, tag, 0, label, in, sz); + } + + /** + * Print out a byte array in hex if debugging is enabled, including + * component name and native pointer. + * + * Output format can be controlled with the "wolfjsse.debugFormat" + * System property. If not set, default debug output format will be used. + * If set to "JSON", all debug logs will be output in the following JSON + * format, which can be read by DataDog: + * + * { + * "@timestamp": "2024-04-05 11:13:07.193", + * "level": "INFO", + * "logger_name": "wolfJSSE", + * "message": "label [sz]: array hex string", + * "thread_name": "thread_name",: + * "thread_id": "thread_ID" + * } + * + * @param class type for cl + * @param cl class this method is being called from + * @param component JNI/JSSE component being logged, from Component enum + * @param tag level of debug message i.e. WolfSSLDebug.INFO + * @param nativePtr native pointer of class object, if available + * @param label label string to print with hex + * @param in byte array to be printed as hex + * @param sz number of bytes from in array to be printed + */ + public static synchronized void logHex(Class cl, Component component, + String tag, long nativePtr, String label, byte[] in, int sz) { + + int i = 0, j = 0; + int printSz = 0; + long threadID; + String threadName; + String className; + String componentName; + + if (cl == null || in == null || sz == 0) { + return; + } + + if (!isDebugEnabled(component)) { + /* Debug logs not enabled for this component */ + return; + } + + threadID = Thread.currentThread().getId(); + threadName = Thread.currentThread().getName(); + printSz = Math.min(in.length, sz); + + className = cl.getSimpleName(); + if (nativePtr != 0) { + className = className + ": " + nativePtr; + } + + /* Default to wolfJSSE for backwards compatibility log() method */ + componentName = "wolfJSSE"; + if (component != null) { + componentName = component.toString(); + } + + if (DEBUG_JSON) { + logJSONHex(tag, label, threadID, threadName, className, in, sz); + } + else { + System.out.print("[" + componentName + " " + tag + ": TID " + + threadID + ": " + className + "] " + label + " [" + sz + "]: "); + for (i = 0; i < printSz; i++) { + if ((i % 16) == 0) { + System.out.printf("\n[" + componentName + " " + tag + + ": TID " + threadID + ": " + className + "] %06X", + j * 16); + j++; + } + System.out.printf(" %02X ", in[i]); + } + System.out.println(""); + } + } + + /** + * Enable native wolfSSL debug logging based on value of the + * 'wolfssl.debug' System property. + * + * Native wolfSSL must ben compiled with "--enable-debug" or + * DEBUG_WOLFSSL defined in order for debug logs to print. + */ + public static synchronized void setNativeWolfSSLDebugging() { + + String wolfsslDebug = System.getProperty("wolfssl.debug"); + + if ((wolfsslDebug != null) && (wolfsslDebug.equalsIgnoreCase("true"))) { + + WolfSSL.debuggingON(); + } + + /* Register our default logging callback for native wolfSSL logs */ + setDefaultNativeLoggingCallback(); + } + + /** + * Register default native wolfSSL logging callback. + * Default callback class is WolfSSLNativeLoggingCallback. This could be + * modified in the future to allow a custom user-registerable callback. + */ + private static synchronized void setDefaultNativeLoggingCallback() { + + /* Only create one logging callback object */ + if (nativeLogCb == null) { + nativeLogCb = new WolfSSLNativeLoggingCallback(); + } + + WolfSSL.setLoggingCb(nativeLogCb); + } +} + diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLNativeLoggingCallback.java b/src/java/com/wolfssl/WolfSSLNativeLoggingCallback.java similarity index 97% rename from src/java/com/wolfssl/provider/jsse/WolfSSLNativeLoggingCallback.java rename to src/java/com/wolfssl/WolfSSLNativeLoggingCallback.java index 5b02de28..9e4a00e1 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLNativeLoggingCallback.java +++ b/src/java/com/wolfssl/WolfSSLNativeLoggingCallback.java @@ -18,7 +18,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -package com.wolfssl.provider.jsse; +package com.wolfssl; import java.util.Date; import java.sql.Timestamp; diff --git a/src/java/com/wolfssl/WolfSSLSession.java b/src/java/com/wolfssl/WolfSSLSession.java index 7b6ac273..d8010c4a 100644 --- a/src/java/com/wolfssl/WolfSSLSession.java +++ b/src/java/com/wolfssl/WolfSSLSession.java @@ -113,6 +113,9 @@ public WolfSSLSession(WolfSSLContext ctx) throws WolfSSLException { throw new WolfSSLException("Failed to create SSL Object"); } + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, sslPtr, "creating new WolfSSLSession"); + synchronized (stateLock) { this.active = true; } @@ -384,6 +387,10 @@ public int useCertificateFile(String file, int format) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered useCertificateFile(" + + file + ", " + format + ")"); + return useCertificateFile(this.sslPtr, file, format); } } @@ -419,6 +426,10 @@ public int usePrivateKeyFile(String file, int format) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered usePrivateKeyFile(" + + file + ", " + format + ")"); + return usePrivateKeyFile(this.sslPtr, file, format); } } @@ -449,6 +460,10 @@ public int useCertificateChainFile(String file) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered useCertificateChainFile(" + file + ")"); + return useCertificateChainFile(this.sslPtr, file); } } @@ -466,10 +481,23 @@ public int useCertificateChainFile(String file) */ public int setFd(Socket sd) throws IllegalStateException { + int ret; + confirmObjectIsActive(); synchronized (sslLock) { - return setFd(this.sslPtr, sd, 1); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered setFd(" + sd + ")"); + + ret = setFd(this.sslPtr, sd, 1); + + if (ret == WolfSSL.SSL_SUCCESS) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "native fd set to: " + + getFd(this.sslPtr)); + } + + return ret; } } @@ -489,6 +517,9 @@ public int setFd(DatagramSocket sd) throws IllegalStateException { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered setFd(" + sd + ")"); + return setFd(this.sslPtr, sd, 2); } } @@ -515,6 +546,10 @@ public void setUsingNonblock(int nonblock) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered setUsingNonblock(" + + nonblock + ")"); + setUsingNonblock(this.sslPtr, nonblock); } } @@ -540,6 +575,9 @@ public int getUsingNonblock() confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getUsingNonblock()"); + return getUsingNonblock(this.sslPtr); } } @@ -557,11 +595,21 @@ public int getUsingNonblock() public int getFd() throws IllegalStateException, WolfSSLJNIException { + int fd = 0; + confirmObjectIsActive(); synchronized (sslLock) { - return getFd(this.sslPtr); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getFd()"); + + fd = getFd(this.sslPtr); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "returning fd: " + fd); } + + return fd; } /** @@ -680,12 +728,20 @@ public int connect() public int connect(int timeout) throws IllegalStateException, SocketTimeoutException, SocketException { - int ret; + int ret = WolfSSL.SSL_FAILURE; confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered connect(timeout: " + + timeout +")"); + ret = connect(this.sslPtr, timeout); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "connect() ret: " + ret + + ", err: " + getError(ret)); } throwExceptionFromIOReturnValue(ret, "wolfSSL_connect()"); @@ -740,6 +796,10 @@ public int write(byte[] data, int length) localPtr = this.sslPtr; } + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, localPtr, "entered write(length: " + + length + ")"); + /* not synchronizing on sslLock here since JNI write() locks * session mutex around native wolfSSL_write() call. If sslLock * is locked here, since we call select() inside native JNI we @@ -747,6 +807,10 @@ public int write(byte[] data, int length) * occur if needed */ ret = write(localPtr, data, 0, length, 0); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, localPtr, "write() ret: " + ret + + ", err: " + getError(ret)); + throwExceptionFromIOReturnValue(ret, "wolfSSL_write()"); return ret; @@ -790,8 +854,6 @@ public int write(byte[] data, int length) public int write(byte[] data, int length, int timeout) throws IllegalStateException, SocketTimeoutException, SocketException { - int ret; - return write(data, 0, length, timeout); } @@ -845,6 +907,10 @@ public int write(byte[] data, int offset, int length, int timeout) localPtr = this.sslPtr; } + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, localPtr, "entered write(offset: " + offset + + ", length: " + length + ", timeout: " + timeout + ")"); + /* not synchronizing on sslLock here since JNI write() locks * session mutex around native wolfSSL_write() call. If sslLock * is locked here, since we call select() inside native JNI we @@ -852,6 +918,10 @@ public int write(byte[] data, int offset, int length, int timeout) * occur if needed */ ret = write(localPtr, data, offset, length, timeout); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, localPtr, "write() ret: " + ret + + ", err: " + getError(ret)); + throwExceptionFromIOReturnValue(ret, "wolfSSL_write()"); return ret; @@ -908,6 +978,9 @@ public int read(byte[] data, int sz) localPtr = this.sslPtr; } + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, localPtr, "entered read(sz: " + sz + ")"); + /* not synchronizing on sslLock here since JNI read() locks * session mutex around native wolfSSL_read() call. If sslLock * is locked here, since we call select() inside native JNI we @@ -915,6 +988,10 @@ public int read(byte[] data, int sz) * occur if needed */ ret = read(localPtr, data, 0, sz, 0); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, localPtr, "read() ret: " + ret + + ", err: " + getError(ret)); + throwExceptionFromIOReturnValue(ret, "wolfSSL_read()"); return ret; @@ -960,8 +1037,6 @@ public int read(byte[] data, int sz) public int read(byte[] data, int sz, int timeout) throws IllegalStateException, SocketTimeoutException, SocketException { - int ret; - return read(data, 0, sz, timeout); } @@ -1017,6 +1092,10 @@ public int read(byte[] data, int offset, int sz, int timeout) localPtr = this.sslPtr; } + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, localPtr, "entered read(offset: " + offset + + ", sz: " + sz + ", timeout: " + timeout + ")"); + /* not synchronizing on sslLock here since JNI read() locks * session mutex around native wolfSSL_read() call. If sslLock * is locked here, since we call select() inside native JNI we @@ -1024,6 +1103,10 @@ public int read(byte[] data, int offset, int sz, int timeout) * occur if needed */ ret = read(localPtr, data, offset, sz, timeout); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, localPtr, "read() ret: " + ret + + ", err: " + getError(ret)); + throwExceptionFromIOReturnValue(ret, "wolfSSL_read()"); return ret; @@ -1102,7 +1185,15 @@ public int accept(int timeout) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered accept(timeout: " + + timeout + ")"); + ret = accept(this.sslPtr, timeout); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "accept() ret: " + ret + + ", err: " + getError(ret)); } throwExceptionFromIOReturnValue(ret, "wolfSSL_accept()"); @@ -1123,11 +1214,16 @@ public synchronized void freeSSL() synchronized (stateLock) { if (this.active == false) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "entered freeSSL(), already freed"); /* already freed, just return */ return; } synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered freeSSL()"); + /* free native resources */ freeSSL(this.sslPtr); @@ -1218,7 +1314,15 @@ public int shutdownSSL(int timeout) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered shutdownSSL(timeout: " + timeout + ")"); + ret = shutdownSSL(this.sslPtr, timeout); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "shutdownSSL() ret: " + ret + + ", err: " + getError(ret)); } throwExceptionFromIOReturnValue(ret, "wolfSSL_shutdown()"); @@ -1276,10 +1380,33 @@ public int getError(int ret) throws IllegalStateException { */ public int setSession(long session) throws IllegalStateException { + int ret; + confirmObjectIsActive(); synchronized (sslLock) { - return setSession(this.sslPtr, session); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered setSession(ptr: " + + session + ")"); + + if ((session != 0) && (wolfsslSessionIsSetup(session) == 1)) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "session pointer (" + + session + ") is setup"); + } + else { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "session pointer is null or not set up"); + } + + ret = setSession(this.sslPtr, session); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "setSession(session: " + + session + ") ret: " + ret + ", err: " + getError(ret)); + + return ret; } } @@ -1311,10 +1438,32 @@ public int setSession(long session) throws IllegalStateException { */ public long getSession() throws IllegalStateException { + long sessPtr = 0; + confirmObjectIsActive(); synchronized (sslLock) { - return get1Session(this.sslPtr); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getSession()"); + + sessPtr = get1Session(this.sslPtr); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "get1Session(), ret ptr: " + sessPtr); + + if ((sessPtr != 0) && (wolfsslSessionIsSetup(sessPtr) == 1)) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "session pointer (" + + sessPtr + ") is setup"); + } + else { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "session pointer is null or not set up"); + } + + return sessPtr; } } @@ -1335,11 +1484,23 @@ public long getSession() throws IllegalStateException { */ public static int sessionIsSetup(long session) { + int ret; + + WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "entered sessionIsSetup(" + session + ")"); + if (session == 0) { + WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "sessionIsSetup(), ptr null, returning 0"); return 0; } - return wolfsslSessionIsSetup(session); + ret = wolfsslSessionIsSetup(session); + + WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "sessionIsSetup(" + session + ") ret: " + ret); + + return ret; } /** @@ -1359,11 +1520,21 @@ public static int sessionIsSetup(long session) { */ public static int sessionIsResumable(long session) { + int ret; + + WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "entered sessionIsResumable()"); + if (session == 0) { return 0; } - return wolfsslSessionIsResumable(session); + ret = wolfsslSessionIsResumable(session); + + WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "session resumable: " + ret); + + return ret; } /** @@ -1383,11 +1554,45 @@ public static int sessionIsResumable(long session) { */ public static long duplicateSession(long session) { + long sessPtr = 0; + + WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "entered duplicateSession(ptr: " + + session + ")"); + if (session == 0) { + WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "session pointer is null, not duplicating"); return 0; } - return wolfsslSessionDup(session); + if (wolfsslSessionIsSetup(session) == 1) { + WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "session pointer prior to dup (" + session + + ") is setup"); + } + else { + WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "session pointer prior to dup " + + "is NOT set up"); + } + + sessPtr = wolfsslSessionDup(session); + + WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "duplicated session ptr: " + sessPtr); + + if ((sessPtr != 0) && (wolfsslSessionIsSetup(sessPtr) == 1)) { + WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "session pointer after dup (" + sessPtr + + ") is setup"); + } + else { + WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "session pointer after dup is NOT set up"); + } + + return sessPtr; } /** @@ -1406,6 +1611,10 @@ public static long duplicateSession(long session) { */ public static String sessionGetCipherName(long session) { + WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "entered sessionGetCipherName(ptr: " + + session + ")"); + if (session == 0) { return null; } @@ -1423,9 +1632,16 @@ public static synchronized void freeSession(long session) { * WOLFSSL_SESSION pointer being passed in here is not associated * with this WOLFSSL object or WolfSSLSession. */ + WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "entered freeSession(ptr: " + session + ")"); + if (session != 0) { freeNativeSession(session); } + + WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "session freed (ptr: " + session + ")"); + } /** @@ -1438,16 +1654,27 @@ public static synchronized void freeSession(long session) { */ public byte[] getSessionID() throws IllegalStateException { + byte[] sessId = null; + confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getSessionID()"); + long sess = getSession(this.sslPtr); if (sess != 0) { /* returns new byte[] independent of sess ptr */ - return getSessionID(sess); + sessId = getSessionID(sess); } else { - return new byte[0]; + sessId = new byte[0]; } + + WolfSSLDebug.logHex(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "session ID", sessId, + sessId.length); + + return sessId; } } @@ -1465,6 +1692,9 @@ public boolean hasSessionTicket() throws IllegalStateException { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered hasSessionTicket()"); + long sess = getSession(this.sslPtr); if (sess != 0) { if (hasTicket(sess) == WolfSSL.SSL_SUCCESS) { @@ -1472,6 +1702,10 @@ public boolean hasSessionTicket() throws IllegalStateException { } } + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "session has ticket: " + + hasTicket); + return hasTicket; } } @@ -1486,9 +1720,19 @@ public boolean hasSessionTicket() throws IllegalStateException { */ public long getCacheSize() throws IllegalStateException { + long ret; + confirmObjectIsActive(); - return this.getAssociatedContextPtr().getCacheSize(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "entered getCacheSize()"); + + ret = this.getAssociatedContextPtr().getCacheSize(); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "cache size: " + ret); + + return ret; } /** @@ -1506,10 +1750,36 @@ public long getCacheSize() throws IllegalStateException { public int setServerID(byte[] id, int newSess) throws IllegalStateException { + int ret; + confirmObjectIsActive(); synchronized (sslLock) { - return setServerID(this.sslPtr, id, id.length, newSess); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered setServerID(byte[], newSess: " + newSess + ")"); + + ret = setServerID(this.sslPtr, id, id.length, newSess); + + if (ret == WolfSSL.SSL_SUCCESS) { + if (id != null) { + WolfSSLDebug.logHex(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "set server ID", + id, id.length); + } + else { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "server ID byte[] null, not set"); + } + } + else { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "failed to set server ID, ret: " + ret); + } + + return ret; } } @@ -1524,20 +1794,30 @@ public int setServerID(byte[] id, int newSess) * @see #setSession(long) * @see #getSession(long) */ - public long setSessTimeout(long t) throws IllegalStateException { + public int setSessTimeout(long t) throws IllegalStateException { + int ret; long session; confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "entered setSessTimeout(timeout (sec): " + + t + ")"); + session = this.getSession(); if (session == 0) { /* session may be null if session cache disabled, wolfSSL * doesn't have session ID available, mutex function fails, etc */ - return WolfSSL.JNI_SESSION_UNAVAILABLE; + ret = WolfSSL.JNI_SESSION_UNAVAILABLE; } - return setSessTimeout(session, t); + ret = setSessTimeout(session, t); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "set session timeout, ret: " + ret); + + return ret; } /** @@ -1550,10 +1830,21 @@ public long setSessTimeout(long t) throws IllegalStateException { */ public long getSessTimeout() throws IllegalStateException { + long ret; + confirmObjectIsActive(); synchronized (sslLock) { - return getSessTimeout(this.getSession(this.sslPtr)); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getSessTimeout()"); + + ret = getSessTimeout(this.getSession(this.sslPtr)); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "session timeout (sec): " + ret); + + return ret; } } @@ -1566,12 +1857,23 @@ public long getSessTimeout() throws IllegalStateException { * @see #setSession(long) * @see #getSession(long) */ - public long setTimeout(long t) throws IllegalStateException { + public int setTimeout(long t) throws IllegalStateException { + + int ret; confirmObjectIsActive(); synchronized (sslLock) { - return setTimeout(this.sslPtr, t); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered setTimeout(timeout: " + t + ")"); + + ret = setTimeout(this.sslPtr, t); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "set timeout, ret: " + ret); + + return ret; } } @@ -1585,10 +1887,20 @@ public long setTimeout(long t) throws IllegalStateException { */ public long getTimeout() throws IllegalStateException { + long ret; + confirmObjectIsActive(); synchronized (sslLock) { - return getTimeout(this.sslPtr); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getTimeout()"); + + ret = getTimeout(this.sslPtr); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "timeout: " + ret); + + return ret; } } @@ -1620,6 +1932,10 @@ public int setCipherList(String list) throws IllegalStateException { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered setCipherList(" + list + ")"); + return setCipherList(this.sslPtr, list); } } @@ -1675,6 +1991,10 @@ public int setSignatureAlgorithms(String list) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered setSignatureAlgorithms(" + list + ")"); + return set1SigAlgsList(this.sslPtr, list); } } @@ -1707,6 +2027,12 @@ public int useSupportedCurves(String[] curveNames) int ret = 0; int curveEnum = 0; + synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered useSupportedCurves(" + + Arrays.asList(curveNames) + ")"); + } + for (String curve : curveNames) { curveEnum = WolfSSL.getNamedGroupFromString(curve); synchronized (sslLock) { @@ -1742,6 +2068,10 @@ public int dtlsGetCurrentTimeout() confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered dtlsGetCurrentTimeout()"); + return dtlsGetCurrentTimeout(this.sslPtr); } } @@ -1771,6 +2101,9 @@ public int dtlsGotTimeout() confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered dtlsGotTimeout()"); + return dtlsGotTimeout(this.sslPtr); } } @@ -1793,6 +2126,9 @@ public int dtls() confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered dtls()"); + return dtls(this.sslPtr); } } @@ -1817,6 +2153,10 @@ public int dtlsSetPeer(InetSocketAddress peer) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered dtlsSetPeer(" + peer + ")"); + return dtlsSetPeer(this.sslPtr, peer); } } @@ -1837,6 +2177,9 @@ public InetSocketAddress dtlsGetPeer() throws IllegalStateException { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered dtlsGetPeer()"); + return dtlsGetPeer(this.sslPtr); } } @@ -1858,11 +2201,21 @@ public InetSocketAddress dtlsGetPeer() throws IllegalStateException { public int sessionReused() throws IllegalStateException, WolfSSLJNIException { + int ret; + confirmObjectIsActive(); synchronized (sslLock) { - return sessionReused(this.sslPtr); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered sessionReused()"); + + ret = sessionReused(this.sslPtr); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "session reused: " + ret); } + + return ret; } /** @@ -1895,6 +2248,9 @@ public long getPeerCertificate() confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getPeerCertificate()"); + return getPeerCertificate(this.sslPtr); } } @@ -1918,6 +2274,9 @@ public String getPeerX509Issuer(long x509) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getPeerX509Issuer()"); + return getPeerX509Issuer(this.sslPtr, x509); } } @@ -1941,6 +2300,9 @@ public String getPeerX509Subject(long x509) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getPeerX509Subject()"); + return getPeerX509Subject(this.sslPtr, x509); } } @@ -1968,6 +2330,9 @@ public String getPeerX509AltName(long x509) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getPeerX509AltName()"); + return getPeerX509AltName(this.sslPtr, x509); } } @@ -1989,6 +2354,9 @@ public String getVersion() confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getVersion()"); + return getVersion(this.sslPtr); } } @@ -2011,6 +2379,9 @@ public long getCurrentCipher() confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getCurrentCipher()"); + return getCurrentCipher(this.sslPtr); } } @@ -2036,6 +2407,10 @@ public int checkDomainName(String dn) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered checkDomainName(" + dn + ")"); + return checkDomainName(this.sslPtr, dn); } } @@ -2062,6 +2437,10 @@ public int setTmpDH(byte[] p, int pSz, byte[] g, int gSz) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered setTmpDH(pSz: " + pSz + + ", gSz: " + gSz + ")"); + return setTmpDH(this.sslPtr, p, pSz, g, gSz); } } @@ -2091,6 +2470,10 @@ public int setTmpDHFile(String fname, int format) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getTmpDHFile(" + + fname + ", format:" + format + ")"); + return setTmpDHFile(this.sslPtr, fname, format); } } @@ -2128,6 +2511,11 @@ public int useCertificateBuffer(byte[] in, long sz, int format) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered useCertificateBuffer(sz: " + sz + ", format: " + + format + ")"); + return useCertificateBuffer(this.sslPtr, in, sz, format); } } @@ -2168,6 +2556,11 @@ public int usePrivateKeyBuffer(byte[] in, long sz, int format) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered usePrivateKeyBuffer(sz: " + sz + ", format: " + + format + ")"); + return usePrivateKeyBuffer(this.sslPtr, in, sz, format); } } @@ -2208,6 +2601,10 @@ public int useCertificateChainBuffer(byte[] in, long sz) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered useCertificateChainBuffer(sz: " + sz + ")"); + return useCertificateChainBuffer(this.sslPtr, in, sz); } } @@ -2252,6 +2649,11 @@ public int useCertificateChainBufferFormat(byte[] in, long sz, int format) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered useCertificateChainBufferFormat(sz: " + sz + + ", format: " + format + ")"); + return useCertificateChainBufferFormat(this.sslPtr, in, sz, format); } } @@ -2273,6 +2675,9 @@ public int setGroupMessages() confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered setGroupMessages()"); + return setGroupMessages(this.sslPtr); } } @@ -2301,7 +2706,12 @@ public synchronized void setIOReadCtx(Object ctx) confirmObjectIsActive(); - ioReadCtx = ctx; + synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered setIOReadCtx()"); + + ioReadCtx = ctx; + } } /** @@ -2315,7 +2725,12 @@ public synchronized Object getIOReadCtx() confirmObjectIsActive(); - return this.ioReadCtx; + synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getIOReadCtx()"); + + return this.ioReadCtx; + } } /** @@ -2342,7 +2757,12 @@ public synchronized void setIOWriteCtx(Object ctx) confirmObjectIsActive(); - ioWriteCtx = ctx; + synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered setIOWriteCtx()"); + + ioWriteCtx = ctx; + } } /** @@ -2356,7 +2776,12 @@ public synchronized Object getIOWriteCtx() confirmObjectIsActive(); - return this.ioWriteCtx; + synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getIOWriteCtx()"); + + return this.ioWriteCtx; + } } /** @@ -2378,7 +2803,12 @@ public synchronized void setGenCookieCtx(Object ctx) confirmObjectIsActive(); - genCookieCtx = ctx; + synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered setGenCookieCtx()"); + + genCookieCtx = ctx; + } } /** @@ -2411,6 +2841,10 @@ public int enableCRL(int options) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered enableCRL(" + + options + ")"); + return enableCRL(this.sslPtr, options); } } @@ -2437,8 +2871,11 @@ public int disableCRL() confirmObjectIsActive(); - synchronized (sslLock) { - return disableCRL(this.sslPtr); + synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered disableCRL()"); + + return disableCRL(this.sslPtr); } } @@ -2486,6 +2923,10 @@ public int loadCRL(String path, int type, int monitor) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered loadCRL(" + path + + ", type: " + type + ", monitor: " + monitor + ")"); + return loadCRL(this.sslPtr, path, type, monitor); } } @@ -2512,6 +2953,9 @@ public int setCRLCb(WolfSSLMissingCRLCallback cb) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered setCRLCb(" + cb + ")"); + return setCRLCb(this.sslPtr, cb); } } @@ -2532,6 +2976,9 @@ public String cipherGetName() confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered cipherGetName()"); + return cipherGetName(this.sslPtr); } } @@ -2556,6 +3003,9 @@ public byte[] getMacSecret(int verify) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getMacSecret()"); + return getMacSecret(this.sslPtr, verify); } } @@ -2576,6 +3026,9 @@ public byte[] getClientWriteKey() confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getClientWriteKey()"); + return getClientWriteKey(this.sslPtr); } } @@ -2598,6 +3051,9 @@ public byte[] getClientWriteIV() confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getClientWriteIV()"); + return getClientWriteIV(this.sslPtr); } } @@ -2618,6 +3074,9 @@ public byte[] getServerWriteKey() confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getServerWriteKey()"); + return getServerWriteKey(this.sslPtr); } } @@ -2640,6 +3099,9 @@ public byte[] getServerWriteIV() confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getServerWriteIV()"); + return getServerWriteIV(this.sslPtr); } } @@ -2658,6 +3120,9 @@ public int getKeySize() throws IllegalStateException { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getKeySize()"); + return getKeySize(this.sslPtr); } } @@ -2675,11 +3140,21 @@ public int getKeySize() throws IllegalStateException { */ public int getSide() throws IllegalStateException { + int ret; + confirmObjectIsActive(); synchronized (sslLock) { - return getSide(this.sslPtr); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getSide()"); + + ret = getSide(this.sslPtr); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "side: " + ret); } + + return ret; } /** @@ -2697,6 +3172,9 @@ public int isTLSv1_1() throws IllegalStateException { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered isTLSv1_1()"); + return isTLSv1_1(this.sslPtr); } } @@ -2723,6 +3201,9 @@ public int getBulkCipher() throws IllegalStateException { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getBulkCipher()"); + return getBulkCipher(this.sslPtr); } } @@ -2742,6 +3223,9 @@ public int getCipherBlockSize() throws IllegalStateException { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getCipherBlockSize()"); + return getCipherBlockSize(this.sslPtr); } } @@ -2762,6 +3246,9 @@ public int getAeadMacSize() throws IllegalStateException { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getAeadMacSize()"); + return getAeadMacSize(this.sslPtr); } } @@ -2782,6 +3269,9 @@ public int getHmacSize() throws IllegalStateException { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getHmacSize()"); + return getHmacSize(this.sslPtr); } } @@ -2809,6 +3299,9 @@ public int getHmacType() throws IllegalStateException { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getHmacType()"); + return getHmacType(this.sslPtr); } } @@ -2832,6 +3325,9 @@ public int getCipherType() throws IllegalStateException { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getCipherType()"); + return getCipherType(this.sslPtr); } } @@ -2861,6 +3357,10 @@ public int setTlsHmacInner(byte[] inner, long sz, int content, confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered setTlsHmacInner(sz: " + + sz + ", content: " + content + ", verify: " + verify + ")"); + return setTlsHmacInner(this.sslPtr, inner, sz, content, verify); } } @@ -2880,7 +3380,13 @@ public synchronized void setMacEncryptCtx(Object ctx) confirmObjectIsActive(); - macEncryptCtx = ctx; + synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered setMacEncryptCtx(" + ctx + ")"); + + macEncryptCtx = ctx; + } } /** @@ -2898,7 +3404,13 @@ public synchronized void setDecryptVerifyCtx(Object ctx) confirmObjectIsActive(); - decryptVerifyCtx = ctx; + synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered setDecryptVerifyCtx(" + ctx + ")"); + + decryptVerifyCtx = ctx; + } } /** @@ -2915,8 +3427,12 @@ public synchronized void setEccSignCtx(Object ctx) confirmObjectIsActive(); - eccSignCtx = ctx; synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered setEccSignCtx(" + ctx + ")"); + + eccSignCtx = ctx; setEccSignCtx(this.sslPtr); } } @@ -2935,8 +3451,12 @@ public synchronized void setEccVerifyCtx(Object ctx) confirmObjectIsActive(); - eccVerifyCtx = ctx; synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered setEccVerifyCtx(" + ctx + ")"); + + eccVerifyCtx = ctx; setEccVerifyCtx(this.sslPtr); } } @@ -2956,8 +3476,12 @@ public synchronized void setEccSharedSecretCtx(Object ctx) confirmObjectIsActive(); - eccSharedSecretCtx = ctx; synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered setEccSharedSecretCtx(" + ctx + ")"); + + eccSharedSecretCtx = ctx; setEccSharedSecretCtx(this.sslPtr); } } @@ -2976,8 +3500,12 @@ public synchronized void setRsaSignCtx(Object ctx) confirmObjectIsActive(); - rsaSignCtx = ctx; synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered setRsaSignCtx(" + ctx + ")"); + + rsaSignCtx = ctx; setRsaSignCtx(this.sslPtr); } } @@ -2997,8 +3525,12 @@ public synchronized void setRsaVerifyCtx(Object ctx) confirmObjectIsActive(); - rsaVerifyCtx = ctx; synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered setRsaVerifyCtx(" + ctx + ")"); + + rsaVerifyCtx = ctx; setRsaVerifyCtx(this.sslPtr); } } @@ -3018,8 +3550,12 @@ public synchronized void setRsaEncCtx(Object ctx) confirmObjectIsActive(); - rsaEncCtx = ctx; synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered setRsaEncCtx(" + ctx + ")"); + + rsaEncCtx = ctx; setRsaEncCtx(this.sslPtr); } } @@ -3039,8 +3575,12 @@ public synchronized void setRsaDecCtx(Object ctx) confirmObjectIsActive(); - rsaDecCtx = ctx; synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered setRsaDecCtx(" + ctx + ")"); + + rsaDecCtx = ctx; setRsaDecCtx(this.sslPtr); } } @@ -3081,11 +3621,15 @@ public synchronized void setPskClientCb(WolfSSLPskClientCallback callback) confirmObjectIsActive(); - /* set PSK client callback */ - internPskClientCb = callback; - - /* register internal callback with native library */ synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered setPskClientCb(" + callback + ")"); + + /* set PSK client callback */ + internPskClientCb = callback; + + /* register internal callback with native library */ setPskClientCb(this.sslPtr); } } @@ -3122,11 +3666,15 @@ public synchronized void setPskServerCb(WolfSSLPskServerCallback callback) confirmObjectIsActive(); - /* set PSK server callback */ - internPskServerCb = callback; - - /* register internal callback with native library */ synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered setPskServerCb(" + callback + ")"); + + /* set PSK server callback */ + internPskServerCb = callback; + + /* register internal callback with native library */ setPskServerCb(this.sslPtr); } } @@ -3149,6 +3697,9 @@ public String getPskIdentityHint() throws IllegalStateException { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getPskIdentityHint()"); + return getPskIdentityHint(this.sslPtr); } } @@ -3171,6 +3722,9 @@ public String getPskIdentity() { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getPskIdentity()"); + return getPskIdentity(this.sslPtr); } } @@ -3195,6 +3749,10 @@ public int usePskIdentityHint(String hint) { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered usePskIdentityHint(" + hint + ")"); + return usePskIdentityHint(this.sslPtr, hint); } } @@ -3207,11 +3765,21 @@ public int usePskIdentityHint(String hint) { */ public boolean handshakeDone() { + boolean done = false; + confirmObjectIsActive(); synchronized (sslLock) { - return handshakeDone(this.sslPtr); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered handshakeDone()"); + + done = handshakeDone(this.sslPtr); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "handshake done: " + done); } + + return done; } /** @@ -3224,6 +3792,9 @@ public void setConnectState() { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered setConnectState()"); + setConnectState(this.sslPtr); } } @@ -3238,6 +3809,9 @@ public void setAcceptState() { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered setAcceptState()"); + setAcceptState(this.sslPtr); } } @@ -3282,6 +3856,10 @@ public void setVerify(int mode, WolfSSLVerifyCallback callback) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered setVerify(mode: " + + mode + ", callback: " + callback + ")"); + setVerify(this.sslPtr, mode, callback); } } @@ -3301,6 +3879,10 @@ public long setOptions(long op) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered setOptions(" + op + ")"); + return setOptions(this.sslPtr, op); } } @@ -3320,6 +3902,9 @@ public long getOptions() confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getOptions()"); + return getOptions(this.sslPtr); } } @@ -3332,15 +3917,26 @@ public long getOptions() */ public boolean gotCloseNotify() { + boolean gotNotify = false; + confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered gotCloseNotify()"); + int ret = gotCloseNotify(this.sslPtr); if (ret == 1) { - return true; + gotNotify = true; } else { - return false; + gotNotify = false; } + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "got close notify: " + gotNotify); + + return gotNotify; } } @@ -3369,11 +3965,15 @@ public synchronized void setIORecv(WolfSSLIORecvCallback callback) confirmObjectIsActive(); - /* set user I/O recv */ - internRecvSSLCb = callback; - - /* register internal callback with native library */ synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered setIORecv(" + callback + ")"); + + /* set user I/O recv */ + internRecvSSLCb = callback; + + /* register internal callback with native library */ setSSLIORecv(this.sslPtr); } } @@ -3403,11 +4003,15 @@ public synchronized void setIOSend(WolfSSLIOSendCallback callback) confirmObjectIsActive(); - /* set user I/O send */ - internSendSSLCb = callback; - - /* register internal callback with native library */ synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered setIOSend(" + callback + ")"); + + /* set user I/O send */ + internSendSSLCb = callback; + + /* register internal callback with native library */ setSSLIOSend(this.sslPtr); } } @@ -3432,6 +4036,10 @@ public synchronized int useSNI(byte type, byte[] data) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered useSNI(type: " + type + ")"); + ret = useSNI(this.sslPtr, type, data); if (ret == WolfSSL.SSL_SUCCESS) { @@ -3456,12 +4064,18 @@ public synchronized byte[] getClientSNIRequest() confirmObjectIsActive(); - if (this.clientSNIRequested == null) { - return null; - } + synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered getClientSNIRequest()"); - return Arrays.copyOf(this.clientSNIRequested, - this.clientSNIRequested.length); + if (this.clientSNIRequested == null) { + return null; + } + + return Arrays.copyOf(this.clientSNIRequested, + this.clientSNIRequested.length); + } } /** @@ -3481,6 +4095,10 @@ public String getSNIRequest(byte type) throws IllegalStateException { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered getSNIRequest(type: " + type + ")"); + /* Returns a byte array representing SNI host name */ reqBytes = getSNIRequest(this.sslPtr, type); } @@ -3506,11 +4124,18 @@ public synchronized int useSessionTicket() confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered useSessionTicket()"); + ret = useSessionTicket(this.sslPtr); if (ret == WolfSSL.SSL_SUCCESS) { this.sessionTicketsEnabled = true; } + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "enabled session tickets for session, ret: " + ret); } return ret; @@ -3529,6 +4154,10 @@ public synchronized boolean sessionTicketsEnabled() confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered sessionTicketsEnabled(): " + this.sessionTicketsEnabled); + return this.sessionTicketsEnabled; } @@ -3550,6 +4179,9 @@ public int useALPN(byte[] alpnProtos) throws IllegalStateException { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered useALPN(byte[])"); + return sslSetAlpnProtos(this.sslPtr, alpnProtos); } } @@ -3578,6 +4210,9 @@ public int useALPN(String[] protocols, int options) { confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered useALPN(String[], int)"); + if (protocols == null) { return WolfSSL.BAD_FUNC_ARG; } @@ -3605,6 +4240,9 @@ public byte[] getAlpnSelected() throws IllegalStateException { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getAlpnSelected()"); + return sslGet0AlpnSelected(this.sslPtr); } } @@ -3624,6 +4262,9 @@ public String getAlpnSelectedString() throws IllegalStateException { confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getAlpnSelectedString()"); + alpnSelectedBytes = getAlpnSelected(); if (alpnSelectedBytes != null) { @@ -3659,6 +4300,10 @@ public int setAlpnSelectCb(WolfSSLALPNSelectCallback cb, Object arg) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered setAlpnSelectCb(" + + cb + ", Object: " + arg + ")"); + ret = setALPNSelectCb(this.sslPtr); if (ret == WolfSSL.SSL_SUCCESS) { /* set ALPN select callback */ @@ -3699,6 +4344,10 @@ public int setTls13SecretCb(WolfSSLTls13SecretCallback cb, Object ctx) confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered setTls13SecretCb(" + + cb + ", ctx: " + ctx + ")"); + ret = setTls13SecretCb(this.sslPtr); if (ret == WolfSSL.SSL_SUCCESS) { /* Set TLS 1.3 secret callback */ @@ -3727,6 +4376,9 @@ public void keepArrays() confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered keepArrays()"); + keepArrays(this.sslPtr); } } @@ -3745,6 +4397,9 @@ public byte[] getClientRandom() confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getClientRandom()"); + return getClientRandom(this.sslPtr); } } @@ -3764,8 +4419,12 @@ public int useSecureRenegotiation() throws IllegalStateException { confirmObjectIsActive(); - synchronized (sslLock) { - return useSecureRenegotiation(this.sslPtr); + synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered useSecureRenegotiation()"); + + return useSecureRenegotiation(this.sslPtr); } } @@ -3815,6 +4474,9 @@ public int rehandshake() throws IllegalStateException { confirmObjectIsActive(); synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered rehandshake()"); + return rehandshake(this.sslPtr); } } @@ -3825,11 +4487,21 @@ public int rehandshake() throws IllegalStateException { */ public int getShutdown() throws IllegalStateException { + int ret; + confirmObjectIsActive(); synchronized (sslLock) { - return getShutdown(this.sslPtr); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "entered getShutdown()"); + + ret = getShutdown(this.sslPtr); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, "getShutdown(), ret: " + ret); } + + return ret; } @SuppressWarnings("deprecation") diff --git a/src/java/com/wolfssl/WolfSSLX509Name.java b/src/java/com/wolfssl/WolfSSLX509Name.java index 68f53427..e89709af 100644 --- a/src/java/com/wolfssl/WolfSSLX509Name.java +++ b/src/java/com/wolfssl/WolfSSLX509Name.java @@ -20,6 +20,8 @@ */ package com.wolfssl; +import com.wolfssl.WolfSSLDebug; + /** * WolfSSLX509Name class, wraps native WOLFSSL_X509_NAME functionality. */ @@ -69,6 +71,9 @@ public WolfSSLX509Name() throws WolfSSLException { throw new WolfSSLException("Failed to create WolfSSLX509Name"); } + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, x509NamePtr, "creating new WolfSSLX509Name"); + synchronized (stateLock) { this.active = true; } @@ -153,6 +158,10 @@ public synchronized void setCountryName(String countryName) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, "entered setCountryName(" + + countryName + ")"); + addEntryByTxt("countryName", countryName); this.countryName = countryName; } @@ -171,6 +180,10 @@ public synchronized void setStateOrProvinceName(String name) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered setStateOrProvinceName(" + name + ")"); + addEntryByTxt("stateOrProvinceName", name); this.stateOrProvinceName = name; } @@ -189,6 +202,10 @@ public synchronized void setStreetAddress(String address) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered setStreetAddress(" + address + ")"); + addEntryByTxt("streetAddress", address); this.streetAddress = address; } @@ -207,6 +224,10 @@ public synchronized void setLocalityName(String name) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered setLocalityName(" + name + ")"); + addEntryByTxt("localityName", name); this.localityName = name; } @@ -225,6 +246,10 @@ public synchronized void setSurname(String name) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered setSurname(" + name + ")"); + addEntryByTxt("surname", name); this.surname = name; } @@ -243,6 +268,10 @@ public synchronized void setCommonName(String name) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered setCommonName(" + name + ")"); + addEntryByTxt("commonName", name); this.commonName = name; } @@ -261,6 +290,10 @@ public synchronized void setEmailAddress(String email) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered setEmailAddress(" + email + ")"); + addEntryByTxt("emailAddress", email); this.emailAddress = email; } @@ -279,6 +312,10 @@ public synchronized void setOrganizationName(String name) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered setOrganizationName(" + name + ")"); + addEntryByTxt("organizationName", name); this.organizationName = name; } @@ -297,6 +334,10 @@ public synchronized void setOrganizationalUnitName(String name) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered setOrganizationalUnitName(" + name + ")"); + addEntryByTxt("organizationalUnitName", name); this.organizationalUnitName = name; } @@ -315,6 +356,10 @@ public synchronized void setPostalCode(String code) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered setPostalCode(" + code + ")"); + addEntryByTxt("postalCode", code); this.postalCode = code; } @@ -333,6 +378,10 @@ public synchronized void setUserId(String id) confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered setUserId(" + id + ")"); + addEntryByTxt("userId", id); this.userId = id; } @@ -348,6 +397,10 @@ public synchronized String getCountryName() { confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered getCountryName()"); + return this.countryName; } @@ -362,6 +415,10 @@ public synchronized String getStateOrProvinceName() { confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered getStateOrProvinceName()"); + return this.stateOrProvinceName; } @@ -376,6 +433,10 @@ public synchronized String getStreetAddress() { confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered getStreetAddress()"); + return this.streetAddress; } @@ -390,6 +451,10 @@ public synchronized String getLocalityName() { confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered getLocalityName()"); + return this.localityName; } @@ -404,6 +469,10 @@ public synchronized String getSurname() { confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered getSurname()"); + return this.surname; } @@ -418,6 +487,10 @@ public synchronized String getCommonName() { confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered getCommonName()"); + return this.commonName; } @@ -432,6 +505,10 @@ public synchronized String getEmailAddress() { confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered getEmailAddress()"); + return this.emailAddress; } @@ -446,6 +523,10 @@ public synchronized String getOrganizationName() { confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered getOrganizationName()"); + return this.organizationName; } @@ -460,6 +541,10 @@ public synchronized String getOrganizationalUnitName() { confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered getOrganizationalUnitName()"); + return this.organizationalUnitName; } @@ -474,6 +559,10 @@ public synchronized String getPostalCode() { confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered getPostalCode()"); + return this.postalCode; } @@ -488,6 +577,10 @@ public synchronized String getUserId() { confirmObjectIsActive(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, + "entered getUserId()"); + return this.userId; } @@ -516,6 +609,10 @@ public synchronized void free() { } synchronized (x509NameLock) { + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509NamePtr, "entered free()"); + /* free native resources */ X509_NAME_free(this.x509NamePtr); diff --git a/src/java/com/wolfssl/WolfSSLX509StoreCtx.java b/src/java/com/wolfssl/WolfSSLX509StoreCtx.java index e8e14d7a..86f95cd7 100644 --- a/src/java/com/wolfssl/WolfSSLX509StoreCtx.java +++ b/src/java/com/wolfssl/WolfSSLX509StoreCtx.java @@ -46,6 +46,10 @@ public class WolfSSLX509StoreCtx { * @throws WolfSSLException if ctxPtr is 0 */ public WolfSSLX509StoreCtx(long ctxPtr) throws WolfSSLException { + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, ctxPtr, "creating new WolfSSLX509StoreCtx"); + if (ctxPtr == 0) { throw new WolfSSLException("Failed to create " + "WolfSSLX509StoreCtx, input ptr was null"); @@ -86,6 +90,9 @@ public WolfSSLCertificate[] getCerts() confirmObjectIsActive(); synchronized (ctxLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.ctxPtr, "entering getCerts()"); + byte[][] derCerts = X509_STORE_CTX_getDerCerts(this.ctxPtr); if (derCerts != null) { diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java b/src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java index 8ac59527..ace3d528 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java @@ -22,6 +22,7 @@ package com.wolfssl.provider.jsse; import com.wolfssl.WolfSSL; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.WolfSSL.TLS_VERSION; import com.wolfssl.WolfSSLSession; import javax.net.ssl.KeyManager; diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java b/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java index 4dd89f8a..6f39256c 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java @@ -43,6 +43,7 @@ import javax.net.ssl.X509TrustManager; import com.wolfssl.WolfSSL; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.WolfSSL.TLS_VERSION; import com.wolfssl.WolfSSLException; import com.wolfssl.WolfSSLJNIException; diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLDebug.java b/src/java/com/wolfssl/provider/jsse/WolfSSLDebug.java deleted file mode 100644 index e971fbe3..00000000 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLDebug.java +++ /dev/null @@ -1,292 +0,0 @@ -/* WolfSSLDebug.java - * - * Copyright (C) 2006-2024 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -package com.wolfssl.provider.jsse; - -import java.util.Date; -import java.sql.Timestamp; - -import com.wolfssl.WolfSSL; -import com.wolfssl.WolfSSLLoggingCallback; - -/** - * Central location for all debugging messages - * - * This class is used internally for displaying debug message. - * - * @author wolfSSL - */ -public class WolfSSLDebug { - - /** - * Check if debug mode is on. - * - * Is true if "wolfjsse.debug" is set to "true", otherwise false. - */ - public static final boolean DEBUG = checkProperty(); - - /** - * Check if JSON debug mode is on. - * - * Is true if "wolfjsse.debugFormat" is set to "JSON", otherwise false. - */ - public static final boolean DEBUG_JSON = jsonOutEnabled(); - - /** - * Error level debug message - */ - public static final String ERROR = "ERROR"; - - /** - * Info level debug message - */ - public static final String INFO = "INFO"; - - /** - * Native wolfSSL logging callback. - * Used to print native wolfSSL debug logs when 'wolfssl.debug' System - * property is set to "true". - */ - private static WolfSSLNativeLoggingCallback nativeLogCb = null; - - /** - * Default constructor for wolfJSSE debug class. - */ - public WolfSSLDebug() { - } - - /** - * Check if "wolfjsse.debug" System property is set to "true". - * - * @return true if set to "true", otherwise return false - */ - private static boolean checkProperty() { - - String enabled = System.getProperty("wolfjsse.debug"); - - if ((enabled != null) && (enabled.equalsIgnoreCase("true"))) { - return true; - } - - return false; - } - - /** - * Check if "wolfjsse.debugFormat" is set to "JSON". - * - * @return true if set to "JSON", otherwise false. - */ - private static boolean jsonOutEnabled() { - - String enabled = System.getProperty("wolfjsse.debugFormat"); - - if ((enabled != null) && (enabled.equalsIgnoreCase("JSON"))) { - return true; - } - - return false; - } - - /** - * Prints out a message to the console - * @param string message to be printed - */ - public static void print(String string) { - System.out.println("wolfJSSE: " + string); - } - - /** - * Internal method to print debug message as JSON for consumption by - * tools such as DataDog. - */ - private static synchronized void logJSON(String tag, String msg, - long threadID, String threadName, String className) { - - System.out.printf( - "{\n" + - " \"@timestamp\": \"%s\",\n" + - " \"level\": \"%s\",\n" + - " \"logger_name\": \"wolfJSSE\",\n" + - " \"message\": \"%s\",\n" + - " \"thread_name\": \"%s\",:\n" + - " \"thread_id\": \"%s\"\n" + - "}\n", - new Timestamp(new java.util.Date().getTime()), - tag, "[" + className + "] " + msg, - threadID, threadName - ); - } - - /** - * Internal method to print debug message with byte array hex as JSON, - * for consumption by tools such as DataDog. - */ - private static synchronized void logJSONHex(String tag, String label, - long threadID, String threadName, String className, byte[] in, int sz) { - - /* Convert byte[] to hex string */ - StringBuilder builder = new StringBuilder(); - for (byte b: in) { - builder.append(String.format("%02X", b)); - } - - logJSON(tag, label + " [" + sz + "]: " + builder.toString(), threadID, - threadName, className); - } - - /** - * Checks if debugging is turned on and prints out the message. - * - * Output format can be controlled with the "wolfjsse.debugFormat" - * System property. If not set, default debug output format will be used. - * If set to "JSON", all debug logs will be output in the following JSON - * format, which can be read by DataDog: - * - * { - * "@timestamp": "2024-04-05 11:13:07.193", - * "level": "INFO", - * "logger_name": "wolfJSSE", - * "message": "debug message", - * "thread_name": "thread_name",: - * "thread_id": "thread_ID" - * } - * - * @param class type of cl - * @param cl class being called from to get debug info - * @param tag level of debug message i.e. WolfSSLDebug.INFO - * @param string message to be printed out - */ - public static synchronized void log(Class cl, String tag, - String string) { - - if (DEBUG) { - - long threadID = Thread.currentThread().getId(); - String threadName = Thread.currentThread().getName(); - String className = cl.getSimpleName(); - - if (DEBUG_JSON) { - logJSON(tag, string, threadID, threadName, className); - } - else { - System.out.println( - new Timestamp(new java.util.Date().getTime()) + - " [wolfJSSE " + tag + ": TID " + threadID + ": " + - className + "] " + string); - } - } - } - - /** - * Print out a byte array in hex if debugging is enabled. - * - * Output format can be controlled with the "wolfjsse.debugFormat" - * System property. If not set, default debug output format will be used. - * If set to "JSON", all debug logs will be output in the following JSON - * format, which can be read by DataDog: - * - * { - * "@timestamp": "2024-04-05 11:13:07.193", - * "level": "INFO", - * "logger_name": "wolfJSSE", - * "message": "label [sz]: array hex string", - * "thread_name": "thread_name",: - * "thread_id": "thread_ID" - * } - * - * @param class type for cl - * @param cl class this method is being called from - * @param tag level of debug message i.e. WolfSSLDebug.INFO - * @param label label string to print with hex - * @param in byte array to be printed as hex - * @param sz number of bytes from in array to be printed - */ - public static synchronized void logHex(Class cl, String tag, - String label, byte[] in, int sz) { - - if (DEBUG) { - int i = 0, j = 0; - int printSz = 0; - long threadID = Thread.currentThread().getId(); - String threadName = Thread.currentThread().getName(); - String className = null; - - if (cl == null || in == null || sz == 0) { - return; - } - className = cl.getSimpleName(); - printSz = Math.min(in.length, sz); - - if (DEBUG_JSON) { - logJSONHex(tag, label, threadID, threadName, className, in, sz); - } - else { - System.out.print("[wolfJSSE " + tag + ": TID " + threadID + - ": " + className + "] " + label + " [" + sz + "]: "); - for (i = 0; i < printSz; i++) { - if ((i % 16) == 0) { - System.out.printf("\n[wolfJSSE " + tag + ": TID " + - threadID + ": " + className + "] %06X", j * 8); - j++; - } - System.out.printf(" %02X ", in[i]); - } - System.out.println(""); - } - } - } - - /** - * Enable native wolfSSL debug logging based on value of the - * 'wolfssl.debug' System property. - * - * Native wolfSSL must ben compiled with "--enable-debug" or - * DEBUG_WOLFSSL defined in order for debug logs to print. - */ - protected static synchronized void setNativeWolfSSLDebugging() { - - String wolfsslDebug = System.getProperty("wolfssl.debug"); - - if ((wolfsslDebug != null) && (wolfsslDebug.equalsIgnoreCase("true"))) { - - WolfSSL.debuggingON(); - } - - /* Register our default logging callback for native wolfSSL logs */ - setDefaultNativeLoggingCallback(); - } - - /** - * Register default native wolfSSL logging callback. - * Default callback class is WolfSSLNativeLoggingCallback. This could be - * modified in the future to allow a custom user-registerable callback. - */ - protected static synchronized void setDefaultNativeLoggingCallback() { - - /* Only create one logging callback object */ - if (nativeLogCb == null) { - nativeLogCb = new WolfSSLNativeLoggingCallback(); - } - - WolfSSL.setLoggingCb(nativeLogCb); - } -} - diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java b/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java index dae87a6e..57d08924 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java @@ -22,6 +22,7 @@ package com.wolfssl.provider.jsse; import com.wolfssl.WolfSSL; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.WolfSSLException; import com.wolfssl.WolfSSLIORecvCallback; import com.wolfssl.WolfSSLIOSendCallback; diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java index f3c9b9cd..640f36f4 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java @@ -42,6 +42,7 @@ import java.security.cert.CertificateEncodingException; import com.wolfssl.WolfSSL; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.WolfSSLSession; import com.wolfssl.WolfSSLException; import com.wolfssl.WolfSSLJNIException; diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java b/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java index 50a97b5b..1496bcda 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java @@ -20,10 +20,11 @@ */ package com.wolfssl.provider.jsse; +import com.wolfssl.WolfSSL; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.WolfSSLException; import com.wolfssl.WolfSSLJNIException; import com.wolfssl.WolfSSLSession; -import com.wolfssl.WolfSSL; import java.security.Principal; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java b/src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java index cbb4683a..de6fca6f 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java @@ -20,6 +20,7 @@ */ package com.wolfssl.provider.jsse; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.WolfSSLVerifyCallback; import com.wolfssl.WolfSSLException; import com.wolfssl.WolfSSLJNIException; diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLKeyManager.java b/src/java/com/wolfssl/provider/jsse/WolfSSLKeyManager.java index b9f28015..c5daf800 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLKeyManager.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLKeyManager.java @@ -35,6 +35,7 @@ import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactorySpi; import javax.net.ssl.ManagerFactoryParameters; +import com.wolfssl.WolfSSLDebug; /** * WolfSSL KeyManagerFactory implementation diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLKeyX509.java b/src/java/com/wolfssl/provider/jsse/WolfSSLKeyX509.java index 79024ae9..dab5746a 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLKeyX509.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLKeyX509.java @@ -33,6 +33,7 @@ import javax.net.ssl.SSLEngine; import javax.net.ssl.X509KeyManager; import javax.net.ssl.X509ExtendedKeyManager; +import com.wolfssl.WolfSSLDebug; /** * wolfSSL implementation of X509KeyManager, extends X509ExtendedKeyManager diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java b/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java index ec4209a7..505836ac 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java @@ -23,6 +23,7 @@ import java.security.Provider; import com.wolfssl.WolfSSL; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.WolfSSLException; import com.wolfssl.WolfSSLFIPSErrorCallback; diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLServerSocket.java b/src/java/com/wolfssl/provider/jsse/WolfSSLServerSocket.java index b287e0a2..a1efd043 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLServerSocket.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLServerSocket.java @@ -30,6 +30,7 @@ import javax.net.ssl.SSLParameters; import com.wolfssl.WolfSSL; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.WolfSSLSession; import com.wolfssl.WolfSSLContext; diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLServerSocketFactory.java b/src/java/com/wolfssl/provider/jsse/WolfSSLServerSocketFactory.java index 46893ba8..1185b3ac 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLServerSocketFactory.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLServerSocketFactory.java @@ -27,6 +27,7 @@ import java.net.ServerSocket; import com.wolfssl.WolfSSL; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.WolfSSLContext; /** diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLSocket.java b/src/java/com/wolfssl/provider/jsse/WolfSSLSocket.java index 7b130f56..846d444f 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLSocket.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLSocket.java @@ -48,6 +48,7 @@ import javax.net.ssl.SSLException; import com.wolfssl.WolfSSL; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.WolfSSLException; import com.wolfssl.WolfSSLIOSendCallback; import com.wolfssl.WolfSSLIORecvCallback; diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLSocketFactory.java b/src/java/com/wolfssl/provider/jsse/WolfSSLSocketFactory.java index ac880143..02d77245 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLSocketFactory.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLSocketFactory.java @@ -30,6 +30,7 @@ import javax.net.ssl.SSLSocketFactory; import com.wolfssl.WolfSSL; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.WolfSSLException; /** diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java b/src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java index e000d8bf..05a2f04e 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java @@ -39,6 +39,7 @@ import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactorySpi; import com.wolfssl.WolfSSL; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.WolfSSLCertificate; import com.wolfssl.WolfSSLException; import com.wolfssl.WolfSSLJNIException; diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLTrustX509.java b/src/java/com/wolfssl/provider/jsse/WolfSSLTrustX509.java index 0776f672..fad61c9e 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLTrustX509.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLTrustX509.java @@ -43,6 +43,7 @@ import javax.net.ssl.X509ExtendedTrustManager; import javax.security.auth.x500.X500Principal; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.WolfSSLCertificate; import com.wolfssl.WolfSSLCertManager; import com.wolfssl.WolfSSLException; diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLUtil.java b/src/java/com/wolfssl/provider/jsse/WolfSSLUtil.java index aa0eabcf..79fda968 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLUtil.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLUtil.java @@ -33,6 +33,7 @@ import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.WolfSSLException; /** diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java b/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java index f4ae45d7..9dde15c9 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java @@ -46,6 +46,7 @@ import java.util.List; import java.util.Collection; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.WolfSSLCertificate; import com.wolfssl.WolfSSLException; import com.wolfssl.WolfSSLJNIException; diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLX509X.java b/src/java/com/wolfssl/provider/jsse/WolfSSLX509X.java index 9af9fcf4..921a659b 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLX509X.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLX509X.java @@ -31,6 +31,7 @@ import java.util.Date; import javax.security.cert.*; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.WolfSSLException; /** diff --git a/src/test/com/wolfssl/test/WolfSSLSessionTest.java b/src/test/com/wolfssl/test/WolfSSLSessionTest.java index b71e46d6..597ecaf2 100644 --- a/src/test/com/wolfssl/test/WolfSSLSessionTest.java +++ b/src/test/com/wolfssl/test/WolfSSLSessionTest.java @@ -27,6 +27,8 @@ import org.junit.runners.JUnit4; import static org.junit.Assert.*; +import java.io.ByteArrayOutputStream; +import java.io.PrintStream; import java.io.IOException; import java.net.Socket; import java.net.ServerSocket; @@ -41,6 +43,7 @@ import java.util.concurrent.Callable; import com.wolfssl.WolfSSL; +import com.wolfssl.WolfSSLDebug; import com.wolfssl.WolfSSLContext; import com.wolfssl.WolfSSLException; import com.wolfssl.WolfSSLJNIException; @@ -930,83 +933,265 @@ public void test_WolfSSLSession_setTls13SecretCb() System.out.println("\t... passed"); } + /** + * Creates a WolfSSLContext using the certs and keys provided. + * + * @param certPath file path to local peer certificate chain, PEM format + * @param keyPath file path to local peer private key file + * @param keyFormat format of private key file, ie + * WolfSSL.SSL_FILETYPE_PEM + * @param caCertPath file path to CA cert file used to verify peer, PEM + * formatted file + * @param method protocol method to use for this context, ie + * WolfSSL.SSLv23_ClientMethod, WolfSSL.SSLv23_ServerMethod, etc + */ + private WolfSSLContext createAndSetupWolfSSLContext( + String certPath, String keyPath, int keyFormat, + String caCertPath, long method) throws Exception { + + int ret; + WolfSSLContext ctx = null; + + ctx = new WolfSSLContext(method); + + ret = ctx.useCertificateChainFile(certPath); + if (ret != WolfSSL.SSL_SUCCESS) { + ctx.free(); + throw new Exception("Failed to load certificate: " + certPath); + } + + ret = ctx.usePrivateKeyFile(keyPath, keyFormat); + if (ret != WolfSSL.SSL_SUCCESS) { + ctx.free(); + throw new Exception("Failed to load private key: " + keyPath); + } + + ret = ctx.loadVerifyLocations(caCertPath, null); + if (ret != WolfSSL.SSL_SUCCESS) { + ctx.free(); + throw new Exception("Failed to load CA certs: " + caCertPath); + } + + return ctx; + } + @Test - public void test_WolfSSLSession_getSetSession() - throws WolfSSLJNIException, WolfSSLException, - IOException { + public void test_WolfSSLSession_connectionWithDebug() throws Exception { int ret = 0; int err = 0; - long sessionPtr = 0; - long sesDup = 0; Socket cliSock = null; WolfSSLSession cliSes = null; - System.out.print("\tTesting get/setSession()"); - - /* Create ServerSocket first to get ephemeral port */ - final ServerSocket srvSocket = new ServerSocket(0); + ByteArrayOutputStream outStream = null; + PrintStream originalSysOut = System.out; /* Create client/server WolfSSLContext objects, Server context * must be final since used inside inner class. */ - final WolfSSLContext srvCtx = - new WolfSSLContext(WolfSSL.SSLv23_ServerMethod()); - WolfSSLContext cliCtx = - new WolfSSLContext(WolfSSL.SSLv23_ClientMethod()); + final WolfSSLContext srvCtx; + WolfSSLContext cliCtx; - /* Load certificate/key files */ - ret = srvCtx.useCertificateChainFile(srvCert); - if (ret != WolfSSL.SSL_SUCCESS) { - srvCtx.free(); - cliCtx.free(); - System.out.println("\t... failed"); - fail("Failed to load server certificate!"); - } + System.out.print("\tTesting wolfssljni.debug"); - ret = srvCtx.usePrivateKeyFile(srvKey, - WolfSSL.SSL_FILETYPE_PEM); - if (ret != WolfSSL.SSL_SUCCESS) { - srvCtx.free(); - cliCtx.free(); - System.out.println("\t... failed"); - fail("Failed to load server private key!"); - } + /* Save original property value, then enable debug. Make sure + * connection still works with debug enabled. */ + String originalProp = System.getProperty("wolfssljni.debug"); + System.setProperty("wolfssljni.debug", "true"); - ret = cliCtx.useCertificateFile(cliCert, - WolfSSL.SSL_FILETYPE_PEM); - if (ret != WolfSSL.SSL_SUCCESS) { - srvCtx.free(); - cliCtx.free(); - System.out.println("\t... failed"); - fail("Failed to load client certificate!"); - } + /* Refresh debug flags, since WolfSSLDebug static class has already + * been intiailzed before and static class variables have been set. */ + WolfSSLDebug.refreshDebugFlags(); - ret = cliCtx.usePrivateKeyFile(cliKey, - WolfSSL.SSL_FILETYPE_PEM); - if (ret != WolfSSL.SSL_SUCCESS) { - srvCtx.free(); - cliCtx.free(); - System.out.println("\t... failed"); - fail("Failed to load client private key!"); - } + try { + /* wolfSSL JNI debug logs are printed to stdout via + * System.out.println(). Redirect stdout so we can check output, and + * it doesn't clutter up ant test output. */ + outStream = new ByteArrayOutputStream(); + System.setOut(new PrintStream(outStream)); + + /* Create ServerSocket first to get ephemeral port */ + final ServerSocket srvSocket = new ServerSocket(0); + + srvCtx = createAndSetupWolfSSLContext(srvCert, srvKey, + WolfSSL.SSL_FILETYPE_PEM, cliCert, + WolfSSL.SSLv23_ServerMethod()); + cliCtx = createAndSetupWolfSSLContext(cliCert, cliKey, + WolfSSL.SSL_FILETYPE_PEM, caCert, + WolfSSL.SSLv23_ClientMethod()); + + /* Start server */ + try { + ExecutorService es = Executors.newSingleThreadExecutor(); + Future serverFuture = es.submit(new Callable() { + @Override + public Void call() throws Exception { + int ret; + int err; + Socket server = null; + WolfSSLSession srvSes = null; + + try { + server = srvSocket.accept(); + srvSes = new WolfSSLSession(srvCtx); - /* Load CA certs */ - ret = srvCtx.loadVerifyLocations(cliCert, null); - if (ret != WolfSSL.SSL_SUCCESS) { - srvCtx.free(); - cliCtx.free(); - System.out.println("\t... failed"); - fail("Failed to load CA certificates!"); - } + ret = srvSes.setFd(server); + if (ret != WolfSSL.SSL_SUCCESS) { + throw new Exception( + "WolfSSLSession.setFd() failed: " + ret); + } - ret = cliCtx.loadVerifyLocations(caCert, null); - if (ret != WolfSSL.SSL_SUCCESS) { - srvCtx.free(); - cliCtx.free(); - System.out.println("\t... failed"); - fail("Failed to load CA certificates!"); + do { + ret = srvSes.accept(); + err = srvSes.getError(ret); + } while (ret != WolfSSL.SSL_SUCCESS && + (err == WolfSSL.SSL_ERROR_WANT_READ || + err == WolfSSL.SSL_ERROR_WANT_WRITE)); + + if (ret != WolfSSL.SSL_SUCCESS) { + throw new Exception( + "WolfSSLSession.accept() failed: " + ret); + } + + srvSes.shutdownSSL(); + srvSes.freeSSL(); + srvSes = null; + + } finally { + if (srvSes != null) { + srvSes.freeSSL(); + } + if (server != null) { + server.close(); + } + } + + return null; + } + }); + + } catch (Exception e) { + System.out.println("\t... failed"); + e.printStackTrace(); + fail(); + } + + /* Client connection */ + try { + cliSock = new Socket(InetAddress.getLocalHost(), + srvSocket.getLocalPort()); + + cliSes = new WolfSSLSession(cliCtx); + + ret = cliSes.setFd(cliSock); + if (ret != WolfSSL.SSL_SUCCESS) { + throw new Exception( + "WolfSSLSession.setFd() failed, ret = " + ret); + } + + do { + ret = cliSes.connect(); + err = cliSes.getError(ret); + } while (ret != WolfSSL.SSL_SUCCESS && + (err == WolfSSL.SSL_ERROR_WANT_READ || + err == WolfSSL.SSL_ERROR_WANT_WRITE)); + + if (ret != WolfSSL.SSL_SUCCESS) { + throw new Exception( + "WolfSSLSession.connect() failed: " + err); + } + + cliSes.shutdownSSL(); + cliSes.freeSSL(); + cliSes = null; + cliSock.close(); + cliSock = null; + + } catch (Exception e) { + System.out.println("\t... failed"); + e.printStackTrace(); + fail(); + + } finally { + if (cliSes != null) { + cliSes.freeSSL(); + } + if (cliSock != null) { + cliSock.close(); + } + } + + /* Free resources */ + if (srvSocket != null) { + srvSocket.close(); + } + if (srvCtx != null) { + srvCtx.free(); + } + + } finally { + /* Restore original property value */ + if (originalProp == null || originalProp.isEmpty()) { + System.setProperty("wolfssljni.debug", ""); + } + else { + System.setProperty("wolfssljni.debug", originalProp); + } + WolfSSLDebug.refreshDebugFlags(); + + /* Restore System.out direction */ + System.setOut(originalSysOut); + + /* Verify we have debug output and some expected strings */ + if (outStream == null) { + System.out.println("\t... failed"); + fail("outStream is null but should not be"); + } + + String debugOutput = outStream.toString(); + if (debugOutput == null || debugOutput.isEmpty()) { + System.out.println("\t... failed"); + fail("Debug output was null or empty, but expected"); + } + if (!debugOutput.contains("connect() ret: 1")) { + System.out.println("\t... failed"); + fail("Debug output did not contain connect() success"); + } + if (!debugOutput.contains("accept() ret: 1")) { + System.out.println("\t... failed"); + fail("Debug output did not contain accept() success"); + } } + System.out.println("\t... passed"); + } + + @Test + public void test_WolfSSLSession_getSetSession() throws Exception { + + int ret = 0; + int err = 0; + long sessionPtr = 0; + long sesDup = 0; + Socket cliSock = null; + WolfSSLSession cliSes = null; + + /* Create client/server WolfSSLContext objects, Server context + * must be final since used inside inner class. */ + final WolfSSLContext srvCtx; + WolfSSLContext cliCtx; + + System.out.print("\tTesting get/setSession()"); + + /* Create ServerSocket first to get ephemeral port */ + final ServerSocket srvSocket = new ServerSocket(0); + + srvCtx = createAndSetupWolfSSLContext(srvCert, srvKey, + WolfSSL.SSL_FILETYPE_PEM, cliCert, + WolfSSL.SSLv23_ServerMethod()); + cliCtx = createAndSetupWolfSSLContext(cliCert, cliKey, + WolfSSL.SSL_FILETYPE_PEM, caCert, + WolfSSL.SSLv23_ClientMethod()); + /* Start server, handles 1 resumption */ try { ExecutorService es = Executors.newSingleThreadExecutor();