rpms/jss/F-11 jss-ECC-pop.patch, NONE, 1.1 jss-ipv6.patch, NONE, 1.1 jss.spec, 1.7, 1.8

rcritten rcritten at fedoraproject.org
Fri Jul 31 13:52:36 UTC 2009


Author: rcritten

Update of /cvs/extras/rpms/jss/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10149

Modified Files:
	jss.spec 
Added Files:
	jss-ECC-pop.patch jss-ipv6.patch 
Log Message:
- Support ECC POP on the server (#224688)
- Server Sockets are hard coded to IPV4 (#469456)
- Set NSS dependency >= 3.12.3.99


jss-ECC-pop.patch:
 CertReqMsg.java |   12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

--- NEW FILE jss-ECC-pop.patch ---
diff -rupN jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java jss-4.2.6.cfu/mozilla/security/jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java	2004-04-25 08:02:26.000000000 -0700
+++ jss-4.2.6.cfu/mozilla/security/jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java	2009-07-27 13:38:38.197422000 -0700
@@ -130,6 +130,16 @@ public class CertReqMsg implements ASN1V
     ///////////////////////////////////////////////////////////////////////
 
 	public void verify() throws SignatureException,
+        InvalidKeyFormatException, NoSuchAlgorithmException,
+        org.mozilla.jss.CryptoManager.NotInitializedException,
+        TokenException, java.security.InvalidKeyException, IOException{
+
+        CryptoToken token = CryptoManager.getInstance()
+                                .getInternalCryptoToken();
+        verify(token);
+    }
+
+    public void verify(CryptoToken token) throws SignatureException,
 		InvalidKeyFormatException, NoSuchAlgorithmException,
 		org.mozilla.jss.CryptoManager.NotInitializedException,
 		TokenException, java.security.InvalidKeyException, IOException{
@@ -149,8 +159,6 @@ public class CertReqMsg implements ASN1V
 				pubkey = (PublicKey) spi.toPublicKey();
 			}
 
-			CryptoToken token = CryptoManager.getInstance()
-                                .getInternalCryptoToken();
 			SignatureAlgorithm sigAlg =
 				SignatureAlgorithm.fromOID(alg.getOID());
 			Signature sig = token.getSignatureContext(sigAlg);

jss-ipv6.patch:
 lib/jss.def                              |    2 
 org/mozilla/jss/ssl/SSLServerSocket.java |   27 ++---
 org/mozilla/jss/ssl/SSLSocket.c          |   63 +++++++++++
 org/mozilla/jss/ssl/SSLSocket.java       |    9 +
 org/mozilla/jss/ssl/SocketBase.java      |   77 +++++++++++++-
 org/mozilla/jss/ssl/common.c             |  163 +++++++++++++++++++++++++++++--
 org/mozilla/jss/ssl/javasock.c           |   19 ++-
 org/mozilla/jss/util/java_ids.h          |    2 
 8 files changed, 322 insertions(+), 40 deletions(-)

--- NEW FILE jss-ipv6.patch ---
diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/lib/jss.def jss-4.2.6/mozilla/security/jss/lib/jss.def
--- jss-4.2.6.pre-IPv6/mozilla/security/jss/lib/jss.def	2009-06-24 17:08:59.784371000 -0700
+++ jss-4.2.6/mozilla/security/jss/lib/jss.def	2009-06-19 17:56:00.000000000 -0700
@@ -175,6 +175,7 @@ Java_org_mozilla_jss_ssl_SSLServerSocket
 Java_org_mozilla_jss_ssl_SSLSocket_forceHandshake;
 Java_org_mozilla_jss_ssl_SSLSocket_getKeepAlive;
 Java_org_mozilla_jss_ssl_SSLSocket_getLocalAddressNative;
+Java_org_mozilla_jss_ssl_SocketBase_getLocalAddressByteArrayNative;
 Java_org_mozilla_jss_ssl_SSLSocket_getPort;
 Java_org_mozilla_jss_ssl_SSLSocket_getReceiveBufferSize;
 Java_org_mozilla_jss_ssl_SSLSocket_getSendBufferSize;
@@ -199,6 +200,7 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
 Java_org_mozilla_jss_ssl_SSLSocket_socketWrite;
 Java_org_mozilla_jss_ssl_SocketBase_getLocalPortNative;
 Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressNative;
+Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressByteArrayNative;
 Java_org_mozilla_jss_ssl_SocketBase_setClientCertNicknameNative;
 Java_org_mozilla_jss_ssl_SocketBase_requestClientAuthNoExpiryCheckNative;
 Java_org_mozilla_jss_ssl_SocketBase_setSSLOption;
diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.java jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.java
--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.java	2007-03-20 15:39:28.000000000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.java	2009-06-24 13:46:49.000000000 -0700
@@ -36,7 +36,8 @@
 
 package org.mozilla.jss.ssl;
 
-import java.net.InetAddress;
+import java.util.*;
+import java.net.*;
 import java.io.IOException;
 import java.net.Socket;
 import java.net.SocketException;
@@ -138,34 +139,34 @@ public class SSLServerSocket extends jav
         super.close();
 
         // create the socket
+
+        int socketFamily = SocketBase.SSL_AF_INET;
+        if(SocketBase.supportsIPV6()) {
+            socketFamily = SocketBase.SSL_AF_INET6;
+        }
+
         sockProxy = new SocketProxy(
-            base.socketCreate(this, certApprovalCallback, null) );
+            base.socketCreate(this, certApprovalCallback, null,socketFamily) );
 
         base.setProxy(sockProxy);
 
         setReuseAddress(reuseAddr);
 
-        // bind it to the local address and port
-        if( bindAddr == null ) {
-            bindAddr = anyLocalAddr;
-        }
         byte[] bindAddrBA = null;
         if( bindAddr != null ) {
             bindAddrBA = bindAddr.getAddress();
         }
         base.socketBind(bindAddrBA, port);
+
+        String hostName = null;
+        if(bindAddr != null)  {
+            hostName = bindAddr.getCanonicalHostName();
+        }
         socketListen(backlog);
     }
 
     private native void socketListen(int backlog) throws SocketException;
 
-    private static InetAddress anyLocalAddr;
-    static {
-        try {
-            anyLocalAddr = InetAddress.getByName("0.0.0.0");
-        } catch (java.net.UnknownHostException e) { }
-    }
-
     /**
      * Accepts a connection. This call will block until a connection is made
      * or the timeout is reached.
diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c
--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c	2007-05-08 18:40:14.000000000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c	2009-06-24 13:27:15.000000000 -0700
@@ -460,10 +460,15 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
     JSSL_SocketData *sock;
     PRNetAddr addr;
     jbyte *addrBAelems = NULL;
+    int addrBALen = 0; 
     PRStatus status;
     int stat;
     const char *hostnameStr=NULL;
 
+    jmethodID supportsIPV6ID;
+    jclass socketBaseClass;
+    jboolean supportsIPV6 = 0;
+
     if( JSSL_getSockData(env, self, &sock) != PR_SUCCESS) {
         /* exception was thrown */
         goto finish;
@@ -472,16 +477,32 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
     /*
      * setup the PRNetAddr structure
      */
-    addr.inet.family = AF_INET;
-    addr.inet.port = htons(port);
-    PR_ASSERT(sizeof(addr.inet.ip) == 4);
-    PR_ASSERT( (*env)->GetArrayLength(env, addrBA) == 4);
+
+    socketBaseClass = (*env)->FindClass(env, SOCKET_BASE_NAME);
+    if( socketBaseClass == NULL ) {
+        ASSERT_OUTOFMEM(env);
+        goto finish;
+    }
+    supportsIPV6ID = (*env)->GetStaticMethodID(env, socketBaseClass,
+        SUPPORTS_IPV6_NAME, SUPPORTS_IPV6_SIG);
+
+    if( supportsIPV6ID == NULL ) {
+        ASSERT_OUTOFMEM(env);
+        goto finish;
+    }
+
+    supportsIPV6 = (*env)->CallStaticBooleanMethod(env, socketBaseClass,
+         supportsIPV6ID);
+
     addrBAelems = (*env)->GetByteArrayElements(env, addrBA, NULL);
+    addrBALen = (*env)->GetArrayLength(env, addrBA);
+
+    PR_ASSERT(addrBALen != 0);
+
     if( addrBAelems == NULL ) {
         ASSERT_OUTOFMEM(env);
         goto finish;
     }
-    memcpy(&addr.inet.ip, addrBAelems, 4);
 
     /*
      * Tell SSL the URL we think we want to connect to.
@@ -495,6 +516,38 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
         goto finish;
     }
 
+    if( addrBAelems == NULL ) {
+        ASSERT_OUTOFMEM(env);
+        goto finish;
+    }
+
+    if(addrBALen != 4 && addrBALen != 16) {
+        JSSL_throwSSLSocketException(env, "Invalid address in connect!");
+        goto finish;
+    }
+
+    if( addrBALen == 4) {
+        addr.inet.family = AF_INET;
+        addr.inet.port = PR_htons(port);
+        memcpy(&addr.inet.ip, addrBAelems, 4);
+
+        if(supportsIPV6) {
+            addr.ipv6.family = AF_INET6;
+            addr.ipv6.port = PR_htons(port);
+            PR_ConvertIPv4AddrToIPv6(addr.inet.ip,&addr.ipv6.ip);
+        }
+
+    }  else {   /* Must be 16 and ipv6 */
+        if(supportsIPV6) {
+            addr.ipv6.family = AF_INET6;
+            addr.ipv6.port = PR_htons(port);
+            memcpy(&addr.ipv6.ip,addrBAelems, 16);
+        }  else {
+                JSSL_throwSSLSocketException(env, "Invalid address in connect!");
+                goto finish;
+        }
+    }
+
     /*
      * make the connect call
      */
diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java
--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java	2007-05-08 18:40:14.000000000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java	2009-06-24 13:45:59.000000000 -0700
@@ -243,11 +243,16 @@ public class SSLSocket extends java.net.
         SSLClientCertificateSelectionCallback clientCertSelectionCallback)
             throws IOException
     {
+
+        int socketFamily = SocketBase.SSL_AF_INET;
+        if(SocketBase.supportsIPV6()) {
+            socketFamily = SocketBase.SSL_AF_INET6;
+        }
         // create the socket
         sockProxy =
             new SocketProxy(
                 base.socketCreate(
-                    this, certApprovalCallback, clientCertSelectionCallback) );
+                    this, certApprovalCallback, clientCertSelectionCallback,socketFamily) );
 
         base.setProxy(sockProxy);
 
@@ -288,7 +293,7 @@ public class SSLSocket extends java.net.
             new SocketProxy(
                 base.socketCreate(
                     this, certApprovalCallback, clientCertSelectionCallback,
-                    s, host ) );
+                    s, host,SocketBase.SSL_AF_INET ) );
 
         base.setProxy(sockProxy);
         resetHandshake();
diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java
--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java	2007-03-20 15:39:28.000000000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java	2009-06-24 13:50:32.000000000 -0700
@@ -70,16 +70,16 @@ class SocketBase {
     native byte[] socketCreate(Object socketObject,
         SSLCertificateApprovalCallback certApprovalCallback,
         SSLClientCertificateSelectionCallback clientCertSelectionCallback,
-        java.net.Socket javaSock, String host)
+        java.net.Socket javaSock, String host,int family)
             throws SocketException;
 
     byte[] socketCreate(Object socketObject,
         SSLCertificateApprovalCallback certApprovalCallback,
-        SSLClientCertificateSelectionCallback clientCertSelectionCallback)
+        SSLClientCertificateSelectionCallback clientCertSelectionCallback,int family)
             throws SocketException
     {
         return socketCreate(socketObject, certApprovalCallback,
-            clientCertSelectionCallback, null, null);
+            clientCertSelectionCallback, null, null,family);
     }
 
     native void socketBind(byte[] addrBA, int port) throws SocketException;
@@ -115,6 +115,10 @@ class SocketBase {
     static final int SSL_REQUIRE_FIRST_HANDSHAKE = 20;
     static final int SSL_REQUIRE_NO_ERROR = 21;
 
+
+    static final int SSL_AF_INET  = 50;
+    static final int SSL_AF_INET6 = 51;
+
     void close() throws IOException {
         socketClose();
     }
@@ -281,13 +285,25 @@ class SocketBase {
         return in;
     }
 
+    private native byte[] getLocalAddressByteArrayNative() throws SocketException;
+    private native byte[] getPeerAddressByteArrayNative() throws SocketException;
     /**
      * @return the InetAddress of the peer end of the socket.
      */
     InetAddress getInetAddress()
     {
         try {
-            return convertIntToInetAddress( getPeerAddressNative() );
+            byte[] address = getPeerAddressByteArrayNative(); 
+
+            InetAddress iAddr = null;
+
+            try {
+
+                iAddr = InetAddress.getByAddress(address);
+            }   catch(UnknownHostException e) {
+            }
+
+            return iAddr;
         } catch(SocketException e) {
             return null;
         }
@@ -299,7 +315,17 @@ class SocketBase {
      */
     InetAddress getLocalAddress() {
         try {
-            return convertIntToInetAddress( getLocalAddressNative() );
+            byte[] address = getLocalAddressByteArrayNative();
+
+            InetAddress lAddr = null;
+
+            try {
+
+                lAddr = InetAddress.getByAddress(address);
+            }   catch(UnknownHostException e) {
+            }
+
+            return lAddr;
         } catch(SocketException e) {
             return null;
         }
@@ -378,4 +404,45 @@ class SocketBase {
         return topException;
       }
     }
+   
+    static private int supportsIPV6 = -1;
+    static boolean supportsIPV6() {
+
+        if(supportsIPV6 >= 0) {
+            if(supportsIPV6 > 0) {
+                return true;
+            } else {
+                return false;
+            } 
+        }
+
+        Enumeration netInter;
+        try {
+                 netInter = NetworkInterface.getNetworkInterfaces();
+        }  catch (SocketException e) {
+
+                 return false;
+        }
+        while ( netInter.hasMoreElements() )
+        {
+            NetworkInterface ni = (NetworkInterface)netInter.nextElement();
+            Enumeration addrs = ni.getInetAddresses();
+            while ( addrs.hasMoreElements() )
+            {
+                 Object o = addrs.nextElement();
+                 if ( o.getClass() == InetAddress.class ||
+                     o.getClass() == Inet4Address.class ||
+                     o.getClass() == Inet6Address.class )
+                 {
+                      InetAddress iaddr = (InetAddress) o;
+                      if(o.getClass() == Inet6Address.class) {
+                          supportsIPV6 = 1;
+                          return true;
+                      }
+                 }
+            }
+        }
+        supportsIPV6 = 0;
+        return false;
+    }
 }
diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/common.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/common.c
--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/common.c	2007-04-24 11:34:58.000000000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/common.c	2009-06-24 14:22:02.000000000 -0700
@@ -33,7 +33,6 @@
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
-
 #include <nspr.h>
 #include <jni.h>
 #include <pk11func.h>
@@ -51,6 +50,9 @@
 #include <winsock.h>
 #endif
 
+#define SSL_AF_INET  50
+#define SSL_AF_INET6 51
+
 void
 JSSL_throwSSLSocketException(JNIEnv *env, char *message)
 {
@@ -142,7 +144,7 @@ finish:
 JNIEXPORT jbyteArray JNICALL
 Java_org_mozilla_jss_ssl_SocketBase_socketCreate(JNIEnv *env, jobject self,
     jobject sockObj, jobject certApprovalCallback,
-    jobject clientCertSelectionCallback, jobject javaSock, jstring host)
+    jobject clientCertSelectionCallback, jobject javaSock, jstring host,jint family)
 {
     jbyteArray sdArray = NULL;
     JSSL_SocketData *sockdata = NULL;
@@ -150,10 +152,21 @@ Java_org_mozilla_jss_ssl_SocketBase_sock
     PRFileDesc *newFD;
     PRFileDesc *tmpFD;
     PRFilePrivate *priv = NULL;
+    int socketFamily = 0;
+
+    if (family != SSL_AF_INET6 && family  != SSL_AF_INET) {
+       JSSL_throwSSLSocketException(env,
+                "socketCreate() Invalid family!");
+            goto finish;
+    }
+    if( family == SSL_AF_INET) 
+       socketFamily = PR_AF_INET;
+    else
+       socketFamily = PR_AF_INET6;
 
     if( javaSock == NULL ) {
         /* create a TCP socket */
-        newFD = PR_NewTCPSocket();
+        newFD = PR_OpenTCPSocket(socketFamily);
         if( newFD == NULL ) {
             JSSL_throwSSLSocketException(env,
                 "PR_NewTCPSocket() returned NULL");
@@ -394,10 +407,10 @@ PRInt32 JSSL_enums[] = {
     SSL_REQUIRE_ALWAYS,         /* 19 */        /* ssl.h */
     SSL_REQUIRE_FIRST_HANDSHAKE,/* 20 */        /* ssl.h */
     SSL_REQUIRE_NO_ERROR,       /* 21 */        /* ssl.h */
-
     0
 };
 
+
 JNIEXPORT void JNICALL
 Java_org_mozilla_jss_ssl_SocketBase_socketBind
     (JNIEnv *env, jobject self, jbyteArray addrBA, jint port)
@@ -405,8 +418,13 @@ Java_org_mozilla_jss_ssl_SocketBase_sock
     JSSL_SocketData *sock;
     PRNetAddr addr;
     jbyte *addrBAelems = NULL;
+    int addrBALen = 0;
     PRStatus status;
 
+    jmethodID supportsIPV6ID;
+    jclass socketBaseClass;
+    jboolean supportsIPV6 = 0;
+
     if( JSSL_getSockData(env, self, &sock) != PR_SUCCESS) {
         /* exception was thrown */
         goto finish;
@@ -415,19 +433,72 @@ Java_org_mozilla_jss_ssl_SocketBase_sock
     /*
      * setup the PRNetAddr structure
      */
-    addr.inet.family = AF_INET;
-    addr.inet.port = htons(port);
+
+    /* 
+     * Do we support IPV6? 
+     */
+
+    socketBaseClass = (*env)->FindClass(env, SOCKET_BASE_NAME);
+    if( socketBaseClass == NULL ) {
+        ASSERT_OUTOFMEM(env);
+        goto finish;
+    }
+    supportsIPV6ID = (*env)->GetStaticMethodID(env, socketBaseClass,
+        SUPPORTS_IPV6_NAME, SUPPORTS_IPV6_SIG);
+
+    if( supportsIPV6ID == NULL ) {
+        ASSERT_OUTOFMEM(env);
+        goto finish;
+    }
+
+    supportsIPV6 = (*env)->CallStaticBooleanMethod(env, socketBaseClass,
+         supportsIPV6ID);
+
+    memset( &addr, 0, sizeof( PRNetAddr ));
+
     if( addrBA != NULL ) {
-        PR_ASSERT(sizeof(addr.inet.ip) == 4);
-        PR_ASSERT( (*env)->GetArrayLength(env, addrBA) == 4);
         addrBAelems = (*env)->GetByteArrayElements(env, addrBA, NULL);
+        addrBALen = (*env)->GetArrayLength(env, addrBA);
+
         if( addrBAelems == NULL ) {
             ASSERT_OUTOFMEM(env);
             goto finish;
         }
-        memcpy(&addr.inet.ip, addrBAelems, 4);
+
+        if(addrBALen != 4 && addrBALen != 16) {
+            JSS_throwMsgPrErr(env, BIND_EXCEPTION,
+            "Invalid address in bind!");
+             goto finish;
+        }
+
+        if( addrBALen == 4) {
+            addr.inet.family = PR_AF_INET;
+            addr.inet.port = PR_htons(port);
+            memcpy(&addr.inet.ip, addrBAelems, 4);
+
+            if(supportsIPV6) {
+                addr.inet.family = PR_AF_INET6;
+                addr.ipv6.port = PR_htons(port);
+                PR_ConvertIPv4AddrToIPv6(addr.inet.ip,&addr.ipv6.ip);
+            } 
+
+        }  else {   /* Must be 16 and ipv6 */
+            if(supportsIPV6) {
+                addr.ipv6.family = PR_AF_INET6;
+                addr.ipv6.port = PR_htons(port);
+                memcpy(&addr.ipv6.ip,addrBAelems, 16);
+            }  else {
+                JSS_throwMsgPrErr(env, BIND_EXCEPTION,
+                    "Invalid address in bind!");
+                goto finish;
+            }
+        }
     } else {
-        addr.inet.ip = PR_htonl(INADDR_ANY);
+        if(supportsIPV6) {
+            status = PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr);
+        } else {
+            status = PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET, port, &addr);
+        }
     }
 
     /* do the bind() call */
@@ -601,6 +672,78 @@ finish:
     return status;
 }
 
+JNIEXPORT jbyteArray JNICALL
+Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressByteArrayNative
+    (JNIEnv *env, jobject self)
+{
+    jbyteArray byteArray=NULL;
+    PRNetAddr addr;
+    jbyte *address=NULL;
+    int size=4;
+
+    if( JSSL_getSockAddr(env, self, &addr, PEER_SOCK) != PR_SUCCESS) { 
+        goto finish;
+    }
+
+    if( PR_NetAddrFamily(&addr) ==  PR_AF_INET6) {
+        size = 16;
+        address = (jbyte *) &addr.ipv6.ip;
+    } else {
+        address = (jbyte *) &addr.inet.ip;
+    }
+
+    byteArray = (*env)->NewByteArray(env,size);
+    if(byteArray == NULL) {
+        ASSERT_OUTOFMEM(env);
+        goto finish;
+    }
+    (*env)->SetByteArrayRegion(env, byteArray, 0,size ,address);
+    if( (*env)->ExceptionOccurred(env) != NULL) {
+        PR_ASSERT(PR_FALSE);
+        goto finish;
+    }
+
+finish:
+    return byteArray;
+}
+
+JNIEXPORT jbyteArray JNICALL
+Java_org_mozilla_jss_ssl_SocketBase_getLocalAddressByteArrayNative
+    (JNIEnv *env, jobject self)
+{
+    jbyteArray byteArray=NULL;
+    PRNetAddr addr;
+    jbyte *address=NULL;
+    int size=4;
+
+    if( JSSL_getSockAddr(env, self, &addr, LOCAL_SOCK) != PR_SUCCESS) {
+        goto finish;
+    }
+
+    if( PR_NetAddrFamily(&addr) ==  PR_AF_INET6) {
+        size = 16;
+        address = (jbyte *) &addr.ipv6.ip; 
+    } else {
+        address = (jbyte *) &addr.inet.ip;
+    }
+   
+    byteArray = (*env)->NewByteArray(env,size);
+    if(byteArray == NULL) {
+        ASSERT_OUTOFMEM(env);
+        goto finish;
+    }
+    (*env)->SetByteArrayRegion(env, byteArray, 0,size,address);
+    if( (*env)->ExceptionOccurred(env) != NULL) {
+        PR_ASSERT(PR_FALSE);
+        goto finish;
+    }
+
+finish:
+    return byteArray;
+}
+
+/* Leave the original versions of these functions for compatibility */
+
 JNIEXPORT jint JNICALL
 Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressNative
     (JNIEnv *env, jobject self)
diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c
--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c	2007-04-24 11:34:58.000000000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c	2009-06-24 13:43:13.000000000 -0700
@@ -290,6 +290,7 @@ getInetAddress(PRFileDesc *fd, PRNetAddr
     jobject inetAddress;
     jbyteArray addrByteArray;
     jint port;
+    int addrBALen = 0;
 
     if( GET_ENV(fd->secret->javaVM, env) ) goto finish;
 
@@ -377,8 +378,9 @@ getInetAddress(PRFileDesc *fd, PRNetAddr
 
         memset(addr, 0, sizeof(PRNetAddr));
 
-        /* we only handle IPV4 */
-        PR_ASSERT( (*env)->GetArrayLength(env, addrByteArray) == 4 );
+        addrBALen = (*env)->GetArrayLength(env, addrByteArray);
+
+        PR_ASSERT( (addrBALen == 4) || (addrBALen == 16 ) );
 
         /* make sure you release them later */
         addrBytes = (*env)->GetByteArrayElements(env, addrByteArray, NULL);
@@ -388,9 +390,16 @@ getInetAddress(PRFileDesc *fd, PRNetAddr
         }
 
         /* ip field is in network byte order */
-        memcpy( (void*) &addr->inet.ip, addrBytes, 4);
-        addr->inet.family = PR_AF_INET;
-        addr->inet.port = port;
+
+        if (addrBALen == 4) {
+            memcpy( (void*) &addr->inet.ip, addrBytes, 4);
+            addr->inet.family = PR_AF_INET;
+            addr->inet.port = port;
+        } else {
+            memcpy( (void*) &addr->ipv6.ip,addrBytes, 16);
+            addr->inet.family = PR_AF_INET6;
+            addr->inet.port = port;
+        }
 
         (*env)->ReleaseByteArrayElements(env, addrByteArray, addrBytes,
             JNI_ABORT);
diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/util/java_ids.h jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/java_ids.h
--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/util/java_ids.h	2006-02-22 17:21:52.000000000 -0800
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/java_ids.h	2009-06-19 17:56:00.000000000 -0700
@@ -312,6 +312,8 @@ PR_BEGIN_EXTERN_C
 #define SOCKET_BASE_NAME "org/mozilla/jss/ssl/SocketBase"
 #define PROCESS_EXCEPTIONS_NAME "processExceptions"
 #define PROCESS_EXCEPTIONS_SIG "(Ljava/lang/Throwable;Ljava/lang/Throwable;)Ljava/lang/Throwable;"
+#define SUPPORTS_IPV6_NAME "supportsIPV6"
+#define SUPPORTS_IPV6_SIG "()Z"
 
 /*
  * SSLCertificateApprovalCallback


Index: jss.spec
===================================================================
RCS file: /cvs/extras/rpms/jss/F-11/jss.spec,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -p -r1.7 -r1.8
--- jss.spec	5 Jun 2009 17:37:29 -0000	1.7
+++ jss.spec	31 Jul 2009 13:52:35 -0000	1.8
@@ -1,6 +1,6 @@
 Name:           jss
 Version:        4.2.6
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Java Security Services (JSS)
 
 Group:          System Environment/Libraries
@@ -16,13 +16,16 @@ Source2:        gpl.txt
 Source3:        lgpl.txt
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
-BuildRequires:  nss-devel >= 3.12.0
+BuildRequires:  nss-devel >= 3.12.3.99
 BuildRequires:  nspr-devel >= 4.6.99
 BuildRequires:  java-devel
 Requires:       java
+Requires:       nss >= 3.12.3.99
 
 Patch1:         jss-key_pair_usage_with_op_flags.patch
 Patch2:         jss-javadocs-param.patch
+Patch3:         jss-ipv6.patch
+Patch4:         jss-ECC-pop.patch
 
 %description
 Java Security Services (JSS) is a java native interface which provides a bridge
@@ -41,6 +44,8 @@ This package contains the API documentat
 %setup -q
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
+%patch4 -p1
 
 %build
 [ -z "$JAVA_HOME" ] && export JAVA_HOME=%{_jvmdir}/java
@@ -136,6 +141,11 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Fri Jul 31 2009 Rob Crittenden <rcritten at redhat.com> 4.2.6-2
+- Support ECC POP on the server (#224688)
+- Server Sockets are hard coded to IPV4 (#469456)
+- Set NSS dependency >= 3.12.3.99
+
 * Fri Jun  5 2009 Rob Crittenden <rcritten at redhat.com> 4.2.6-1
 - Update to 4.2.6
 - Include patch to add jss interface to PK11_GenerateKeyPairWithOpFlags()




More information about the fedora-extras-commits mailing list