|
 |
b93447 |
diff -up jss-4.2.6/mozilla/security/jss/lib/jss.def.orig jss-4.2.6/mozilla/security/jss/lib/jss.def
|
|
|
b93447 |
--- jss-4.2.6/mozilla/security/jss/lib/jss.def.orig 2009-11-04 14:26:26.000000000 -0800
|
|
|
b93447 |
+++ jss-4.2.6/mozilla/security/jss/lib/jss.def 2009-11-04 14:11:05.000000000 -0800
|
|
|
b93447 |
@@ -329,6 +329,8 @@ Java_org_mozilla_jss_pkcs11_PK11Token_ne
|
|
|
b93447 |
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPairWithOpFlags;
|
|
|
b93447 |
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPairWithOpFlags;
|
|
|
b93447 |
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPairWithOpFlags;
|
|
|
b93447 |
+Java_org_mozilla_jss_CryptoManager_OCSPCacheSettingsNative;
|
|
|
b93447 |
+Java_org_mozilla_jss_CryptoManager_setOCSPTimeoutNative;
|
|
|
b93447 |
;+ local:
|
|
|
b93447 |
;+ *;
|
|
|
b93447 |
;+};
|
|
|
b93447 |
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c.orig jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c
|
|
|
b93447 |
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c.orig 2009-11-04 14:20:43.000000000 -0800
|
|
|
b93447 |
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c 2009-11-05 10:48:32.590000000 -0800
|
|
|
b93447 |
@@ -976,3 +976,45 @@ Java_org_mozilla_jss_CryptoManager_confi
|
|
|
b93447 |
}
|
|
|
b93447 |
}
|
|
|
b93447 |
|
|
|
b93447 |
+
|
|
|
b93447 |
+/**********************************************************************
|
|
|
b93447 |
+* OCSPCacheSettingsNative
|
|
|
b93447 |
+*
|
|
|
b93447 |
+* Allows configuration of the OCSP responder cache during runtime.
|
|
|
b93447 |
+*/
|
|
|
b93447 |
+JNIEXPORT void JNICALL
|
|
|
b93447 |
+Java_org_mozilla_jss_CryptoManager_OCSPCacheSettingsNative(
|
|
|
b93447 |
+ JNIEnv *env, jobject this,
|
|
|
b93447 |
+ jint ocsp_cache_size,
|
|
|
b93447 |
+ jint ocsp_min_cache_entry_duration,
|
|
|
b93447 |
+ jint ocsp_max_cache_entry_duration)
|
|
|
b93447 |
+{
|
|
|
b93447 |
+ SECStatus rv = SECFailure;
|
|
|
b93447 |
+
|
|
|
b93447 |
+ rv = CERT_OCSPCacheSettings(
|
|
|
b93447 |
+ ocsp_cache_size, ocsp_min_cache_entry_duration,
|
|
|
b93447 |
+ ocsp_max_cache_entry_duration);
|
|
|
b93447 |
+
|
|
|
b93447 |
+ if (rv != SECSuccess) {
|
|
|
b93447 |
+ JSS_throwMsgPrErr(env,
|
|
|
b93447 |
+ GENERAL_SECURITY_EXCEPTION,
|
|
|
b93447 |
+ "Failed to set OCSP cache: error "+ PORT_GetError());
|
|
|
b93447 |
+ }
|
|
|
b93447 |
+}
|
|
|
b93447 |
+
|
|
|
b93447 |
+JNIEXPORT void JNICALL
|
|
|
b93447 |
+Java_org_mozilla_jss_CryptoManager_setOCSPTimeoutNative(
|
|
|
b93447 |
+ JNIEnv *env, jobject this,
|
|
|
b93447 |
+ jint ocsp_timeout )
|
|
|
b93447 |
+{
|
|
|
b93447 |
+ SECStatus rv = SECFailure;
|
|
|
b93447 |
+
|
|
|
b93447 |
+ rv = CERT_SetOCSPTimeout(ocsp_timeout);
|
|
|
b93447 |
+
|
|
|
b93447 |
+ if (rv != SECSuccess) {
|
|
|
b93447 |
+ JSS_throwMsgPrErr(env,
|
|
|
b93447 |
+ GENERAL_SECURITY_EXCEPTION,
|
|
|
b93447 |
+ "Failed to set OCSP timeout: error "+ PORT_GetError());
|
|
|
b93447 |
+ }
|
|
|
b93447 |
+}
|
|
|
b93447 |
+
|
|
|
b93447 |
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java.orig jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java
|
|
|
b93447 |
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java.orig 2009-11-04 14:20:33.000000000 -0800
|
|
|
b93447 |
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java 2009-11-05 10:48:59.415001000 -0800
|
|
|
b93447 |
@@ -1479,4 +1479,41 @@ public final class CryptoManager impleme
|
|
|
b93447 |
String ocspResponderCertNickname )
|
|
|
b93447 |
throws GeneralSecurityException;
|
|
|
b93447 |
|
|
|
b93447 |
+ /**
|
|
|
b93447 |
+ * change OCSP cache settings
|
|
|
b93447 |
+ * * @param ocsp_cache_size max cache entries
|
|
|
b93447 |
+ * * @param ocsp_min_cache_entry_duration minimum seconds to next fetch attempt
|
|
|
b93447 |
+ * * @param ocsp_max_cache_entry_duration maximum seconds to next fetch attempt
|
|
|
b93447 |
+ */
|
|
|
b93447 |
+ public void OCSPCacheSettings(
|
|
|
b93447 |
+ int ocsp_cache_size,
|
|
|
b93447 |
+ int ocsp_min_cache_entry_duration,
|
|
|
b93447 |
+ int ocsp_max_cache_entry_duration)
|
|
|
b93447 |
+ throws GeneralSecurityException
|
|
|
b93447 |
+ {
|
|
|
b93447 |
+ OCSPCacheSettingsNative(ocsp_cache_size,
|
|
|
b93447 |
+ ocsp_min_cache_entry_duration,
|
|
|
b93447 |
+ ocsp_max_cache_entry_duration);
|
|
|
b93447 |
+ }
|
|
|
b93447 |
+
|
|
|
b93447 |
+ private native void OCSPCacheSettingsNative(
|
|
|
b93447 |
+ int ocsp_cache_size,
|
|
|
b93447 |
+ int ocsp_min_cache_entry_duration,
|
|
|
b93447 |
+ int ocsp_max_cache_entry_duration)
|
|
|
b93447 |
+ throws GeneralSecurityException;
|
|
|
b93447 |
+
|
|
|
b93447 |
+ /**
|
|
|
b93447 |
+ * set OCSP timeout value
|
|
|
b93447 |
+ * * @param ocspTimeout OCSP timeout in seconds
|
|
|
b93447 |
+ */
|
|
|
b93447 |
+ public void setOCSPTimeout(
|
|
|
b93447 |
+ int ocsp_timeout )
|
|
|
b93447 |
+ throws GeneralSecurityException
|
|
|
b93447 |
+ {
|
|
|
b93447 |
+ setOCSPTimeoutNative( ocsp_timeout);
|
|
|
b93447 |
+ }
|
|
|
b93447 |
+
|
|
|
b93447 |
+ private native void setOCSPTimeoutNative(
|
|
|
b93447 |
+ int ocsp_timeout )
|
|
|
b93447 |
+ throws GeneralSecurityException;
|
|
|
b93447 |
}
|