[PATCH/RFC 3/6] JNI: Initial commit of C and Java sources

Mon Aug 5 01:25:56 EDT 2013

Signed-off-by: Kevin Cernekee <cernekee at gmail.com>
---
 jni.c                                         |  871 +++++++++++++++++++++++++
 org/infradead/openconnect/LibOpenConnect.java |  201 ++++++
 2 files changed, 1072 insertions(+)
 create mode 100644 jni.c
 create mode 100644 org/infradead/openconnect/LibOpenConnect.java

diff --git a/jni.c b/jni.c
new file mode 100644
index 0000000..94d994b
--- /dev/null
+++ b/jni.c
@@ -0,0 +1,871 @@
+/*
+ * OpenConnect (SSL + DTLS) VPN client
+ *
+ * Copyright © 2013 Kevin Cernekee <cernekee at gmail.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to:
+ *
+ *   Free Software Foundation, Inc.
+ *   51 Franklin Street, Fifth Floor,
+ *   Boston, MA 02110-1301 USA
+ */
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+
+#include <jni.h>
+#include "openconnect.h"
+
+struct libctx {
+	JNIEnv *jenv;
+	jobject jobj;
+	struct openconnect_info *vpninfo;
+	OPENCONNECT_X509 *cert;
+	int pipefd[2];
+};
+
+JNIEXPORT jlong JNICALL Java_org_infradead_openconnect_LibOpenConnect_init(
+	JNIEnv *jenv, jobject jobj, jstring juseragent);
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_free(
+	JNIEnv *jenv, jobject jobj);
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_cancel(
+	JNIEnv *jenv, jobject jobj);
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_globalInit(
+	JNIEnv *jenv, jclass jcls);
+JNIEXPORT jint JNICALL Java_org_infradead_openconnect_LibOpenConnect_parseURL(
+	JNIEnv *jenv, jobject jobj, jstring jurl);
+JNIEXPORT jint JNICALL Java_org_infradead_openconnect_LibOpenConnect_obtainCookie(
+	JNIEnv *jenv, jobject jobj);
+JNIEXPORT jstring JNICALL Java_org_infradead_openconnect_LibOpenConnect_getCertSHA1(
+	JNIEnv *jenv, jobject jobj);
+JNIEXPORT jstring JNICALL Java_org_infradead_openconnect_LibOpenConnect_getCertDetails(
+	JNIEnv *jenv, jobject jobj);
+JNIEXPORT jbyteArray JNICALL Java_org_infradead_openconnect_LibOpenConnect_getCertDER(
+	JNIEnv *jenv, jobject jobj);
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_setClientCert(
+	JNIEnv *jenv, jobject jobj, jstring jcert, jstring jsslkey);
+JNIEXPORT jstring JNICALL Java_org_infradead_openconnect_LibOpenConnect_getVersion(
+	JNIEnv *jenv, jclass jcls);
+JNIEXPORT jboolean JNICALL Java_org_infradead_openconnect_LibOpenConnect_hasPKCS11Support(
+	JNIEnv *jenv, jclass jcls);
+JNIEXPORT jboolean JNICALL Java_org_infradead_openconnect_LibOpenConnect_hasTSSBlobSupport(
+	JNIEnv *jenv, jclass jcls);
+JNIEXPORT jboolean JNICALL Java_org_infradead_openconnect_LibOpenConnect_hasStokenSupport(
+	JNIEnv *jenv, jclass jcls);
+JNIEXPORT jboolean JNICALL Java_org_infradead_openconnect_LibOpenConnect_hasOATHSupport(
+	JNIEnv *jenv, jclass jcls);
+JNIEXPORT jint JNICALL Java_org_infradead_openconnect_LibOpenConnect_getPort(
+	JNIEnv *jenv, jobject jobj);
+JNIEXPORT jint JNICALL Java_org_infradead_openconnect_LibOpenConnect_passphraseFromFSID(
+	JNIEnv *jenv, jobject jobj);
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_clearCookie(
+	JNIEnv *jenv, jobject jobj);
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_resetSSL(
+	JNIEnv *jenv, jobject jobj);
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_setCertExpiryWarning(
+	JNIEnv *jenv, jobject jobj, jint seconds);
+JNIEXPORT jstring JNICALL Java_org_infradead_openconnect_LibOpenConnect_getHostname(
+	JNIEnv *jenv, jobject jobj);
+JNIEXPORT jstring JNICALL Java_org_infradead_openconnect_LibOpenConnect_getUrlpath(
+	JNIEnv *jenv, jobject jobj);
+JNIEXPORT jstring JNICALL Java_org_infradead_openconnect_LibOpenConnect_getCookie(
+	JNIEnv *jenv, jobject jobj);
+JNIEXPORT int JNICALL Java_org_infradead_openconnect_LibOpenConnect_setHTTPProxy(
+	JNIEnv *jenv, jobject jobj, jstring jarg);
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_setXMLSHA1(
+	JNIEnv *jenv, jobject jobj, jstring jarg);
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_setHostname(
+	JNIEnv *jenv, jobject jobj, jstring jarg);
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_setUrlpath(
+	JNIEnv *jenv, jobject jobj, jstring jarg);
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_setCAFile(
+	JNIEnv *jenv, jobject jobj, jstring jarg);
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_setReportedOS(
+	JNIEnv *jenv, jobject jobj, jstring jarg);
+JNIEXPORT jint JNICALL Java_org_infradead_openconnect_LibOpenConnect_setTokenMode(
+	JNIEnv *jenv, jobject jobj, jint mode, jstring jarg);
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_setCSDWrapper(
+	JNIEnv *jenv, jobject jobj, jstring jarg);
+
+static void throw_excep(JNIEnv *jenv, const char *exc, int line)
+{
+	jclass excep;
+	char msg[64];
+
+	snprintf(msg, 64, "%s:%d", __FILE__, line);
+
+	(*jenv)->ExceptionClear(jenv);
+	excep = (*jenv)->FindClass(jenv, exc);
+	if (excep)
+		(*jenv)->ThrowNew(jenv, excep, msg);
+}
+
+#define OOM(jenv)	do { throw_excep(jenv, "java/lang/OutOfMemoryError", __LINE__); } while (0)
+
+/*
+ * jobj (a reference to the LibOpenConnect object) isn't always guaranteed to
+ * stay constant across nested calls.  e.g.
+ * for obtainCookie() -> onValidatePeerCert() -> getCertSHA1(), different
+ * jobj values could be supplied to obtainCookie() and getCertSHA1().
+ *
+ * We want our callbacks to always use the jenv/jobj values supplied by the
+ * Java caller, so we save and restore the values in each native function.
+ *
+ * None of this is the slightest bit thread-safe.
+ */
+#define PUSH_CTX(err_retval...) do { \
+	ctx = getctx(jenv, jobj); \
+	if (!ctx) \
+		return err_retval; \
+	oldctx.jenv = ctx->jenv; \
+	oldctx.jobj = ctx->jobj; \
+	ctx->jenv = jenv; \
+	ctx->jobj = jobj; \
+} while (0)
+
+#define POP_CTX() do { \
+	ctx->jenv = oldctx.jenv; \
+	ctx->jobj = oldctx.jobj; \
+} while (0)
+
+static struct libctx *getctx(JNIEnv *jenv, jobject jobj)
+{
+	jclass jcls = (*jenv)->GetObjectClass(jenv, jobj);
+	jfieldID jfld = (*jenv)->GetFieldID(jenv, jcls, "libctx", "J");
+	if (!jfld)
+		return NULL;
+	return (void *)(*jenv)->GetLongField(jenv, jobj, jfld);
+}
+
+/*
+ * GetMethodID() and GetFieldID() and NewStringUTF() will automatically throw exceptions on error
+ */
+static jmethodID get_obj_mid(struct libctx *ctx, jobject jobj, const char *name, const char *sig)
+{
+	jclass jcls = (*ctx->jenv)->GetObjectClass(ctx->jenv, jobj);
+	jmethodID mid = (*ctx->jenv)->GetMethodID(ctx->jenv, jcls, name, sig);
+	return mid;
+}
+
+static jstring dup_to_jstring(JNIEnv *jenv, const char *in)
+{
+	/*
+	 * Many implementations of NewStringUTF() will return NULL on
+	 * NULL input, but that isn't guaranteed:
+	 * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35979
+	 */
+	return in ? (*jenv)->NewStringUTF(jenv, in) : NULL;
+}
+
+static int dup_to_cstring(JNIEnv *jenv, jstring in, char **out)
+{
+	const char *tmp;
+
+	if (in == NULL) {
+		*out = NULL;
+		return 0;
+	}
+
+	tmp = (*jenv)->GetStringUTFChars(jenv, in, NULL);
+	if (!tmp) {
+		OOM(jenv);
+		return -1;
+	}
+
+	*out = strdup(tmp);
+	(*jenv)->ReleaseStringUTFChars(jenv, in, tmp);
+
+	if (!*out) {
+		OOM(jenv);
+		return -1;
+	}
+	return 0;
+}
+
+static int set_string(struct libctx *ctx, jclass jcls, jobject jobj,
+		      const char *name, const char *value)
+{
+	jmethodID mid = (*ctx->jenv)->GetMethodID(ctx->jenv, jcls, name, "(Ljava/lang/String;)V");
+	jstring jarg;
+
+	if (!value)
+		return 0;
+
+	if (!mid)
+		return -1;
+	jarg = dup_to_jstring(ctx->jenv, value);
+	if (!jarg)
+		return -1;
+
+	(*ctx->jenv)->CallVoidMethod(ctx->jenv, jobj, mid, jarg);
+	(*ctx->jenv)->ReleaseStringUTFChars(ctx->jenv, jarg, NULL);
+
+	return 0;
+}
+
+static int validate_peer_cert_cb(void *privdata, OPENCONNECT_X509 *cert, const char *reason)
+{
+	struct libctx *ctx = privdata;
+	jstring jreason;
+	int ret = -1;
+	jmethodID mid;
+
+	jreason = dup_to_jstring(ctx->jenv, reason);
+	if (!jreason)
+		return -1;
+
+	ctx->cert = cert;
+	mid = get_obj_mid(ctx, ctx->jobj, "onValidatePeerCert", "(Ljava/lang/String;)I");
+	if (mid)
+		ret = (*ctx->jenv)->CallIntMethod(ctx->jenv, ctx->jobj, mid, jreason);
+	(*ctx->jenv)->ReleaseStringUTFChars(ctx->jenv, jreason, NULL);
+
+	return ret;
+}
+
+static int write_new_config_cb(void *privdata, char *buf, int buflen)
+{
+	struct libctx *ctx = privdata;
+	jmethodID mid;
+	jbyteArray jbuf;
+	int ret = -1;
+
+	mid = get_obj_mid(ctx, ctx->jobj, "onWriteNewConfig", "([B)I");
+	if (!mid)
+		goto out;
+
+	jbuf = (*ctx->jenv)->NewByteArray(ctx->jenv, buflen);
+	if (!jbuf)
+		goto out;
+	(*ctx->jenv)->SetByteArrayRegion(ctx->jenv, jbuf, 0, buflen, (jbyte *)buf);
+
+	ret = (*ctx->jenv)->CallIntMethod(ctx->jenv, ctx->jobj, mid, jbuf);
+	(*ctx->jenv)->ReleaseByteArrayElements(ctx->jenv, jbuf, NULL, 0);
+
+out:
+	return ret;
+}
+
+static jobject new_auth_form(struct libctx *ctx, struct oc_auth_form *form)
+{
+	jmethodID mid;
+	jclass jcls;
+	jobject jobj = NULL;
+
+	jcls = (*ctx->jenv)->FindClass(ctx->jenv, "org/infradead/openconnect/LibOpenConnect$AuthForm");
+	if (jcls == NULL)
+		return NULL;
+
+	mid = (*ctx->jenv)->GetMethodID(ctx->jenv, jcls, "<init>", "()V");
+	if (!mid)
+		return NULL;
+	jobj = (*ctx->jenv)->NewObject(ctx->jenv, jcls, mid);
+	if (!jobj)
+		return NULL;
+
+	if (set_string(ctx, jcls, jobj, "setBanner", form->banner) ||
+	    set_string(ctx, jcls, jobj, "setMessage", form->message) ||
+	    set_string(ctx, jcls, jobj, "setError", form->error) ||
+	    set_string(ctx, jcls, jobj, "setAuthID", form->auth_id) ||
+	    set_string(ctx, jcls, jobj, "setMethod", form->method) ||
+	    set_string(ctx, jcls, jobj, "setAction", form->action)) {
+		return NULL;
+	}
+
+	return jobj;
+}
+
+static jobject new_form_choice(struct libctx *ctx, struct oc_choice *choice)
+{
+	jmethodID mid;
+	jclass jcls;
+	jobject jobj = NULL;
+
+	jcls = (*ctx->jenv)->FindClass(ctx->jenv,
+				       "org/infradead/openconnect/LibOpenConnect$FormChoice");
+	if (jcls == NULL)
+		return NULL;
+
+	mid = (*ctx->jenv)->GetMethodID(ctx->jenv, jcls, "<init>", "()V");
+	if (!mid)
+		return NULL;
+	jobj = (*ctx->jenv)->NewObject(ctx->jenv, jcls, mid);
+	if (!jobj)
+		return NULL;
+
+	if (set_string(ctx, jcls, jobj, "setName", choice->name) ||
+	    set_string(ctx, jcls, jobj, "setLabel", choice->label) ||
+	    set_string(ctx, jcls, jobj, "setAuthType", choice->auth_type) ||
+	    set_string(ctx, jcls, jobj, "setOverrideName", choice->override_name) ||
+	    set_string(ctx, jcls, jobj, "setOverrideLabel", choice->override_label)) {
+		return NULL;
+	}
+
+	return jobj;
+}
+
+static int populate_select_choices(struct libctx *ctx, jobject jopt, struct oc_form_opt_select *opt)
+{
+	jmethodID mid;
+	int i;
+
+	mid = get_obj_mid(ctx, jopt, "addChoice",
+			  "(Lorg/infradead/openconnect/LibOpenConnect$FormChoice;)V");
+	if (!mid)
+		return -1;
+
+	for (i = 0; i < opt->nr_choices; i++) {
+		jobject jformchoice = new_form_choice(ctx, &opt->choices[i]);
+		if (!jformchoice)
+			return -1;
+		(*ctx->jenv)->CallVoidMethod(ctx->jenv, jopt, mid, jformchoice);
+	}
+	return 0;
+}
+
+static int add_form_option(struct libctx *ctx, jobject jform, struct oc_form_opt *opt)
+{
+	jmethodID addOpt;
+	jstring jname = NULL, jlabel = NULL;
+	jobject jopt;
+	int ret = -1;
+
+	addOpt = get_obj_mid(ctx, jform, "addOpt",
+		"(ILjava/lang/String;Ljava/lang/String;)Lorg/infradead/openconnect/LibOpenConnect$FormOpt;");
+	if (!addOpt)
+		goto out;
+
+	if (opt->name) {
+		jname = dup_to_jstring(ctx->jenv, opt->name);
+		if (!jname)
+			goto out;
+	}
+
+	if (opt->label) {
+		jlabel = dup_to_jstring(ctx->jenv, opt->label);
+		if (!jlabel)
+			goto out;
+	}
+
+	jopt = (*ctx->jenv)->CallObjectMethod(ctx->jenv, jform, addOpt, opt->type, jname, jlabel);
+
+	if (opt->type == OC_FORM_OPT_SELECT &&
+	    populate_select_choices(ctx, jopt, (struct oc_form_opt_select *)opt))
+		ret = -1;
+	else
+		ret = 0;
+
+out:
+	if (jlabel)
+		(*ctx->jenv)->ReleaseStringUTFChars(ctx->jenv, jlabel, NULL);
+	if (jname)
+		(*ctx->jenv)->ReleaseStringUTFChars(ctx->jenv, jname, NULL);
+	return ret;
+}
+
+static int process_auth_form_cb(void *privdata, struct oc_auth_form *form)
+{
+	struct libctx *ctx = privdata;
+	jobject jform;
+	jmethodID callback, getOptValue;
+	struct oc_form_opt *opt;
+	jint ret;
+
+	/* create and populate new AuthForm object and option/choice lists */
+
+	jform = new_auth_form(ctx, form);
+	if (!jform)
+		return -1;
+
+	getOptValue = get_obj_mid(ctx, jform, "getOptValue", "(Ljava/lang/String;)Ljava/lang/String;");
+	if (!getOptValue)
+		return -1;
+
+	for (opt = form->opts; opt; opt = opt->next)
+		if (add_form_option(ctx, jform, opt) < 0)
+			return -1;
+
+	/* invoke onProcessAuthForm callback */
+
+	callback = get_obj_mid(ctx, ctx->jobj, "onProcessAuthForm",
+			       "(Lorg/infradead/openconnect/LibOpenConnect$AuthForm;)I");
+	if (!callback)
+		return -1;
+
+	ret = (*ctx->jenv)->CallIntMethod(ctx->jenv, ctx->jobj, callback, jform);
+
+	/* copy any populated form fields back into the C structs */
+
+	for (opt = form->opts; opt; opt = opt->next) {
+		jstring jname, jvalue;
+
+		jname = dup_to_jstring(ctx->jenv, opt->name);
+		if (!jname)
+			return -1;
+
+		jvalue = (*ctx->jenv)->CallObjectMethod(ctx->jenv, jform, getOptValue, jname);
+		if (jvalue) {
+			const char *tmp = (*ctx->jenv)->GetStringUTFChars(ctx->jenv, jvalue, NULL);
+			if (!tmp) {
+				(*ctx->jenv)->ReleaseStringUTFChars(ctx->jenv, jname, NULL);
+				return -1;
+			}
+			opt->value = strdup(tmp);
+			if (!opt->value)
+				OOM(ctx->jenv);
+			(*ctx->jenv)->ReleaseStringUTFChars(ctx->jenv, jvalue, tmp);
+		}
+		(*ctx->jenv)->ReleaseStringUTFChars(ctx->jenv, jname, NULL);
+	}
+
+	return ret;
+}
+
+static void progress_cb(void *privdata, int level, const char *fmt, ...)
+{
+	struct libctx *ctx = privdata;
+	va_list ap;
+	char *msg;
+	jstring jmsg;
+	int ret;
+	jmethodID mid;
+
+	va_start(ap, fmt);
+	ret = vasprintf(&msg, fmt, ap);
+	va_end(ap);
+
+	if (ret < 0) {
+		OOM(ctx->jenv);
+		return;
+	}
+
+	jmsg = dup_to_jstring(ctx->jenv, msg);
+	free(msg);
+	if (!jmsg)
+		return;
+
+	mid = get_obj_mid(ctx, ctx->jobj, "onProgress", "(ILjava/lang/String;)V");
+	if (mid)
+		(*ctx->jenv)->CallVoidMethod(ctx->jenv, ctx->jobj, mid, level, jmsg);
+	(*ctx->jenv)->ReleaseStringUTFChars(ctx->jenv, jmsg, NULL);
+}
+
+/* Library init/uninit */
+
+JNIEXPORT jlong JNICALL Java_org_infradead_openconnect_LibOpenConnect_init(
+	JNIEnv *jenv, jobject jobj, jstring juseragent)
+{
+	char *useragent;
+	struct libctx *ctx = calloc(1, sizeof(*ctx));
+
+	if (!ctx) {
+		OOM(jenv);
+		return 0;
+	}
+
+	if (pipe(ctx->pipefd) < 0) {
+		throw_excep(jenv, "java/lang/IOException", __LINE__);
+		free(ctx);
+		return 0;
+	}
+
+	useragent = (char *)(*jenv)->GetStringUTFChars(jenv, juseragent, NULL);
+	if (!useragent) {
+		close(ctx->pipefd[0]);
+		close(ctx->pipefd[1]);
+		free(ctx);
+		OOM(jenv);
+		return 0;
+	}
+	ctx->vpninfo = openconnect_vpninfo_new(useragent, validate_peer_cert_cb,
+					       write_new_config_cb, process_auth_form_cb,
+					       progress_cb, ctx);
+	openconnect_set_cancel_fd(ctx->vpninfo, ctx->pipefd[0]);
+	(*jenv)->ReleaseStringUTFChars(jenv, juseragent, useragent);
+	return (jlong) ctx;
+}
+
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_free(
+	JNIEnv *jenv, jobject jobj)
+{
+	struct libctx *ctx, oldctx;
+
+	PUSH_CTX();
+	openconnect_vpninfo_free(ctx->vpninfo);
+	close(ctx->pipefd[0]);
+	close(ctx->pipefd[1]);
+	free(ctx);
+	POP_CTX();
+}
+
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_cancel(
+	JNIEnv *jenv, jobject jobj)
+{
+	/* This doesn't use PUSH_CTX so it is safe to call from another thread */
+	struct libctx *ctx = getctx(jenv, jobj);
+	char data = '.';
+
+	if (write(ctx->pipefd[1], &data, 1) < 0) {
+		throw_excep(jenv, "java/lang/IOException", __LINE__);
+	}
+}
+
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_globalInit(
+	JNIEnv *jenv, jclass jcls)
+{
+	openconnect_init_ssl();
+}
+
+JNIEXPORT jint JNICALL Java_org_infradead_openconnect_LibOpenConnect_parseURL(
+	JNIEnv *jenv, jobject jobj, jstring jurl)
+{
+	struct libctx *ctx, oldctx;
+	char *url;
+	int ret = -1;
+
+	PUSH_CTX(ret);
+	url = (char *)(*jenv)->GetStringUTFChars(jenv, jurl, NULL);
+	if (!url) {
+		OOM(ctx->jenv);
+	} else {
+		ret = openconnect_parse_url(ctx->vpninfo, url);
+		(*jenv)->ReleaseStringUTFChars(jenv, jurl, url);
+	}
+
+	POP_CTX();
+	return ret;
+}
+
+JNIEXPORT jint JNICALL Java_org_infradead_openconnect_LibOpenConnect_obtainCookie(
+	JNIEnv *jenv, jobject jobj)
+{
+	struct libctx *ctx, oldctx;
+	int ret;
+
+	PUSH_CTX(0);
+	ctx->cert = NULL;
+	ret = openconnect_obtain_cookie(ctx->vpninfo);
+	if (ret == 0)
+		ctx->cert = openconnect_get_peer_cert(ctx->vpninfo);
+	POP_CTX();
+	return ret;
+}
+
+/* special handling: caller-allocated buffer */
+JNIEXPORT jstring JNICALL Java_org_infradead_openconnect_LibOpenConnect_getCertSHA1(
+	JNIEnv *jenv, jobject jobj)
+{
+	struct libctx *ctx, oldctx;
+	char buf[41];
+	jstring jresult = NULL;
+
+	PUSH_CTX(NULL);
+	if (!ctx->cert)
+		goto out;
+	if (openconnect_get_cert_sha1(ctx->vpninfo, ctx->cert, buf))
+		goto out;
+	jresult = dup_to_jstring(ctx->jenv, buf);
+	if (!jresult)
+		OOM(ctx->jenv);
+
+out:
+	POP_CTX();
+	return jresult;
+}
+
+/* special handling: callee-allocated, caller-freed string */
+JNIEXPORT jstring JNICALL Java_org_infradead_openconnect_LibOpenConnect_getCertDetails(
+	JNIEnv *jenv, jobject jobj)
+{
+	struct libctx *ctx, oldctx;
+	char *buf = NULL;
+	jstring jresult = NULL;
+
+	PUSH_CTX(NULL);
+	if (!ctx->cert)
+		goto out;
+	buf = openconnect_get_cert_details(ctx->vpninfo, ctx->cert);
+	if (!buf)
+		goto out;
+
+	jresult = dup_to_jstring(ctx->jenv, buf);
+	if (!jresult)
+		OOM(ctx->jenv);
+
+out:
+	free(buf);
+	POP_CTX();
+	return jresult;
+}
+
+/* special handling: callee-allocated, caller-freed binary buffer */
+JNIEXPORT jbyteArray JNICALL Java_org_infradead_openconnect_LibOpenConnect_getCertDER(
+	JNIEnv *jenv, jobject jobj)
+{
+	struct libctx *ctx, oldctx;
+	unsigned char *buf = NULL;
+	int ret;
+	jbyteArray jresult = NULL;
+
+	PUSH_CTX(NULL);
+	if (!ctx->cert)
+		goto out;
+	ret = openconnect_get_cert_DER(ctx->vpninfo, ctx->cert, &buf);
+	if (ret < 0)
+		goto out;
+
+	jresult = (*ctx->jenv)->NewByteArray(ctx->jenv, ret);
+	if (!jresult)
+		goto out;
+	(*ctx->jenv)->SetByteArrayRegion(ctx->jenv, jresult, 0, ret, (jbyte *) buf);
+
+out:
+	free(buf);
+	POP_CTX();
+	return jresult;
+}
+
+/* special handling: two string arguments */
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_setClientCert(
+	JNIEnv *jenv, jobject jobj, jstring jcert, jstring jsslkey)
+{
+	struct libctx *ctx, oldctx;
+	char *cert = NULL, *sslkey = NULL;
+
+	PUSH_CTX();
+	if (dup_to_cstring(ctx->jenv, jcert, &cert) ||
+	    dup_to_cstring(ctx->jenv, jsslkey, &sslkey)) {
+		free(cert);
+		free(sslkey);
+		goto out;
+	}
+
+	openconnect_set_client_cert(ctx->vpninfo, cert, sslkey);
+
+out:
+	POP_CTX();
+}
+
+/* class methods (general library info) */
+
+JNIEXPORT jstring JNICALL Java_org_infradead_openconnect_LibOpenConnect_getVersion(
+	JNIEnv *jenv, jclass jcls)
+{
+	return dup_to_jstring(jenv, openconnect_get_version());
+}
+
+JNIEXPORT jboolean JNICALL Java_org_infradead_openconnect_LibOpenConnect_hasPKCS11Support(
+	JNIEnv *jenv, jclass jcls)
+{
+	return openconnect_has_pkcs11_support();
+}
+
+JNIEXPORT jboolean JNICALL Java_org_infradead_openconnect_LibOpenConnect_hasTSSBlobSupport(
+	JNIEnv *jenv, jclass jcls)
+{
+	return openconnect_has_tss_blob_support();
+}
+
+JNIEXPORT jboolean JNICALL Java_org_infradead_openconnect_LibOpenConnect_hasStokenSupport(
+	JNIEnv *jenv, jclass jcls)
+{
+	return openconnect_has_stoken_support();
+}
+
+JNIEXPORT jboolean JNICALL Java_org_infradead_openconnect_LibOpenConnect_hasOATHSupport(
+	JNIEnv *jenv, jclass jcls)
+{
+	return openconnect_has_oath_support();
+}
+
+/* simple cases: void or int params */
+
+JNIEXPORT jint JNICALL Java_org_infradead_openconnect_LibOpenConnect_getPort(
+	JNIEnv *jenv, jobject jobj)
+{
+	struct libctx *ctx, oldctx;
+	int ret;
+
+	PUSH_CTX(-EINVAL);
+	ret = openconnect_get_port(ctx->vpninfo);
+	POP_CTX();
+	return ret;
+}
+
+JNIEXPORT jint JNICALL Java_org_infradead_openconnect_LibOpenConnect_passphraseFromFSID(
+	JNIEnv *jenv, jobject jobj)
+{
+	struct libctx *ctx, oldctx;
+	int ret;
+
+	PUSH_CTX(-EINVAL);
+	ret = openconnect_passphrase_from_fsid(ctx->vpninfo);
+	POP_CTX();
+	return ret;
+}
+
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_clearCookie(
+	JNIEnv *jenv, jobject jobj)
+{
+	struct libctx *ctx, oldctx;
+
+	PUSH_CTX();
+	openconnect_clear_cookie(ctx->vpninfo);
+	POP_CTX();
+}
+
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_resetSSL(
+	JNIEnv *jenv, jobject jobj)
+{
+	struct libctx *ctx, oldctx;
+
+	PUSH_CTX();
+	openconnect_reset_ssl(ctx->vpninfo);
+	POP_CTX();
+}
+
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_setCertExpiryWarning(
+	JNIEnv *jenv, jobject jobj, jint seconds)
+{
+	struct libctx *ctx, oldctx;
+
+	PUSH_CTX();
+	openconnect_set_cert_expiry_warning(ctx->vpninfo, seconds);
+	POP_CTX();
+}
+
+/* simple cases: return a const string (no need to free it) */
+
+#define RETURN_STRING_START \
+	struct libctx *ctx, oldctx; \
+	char *buf = NULL; \
+	jstring jresult = NULL; \
+	PUSH_CTX(NULL);
+
+#define RETURN_STRING_END \
+	if (!buf) \
+		goto out; \
+	jresult = dup_to_jstring(ctx->jenv, buf); \
+	if (!jresult) \
+		OOM(ctx->jenv); \
+out: \
+	POP_CTX(); \
+	return jresult;
+
+JNIEXPORT jstring JNICALL Java_org_infradead_openconnect_LibOpenConnect_getHostname(
+	JNIEnv *jenv, jobject jobj)
+{
+	RETURN_STRING_START
+	buf = openconnect_get_hostname(ctx->vpninfo);
+	RETURN_STRING_END
+}
+
+JNIEXPORT jstring JNICALL Java_org_infradead_openconnect_LibOpenConnect_getUrlpath(
+	JNIEnv *jenv, jobject jobj)
+{
+	RETURN_STRING_START
+	buf = openconnect_get_urlpath(ctx->vpninfo);
+	RETURN_STRING_END
+}
+
+JNIEXPORT jstring JNICALL Java_org_infradead_openconnect_LibOpenConnect_getCookie(
+	JNIEnv *jenv, jobject jobj)
+{
+	RETURN_STRING_START
+	buf = openconnect_get_cookie(ctx->vpninfo);
+	RETURN_STRING_END
+}
+
+#define SET_STRING_START(ret) \
+	struct libctx *ctx, oldctx; \
+	char *arg; \
+	PUSH_CTX(ret); \
+	if (dup_to_cstring(ctx->jenv, jarg, &arg)) \
+		return ret;
+
+#define SET_STRING_END \
+	POP_CTX();
+
+JNIEXPORT int JNICALL Java_org_infradead_openconnect_LibOpenConnect_setHTTPProxy(
+	JNIEnv *jenv, jobject jobj, jstring jarg)
+{
+	int ret;
+	SET_STRING_START(-ENOMEM)
+	ret = openconnect_set_http_proxy(ctx->vpninfo, arg);
+	SET_STRING_END
+	return ret;
+}
+
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_setXMLSHA1(
+	JNIEnv *jenv, jobject jobj, jstring jarg)
+{
+	SET_STRING_START()
+	openconnect_set_xmlsha1(ctx->vpninfo, arg, strlen(arg) + 1);
+	SET_STRING_END
+}
+
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_setHostname(
+	JNIEnv *jenv, jobject jobj, jstring jarg)
+{
+	SET_STRING_START()
+	openconnect_set_hostname(ctx->vpninfo, arg);
+	SET_STRING_END
+}
+
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_setUrlpath(
+	JNIEnv *jenv, jobject jobj, jstring jarg)
+{
+	SET_STRING_START()
+	openconnect_set_urlpath(ctx->vpninfo, arg);
+	SET_STRING_END
+}
+
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_setCAFile(
+	JNIEnv *jenv, jobject jobj, jstring jarg)
+{
+	SET_STRING_START()
+	openconnect_set_cafile(ctx->vpninfo, arg);
+	SET_STRING_END
+}
+
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_setReportedOS(
+	JNIEnv *jenv, jobject jobj, jstring jarg)
+{
+	SET_STRING_START()
+	openconnect_set_reported_os(ctx->vpninfo, arg);
+	SET_STRING_END
+}
+
+JNIEXPORT jint JNICALL Java_org_infradead_openconnect_LibOpenConnect_setTokenMode(
+	JNIEnv *jenv, jobject jobj, jint mode, jstring jarg)
+{
+	int ret;
+	SET_STRING_START(-EINVAL)
+	ret = openconnect_set_token_mode(ctx->vpninfo, mode, arg);
+	free(arg);
+	SET_STRING_END
+	return ret;
+}
+
+JNIEXPORT void JNICALL Java_org_infradead_openconnect_LibOpenConnect_setCSDWrapper(
+	JNIEnv *jenv, jobject jobj, jstring jarg)
+{
+	SET_STRING_START()
+	openconnect_setup_csd(ctx->vpninfo, getuid(), 1, arg);
+	SET_STRING_END
+}
diff --git a/org/infradead/openconnect/LibOpenConnect.java b/org/infradead/openconnect/LibOpenConnect.java
new file mode 100644
index 0000000..15de2f2
--- /dev/null
+++ b/org/infradead/openconnect/LibOpenConnect.java
@@ -0,0 +1,201 @@
+/*
+ * OpenConnect (SSL + DTLS) VPN client
+ *
+ * Copyright © 2013 Kevin Cernekee <cernekee at gmail.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to:
+ *
+ *   Free Software Foundation, Inc.
+ *   51 Franklin Street, Fifth Floor,
+ *   Boston, MA 02110-1301 USA
+ */
+
+package org.infradead.openconnect;
+
+import java.util.ArrayList;
+
+public abstract class LibOpenConnect {
+
+	/* constants */
+
+	public static final int AUTH_FORM_ERROR = -1;
+	public static final int AUTH_FORM_PARSED = 0;
+	public static final int AUTH_FORM_CANCELLED = 1;
+
+	public static final int OC_FORM_OPT_TEXT = 1;
+	public static final int OC_FORM_OPT_PASSWORD = 2;
+	public static final int OC_FORM_OPT_SELECT = 3;
+	public static final int OC_FORM_OPT_HIDDEN = 4;
+	public static final int OC_FORM_OPT_TOKEN = 5;
+
+	public static final int OC_TOKEN_MODE_NONE = 0;
+	public static final int OC_TOKEN_MODE_STOKEN = 1;
+	public static final int OC_TOKEN_MODE_TOTP = 2;
+
+	/* required callbacks */
+
+	public abstract int onValidatePeerCert(String msg);
+	public abstract int onWriteNewConfig(byte[] buf);
+	public abstract int onProcessAuthForm(AuthForm authForm);
+	public abstract void onProgress(int level, String msg);
+
+	/* create/destroy library instances */
+
+	public LibOpenConnect() {
+		libctx = init("OpenConnect VPN Agent (Java)");
+	}
+
+	public synchronized void destroy() {
+		free();
+		libctx = 0;
+	}
+
+	/* control operations */
+
+	public synchronized native int parseURL(String url);
+	public synchronized native int obtainCookie();
+	public native void cancel();
+	public synchronized native void clearCookie();
+	public synchronized native void resetSSL();
+
+	/* connection settings */
+
+	public synchronized native int passphraseFromFSID();
+	public synchronized native void setCertExpiryWarning(int seconds);
+	public synchronized native int setHTTPProxy(String proxy);
+	public synchronized native void setXMLSHA1(String hash);
+	public synchronized native void setHostname(String hostname);
+	public synchronized native void setUrlpath(String urlpath);
+	public synchronized native void setCAFile(String caFile);
+	public synchronized native void setReportedOS(String os);
+	public synchronized native int setTokenMode(int tokenMode, String tokenString);
+	public synchronized native void setCSDWrapper(String wrapper);
+	public synchronized native void setClientCert(String cert, String sslKey);
+
+	/* connection info */
+
+	public synchronized native String getHostname();
+	public synchronized native String getUrlpath();
+	public synchronized native int getPort();
+	public synchronized native String getCookie();
+
+	/* certificate info */
+
+	public synchronized native String getCertSHA1();
+	public synchronized native String getCertDetails();
+	public synchronized native byte[] getCertDER();
+
+	/* library info */
+
+	public static native String getVersion();
+	public static native boolean hasPKCS11Support();
+	public static native boolean hasTSSBlobSupport();
+	public static native boolean hasStokenSupport();
+	public static native boolean hasOATHSupport();
+
+	/* public data structures */
+
+	public static class FormOpt {
+		public int type;
+		public String name;
+		public String label;
+		public ArrayList<FormChoice> choices;
+		String value;
+
+		public void setValue(String value) {
+			this.value = value;
+		}
+
+		/* FormOpt internals (called from JNI) */
+
+		FormOpt(int type, String name, String label) {
+			this.type = type;
+			this.name = name;
+			this.label = label;
+
+			if (type == OC_FORM_OPT_SELECT) {
+				this.choices = new ArrayList<FormChoice>();
+			}
+		}
+
+		void addChoice(FormChoice fc) {
+			this.choices.add(fc);
+		}
+	};
+
+	public static class FormChoice {
+		public String name;
+		public String label;
+		public String authType;
+		public String overrideName;
+		public String overrideLabel;
+
+		/* FormChoice internals (called from JNI) */
+
+		void setName(String arg) { this.name = arg; }
+		void setLabel(String arg) { this.label = arg; }
+		void setAuthType(String arg) { this.authType = arg; }
+		void setOverrideName(String arg) { this.overrideName = arg; }
+		void setOverrideLabel(String arg) { this.overrideLabel = arg; }
+	};
+
+	public static class AuthForm {
+		public String banner;
+		public String message;
+		public String error;
+		public String authID;
+		public String method;
+		public String action;
+		public ArrayList<FormOpt> opts;
+
+		/* AuthForm internals (called from JNI) */
+
+		void setBanner(String arg) { this.banner = arg; }
+		void setMessage(String arg) { this.message = arg; }
+		void setError(String arg) { this.error = arg; }
+		void setAuthID(String arg) { this.authID = arg; }
+		void setMethod(String arg) { this.method = arg; }
+		void setAction(String arg) { this.action = arg; }
+
+		AuthForm() {
+			opts = new ArrayList<FormOpt>();
+		}
+
+		FormOpt addOpt(int type, String name, String label) {
+			FormOpt fo = new FormOpt(type, name, label);
+			opts.add(fo);
+			return fo;
+		}
+
+		String getOptValue(String name) {
+			for (FormOpt fo : opts) {
+				if (fo.name.equals(name)) {
+					return fo.value;
+				}
+			}
+			return null;
+		}
+	}
+
+	/* LibOpenConnect internals */
+
+	long libctx;
+
+	static synchronized native void globalInit();
+	static {
+		globalInit();
+	}
+
+	synchronized native long init(String useragent);
+	synchronized native void free();
+}
-- 
1.7.9.5


