On Tue, 2014-08-05 at 11:42 +0100, David Woodhouse wrote:
> Perhaps I should follow your lead and allow the PSKC XML to be passed
> in as the "string". And then just add a function or callback for the
> library to give it *back* again. The library will hand it back in the
> same form (raw/PSKC) that it received it.
I've done this. I haven't yet made it support PSKC, but there are
lock/unlock callbacks for using a counter-based token, which will be
called before the token is used and then again afterwards with the new
data.
I've implemented this in openconnect itself, and also in
NetworkManager-openconnect.
Does this look correct for the Java side?
diff --git a/java/src/org/infradead/libopenconnect/LibOpenConnect.java b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
index 2352675..f86edec 100644
--- a/java/src/org/infradead/libopenconnect/LibOpenConnect.java
+++ b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
@@ -59,6 +59,8 @@ public abstract class LibOpenConnect {
public int onWriteNewConfig(byte[] buf) { return 0; }
public void onProtectSocket(int fd) { }
public void onStatsUpdate(VPNStats stats) { }
+ public int onTokenLock() { return 0; }
+ public int onTokenUnlock(String newToken) { return 0; }
/* create/destroy library instances */
diff --git a/jni.c b/jni.c
index 9936236..23fcbe1 100644
--- a/jni.c
+++ b/jni.c
@@ -525,6 +525,50 @@ out:
(*ctx->jenv)->PopLocalFrame(ctx->jenv, NULL);
}
+static int lock_token_cb(void *privdata)
+{
+ struct libctx *ctx = privdata;
+ jmethodID mid;
+ int ret = -1;
+
+ if ((*ctx->jenv)->PushLocalFrame(ctx->jenv, 256) < 0)
+ return -1;
+
+ mid = get_obj_mid(ctx, ctx->jobj, "onTokenLock", "(V)I");
+ if (!mid)
+ goto out;
+
+ (*ctx->jenv)->CallIntMethod(ctx->jenv, ctx->jobj, mid);
+
+out:
+ (*ctx->jenv)->PopLocalFrame(ctx->jenv, NULL);
+ return ret;
+}
+
+static int unlock_token_cb(void *privdata, const char *new_token)
+{
+ struct libctx *ctx = privdata;
+ jstring jtoken;
+ int ret = -1;
+ jmethodID mid;
+
+ if ((*ctx->jenv)->PushLocalFrame(ctx->jenv, 256) < 0)
+ return -1;
+
+ jtoken = dup_to_jstring(ctx->jenv, new_token);
+ if (!jtoken)
+ goto out;
+
+ mid = get_obj_mid(ctx, ctx->jobj, "onTokenUnlock", "(Ljava/lang/String;)I");
+ if (mid)
+ ret = (*ctx->jenv)->CallIntMethod(ctx->jenv, ctx->jobj, mid, jtoken);
+
+out:
+ (*ctx->jenv)->PopLocalFrame(ctx->jenv, NULL);
+ return ret;
+}
+
+
/* Library init/uninit */
static jobject init_async_lock(struct libctx *ctx)
@@ -566,6 +610,8 @@ JNIEXPORT jlong JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_init(
if (!ctx->vpninfo)
goto bad_delete_ref;
+ openconnect_set_token_callbacks(ctx->vpninfo, ctx, lock_token_cb,
+ unlock_token_cb);
openconnect_set_protect_socket_handler(ctx->vpninfo, protect_socket_cb);
openconnect_set_stats_handler(ctx->vpninfo, stats_cb);
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140812/f45d69a8/attachment.bin>
