Index: jss/security/jss/lib/jss.def =================================================================== --- jss.orig/security/jss/lib/jss.def 2011-10-04 21:05:04.170001146 +0300 +++ jss/security/jss/lib/jss.def 2011-10-04 21:05:04.190001146 +0300 @@ -328,6 +328,8 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPairWithOpFlags; Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPairWithOpFlags; Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPairWithOpFlags; +Java_org_mozilla_jss_CryptoManager_OCSPCacheSettingsNative; +Java_org_mozilla_jss_CryptoManager_setOCSPTimeoutNative; ;+ local: ;+ *; ;+}; Index: jss/security/jss/org/mozilla/jss/CryptoManager.c =================================================================== --- jss.orig/security/jss/org/mozilla/jss/CryptoManager.c 2011-10-04 20:32:37.021939286 +0300 +++ jss/security/jss/org/mozilla/jss/CryptoManager.c 2011-10-04 21:05:04.190001146 +0300 @@ -985,3 +985,45 @@ } } + +/********************************************************************** +* OCSPCacheSettingsNative +* +* Allows configuration of the OCSP responder cache during runtime. +*/ +JNIEXPORT void JNICALL +Java_org_mozilla_jss_CryptoManager_OCSPCacheSettingsNative( + JNIEnv *env, jobject this, + jint ocsp_cache_size, + jint ocsp_min_cache_entry_duration, + jint ocsp_max_cache_entry_duration) +{ + SECStatus rv = SECFailure; + + rv = CERT_OCSPCacheSettings( + ocsp_cache_size, ocsp_min_cache_entry_duration, + ocsp_max_cache_entry_duration); + + if (rv != SECSuccess) { + JSS_throwMsgPrErr(env, + GENERAL_SECURITY_EXCEPTION, + "Failed to set OCSP cache: error "+ PORT_GetError()); + } +} + +JNIEXPORT void JNICALL +Java_org_mozilla_jss_CryptoManager_setOCSPTimeoutNative( + JNIEnv *env, jobject this, + jint ocsp_timeout ) +{ + SECStatus rv = SECFailure; + + rv = CERT_SetOCSPTimeout(ocsp_timeout); + + if (rv != SECSuccess) { + JSS_throwMsgPrErr(env, + GENERAL_SECURITY_EXCEPTION, + "Failed to set OCSP timeout: error "+ PORT_GetError()); + } +} + Index: jss/security/jss/org/mozilla/jss/CryptoManager.java =================================================================== --- jss.orig/security/jss/org/mozilla/jss/CryptoManager.java 2011-10-04 21:05:04.182001146 +0300 +++ jss/security/jss/org/mozilla/jss/CryptoManager.java 2011-10-04 21:05:04.190001146 +0300 @@ -1592,4 +1592,41 @@ String ocspResponderCertNickname ) throws GeneralSecurityException; + /** + * change OCSP cache settings + * * @param ocsp_cache_size max cache entries + * * @param ocsp_min_cache_entry_duration minimum seconds to next fetch attempt + * * @param ocsp_max_cache_entry_duration maximum seconds to next fetch attempt + */ + public void OCSPCacheSettings( + int ocsp_cache_size, + int ocsp_min_cache_entry_duration, + int ocsp_max_cache_entry_duration) + throws GeneralSecurityException + { + OCSPCacheSettingsNative(ocsp_cache_size, + ocsp_min_cache_entry_duration, + ocsp_max_cache_entry_duration); + } + + private native void OCSPCacheSettingsNative( + int ocsp_cache_size, + int ocsp_min_cache_entry_duration, + int ocsp_max_cache_entry_duration) + throws GeneralSecurityException; + + /** + * set OCSP timeout value + * * @param ocspTimeout OCSP timeout in seconds + */ + public void setOCSPTimeout( + int ocsp_timeout ) + throws GeneralSecurityException + { + setOCSPTimeoutNative( ocsp_timeout); + } + + private native void setOCSPTimeoutNative( + int ocsp_timeout ) + throws GeneralSecurityException; }