Add missing API, misc updates

padelsbach · padelsbach · commit 42c47d60fd0d · 2026-01-30T09:59:14.000-08:00
diff --git a/native/com_wolfssl_WolfSSLCRL.c b/native/com_wolfssl_WolfSSLCRL.c
@@ -248,11 +248,14 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLCRL_X509_1CRL_1add_1revoked
 {
 #if defined(WOLFSSL_JNI_CRL_GEN_ENABLED)
     WOLFSSL_X509_CRL* crl = (WOLFSSL_X509_CRL*)(uintptr_t)crlPtr;
+    WOLFSSL_X509_REVOKED revoked;
+    WOLFSSL_ASN1_INTEGER* serialInt = NULL;
     byte* serialBuf = NULL;
-    byte* dateBuf = NULL;
     int serialSz = 0;
     int ret = WOLFSSL_SUCCESS;
     (void)jcl;
+    (void)revDate;
+    (void)dateFmt;
 
     if (jenv == NULL || crl == NULL || serial == NULL) {
         return WOLFSSL_FAILURE;
@@ -264,24 +267,24 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLCRL_X509_1CRL_1add_1revoked
         ret = WOLFSSL_FAILURE;
     }
     else {
-        if (revDate != NULL) {
-            dateBuf = (byte*)(*jenv)->GetByteArrayElements(jenv, revDate, NULL);
-            if (dateBuf == NULL) {
-                ret = WOLFSSL_FAILURE;
-            }
+        serialInt = wolfSSL_ASN1_INTEGER_new();
+        if (serialInt == NULL) {
+            ret = MEMORY_E;
         }
-        if (ret != WOLFSSL_FAILURE) {
-            ret = wolfSSL_X509_CRL_add_revoked(crl, serialBuf, serialSz,
-                dateBuf, (unsigned char)dateFmt);
-        }
-        if (dateBuf != NULL) {
-            (*jenv)->ReleaseByteArrayElements(jenv, revDate, (jbyte*)dateBuf,
-                JNI_ABORT);
+        else {
+            serialInt->data = (unsigned char*)serialBuf;
+            serialInt->dataMax = (unsigned int)serialSz;
+            serialInt->length = serialSz;
+            serialInt->isDynamic = 0;
+            serialInt->type = 0;
+            revoked.serialNumber = serialInt;
+            ret = wolfSSL_X509_CRL_add_revoked(crl, &revoked);
         }
     }
 
     (*jenv)->ReleaseByteArrayElements(jenv, serial, (jbyte*)serialBuf,
         JNI_ABORT);
+    wolfSSL_ASN1_INTEGER_free(serialInt);
 
     return ret;
 #else
@@ -302,10 +305,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLCRL_X509_1CRL_1add_1revoked_1cert
 #if defined(WOLFSSL_JNI_CRL_GEN_ENABLED)
     WOLFSSL_X509_CRL* crl = (WOLFSSL_X509_CRL*)(uintptr_t)crlPtr;
     byte* certBuf = NULL;
-    byte* dateBuf = NULL;
     int certSz = 0;
     int ret = WOLFSSL_SUCCESS;
     (void)jcl;
+    (void)revDate;
+    (void)dateFmt;
 
     if (jenv == NULL || crl == NULL || certDer == NULL) {
         return WOLFSSL_FAILURE;
@@ -317,20 +321,7 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLCRL_X509_1CRL_1add_1revoked_1cert
         ret = WOLFSSL_FAILURE;
     }
     else {
-        if (revDate != NULL) {
-            dateBuf = (byte*)(*jenv)->GetByteArrayElements(jenv, revDate, NULL);
-            if (dateBuf == NULL) {
-                ret = WOLFSSL_FAILURE;
-            }
-        }
-        if (ret != WOLFSSL_FAILURE) {
-            ret = wolfSSL_X509_CRL_add_revoked_cert(crl, certBuf, certSz,
-                dateBuf, (unsigned char)dateFmt);
-        }
-        if (dateBuf != NULL) {
-            (*jenv)->ReleaseByteArrayElements(jenv, revDate, (jbyte*)dateBuf,
-                JNI_ABORT);
-        }
+        ret = wolfSSL_X509_CRL_add_revoked_cert(crl, certBuf, certSz);
     }
 
     (*jenv)->ReleaseByteArrayElements(jenv, certDer, (jbyte*)certBuf,
@@ -778,3 +769,57 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSLCRL_X509_1CRL_1get_1pem
     return NULL;
 #endif
 }
+
+JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSLCRL_X509_1CRL_1get_1signature
+  (JNIEnv* jenv, jclass jcl, jlong crlPtr)
+{
+#if defined(WOLFSSL_JNI_CRL_GEN_ENABLED)
+    WOLFSSL_X509_CRL* crl = (WOLFSSL_X509_CRL*)(uintptr_t)crlPtr;
+    const WOLFSSL_ASN1_BIT_STRING* sig = NULL;
+    jbyteArray sigArr = NULL;
+    jclass excClass = NULL;
+    (void)jcl;
+
+    if (jenv == NULL || crl == NULL) {
+        return NULL;
+    }
+
+    wolfSSL_X509_CRL_get_signature(crl, &sig, NULL);
+    if (sig == NULL || sig->data == NULL || sig->length <= 0) {
+        return NULL;
+    }
+
+    sigArr = (*jenv)->NewByteArray(jenv, sig->length);
+    if (sigArr == NULL) {
+        (*jenv)->ThrowNew(jenv, jcl,
+            "Failed to create byte array in native X509_CRL_get_signature");
+        return NULL;
+    }
+
+    excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLJNIException");
+    if ((*jenv)->ExceptionOccurred(jenv)) {
+        (*jenv)->ExceptionDescribe(jenv);
+        (*jenv)->ExceptionClear(jenv);
+        (*jenv)->DeleteLocalRef(jenv, sigArr);
+        return NULL;
+    }
+
+    (*jenv)->SetByteArrayRegion(jenv, sigArr, 0, sig->length,
+        (const jbyte*)sig->data);
+    if ((*jenv)->ExceptionOccurred(jenv)) {
+        (*jenv)->ExceptionDescribe(jenv);
+        (*jenv)->ExceptionClear(jenv);
+        (*jenv)->DeleteLocalRef(jenv, sigArr);
+        (*jenv)->ThrowNew(jenv, excClass,
+            "Failed to set byte region in native X509_CRL_get_signature");
+        return NULL;
+    }
+
+    return sigArr;
+#else
+    (void)jenv;
+    (void)jcl;
+    (void)crlPtr;
+    return NULL;
+#endif
+}
diff --git a/native/com_wolfssl_WolfSSLCRL.h b/native/com_wolfssl_WolfSSLCRL.h
diff --git a/src/java/com/wolfssl/WolfSSLCRL.java b/src/java/com/wolfssl/WolfSSLCRL.java
@@ -88,6 +88,7 @@ static native int X509_CRL_sign(long crl, int keyType, byte[] keyBytes,
     static native String X509_CRL_get_nextUpdate(long crl);
     static native byte[] X509_CRL_get_der(long crl);
     static native byte[] X509_CRL_get_pem(long crl);
+    static native byte[] X509_CRL_get_signature(long crl);
 
     private static final class Asn1TimeData {
         private final byte[] paddedData;
@@ -633,6 +634,25 @@ public Date getNextUpdate() {
         return null;
     }
 
+    /**
+     * Get CRL signature bytes.
+     *
+     * @return signature byte array or null if not available.
+     *
+     * @throws IllegalStateException if WolfSSLCRL has been freed.
+     */
+    public byte[] getSignature() {
+        confirmObjectIsActive();
+
+        synchronized (crlLock) {
+            WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
+                WolfSSLDebug.INFO, this.crlPtr,
+                () -> "entered getSignature()");
+
+            return X509_CRL_get_signature(this.crlPtr);
+        }
+    }
+
     @Override
     public String toString() {
         byte[] crlText = null;
diff --git a/src/test/com/wolfssl/test/WolfSSLCRLTest.java b/src/test/com/wolfssl/test/WolfSSLCRLTest.java
@@ -455,6 +455,9 @@ public void testSign_PrivateKey()
         /* Sign CRL */
         int ret = crl.sign(privKey, "SHA256");
         assertTrue("sign should succeed", ret >= 0);
+        byte[] sig = crl.getSignature();
+        assertNotNull("signature should be available after sign", sig);
+        assertTrue("signature length should be > 0", sig.length > 0);
 
         /* Test null private key */
         try {
diff --git a/src/test/com/wolfssl/test/WolfSSLTestSuite.java b/src/test/com/wolfssl/test/WolfSSLTestSuite.java
@@ -38,7 +38,7 @@
     WolfSSLCertificateTest.class,
     WolfSSLCertRequestTest.class,
     WolfSSLCertManagerTest.class,
-    WolfSSLNameConstraintsTest.class
+    WolfSSLNameConstraintsTest.class,
     WolfSSLCRLTest.class
 })
 
