Bug 507536 - Add IPv6 functionality to JSS
authorElio Maldonado <emaldona@redhat.com>
Tue, 07 Feb 2017 19:34:44 -0800
changeset 2124 044329321fc9b5f1fd9c9b25d95d518bdacc40ea
parent 2123 e5e2f877029d5c7f4beaa99f43b269f986593fad
child 2125 e2b21b8db4d7bbb6f538678e8b00a6520dc50566
push id21
push useremaldona@redhat.com
push dateThu, 09 Feb 2017 14:42:36 +0000
bugs507536
Bug 507536 - Add IPv6 functionality to JSS
lib/jss.def
org/mozilla/jss/ssl/SSLServerSocket.java
org/mozilla/jss/ssl/SSLSocket.c
org/mozilla/jss/ssl/SSLSocket.java
org/mozilla/jss/ssl/SocketBase.java
org/mozilla/jss/ssl/common.c
org/mozilla/jss/ssl/javasock.c
org/mozilla/jss/util/java_ids.h
--- a/lib/jss.def
+++ b/lib/jss.def
@@ -138,16 +138,17 @@ Java_org_mozilla_jss_pkcs11_PK11SecureRa
 Java_org_mozilla_jss_ssl_SSLServerSocket_clearSessionCache;
 Java_org_mozilla_jss_ssl_SSLServerSocket_configServerSessionIDCache;
 Java_org_mozilla_jss_ssl_SSLServerSocket_setServerCertNickname;
 Java_org_mozilla_jss_ssl_SSLServerSocket_socketAccept;
 Java_org_mozilla_jss_ssl_SSLServerSocket_socketListen;
 Java_org_mozilla_jss_ssl_SSLSocket_forceHandshake;
 Java_org_mozilla_jss_ssl_SSLSocket_getKeepAlive;
 Java_org_mozilla_jss_ssl_SSLSocket_getLocalAddressNative;
+Java_org_mozilla_jss_ssl_SocketBase_getLocalAddressByteArrayNative;
 Java_org_mozilla_jss_ssl_SSLSocket_getPort;
 Java_org_mozilla_jss_ssl_SSLSocket_getReceiveBufferSize;
 Java_org_mozilla_jss_ssl_SSLSocket_getSendBufferSize;
 Java_org_mozilla_jss_ssl_SSLSocket_getSoLinger;
 Java_org_mozilla_jss_ssl_SSLSocket_getStatus;
 Java_org_mozilla_jss_ssl_SSLSocket_getTcpNoDelay;
 Java_org_mozilla_jss_ssl_SSLSocket_invalidateSession;
 Java_org_mozilla_jss_ssl_SSLSocket_redoHandshake;
@@ -162,16 +163,17 @@ Java_org_mozilla_jss_ssl_SSLSocket_setSo
 Java_org_mozilla_jss_ssl_SSLSocket_setTcpNoDelay;
 Java_org_mozilla_jss_ssl_SSLSocket_shutdownNative;
 Java_org_mozilla_jss_ssl_SSLSocket_socketAvailable;
 Java_org_mozilla_jss_ssl_SSLSocket_socketConnect;
 Java_org_mozilla_jss_ssl_SSLSocket_socketRead;
 Java_org_mozilla_jss_ssl_SSLSocket_socketWrite;
 Java_org_mozilla_jss_ssl_SocketBase_getLocalPortNative;
 Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressNative;
+Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressByteArrayNative;
 Java_org_mozilla_jss_ssl_SocketBase_setClientCertNicknameNative;
 Java_org_mozilla_jss_ssl_SocketBase_requestClientAuthNoExpiryCheckNative;
 Java_org_mozilla_jss_ssl_SocketBase_setSSLOption;
 Java_org_mozilla_jss_ssl_SocketBase_socketBind;
 Java_org_mozilla_jss_ssl_SocketBase_socketClose;
 Java_org_mozilla_jss_ssl_SocketBase_socketCreate;
 Java_org_mozilla_jss_util_Debug_setNativeLevel;
 Java_org_mozilla_jss_util_Password_readPasswordFromConsole;
--- a/org/mozilla/jss/ssl/SSLServerSocket.java
+++ b/org/mozilla/jss/ssl/SSLServerSocket.java
@@ -1,14 +1,15 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 package org.mozilla.jss.ssl;
 
+import java.util.*;
 import java.net.InetAddress;
 import java.io.IOException;
 import java.net.Socket;
 import java.net.SocketException;
 import java.net.SocketTimeoutException;
 import org.mozilla.jss.CryptoManager;
 import org.mozilla.jss.crypto.ObjectNotFoundException;
 import org.mozilla.jss.crypto.TokenException;
@@ -101,44 +102,44 @@ public class SSLServerSocket extends jav
     {
         // Dance the dance of fools.  The superclass doesn't have a default
         // constructor, so we have to trick it here. This is an example
         // of WHY WE SHOULDN'T BE EXTENDING SERVERSOCKET.
         super(0);
         super.close();
 
         // create the socket
+
+        int socketFamily = SocketBase.SSL_AF_INET;
+        if(SocketBase.supportsIPV6()) {
+            socketFamily = SocketBase.SSL_AF_INET6;
+        }
+
         sockProxy = new SocketProxy(
-            base.socketCreate(this, certApprovalCallback, null) );
+            base.socketCreate(this, certApprovalCallback, null,socketFamily) );
 
         base.setProxy(sockProxy);
 
         setReuseAddress(reuseAddr);
 
-        // bind it to the local address and port
-        if( bindAddr == null ) {
-            bindAddr = anyLocalAddr;
-        }
         byte[] bindAddrBA = null;
         if( bindAddr != null ) {
             bindAddrBA = bindAddr.getAddress();
         }
         base.socketBind(bindAddrBA, port);
+
+        String hostName = null;
+        if(bindAddr != null)  {
+            hostName = bindAddr.getCanonicalHostName();
+        }
         socketListen(backlog);
     }
 
     private native void socketListen(int backlog) throws SocketException;
 
-    private static InetAddress anyLocalAddr;
-    static {
-        try {
-            anyLocalAddr = InetAddress.getByName("0.0.0.0");
-        } catch (java.net.UnknownHostException e) { }
-    }
-
     /**
      * Accepts a connection. This call will block until a connection is made
      * or the timeout is reached.
      *
      * @return java.net.Socket Local socket for client communication
      *
      * @throws IOException  If an input or output exception occurred
      * @throws SocketTimeoutException  If the socket times out trying to connect
--- a/org/mozilla/jss/ssl/SSLSocket.c
+++ b/org/mozilla/jss/ssl/SSLSocket.c
@@ -423,51 +423,104 @@ Java_org_mozilla_jss_ssl_SSLSocket_getPo
 
 JNIEXPORT void JNICALL
 Java_org_mozilla_jss_ssl_SSLSocket_socketConnect
     (JNIEnv *env, jobject self, jbyteArray addrBA, jstring hostname, jint port)
 {
     JSSL_SocketData *sock;
     PRNetAddr addr;
     jbyte *addrBAelems = NULL;
+    int addrBALen = 0;
     PRStatus status;
     int stat;
     const char *hostnameStr=NULL;
 
+    jmethodID supportsIPV6ID;
+    jclass socketBaseClass;
+    jboolean supportsIPV6 = 0;
+
     if( JSSL_getSockData(env, self, &sock) != PR_SUCCESS) {
         /* exception was thrown */
         goto finish;
     }
 
     /*
      * setup the PRNetAddr structure
      */
-    addr.inet.family = AF_INET;
-    addr.inet.port = htons(port);
-    PR_ASSERT(sizeof(addr.inet.ip) == 4);
-    PR_ASSERT( (*env)->GetArrayLength(env, addrBA) == 4);
+
+    socketBaseClass = (*env)->FindClass(env, SOCKET_BASE_NAME);
+    if( socketBaseClass == NULL ) {
+        ASSERT_OUTOFMEM(env);
+        goto finish;
+    }
+    supportsIPV6ID = (*env)->GetStaticMethodID(env, socketBaseClass,
+        SUPPORTS_IPV6_NAME, SUPPORTS_IPV6_SIG);
+
+    if( supportsIPV6ID == NULL ) {
+        ASSERT_OUTOFMEM(env);
+        goto finish;
+    }
+
+    supportsIPV6 = (*env)->CallStaticBooleanMethod(env, socketBaseClass,
+         supportsIPV6ID);
+
     addrBAelems = (*env)->GetByteArrayElements(env, addrBA, NULL);
+    addrBALen = (*env)->GetArrayLength(env, addrBA);
+
+    PR_ASSERT(addrBALen != 0);
+
     if( addrBAelems == NULL ) {
         ASSERT_OUTOFMEM(env);
         goto finish;
     }
-    memcpy(&addr.inet.ip, addrBAelems, 4);
 
     /*
      * Tell SSL the URL we think we want to connect to.
      * This prevents man-in-the-middle attacks.
      */
     hostnameStr = (*env)->GetStringUTFChars(env, hostname, NULL);
     if( hostnameStr == NULL ) goto finish;
     stat = SSL_SetURL(sock->fd, (char*)hostnameStr);
     if( stat != 0 ) {
         JSSL_throwSSLSocketException(env, "Failed to set the SSL URL");
         goto finish;
     }
 
+    if( addrBAelems == NULL ) {
+        ASSERT_OUTOFMEM(env);
+        goto finish;
+    }
+
+    if(addrBALen != 4 && addrBALen != 16) {
+        JSSL_throwSSLSocketException(env, "Invalid address in connect!");
+        goto finish;
+    }
+
+    if( addrBALen == 4) {
+        addr.inet.family = AF_INET;
+        addr.inet.port = PR_htons(port);
+        memcpy(&addr.inet.ip, addrBAelems, 4);
+
+        if(supportsIPV6) {
+            addr.ipv6.family = AF_INET6;
+            addr.ipv6.port = PR_htons(port);
+            PR_ConvertIPv4AddrToIPv6(addr.inet.ip,&addr.ipv6.ip);
+        }
+
+    }  else {   /* Must be 16 and ipv6 */
+        if(supportsIPV6) {
+            addr.ipv6.family = AF_INET6;
+            addr.ipv6.port = PR_htons(port);
+            memcpy(&addr.ipv6.ip,addrBAelems, 16);
+        }  else {
+                JSSL_throwSSLSocketException(env, "Invalid address in connect!");
+                goto finish;
+        }
+    }
+
     /*
      * make the connect call
      */
     status = PR_Connect(sock->fd, &addr, PR_INTERVAL_NO_TIMEOUT);
     if( status != PR_SUCCESS) {
         JSSL_throwSSLSocketException(env, "Unable to connect");
         goto finish;
     }
--- a/org/mozilla/jss/ssl/SSLSocket.java
+++ b/org/mozilla/jss/ssl/SSLSocket.java
@@ -214,21 +214,26 @@ public class SSLSocket extends java.net.
     }
 
     private SSLSocket(InetAddress address, String hostname, int port,
         InetAddress localAddr,
         int localPort, SSLCertificateApprovalCallback certApprovalCallback,
         SSLClientCertificateSelectionCallback clientCertSelectionCallback)
             throws IOException
     {
+
+        int socketFamily = SocketBase.SSL_AF_INET;
+        if(SocketBase.supportsIPV6()) {
+            socketFamily = SocketBase.SSL_AF_INET6;
+        }
         // create the socket
         sockProxy =
             new SocketProxy(
                 base.socketCreate(
-                    this, certApprovalCallback, clientCertSelectionCallback) );
+                    this, certApprovalCallback, clientCertSelectionCallback,socketFamily) );
 
         base.setProxy(sockProxy);
 
         // bind it to local address and port
         if( localAddr != null || localPort > 0 ) {
             // bind because they specified a local address
             byte[] addrBA = null;
             if( localAddr != null ) {
@@ -259,17 +264,17 @@ public class SSLSocket extends java.net.
         SSLClientCertificateSelectionCallback clientCertSelectionCallback)
             throws IOException
     {
         // create the socket
         sockProxy =
             new SocketProxy(
                 base.socketCreate(
                     this, certApprovalCallback, clientCertSelectionCallback,
-                    s, host ) );
+                    s, host,SocketBase.SSL_AF_INET ) );
 
         base.setProxy(sockProxy);
         resetHandshake();
     }
 
     /**
      * @return The remote peer's IP address or null if the SSLSocket is closed.
      */
--- a/org/mozilla/jss/ssl/SocketBase.java
+++ b/org/mozilla/jss/ssl/SocketBase.java
@@ -33,26 +33,26 @@ class SocketBase {
 
     void setProxy(SocketProxy sockProxy) {
         this.sockProxy = sockProxy;
     }
 
     native byte[] socketCreate(Object socketObject,
         SSLCertificateApprovalCallback certApprovalCallback,
         SSLClientCertificateSelectionCallback clientCertSelectionCallback,
-        java.net.Socket javaSock, String host)
+        java.net.Socket javaSock, String host,int family)
             throws SocketException;
 
     byte[] socketCreate(Object socketObject,
         SSLCertificateApprovalCallback certApprovalCallback,
-        SSLClientCertificateSelectionCallback clientCertSelectionCallback)
+        SSLClientCertificateSelectionCallback clientCertSelectionCallback,int family)
             throws SocketException
     {
         return socketCreate(socketObject, certApprovalCallback,
-            clientCertSelectionCallback, null, null);
+            clientCertSelectionCallback, null, null,family);
     }
 
     native void socketBind(byte[] addrBA, int port) throws SocketException;
 
     /**
      * Enums. These must match the enums table in common.c. This is
      * safer than copying the values of the C constants, which are subject
      * to change, into Java code.
@@ -84,16 +84,20 @@ class SocketBase {
     static final int SSL_ENABLE_SESSION_TICKETS = 22;
     static final int SSL_ENABLE_RENEGOTIATION = 23;
     static final int SSL_RENEGOTIATE_NEVER = 24;
     static final int SSL_RENEGOTIATE_UNRESTRICTED = 25;
     static final int SSL_RENEGOTIATE_REQUIRES_XTN = 26;
     static final int SSL_RENEGOTIATE_TRANSITIONAL = 27;
     static final int SSL_REQUIRE_SAFE_NEGOTIATION = 28;
 
+
+    static final int SSL_AF_INET  = 50;
+    static final int SSL_AF_INET6 = 51;
+
     void close() throws IOException {
         socketClose();
     }
 
     // SSLServerSocket and SSLSocket close methods
     // have their own synchronization control that 
     // protects SocketBase.socketClose.
     native void socketClose() throws IOException;
@@ -282,35 +286,57 @@ class SocketBase {
             in = InetAddress.getByName(
                 addr[0] + "." + addr[1] + "." + addr[2] + "." + addr[3] );
         } catch (java.net.UnknownHostException e) {
             in = null;
         }
         return in;
     }
 
+    private native byte[] getLocalAddressByteArrayNative() throws SocketException;
+    private native byte[] getPeerAddressByteArrayNative() throws SocketException;
     /**
      * @return the InetAddress of the peer end of the socket.
      */
     InetAddress getInetAddress()
     {
         try {
-            return convertIntToInetAddress( getPeerAddressNative() );
+            byte[] address = getPeerAddressByteArrayNative();
+
+            InetAddress iAddr = null;
+
+            try {
+
+                iAddr = InetAddress.getByAddress(address);
+            }   catch(UnknownHostException e) {
+            }
+
+            return iAddr;
         } catch(SocketException e) {
             return null;
         }
     }
     private native int getPeerAddressNative() throws SocketException;
 
     /**
      * @return The local IP address.
      */
     InetAddress getLocalAddress() {
         try {
-            return convertIntToInetAddress( getLocalAddressNative() );
+            byte[] address = getLocalAddressByteArrayNative();
+
+            InetAddress lAddr = null;
+
+            try {
+
+                lAddr = InetAddress.getByAddress(address);
+            }   catch(UnknownHostException e) {
+            }
+
+            return lAddr;
         } catch(SocketException e) {
             return null;
         }
     }
     private native int getLocalAddressNative() throws SocketException;
 
     public int getLocalPort() {
         try {
@@ -379,9 +405,50 @@ class SocketBase {
         Constructor cons = excepClass.getConstructor(new Class[] {stringClass});
 
         return (Throwable) cons.newInstance(new Object[] { strBuf.toString() });
       } catch(Exception e ) {
         Assert.notReached("Problem constructing exception container");
         return topException;
       }
     }
+
+    static private int supportsIPV6 = -1;
+    static boolean supportsIPV6() {
+
+        if(supportsIPV6 >= 0) {
+            if(supportsIPV6 > 0) {
+                return true;
+            } else {
+                return false;
+            }
+        }
+
+        Enumeration netInter;
+        try {
+                 netInter = NetworkInterface.getNetworkInterfaces();
+        }  catch (SocketException e) {
+
+                 return false;
+        }
+        while ( netInter.hasMoreElements() )
+        {
+            NetworkInterface ni = (NetworkInterface)netInter.nextElement();
+            Enumeration addrs = ni.getInetAddresses();
+            while ( addrs.hasMoreElements() )
+            {
+                 Object o = addrs.nextElement();
+                 if ( o.getClass() == InetAddress.class ||
+                     o.getClass() == Inet4Address.class ||
+                     o.getClass() == Inet6Address.class )
+                 {
+                      InetAddress iaddr = (InetAddress) o;
+                      if(o.getClass() == Inet6Address.class) {
+                          supportsIPV6 = 1;
+                          return true;
+                      }
+                 }
+            }
+        }
+        supportsIPV6 = 0;
+        return false;
+    }
 }
--- a/org/mozilla/jss/ssl/common.c
+++ b/org/mozilla/jss/ssl/common.c
@@ -14,16 +14,19 @@
 #include <pk11util.h>
 #include "_jni/org_mozilla_jss_ssl_SSLSocket.h"
 #include "jssl.h"
 
 #ifdef WIN32
 #include <winsock.h>
 #endif
 
+#define SSL_AF_INET  50
+#define SSL_AF_INET6 51
+
 void
 JSSL_throwSSLSocketException(JNIEnv *env, char *message)
 {
     const char *errStr;
     PRErrorCode nativeErrcode;
     char *msg = NULL;
     int msgLen;
     jclass excepClass;
@@ -105,28 +108,39 @@ finish:
 
 /*
  * This is done for regular sockets that we connect() and server sockets,
  * but not for sockets that come from accept.
  */
 JNIEXPORT jbyteArray JNICALL
 Java_org_mozilla_jss_ssl_SocketBase_socketCreate(JNIEnv *env, jobject self,
     jobject sockObj, jobject certApprovalCallback,
-    jobject clientCertSelectionCallback, jobject javaSock, jstring host)
+    jobject clientCertSelectionCallback, jobject javaSock, jstring host,jint family)
 {
     jbyteArray sdArray = NULL;
     JSSL_SocketData *sockdata = NULL;
     SECStatus status;
     PRFileDesc *newFD;
     PRFileDesc *tmpFD;
     PRFilePrivate *priv = NULL;
+    int socketFamily = 0;
+
+    if (family != SSL_AF_INET6 && family  != SSL_AF_INET) {
+       JSSL_throwSSLSocketException(env,
+                "socketCreate() Invalid family!");
+            goto finish;
+    }
+    if( family == SSL_AF_INET)
+       socketFamily = PR_AF_INET;
+    else
+       socketFamily = PR_AF_INET6;
 
     if( javaSock == NULL ) {
         /* create a TCP socket */
-        newFD = PR_NewTCPSocket();
+        newFD = PR_OpenTCPSocket(socketFamily);
         if( newFD == NULL ) {
             JSSL_throwSSLSocketException(env,
                 "PR_NewTCPSocket() returned NULL");
             goto finish;
         }
     } else {
         newFD = JSS_SSL_javasockToPRFD(env, javaSock);
         if( newFD == NULL ) {
@@ -374,39 +388,97 @@ PRInt32 JSSL_enums[] = {
 
 JNIEXPORT void JNICALL
 Java_org_mozilla_jss_ssl_SocketBase_socketBind
     (JNIEnv *env, jobject self, jbyteArray addrBA, jint port)
 {
     JSSL_SocketData *sock;
     PRNetAddr addr;
     jbyte *addrBAelems = NULL;
+    int addrBALen = 0;
     PRStatus status;
 
+    jmethodID supportsIPV6ID;
+    jclass socketBaseClass;
+    jboolean supportsIPV6 = 0;
+
     if( JSSL_getSockData(env, self, &sock) != PR_SUCCESS) {
         /* exception was thrown */
         goto finish;
     }
 
     /*
      * setup the PRNetAddr structure
      */
-    addr.inet.family = AF_INET;
-    addr.inet.port = htons(port);
+
+    /*
+     * Do we support IPV6?
+     */
+
+    socketBaseClass = (*env)->FindClass(env, SOCKET_BASE_NAME);
+    if( socketBaseClass == NULL ) {
+        ASSERT_OUTOFMEM(env);
+        goto finish;
+    }
+    supportsIPV6ID = (*env)->GetStaticMethodID(env, socketBaseClass,
+        SUPPORTS_IPV6_NAME, SUPPORTS_IPV6_SIG);
+
+    if( supportsIPV6ID == NULL ) {
+        ASSERT_OUTOFMEM(env);
+        goto finish;
+    }
+
+    supportsIPV6 = (*env)->CallStaticBooleanMethod(env, socketBaseClass,
+         supportsIPV6ID);
+
+    memset( &addr, 0, sizeof( PRNetAddr ));
+
     if( addrBA != NULL ) {
-        PR_ASSERT(sizeof(addr.inet.ip) == 4);
-        PR_ASSERT( (*env)->GetArrayLength(env, addrBA) == 4);
         addrBAelems = (*env)->GetByteArrayElements(env, addrBA, NULL);
+        addrBALen = (*env)->GetArrayLength(env, addrBA);
+
         if( addrBAelems == NULL ) {
             ASSERT_OUTOFMEM(env);
             goto finish;
         }
-        memcpy(&addr.inet.ip, addrBAelems, 4);
+
+        if(addrBALen != 4 && addrBALen != 16) {
+            JSS_throwMsgPrErr(env, BIND_EXCEPTION,
+            "Invalid address in bind!");
+             goto finish;
+        }
+
+        if( addrBALen == 4) {
+            addr.inet.family = PR_AF_INET;
+            addr.inet.port = PR_htons(port);
+            memcpy(&addr.inet.ip, addrBAelems, 4);
+
+            if(supportsIPV6) {
+                addr.inet.family = PR_AF_INET6;
+                addr.ipv6.port = PR_htons(port);
+                PR_ConvertIPv4AddrToIPv6(addr.inet.ip,&addr.ipv6.ip);
+            }
+
+        }  else {   /* Must be 16 and ipv6 */
+            if(supportsIPV6) {
+                addr.ipv6.family = PR_AF_INET6;
+                addr.ipv6.port = PR_htons(port);
+                memcpy(&addr.ipv6.ip,addrBAelems, 16);
+            }  else {
+                JSS_throwMsgPrErr(env, BIND_EXCEPTION,
+                    "Invalid address in bind!");
+                goto finish;
+            }
+        }
     } else {
-        addr.inet.ip = PR_htonl(INADDR_ANY);
+        if(supportsIPV6) {
+            status = PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr);
+        } else {
+            status = PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET, port, &addr);
+        }
     }
 
     /* do the bind() call */
     status = PR_Bind(sock->fd, &addr);
     if( status != PR_SUCCESS ) {
         JSS_throwMsgPrErr(env, BIND_EXCEPTION,
             "Could not bind to address");
         goto finish;
@@ -570,16 +642,88 @@ JSSL_getSockAddr
         JSSL_throwSSLSocketException(env, "PR_GetSockName failed");
     }
 
 finish:
     EXCEPTION_CHECK(env, sock)
     return status;
 }
 
+JNIEXPORT jbyteArray JNICALL
+Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressByteArrayNative
+    (JNIEnv *env, jobject self)
+{
+    jbyteArray byteArray=NULL;
+    PRNetAddr addr;
+    jbyte *address=NULL;
+    int size=4;
+
+    if( JSSL_getSockAddr(env, self, &addr, PEER_SOCK) != PR_SUCCESS) {
+        goto finish;
+    }
+
+    if( PR_NetAddrFamily(&addr) ==  PR_AF_INET6) {
+        size = 16;
+        address = (jbyte *) &addr.ipv6.ip;
+    } else {
+        address = (jbyte *) &addr.inet.ip;
+    }
+
+    byteArray = (*env)->NewByteArray(env,size);
+    if(byteArray == NULL) {
+        ASSERT_OUTOFMEM(env);
+        goto finish;
+    }
+    (*env)->SetByteArrayRegion(env, byteArray, 0,size ,address);
+    if( (*env)->ExceptionOccurred(env) != NULL) {
+        PR_ASSERT(PR_FALSE);
+        goto finish;
+    }
+
+finish:
+    return byteArray;
+}
+
+JNIEXPORT jbyteArray JNICALL
+Java_org_mozilla_jss_ssl_SocketBase_getLocalAddressByteArrayNative
+    (JNIEnv *env, jobject self)
+{
+    jbyteArray byteArray=NULL;
+    PRNetAddr addr;
+    jbyte *address=NULL;
+    int size=4;
+
+    if( JSSL_getSockAddr(env, self, &addr, LOCAL_SOCK) != PR_SUCCESS) {
+        goto finish;
+    }
+
+    if( PR_NetAddrFamily(&addr) ==  PR_AF_INET6) {
+        size = 16;
+        address = (jbyte *) &addr.ipv6.ip;
+    } else {
+        address = (jbyte *) &addr.inet.ip;
+    }
+
+    byteArray = (*env)->NewByteArray(env,size);
+    if(byteArray == NULL) {
+        ASSERT_OUTOFMEM(env);
+        goto finish;
+    }
+    (*env)->SetByteArrayRegion(env, byteArray, 0,size,address);
+    if( (*env)->ExceptionOccurred(env) != NULL) {
+        PR_ASSERT(PR_FALSE);
+        goto finish;
+    }
+
+finish:
+    return byteArray;
+}
+
+/* Leave the original versions of these functions for compatibility */
+
 JNIEXPORT jint JNICALL
 Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressNative
     (JNIEnv *env, jobject self)
 {
     PRNetAddr addr;
 
     if( JSSL_getSockAddr(env, self, &addr, PEER_SOCK) == PR_SUCCESS) {
         return ntohl(addr.inet.ip);
--- a/org/mozilla/jss/ssl/javasock.c
+++ b/org/mozilla/jss/ssl/javasock.c
@@ -253,16 +253,17 @@ static PRStatus
 getInetAddress(PRFileDesc *fd, PRNetAddr *addr, LocalOrPeer localOrPeer)
 {
     PRStatus status = PR_FAILURE;
     jobject sockObj;
     JNIEnv *env;
     jobject inetAddress;
     jbyteArray addrByteArray;
     jint port;
+    int addrBALen = 0;
 
     if( GET_ENV(fd->secret->javaVM, env) ) goto finish;
 
     /*
      * get the socket
      */
     sockObj = fd->secret->sockGlobalRef;
     PR_ASSERT(sockObj != NULL);
@@ -340,30 +341,38 @@ getInetAddress(PRFileDesc *fd, PRNetAddr
     /*
      * convert to a PRNetAddr
      */
     {
         jbyte *addrBytes;
 
         memset(addr, 0, sizeof(PRNetAddr));
 
-        /* we only handle IPV4 */
-        PR_ASSERT( (*env)->GetArrayLength(env, addrByteArray) == 4 );
+        addrBALen = (*env)->GetArrayLength(env, addrByteArray);
+
+        PR_ASSERT( (addrBALen == 4) || (addrBALen == 16 ) );
 
         /* make sure you release them later */
         addrBytes = (*env)->GetByteArrayElements(env, addrByteArray, NULL);
         if( addrBytes == NULL ) {
             ASSERT_OUTOFMEM(env);
             goto finish;
         }
 
         /* ip field is in network byte order */
-        memcpy( (void*) &addr->inet.ip, addrBytes, 4);
-        addr->inet.family = PR_AF_INET;
-        addr->inet.port = port;
+
+        if (addrBALen == 4) {
+            memcpy( (void*) &addr->inet.ip, addrBytes, 4);
+            addr->inet.family = PR_AF_INET;
+            addr->inet.port = port;
+        } else {
+            memcpy( (void*) &addr->ipv6.ip,addrBytes, 16);
+            addr->inet.family = PR_AF_INET6;
+            addr->inet.port = port;
+        }
 
         (*env)->ReleaseByteArrayElements(env, addrByteArray, addrBytes,
             JNI_ABORT);
     }
 
     status = PR_SUCCESS;
 
 finish:
--- a/org/mozilla/jss/util/java_ids.h
+++ b/org/mozilla/jss/util/java_ids.h
@@ -275,16 +275,18 @@ PR_BEGIN_EXTERN_C
 #define GET_BUF_SIZE_SIG "()I"
 
 /*
  * SocketBase
  */
 #define SOCKET_BASE_NAME "org/mozilla/jss/ssl/SocketBase"
 #define PROCESS_EXCEPTIONS_NAME "processExceptions"
 #define PROCESS_EXCEPTIONS_SIG "(Ljava/lang/Throwable;Ljava/lang/Throwable;)Ljava/lang/Throwable;"
+#define SUPPORTS_IPV6_NAME "supportsIPV6"
+#define SUPPORTS_IPV6_SIG "()Z"
 
 /*
  * SSLCertificateApprovalCallback
  */
 #define SSLCERT_APP_CB_APPROVE_NAME "approve"
 #define SSLCERT_APP_CB_APPROVE_SIG "(Lorg/mozilla/jss/crypto/X509Certificate;Lorg/mozilla/jss/ssl/SSLCertificateApprovalCallback$ValidityStatus;)Z"
 
 /*