/*

 * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.  Oracle designates this

 * particular file as subject to the "Classpath" exception as provided

 * by Oracle in the LICENSE file that accompanied this code.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

 * or visit www.oracle.com if you need additional information or have any

 * questions.

 */

package sun.security.ssl;

import sun.security.x509.X509CertImpl;

import java.io.IOException;

import java.lang.reflect.Array;

import java.math.BigInteger;

import java.net.InetAddress;

import java.nio.ByteBuffer;

import java.security.Principal;

import java.security.PrivateKey;

import java.security.cert.CertificateEncodingException;

import java.security.cert.X509Certificate;

import java.util.ArrayList;

import java.util.Arrays;

import java.util.Queue;

import java.util.Collection;

import java.util.Collections;

import java.util.Enumeration;

import java.util.List;

import java.util.concurrent.ConcurrentHashMap;

import java.util.concurrent.ConcurrentLinkedQueue;

import java.util.concurrent.locks.ReentrantLock;

import javax.crypto.SecretKey;

import javax.crypto.spec.SecretKeySpec;

import javax.net.ssl.ExtendedSSLSession;

import javax.net.ssl.SNIHostName;

import javax.net.ssl.SNIServerName;

import javax.net.ssl.SSLException;

import javax.net.ssl.SSLPeerUnverifiedException;

import javax.net.ssl.SSLPermission;

import javax.net.ssl.SSLSessionBindingEvent;

import javax.net.ssl.SSLSessionBindingListener;

import javax.net.ssl.SSLSessionContext;

/**

 * Implements the SSL session interface, and exposes the session context

 * which is maintained by SSL servers.

 *

 * <P> Servers have the ability to manage the sessions associated with

 * their authentication context(s).  They can do this by enumerating the

 * IDs of the sessions which are cached, examining those sessions, and then

 * perhaps invalidating a given session so that it can't be used again.

 * If servers do not explicitly manage the cache, sessions will linger

 * until memory is low enough that the runtime environment purges cache

 * entries automatically to reclaim space.

 *

 * <P><em> The only reason this class is not package-private is that

 * there's no other public way to get at the server session context which

 * is associated with any given authentication context. </em>

 *

 * @author David Brownell

 */

final class SSLSessionImpl extends ExtendedSSLSession {

    /*

     * we only really need a single null session

     */

    static final SSLSessionImpl         nullSession = new SSLSessionImpl();

    /*

     * The state of a single session, as described in section 7.1

     * of the SSLv3 spec.

     */

    private final ProtocolVersion       protocolVersion;

    private final SessionId             sessionId;

    private X509Certificate[]   peerCerts;

    private CipherSuite         cipherSuite;

    private SecretKey           masterSecret;

    final boolean               useExtendedMasterSecret;

    /*

     * Information not part of the SSLv3 protocol spec, but used

     * to support session management policies.

     */

    private final long          creationTime;

    private long                lastUsedTime = 0;

    private final String        host;

    private final int           port;

    private SSLSessionContextImpl       context;

    private boolean             invalidated;

    private X509Certificate[]   localCerts;

    private PrivateKey          localPrivateKey;

    private final Collection<SignatureScheme>     localSupportedSignAlgs;

    private Collection<SignatureScheme> peerSupportedSignAlgs; //for certificate

    private boolean             useDefaultPeerSignAlgs = false;

    private List<byte[]>        statusResponses;

    private SecretKey           resumptionMasterSecret;

    private SecretKey           preSharedKey;

    private byte[]              pskIdentity;

    private final long          ticketCreationTime = System.currentTimeMillis();

    private int                 ticketAgeAdd;

    private int                 negotiatedMaxFragLen = -1;

    private int                 maximumPacketSize;

    private final Queue<SSLSessionImpl> childSessions =

                                        new ConcurrentLinkedQueue<>();

    /*

     * Is the session currently re-established with a session-resumption

     * abbreviated initial handshake?

     *

     * Note that currently we only set this variable in client side.

     */

    private boolean isSessionResumption = false;

    /*

     * Use of session caches is globally enabled/disabled.

     */

    private static boolean      defaultRejoinable = true;

    // server name indication

    final SNIServerName         serverNameIndication;

    private final List<SNIServerName>    requestedServerNames;

    // Counter used to create unique nonces in NewSessionTicket

    private BigInteger ticketNonceCounter = BigInteger.ONE;

    // The endpoint identification algorithm used to check certificates

    // in this session.

    private final String        identificationProtocol;

    private final ReentrantLock sessionLock = new ReentrantLock();

    /*

     * Create a new non-rejoinable session, using the default (null)

     * cipher spec.  This constructor returns a session which could

     * be used either by a client or by a server, as a connection is

     * first opened and before handshaking begins.

     */

    private SSLSessionImpl() {

        this.protocolVersion = ProtocolVersion.NONE;

        this.cipherSuite = CipherSuite.C_NULL;

        this.sessionId = new SessionId(false, null);

        this.host = null;

        this.port = -1;

        this.localSupportedSignAlgs = Collections.emptySet();

        this.serverNameIndication = null;

        this.requestedServerNames = Collections.<SNIServerName>emptyList();

        this.useExtendedMasterSecret = false;

        this.creationTime = System.currentTimeMillis();

        this.identificationProtocol = null;

        this.boundValues = new ConcurrentHashMap<>();

    }

    /*

     * Create a new session, using a given cipher spec.  This will

     * be rejoinable if session caching is enabled; the constructor

     * is intended mostly for use by serves.

     */

    SSLSessionImpl(HandshakeContext hc, CipherSuite cipherSuite) {

        this(hc, cipherSuite,

            new SessionId(defaultRejoinable, hc.sslContext.getSecureRandom()));

    }

    /*

     * Record a new session, using a given cipher spec and session ID.

     */

    SSLSessionImpl(HandshakeContext hc, CipherSuite cipherSuite, SessionId id) {

        this(hc, cipherSuite, id, System.currentTimeMillis());

    }

    /*

     * Record a new session, using a given cipher spec, session ID,

     * and creation time.

     * Note: For the unmodifiable collections and lists we are creating new

     * collections as inputs to avoid potential deep nesting of

     * unmodifiable collections that can cause StackOverflowErrors

     * (see JDK-6323374).

     */

    SSLSessionImpl(HandshakeContext hc,

            CipherSuite cipherSuite, SessionId id, long creationTime) {

        this.protocolVersion = hc.negotiatedProtocol;

        this.cipherSuite = cipherSuite;

        this.sessionId = id;

        this.host = hc.conContext.transport.getPeerHost();

        this.port = hc.conContext.transport.getPeerPort();

        this.localSupportedSignAlgs = hc.localSupportedSignAlgs == null ?

                Collections.emptySet() :

                Collections.unmodifiableCollection(

                        new ArrayList<>(hc.localSupportedSignAlgs));

        this.serverNameIndication = hc.negotiatedServerName;

        this.requestedServerNames = Collections.unmodifiableList(

                new ArrayList<>(hc.getRequestedServerNames()));

        if (hc.sslConfig.isClientMode) {

            this.useExtendedMasterSecret =

                (hc.handshakeExtensions.get(

                        SSLExtension.CH_EXTENDED_MASTER_SECRET) != null) &&

                (hc.handshakeExtensions.get(

                        SSLExtension.SH_EXTENDED_MASTER_SECRET) != null);

        } else {

            this.useExtendedMasterSecret =

                (hc.handshakeExtensions.get(

                        SSLExtension.CH_EXTENDED_MASTER_SECRET) != null) &&

                (!hc.negotiatedProtocol.useTLS13PlusSpec());

        }

        this.creationTime = creationTime;

        this.identificationProtocol = hc.sslConfig.identificationProtocol;

        this.boundValues = new ConcurrentHashMap<>();

        if (SSLLogger.isOn && SSLLogger.isOn("session")) {

             SSLLogger.finest("Session initialized:  " + this);

        }

    }

    SSLSessionImpl(SSLSessionImpl baseSession, SessionId newId) {

        this.protocolVersion = baseSession.getProtocolVersion();

        this.cipherSuite = baseSession.cipherSuite;

        this.sessionId = newId;

        this.host = baseSession.getPeerHost();

        this.port = baseSession.getPeerPort();

        this.localSupportedSignAlgs =

                baseSession.localSupportedSignAlgs == null ?

                Collections.emptySet() : baseSession.localSupportedSignAlgs;

        this.peerSupportedSignAlgs =

                baseSession.peerSupportedSignAlgs == null ?

                Collections.emptySet() : baseSession.peerSupportedSignAlgs;

        this.serverNameIndication = baseSession.serverNameIndication;

        this.requestedServerNames = baseSession.getRequestedServerNames();

        this.masterSecret = baseSession.getMasterSecret();

        this.useExtendedMasterSecret = baseSession.useExtendedMasterSecret;

        this.creationTime = baseSession.getCreationTime();

        this.lastUsedTime = System.currentTimeMillis();

        this.identificationProtocol = baseSession.getIdentificationProtocol();

        this.localCerts = baseSession.localCerts;

        this.peerCerts = baseSession.peerCerts;

        this.statusResponses = baseSession.statusResponses;

        this.resumptionMasterSecret = baseSession.resumptionMasterSecret;

        this.context = baseSession.context;

        this.negotiatedMaxFragLen = baseSession.negotiatedMaxFragLen;

        this.maximumPacketSize = baseSession.maximumPacketSize;

        this.boundValues = baseSession.boundValues;

        if (SSLLogger.isOn && SSLLogger.isOn("session")) {

             SSLLogger.finest("Session initialized:  " + this);

        }

    }

    /**

     * < 2 bytes > protocolVersion

     * < 2 bytes > cipherSuite

     * < 1 byte > localSupportedSignAlgs entries

     *   < 2 bytes per entries > localSupportedSignAlgs

     * < 1 bytes > peerSupportedSignAlgs entries

     *   < 2 bytes per entries > peerSupportedSignAlgs

     * < 2 bytes > preSharedKey length

     * < length in bytes > preSharedKey

     * < 1 byte > pskIdentity length

     * < length in bytes > pskIdentity

     * < 1 byte > masterSecret length

     *   < 1 byte > masterSecret algorithm length

     *   < length in bytes > masterSecret algorithm

     *   < 2 bytes > masterSecretKey length

     *   < length in bytes> masterSecretKey

     * < 1 byte > useExtendedMasterSecret

     * < 1 byte > identificationProtocol length

     * < length in bytes > identificationProtocol

     * < 1 byte > serverNameIndication length

     * < length in bytes > serverNameIndication

     * < 1 byte > Number of requestedServerNames entries

     *   < 1 byte > ServerName length

     *   < length in bytes > ServerName

     * < 4 bytes > creationTime

     * < 2 byte > status response length

     *   < 2 byte > status response entry length

     *   < length in byte > status response entry

     * < 1 byte > Length of peer host

     *   < length in bytes > peer host

     * < 2 bytes> peer port

     * < 1 byte > Number of peerCerts entries

     *   < 4 byte > peerCert length

     *   < length in bytes > peerCert

     * < 1 byte > localCerts type (Cert, PSK, Anonymous)

     *   Certificate

     *     < 1 byte > Number of Certificate entries

     *       < 4 byte> Certificate length

     *       < length in bytes> Certificate

     *   PSK

     *     < 1 byte > Number of PSK entries

     *       < 1 bytes > PSK algorithm length

     *       < length in bytes > PSK algorithm string

     *       < 4 bytes > PSK key length

     *       < length in bytes> PSK key

     *       < 4 bytes > PSK identity length

     *       < length in bytes> PSK identity

     *   Anonymous

     *     < 1 byte >

     * < 4 bytes > maximumPacketSize

     * < 4 bytes > negotiatedMaxFragSize

    */

    SSLSessionImpl(HandshakeContext hc, ByteBuffer buf) throws IOException {

        int i = 0;

        byte[] b;

        boundValues = new ConcurrentHashMap<>();

        this.protocolVersion =

                ProtocolVersion.valueOf(Short.toUnsignedInt(buf.getShort()));

        if (protocolVersion.useTLS13PlusSpec()) {

            this.sessionId = new SessionId(false, null);

        } else {

            // The CH session id may reset this if it's provided

            this.sessionId = new SessionId(true,

                    hc.sslContext.getSecureRandom());

        }

        this.cipherSuite =

                CipherSuite.valueOf(Short.toUnsignedInt(buf.getShort()));

        // Local Supported signature algorithms

        ArrayList<SignatureScheme> list = new ArrayList<>();

        i = Byte.toUnsignedInt(buf.get());

        while (i-- > 0) {

            list.add(SignatureScheme.valueOf(

                    Short.toUnsignedInt(buf.getShort())));

        }

        this.localSupportedSignAlgs = Collections.unmodifiableCollection(list);

        // Peer Supported signature algorithms

        i = Byte.toUnsignedInt(buf.get());

        list.clear();

        while (i-- > 0) {

            list.add(SignatureScheme.valueOf(

                    Short.toUnsignedInt(buf.getShort())));

        }

        this.peerSupportedSignAlgs = Collections.unmodifiableCollection(list);

        // PSK

        i = Short.toUnsignedInt(buf.getShort());

        if (i > 0) {

            b = new byte[i];

            // Get algorithm string

            buf.get(b, 0, i);

            // Encoded length

            i = Short.toUnsignedInt(buf.getShort());

            // Encoded SecretKey

            b = new byte[i];

            buf.get(b);

            this.preSharedKey = new SecretKeySpec(b, "TlsMasterSecret");

        } else {

            this.preSharedKey = null;

        }

        // PSK identity

        i = buf.get();

        if (i > 0) {

            b = new byte[i];

            buf.get(b);

            this.pskIdentity = b;

        } else {

            this.pskIdentity = null;

        }

        // Master secret length of secret key algorithm  (one byte)

        i = buf.get();

        if (i > 0) {

            b = new byte[i];

            // Get algorithm string

            buf.get(b, 0, i);

            // Encoded length

            i = Short.toUnsignedInt(buf.getShort());

            // Encoded SecretKey

            b = new byte[i];

            buf.get(b);

            this.masterSecret = new SecretKeySpec(b, "TlsMasterSecret");

        } else {

            this.masterSecret = null;

        }

        // Use extended master secret

        this.useExtendedMasterSecret = (buf.get() != 0);

        // Identification Protocol

        i = buf.get();

        if (i == 0) {

            identificationProtocol = null;

        } else {

            b = new byte[i];

            identificationProtocol =

                    buf.get(b, 0, i).asCharBuffer().toString();

        }

        // SNI

        i = buf.get();  // length

        if (i == 0) {

            serverNameIndication = null;

        } else {

            b = new byte[i];

            buf.get(b, 0, b.length);

            serverNameIndication = new SNIHostName(b);

        }

        // List of SNIServerName

        int len = Short.toUnsignedInt(buf.getShort());

        if (len == 0) {

            this.requestedServerNames = Collections.<SNIServerName>emptyList();

        } else {

            requestedServerNames = new ArrayList<>();

            while (len > 0) {

                int l = buf.get();

                b = new byte[l];

                buf.get(b, 0, l);

                requestedServerNames.add(new SNIHostName(new String(b)));

                len--;

            }

        }

        maximumPacketSize = buf.getInt();

        negotiatedMaxFragLen = buf.getInt();

        // Get creation time

        this.creationTime = buf.getLong();

        // Get Buffer sizes

        // Status Response

        len = Short.toUnsignedInt(buf.getShort());

        if (len == 0) {

            statusResponses = Collections.emptyList();

        } else {

            statusResponses = new ArrayList<>();

        }

        while (len-- > 0) {

            b = new byte[Short.toUnsignedInt(buf.getShort())];

            buf.get(b);

            statusResponses.add(b);

        }

        // Get Peer host & port

        i = Byte.toUnsignedInt(buf.get());

        if (i == 0) {

            this.host = new String();

        } else {

            b = new byte[i];

            this.host = buf.get(b).toString();

        }

        this.port = Short.toUnsignedInt(buf.getShort());

        // Peer certs

        i = buf.get();

        if (i == 0) {

            this.peerCerts = null;

        } else {

            this.peerCerts = new X509Certificate[i];

            int j = 0;

            while (i > j) {

                b = new byte[buf.getInt()];

                buf.get(b);

                try {

                    this.peerCerts[j] = new X509CertImpl(b);

                } catch (Exception e) {

                    throw new IOException(e);

                }

                j++;

            }

        }

        // Get local certs of PSK

        switch (buf.get()) {

            case 0:

                break;

            case 1:

                // number of certs

                len = buf.get();

                this.localCerts = new X509Certificate[len];

                i = 0;

                while (len > i) {

                    b = new byte[buf.getInt()];

                    buf.get(b);

                    try {