|
1 /* |
|
2 * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. Oracle designates this |
|
8 * particular file as subject to the "Classpath" exception as provided |
|
9 * by Oracle in the LICENSE file that accompanied this code. |
|
10 * |
|
11 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 * version 2 for more details (a copy is included in the LICENSE file that |
|
15 * accompanied this code). |
|
16 * |
|
17 * You should have received a copy of the GNU General Public License version |
|
18 * 2 along with this work; if not, write to the Free Software Foundation, |
|
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 * |
|
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 * or visit www.oracle.com if you need additional information or have any |
|
23 * questions. |
|
24 */ |
|
25 |
|
26 |
|
27 package sun.security.ssl; |
|
28 |
|
29 import java.util.Enumeration; |
|
30 import java.util.Vector; |
|
31 import java.util.Locale; |
|
32 |
|
33 import javax.net.ssl.SSLSession; |
|
34 import javax.net.ssl.SSLSessionContext; |
|
35 |
|
36 import sun.security.util.Cache; |
|
37 |
|
38 |
|
39 final class SSLSessionContextImpl implements SSLSessionContext { |
|
40 private Cache<SessionId, SSLSessionImpl> sessionCache; |
|
41 // session cache, session id as key |
|
42 private Cache<String, SSLSessionImpl> sessionHostPortCache; |
|
43 // session cache, "host:port" as key |
|
44 private int cacheLimit; // the max cache size |
|
45 private int timeout; // timeout in seconds |
|
46 |
|
47 // package private |
|
48 SSLSessionContextImpl() { |
|
49 cacheLimit = getDefaultCacheLimit(); // default cache size |
|
50 timeout = 86400; // default, 24 hours |
|
51 |
|
52 // use soft reference |
|
53 sessionCache = Cache.newSoftMemoryCache(cacheLimit, timeout); |
|
54 sessionHostPortCache = Cache.newSoftMemoryCache(cacheLimit, timeout); |
|
55 } |
|
56 |
|
57 /** |
|
58 * Returns the <code>SSLSession</code> bound to the specified session id. |
|
59 */ |
|
60 @Override |
|
61 public SSLSession getSession(byte[] sessionId) { |
|
62 if (sessionId == null) { |
|
63 throw new NullPointerException("session id cannot be null"); |
|
64 } |
|
65 |
|
66 SSLSessionImpl sess = sessionCache.get(new SessionId(sessionId)); |
|
67 if (!isTimedout(sess)) { |
|
68 return sess; |
|
69 } |
|
70 |
|
71 return null; |
|
72 } |
|
73 |
|
74 /** |
|
75 * Returns an enumeration of the active SSL sessions. |
|
76 */ |
|
77 @Override |
|
78 public Enumeration<byte[]> getIds() { |
|
79 SessionCacheVisitor scVisitor = new SessionCacheVisitor(); |
|
80 sessionCache.accept(scVisitor); |
|
81 |
|
82 return scVisitor.getSessionIds(); |
|
83 } |
|
84 |
|
85 /** |
|
86 * Sets the timeout limit for cached <code>SSLSession</code> objects |
|
87 * |
|
88 * Note that after reset the timeout, the cached session before |
|
89 * should be timed within the shorter one of the old timeout and the |
|
90 * new timeout. |
|
91 */ |
|
92 @Override |
|
93 public void setSessionTimeout(int seconds) |
|
94 throws IllegalArgumentException { |
|
95 if (seconds < 0) { |
|
96 throw new IllegalArgumentException(); |
|
97 } |
|
98 |
|
99 if (timeout != seconds) { |
|
100 sessionCache.setTimeout(seconds); |
|
101 sessionHostPortCache.setTimeout(seconds); |
|
102 timeout = seconds; |
|
103 } |
|
104 } |
|
105 |
|
106 /** |
|
107 * Gets the timeout limit for cached <code>SSLSession</code> objects |
|
108 */ |
|
109 @Override |
|
110 public int getSessionTimeout() { |
|
111 return timeout; |
|
112 } |
|
113 |
|
114 /** |
|
115 * Sets the size of the cache used for storing |
|
116 * <code>SSLSession</code> objects. |
|
117 */ |
|
118 @Override |
|
119 public void setSessionCacheSize(int size) |
|
120 throws IllegalArgumentException { |
|
121 if (size < 0) |
|
122 throw new IllegalArgumentException(); |
|
123 |
|
124 if (cacheLimit != size) { |
|
125 sessionCache.setCapacity(size); |
|
126 sessionHostPortCache.setCapacity(size); |
|
127 cacheLimit = size; |
|
128 } |
|
129 } |
|
130 |
|
131 /** |
|
132 * Gets the size of the cache used for storing |
|
133 * <code>SSLSession</code> objects. |
|
134 */ |
|
135 @Override |
|
136 public int getSessionCacheSize() { |
|
137 return cacheLimit; |
|
138 } |
|
139 |
|
140 |
|
141 // package-private method, used ONLY by ServerHandshaker |
|
142 SSLSessionImpl get(byte[] id) { |
|
143 return (SSLSessionImpl)getSession(id); |
|
144 } |
|
145 |
|
146 // package-private method, used ONLY by ClientHandshaker |
|
147 SSLSessionImpl get(String hostname, int port) { |
|
148 /* |
|
149 * If no session caching info is available, we won't |
|
150 * get one, so exit before doing a lookup. |
|
151 */ |
|
152 if (hostname == null && port == -1) { |
|
153 return null; |
|
154 } |
|
155 |
|
156 SSLSessionImpl sess = sessionHostPortCache.get(getKey(hostname, port)); |
|
157 if (!isTimedout(sess)) { |
|
158 return sess; |
|
159 } |
|
160 |
|
161 return null; |
|
162 } |
|
163 |
|
164 private String getKey(String hostname, int port) { |
|
165 return (hostname + ":" + |
|
166 String.valueOf(port)).toLowerCase(Locale.ENGLISH); |
|
167 } |
|
168 |
|
169 // cache a SSLSession |
|
170 // |
|
171 // In SunJSSE implementation, a session is created while getting a |
|
172 // client hello or a server hello message, and cached while the |
|
173 // handshaking finished. |
|
174 // Here we time the session from the time it cached instead of the |
|
175 // time it created, which is a little longer than the expected. So |
|
176 // please do check isTimedout() while getting entry from the cache. |
|
177 void put(SSLSessionImpl s) { |
|
178 sessionCache.put(s.getSessionId(), s); |
|
179 |
|
180 // If no hostname/port info is available, don't add this one. |
|
181 if ((s.getPeerHost() != null) && (s.getPeerPort() != -1)) { |
|
182 sessionHostPortCache.put( |
|
183 getKey(s.getPeerHost(), s.getPeerPort()), s); |
|
184 } |
|
185 |
|
186 s.setContext(this); |
|
187 } |
|
188 |
|
189 // package-private method, remove a cached SSLSession |
|
190 void remove(SessionId key) { |
|
191 SSLSessionImpl s = sessionCache.get(key); |
|
192 if (s != null) { |
|
193 sessionCache.remove(key); |
|
194 sessionHostPortCache.remove( |
|
195 getKey(s.getPeerHost(), s.getPeerPort())); |
|
196 } |
|
197 } |
|
198 |
|
199 private int getDefaultCacheLimit() { |
|
200 int cacheLimit = 0; |
|
201 try { |
|
202 String s = java.security.AccessController.doPrivileged( |
|
203 new java.security.PrivilegedAction<String>() { |
|
204 @Override |
|
205 public String run() { |
|
206 return System.getProperty( |
|
207 "javax.net.ssl.sessionCacheSize"); |
|
208 } |
|
209 }); |
|
210 cacheLimit = (s != null) ? Integer.valueOf(s).intValue() : 0; |
|
211 } catch (Exception e) { |
|
212 } |
|
213 |
|
214 return (cacheLimit > 0) ? cacheLimit : 0; |
|
215 } |
|
216 |
|
217 boolean isTimedout(SSLSession sess) { |
|
218 if (timeout == 0) { |
|
219 return false; |
|
220 } |
|
221 |
|
222 if ((sess != null) && ((sess.getCreationTime() + timeout * 1000L) |
|
223 <= (System.currentTimeMillis()))) { |
|
224 sess.invalidate(); |
|
225 return true; |
|
226 } |
|
227 |
|
228 return false; |
|
229 } |
|
230 |
|
231 final class SessionCacheVisitor |
|
232 implements Cache.CacheVisitor<SessionId, SSLSessionImpl> { |
|
233 Vector<byte[]> ids = null; |
|
234 |
|
235 // public void visit(java.util.Map<K,V> map) {} |
|
236 @Override |
|
237 public void visit(java.util.Map<SessionId, SSLSessionImpl> map) { |
|
238 ids = new Vector<>(map.size()); |
|
239 |
|
240 for (SessionId key : map.keySet()) { |
|
241 SSLSessionImpl value = map.get(key); |
|
242 if (!isTimedout(value)) { |
|
243 ids.addElement(key.getId()); |
|
244 } |
|
245 } |
|
246 } |
|
247 |
|
248 public Enumeration<byte[]> getSessionIds() { |
|
249 return ids != null ? ids.elements() : |
|
250 new Vector<byte[]>().elements(); |
|
251 } |
|
252 } |
|
253 |
|
254 } |