branch | JDK-8145252-TLS13-branch |
changeset 56542 | 56aaa6cb3693 |
parent 48225 | 718669e6b375 |
child 56558 | 4a3deb6759b1 |
56541:92cbbfc996f3 | 56542:56aaa6cb3693 |
---|---|
1 /* |
1 /* |
2 * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
20 * |
20 * |
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 * or visit www.oracle.com if you need additional information or have any |
22 * or visit www.oracle.com if you need additional information or have any |
23 * questions. |
23 * questions. |
24 */ |
24 */ |
25 |
|
26 |
|
27 package sun.security.ssl; |
25 package sun.security.ssl; |
28 |
26 |
29 import java.net.*; |
27 import java.math.BigInteger; |
28 import java.net.InetAddress; |
|
29 import java.security.Principal; |
|
30 import java.security.PrivateKey; |
|
31 import java.security.cert.CertificateEncodingException; |
|
32 import java.security.cert.X509Certificate; |
|
33 import java.util.ArrayList; |
|
34 import java.util.Collection; |
|
35 import java.util.Collections; |
|
30 import java.util.Enumeration; |
36 import java.util.Enumeration; |
31 import java.util.Hashtable; |
37 import java.util.Hashtable; |
38 import java.util.List; |
|
32 import java.util.Vector; |
39 import java.util.Vector; |
33 import java.util.Collection; |
40 import java.util.Optional; |
34 import java.util.Collections; |
|
35 import java.util.List; |
|
36 import java.util.ArrayList; |
|
37 |
|
38 import java.security.Principal; |
|
39 import java.security.PrivateKey; |
|
40 import java.security.SecureRandom; |
|
41 import java.security.cert.X509Certificate; |
|
42 import java.security.cert.CertificateEncodingException; |
|
43 |
|
44 import javax.crypto.SecretKey; |
41 import javax.crypto.SecretKey; |
45 |
42 import javax.net.ssl.ExtendedSSLSession; |
46 import javax.net.ssl.SSLSessionContext; |
43 import javax.net.ssl.SNIServerName; |
47 import javax.net.ssl.SSLSessionBindingListener; |
|
48 import javax.net.ssl.SSLSessionBindingEvent; |
|
49 import javax.net.ssl.SSLPeerUnverifiedException; |
44 import javax.net.ssl.SSLPeerUnverifiedException; |
50 import javax.net.ssl.SSLPermission; |
45 import javax.net.ssl.SSLPermission; |
51 import javax.net.ssl.ExtendedSSLSession; |
46 import javax.net.ssl.SSLSessionBindingEvent; |
52 import javax.net.ssl.SNIServerName; |
47 import javax.net.ssl.SSLSessionBindingListener; |
53 |
48 import javax.net.ssl.SSLSessionContext; |
54 import static sun.security.ssl.CipherSuite.KeyExchange.*; |
|
55 |
49 |
56 /** |
50 /** |
57 * Implements the SSL session interface, and exposes the session context |
51 * Implements the SSL session interface, and exposes the session context |
58 * which is maintained by SSL servers. |
52 * which is maintained by SSL servers. |
59 * |
53 * |
89 private final SessionId sessionId; |
83 private final SessionId sessionId; |
90 private X509Certificate[] peerCerts; |
84 private X509Certificate[] peerCerts; |
91 private byte compressionMethod; |
85 private byte compressionMethod; |
92 private CipherSuite cipherSuite; |
86 private CipherSuite cipherSuite; |
93 private SecretKey masterSecret; |
87 private SecretKey masterSecret; |
94 private final boolean useExtendedMasterSecret; |
88 final boolean useExtendedMasterSecret; |
89 private SecretKey resumptionMasterSecret; |
|
90 private SecretKey preSharedKey; |
|
91 private byte[] pskIdentity; |
|
92 private final long ticketCreationTime = System.currentTimeMillis(); |
|
93 private int ticketAgeAdd; |
|
95 |
94 |
96 /* |
95 /* |
97 * Information not part of the SSLv3 protocol spec, but used |
96 * Information not part of the SSLv3 protocol spec, but used |
98 * to support session management policies. |
97 * to support session management policies. |
99 */ |
98 */ |
100 private final long creationTime = System.currentTimeMillis(); |
99 private final long creationTime; |
101 private long lastUsedTime = 0; |
100 private long lastUsedTime = 0; |
102 private final String host; |
101 private final String host; |
103 private final int port; |
102 private final int port; |
104 private SSLSessionContextImpl context; |
103 private SSLSessionContextImpl context; |
105 private int sessionCount; |
104 private int sessionCount; |
106 private boolean invalidated; |
105 private boolean invalidated; |
107 private X509Certificate[] localCerts; |
106 private X509Certificate[] localCerts; |
108 private PrivateKey localPrivateKey; |
107 private PrivateKey localPrivateKey; |
109 private String[] localSupportedSignAlgs; |
108 private final String[] localSupportedSignAlgs; |
110 private String[] peerSupportedSignAlgs; |
109 private String[] peerSupportedSignAlgs; |
111 private List<SNIServerName> requestedServerNames; |
|
112 private List<byte[]> statusResponses; |
110 private List<byte[]> statusResponses; |
113 |
111 |
114 private int negotiatedMaxFragLen; |
112 private int negotiatedMaxFragLen; |
115 private int maximumPacketSize; |
113 private int maximumPacketSize; |
116 |
114 |
136 /* |
134 /* |
137 * Use of session caches is globally enabled/disabled. |
135 * Use of session caches is globally enabled/disabled. |
138 */ |
136 */ |
139 private static boolean defaultRejoinable = true; |
137 private static boolean defaultRejoinable = true; |
140 |
138 |
141 /* Class and subclass dynamic debugging support */ |
139 // server name indication |
142 private static final Debug debug = Debug.getInstance("ssl"); |
140 final SNIServerName serverNameIndication; |
141 private final List<SNIServerName> requestedServerNames; |
|
142 |
|
143 // Counter used to create unique nonces in NewSessionTicket |
|
144 private BigInteger ticketNonceCounter = BigInteger.ONE; |
|
143 |
145 |
144 /* |
146 /* |
145 * Create a new non-rejoinable session, using the default (null) |
147 * Create a new non-rejoinable session, using the default (null) |
146 * cipher spec. This constructor returns a session which could |
148 * cipher spec. This constructor returns a session which could |
147 * be used either by a client or by a server, as a connection is |
149 * be used either by a client or by a server, as a connection is |
148 * first opened and before handshaking begins. |
150 * first opened and before handshaking begins. |
149 */ |
151 */ |
150 private SSLSessionImpl() { |
152 private SSLSessionImpl() { |
151 this(ProtocolVersion.NONE, CipherSuite.C_NULL, null, |
153 this.protocolVersion = ProtocolVersion.NONE; |
152 new SessionId(false, null), null, -1, false); |
154 this.cipherSuite = CipherSuite.C_NULL; |
155 this.sessionId = new SessionId(false, null); |
|
156 this.host = null; |
|
157 this.port = -1; |
|
158 this.localSupportedSignAlgs = new String[0]; |
|
159 this.serverNameIndication = null; |
|
160 this.requestedServerNames = Collections.<SNIServerName>emptyList(); |
|
161 this.useExtendedMasterSecret = false; |
|
162 this.creationTime = System.currentTimeMillis(); |
|
153 } |
163 } |
154 |
164 |
155 /* |
165 /* |
156 * Create a new session, using a given cipher spec. This will |
166 * Create a new session, using a given cipher spec. This will |
157 * be rejoinable if session caching is enabled; the constructor |
167 * be rejoinable if session caching is enabled; the constructor |
158 * is intended mostly for use by serves. |
168 * is intended mostly for use by serves. |
159 */ |
169 */ |
160 SSLSessionImpl(ProtocolVersion protocolVersion, CipherSuite cipherSuite, |
170 SSLSessionImpl(HandshakeContext hc, CipherSuite cipherSuite) { |
161 Collection<SignatureAndHashAlgorithm> algorithms, |
171 this(hc, cipherSuite, |
162 SecureRandom generator, String host, int port, |
172 new SessionId(defaultRejoinable, hc.sslContext.getSecureRandom())); |
163 boolean useExtendedMasterSecret) { |
|
164 this(protocolVersion, cipherSuite, algorithms, |
|
165 new SessionId(defaultRejoinable, generator), host, port, |
|
166 useExtendedMasterSecret); |
|
167 } |
173 } |
168 |
174 |
169 /* |
175 /* |
170 * Record a new session, using a given cipher spec and session ID. |
176 * Record a new session, using a given cipher spec and session ID. |
171 */ |
177 */ |
172 SSLSessionImpl(ProtocolVersion protocolVersion, CipherSuite cipherSuite, |
178 SSLSessionImpl(HandshakeContext hc, CipherSuite cipherSuite, SessionId id) { |
173 Collection<SignatureAndHashAlgorithm> algorithms, |
179 this(hc, cipherSuite, id, System.currentTimeMillis()); |
174 SessionId id, String host, int port, |
180 } |
175 boolean useExtendedMasterSecret) { |
181 |
176 this.protocolVersion = protocolVersion; |
182 /* |
177 sessionId = id; |
183 * Record a new session, using a given cipher spec, session ID, |
184 * and creation time |
|
185 */ |
|
186 SSLSessionImpl(HandshakeContext hc, CipherSuite cipherSuite, SessionId id, long creationTime) { |
|
187 this.creationTime = creationTime; |
|
188 this.protocolVersion = hc.negotiatedProtocol; |
|
189 this.sessionId = id; |
|
178 peerCerts = null; |
190 peerCerts = null; |
179 compressionMethod = compression_null; |
191 compressionMethod = compression_null; |
180 this.cipherSuite = cipherSuite; |
192 this.cipherSuite = cipherSuite; |
181 masterSecret = null; |
193 masterSecret = null; |
182 this.host = host; |
194 this.host = hc.conContext.transport.getPeerHost(); |
183 this.port = port; |
195 this.port = hc.conContext.transport.getPeerPort(); |
184 sessionCount = ++counter; |
196 sessionCount = ++counter; |
185 localSupportedSignAlgs = |
197 this.localSupportedSignAlgs = |
186 SignatureAndHashAlgorithm.getAlgorithmNames(algorithms); |
198 SignatureScheme.getAlgorithmNames(hc.localSupportedSignAlgs); |
187 negotiatedMaxFragLen = -1; |
199 negotiatedMaxFragLen = -1; |
188 statusResponses = null; |
200 statusResponses = null; |
189 this.useExtendedMasterSecret = useExtendedMasterSecret; |
201 this.requestedServerNames = |
190 |
202 Collections.unmodifiableList(hc.requestedServerNames); |
191 if (debug != null && Debug.isOn("session")) { |
203 this.serverNameIndication = hc.negotiatedServerName; |
192 System.out.println("%% Initialized: " + this); |
204 if (hc.sslConfig.isClientMode) { |
205 this.useExtendedMasterSecret = |
|
206 (hc.handshakeExtensions.get( |
|
207 SSLExtension.CH_EXTENDED_MASTER_SECRET) != null) && |
|
208 (hc.handshakeExtensions.get( |
|
209 SSLExtension.SH_EXTENDED_MASTER_SECRET) != null); |
|
210 } else { |
|
211 this.useExtendedMasterSecret = |
|
212 (hc.handshakeExtensions.get( |
|
213 SSLExtension.CH_EXTENDED_MASTER_SECRET) != null) && |
|
214 (!hc.negotiatedProtocol.useTLS13PlusSpec()); |
|
215 } |
|
216 |
|
217 if (SSLLogger.isOn && SSLLogger.isOn("session")) { |
|
218 SSLLogger.finest("Session initialized: " + this); |
|
193 } |
219 } |
194 } |
220 } |
195 |
221 |
196 void setMasterSecret(SecretKey secret) { |
222 void setMasterSecret(SecretKey secret) { |
197 if (masterSecret == null) { |
223 if (masterSecret == null) { |
199 } else { |
225 } else { |
200 throw new RuntimeException("setMasterSecret() error"); |
226 throw new RuntimeException("setMasterSecret() error"); |
201 } |
227 } |
202 } |
228 } |
203 |
229 |
230 void setResumptionMasterSecret(SecretKey secret) { |
|
231 if (resumptionMasterSecret == null) { |
|
232 resumptionMasterSecret = secret; |
|
233 } else { |
|
234 throw new RuntimeException("setResumptionMasterSecret() error"); |
|
235 } |
|
236 } |
|
237 |
|
238 void setPreSharedKey(SecretKey key) { |
|
239 if (preSharedKey == null) { |
|
240 preSharedKey = key; |
|
241 } else { |
|
242 throw new RuntimeException("setPreSharedKey() error"); |
|
243 } |
|
244 } |
|
245 |
|
246 void setTicketAgeAdd(int ticketAgeAdd) { |
|
247 this.ticketAgeAdd = ticketAgeAdd; |
|
248 } |
|
249 |
|
250 void setPskIdentity(byte[] pskIdentity) { |
|
251 if (this.pskIdentity == null) { |
|
252 this.pskIdentity = pskIdentity; |
|
253 } else { |
|
254 throw new RuntimeException("setPskIdentity() error"); |
|
255 } |
|
256 } |
|
257 |
|
258 BigInteger incrTicketNonceCounter() { |
|
259 BigInteger result = ticketNonceCounter; |
|
260 ticketNonceCounter = ticketNonceCounter.add(BigInteger.valueOf(1)); |
|
261 return result; |
|
262 } |
|
263 |
|
204 /** |
264 /** |
205 * Returns the master secret ... treat with extreme caution! |
265 * Returns the master secret ... treat with extreme caution! |
206 */ |
266 */ |
207 SecretKey getMasterSecret() { |
267 SecretKey getMasterSecret() { |
208 return masterSecret; |
268 return masterSecret; |
209 } |
269 } |
210 |
270 |
211 boolean getUseExtendedMasterSecret() { |
271 Optional<SecretKey> getResumptionMasterSecret() { |
212 return useExtendedMasterSecret; |
272 return Optional.ofNullable(resumptionMasterSecret); |
273 } |
|
274 |
|
275 synchronized Optional<SecretKey> getPreSharedKey() { |
|
276 return Optional.ofNullable(preSharedKey); |
|
277 } |
|
278 |
|
279 synchronized Optional<SecretKey> consumePreSharedKey() { |
|
280 Optional<SecretKey> result = Optional.ofNullable(preSharedKey); |
|
281 preSharedKey = null; |
|
282 return result; |
|
283 } |
|
284 |
|
285 int getTicketAgeAdd() { |
|
286 return ticketAgeAdd; |
|
287 } |
|
288 |
|
289 /* |
|
290 * Get the PSK identity. Take care not to use it in multiple connections. |
|
291 */ |
|
292 synchronized Optional<byte[]> getPskIdentity() { |
|
293 return Optional.ofNullable(pskIdentity); |
|
294 } |
|
295 |
|
296 /* PSK identities created from new_session_ticket messages should only |
|
297 * be used once. This method will return the identity and then clear it |
|
298 * so it cannot be used again. |
|
299 */ |
|
300 synchronized Optional<byte[]> consumePskIdentity() { |
|
301 Optional<byte[]> result = Optional.ofNullable(pskIdentity); |
|
302 pskIdentity = null; |
|
303 return result; |
|
213 } |
304 } |
214 |
305 |
215 void setPeerCertificates(X509Certificate[] peer) { |
306 void setPeerCertificates(X509Certificate[] peer) { |
216 if (peerCerts == null) { |
307 if (peerCerts == null) { |
217 peerCerts = peer; |
308 peerCerts = peer; |
225 void setLocalPrivateKey(PrivateKey privateKey) { |
316 void setLocalPrivateKey(PrivateKey privateKey) { |
226 localPrivateKey = privateKey; |
317 localPrivateKey = privateKey; |
227 } |
318 } |
228 |
319 |
229 void setPeerSupportedSignatureAlgorithms( |
320 void setPeerSupportedSignatureAlgorithms( |
230 Collection<SignatureAndHashAlgorithm> algorithms) { |
321 Collection<SignatureScheme> signatureSchemes) { |
231 peerSupportedSignAlgs = |
322 peerSupportedSignAlgs = |
232 SignatureAndHashAlgorithm.getAlgorithmNames(algorithms); |
323 SignatureScheme.getAlgorithmNames(signatureSchemes); |
233 } |
|
234 |
|
235 void setRequestedServerNames(List<SNIServerName> requestedServerNames) { |
|
236 this.requestedServerNames = new ArrayList<>(requestedServerNames); |
|
237 } |
324 } |
238 |
325 |
239 /** |
326 /** |
240 * Provide status response data obtained during the SSL handshake. |
327 * Provide status response data obtained during the SSL handshake. |
241 * |
328 * |
284 |
371 |
285 /** |
372 /** |
286 * Check if the authentication used when establishing this session |
373 * Check if the authentication used when establishing this session |
287 * is still valid. Returns true if no authentication was used |
374 * is still valid. Returns true if no authentication was used |
288 */ |
375 */ |
289 boolean isLocalAuthenticationValid() { |
376 private boolean isLocalAuthenticationValid() { |
290 if (localPrivateKey != null) { |
377 if (localPrivateKey != null) { |
291 try { |
378 try { |
292 // if the private key is no longer valid, getAlgorithm() |
379 // if the private key is no longer valid, getAlgorithm() |
293 // should throw an exception |
380 // should throw an exception |
294 // (e.g. Smartcard has been removed from the reader) |
381 // (e.g. Smartcard has been removed from the reader) |
296 } catch (Exception e) { |
383 } catch (Exception e) { |
297 invalidate(); |
384 invalidate(); |
298 return false; |
385 return false; |
299 } |
386 } |
300 } |
387 } |
388 |
|
301 return true; |
389 return true; |
302 } |
390 } |
303 |
391 |
304 /** |
392 /** |
305 * Returns the ID for this session. The ID is fixed for the |
393 * Returns the ID for this session. The ID is fixed for the |
352 * Resets the cipher spec in use on this session |
440 * Resets the cipher spec in use on this session |
353 */ |
441 */ |
354 void setSuite(CipherSuite suite) { |
442 void setSuite(CipherSuite suite) { |
355 cipherSuite = suite; |
443 cipherSuite = suite; |
356 |
444 |
357 if (debug != null && Debug.isOn("session")) { |
445 if (SSLLogger.isOn && SSLLogger.isOn("session")) { |
358 System.out.println("%% Negotiating: " + this); |
446 SSLLogger.finest("Negotiating session: " + this); |
359 } |
447 } |
360 } |
448 } |
361 |
449 |
362 /** |
450 /** |
363 * Return true if the session is currently re-established with a |
451 * Return true if the session is currently re-established with a |
407 */ |
495 */ |
408 @Override |
496 @Override |
409 public int hashCode() { |
497 public int hashCode() { |
410 return sessionId.hashCode(); |
498 return sessionId.hashCode(); |
411 } |
499 } |
412 |
|
413 |
500 |
414 /** |
501 /** |
415 * Returns true if sessions have same ids, false otherwise. |
502 * Returns true if sessions have same ids, false otherwise. |
416 */ |
503 */ |
417 @Override |
504 @Override |
447 // |
534 // |
448 // clone to preserve integrity of session ... caller can't |
535 // clone to preserve integrity of session ... caller can't |
449 // change record of peer identity even by accident, much |
536 // change record of peer identity even by accident, much |
450 // less do it intentionally. |
537 // less do it intentionally. |
451 // |
538 // |
452 if (ClientKeyExchangeService.find(cipherSuite.keyExchange.name) != null) { |
|
453 throw new SSLPeerUnverifiedException("no certificates expected" |
|
454 + " for " + cipherSuite.keyExchange + " cipher suites"); |
|
455 } |
|
456 if (peerCerts == null) { |
539 if (peerCerts == null) { |
457 throw new SSLPeerUnverifiedException("peer not authenticated"); |
540 throw new SSLPeerUnverifiedException("peer not authenticated"); |
458 } |
541 } |
459 // Certs are immutable objects, therefore we don't clone them. |
542 // Certs are immutable objects, therefore we don't clone them. |
460 // But do need to clone the array, so that nothing is inserted |
543 // But do need to clone the array, so that nothing is inserted |
502 // |
585 // |
503 // clone to preserve integrity of session ... caller can't |
586 // clone to preserve integrity of session ... caller can't |
504 // change record of peer identity even by accident, much |
587 // change record of peer identity even by accident, much |
505 // less do it intentionally. |
588 // less do it intentionally. |
506 // |
589 // |
507 if (ClientKeyExchangeService.find(cipherSuite.keyExchange.name) != null) { |
|
508 throw new SSLPeerUnverifiedException("no certificates expected" |
|
509 + " for " + cipherSuite.keyExchange + " cipher suites"); |
|
510 } |
|
511 if (peerCerts == null) { |
590 if (peerCerts == null) { |
512 throw new SSLPeerUnverifiedException("peer not authenticated"); |
591 throw new SSLPeerUnverifiedException("peer not authenticated"); |
513 } |
592 } |
514 javax.security.cert.X509Certificate[] certs; |
593 javax.security.cert.X509Certificate[] certs; |
515 certs = new javax.security.cert.X509Certificate[peerCerts.length]; |
594 certs = new javax.security.cert.X509Certificate[peerCerts.length]; |
542 /* |
621 /* |
543 * clone to preserve integrity of session ... caller can't |
622 * clone to preserve integrity of session ... caller can't |
544 * change record of peer identity even by accident, much |
623 * change record of peer identity even by accident, much |
545 * less do it intentionally. |
624 * less do it intentionally. |
546 */ |
625 */ |
547 if (ClientKeyExchangeService.find(cipherSuite.keyExchange.name) != null) { |
|
548 throw new SSLPeerUnverifiedException("no certificates expected" |
|
549 + " for " + cipherSuite.keyExchange + " cipher suites"); |
|
550 } |
|
551 if (peerCerts != null) { |
626 if (peerCerts != null) { |
552 return peerCerts.clone(); |
627 return peerCerts.clone(); |
553 } else { |
628 } else { |
554 throw new SSLPeerUnverifiedException("peer not authenticated"); |
629 throw new SSLPeerUnverifiedException("peer not authenticated"); |
555 } |
630 } |
592 */ |
667 */ |
593 @Override |
668 @Override |
594 public Principal getPeerPrincipal() |
669 public Principal getPeerPrincipal() |
595 throws SSLPeerUnverifiedException |
670 throws SSLPeerUnverifiedException |
596 { |
671 { |
597 if (ClientKeyExchangeService.find(cipherSuite.keyExchange.name) != null) { |
|
598 if (peerPrincipal == null) { |
|
599 throw new SSLPeerUnverifiedException("peer not authenticated"); |
|
600 } else { |
|
601 return peerPrincipal; |
|
602 } |
|
603 } |
|
604 if (peerCerts == null) { |
672 if (peerCerts == null) { |
605 throw new SSLPeerUnverifiedException("peer not authenticated"); |
673 throw new SSLPeerUnverifiedException("peer not authenticated"); |
606 } |
674 } |
607 return peerCerts[0].getSubjectX500Principal(); |
675 return peerCerts[0].getSubjectX500Principal(); |
608 } |
676 } |
615 * Principal for Kerberos cipher suites, etc. If no principal was |
683 * Principal for Kerberos cipher suites, etc. If no principal was |
616 * sent, then null is returned. |
684 * sent, then null is returned. |
617 */ |
685 */ |
618 @Override |
686 @Override |
619 public Principal getLocalPrincipal() { |
687 public Principal getLocalPrincipal() { |
620 |
688 return ((localCerts == null && localCerts.length != 0) ? null : |
621 if (ClientKeyExchangeService.find(cipherSuite.keyExchange.name) != null) { |
|
622 return (localPrincipal == null ? null : localPrincipal); |
|
623 } |
|
624 return (localCerts == null ? null : |
|
625 localCerts[0].getSubjectX500Principal()); |
689 localCerts[0].getSubjectX500Principal()); |
690 } |
|
691 |
|
692 /* |
|
693 * Return the time the ticket for this session was created. |
|
694 */ |
|
695 public long getTicketCreationTime() { |
|
696 return ticketCreationTime; |
|
626 } |
697 } |
627 |
698 |
628 /** |
699 /** |
629 * Returns the time this session was created. |
700 * Returns the time this session was created. |
630 */ |
701 */ |
694 // |
765 // |
695 if (this == nullSession) { |
766 if (this == nullSession) { |
696 return; |
767 return; |
697 } |
768 } |
698 invalidated = true; |
769 invalidated = true; |
699 if (debug != null && Debug.isOn("session")) { |
770 if (SSLLogger.isOn && SSLLogger.isOn("session")) { |
700 System.out.println("%% Invalidated: " + this); |
771 SSLLogger.finest("Invalidated session: " + this); |
701 } |
772 } |
702 if (context != null) { |
773 if (context != null) { |
703 context.remove(sessionId); |
774 context.remove(sessionId); |
704 context = null; |
775 context = null; |
705 } |
776 } |
736 |
807 |
737 e = new SSLSessionBindingEvent(this, key); |
808 e = new SSLSessionBindingEvent(this, key); |
738 ((SSLSessionBindingListener)value).valueBound(e); |
809 ((SSLSessionBindingListener)value).valueBound(e); |
739 } |
810 } |
740 } |
811 } |
741 |
|
742 |
812 |
743 /** |
813 /** |
744 * Returns the specified session value. |
814 * Returns the specified session value. |
745 */ |
815 */ |
746 @Override |
816 @Override |
811 * Application could accept large fragments up to 2^15 bytes by |
881 * Application could accept large fragments up to 2^15 bytes by |
812 * setting the system property jsse.SSLEngine.acceptLargeFragments |
882 * setting the system property jsse.SSLEngine.acceptLargeFragments |
813 * to "true". |
883 * to "true". |
814 */ |
884 */ |
815 private boolean acceptLargeFragments = |
885 private boolean acceptLargeFragments = |
816 Debug.getBooleanProperty("jsse.SSLEngine.acceptLargeFragments", false); |
886 Utilities.getBooleanProperty( |
887 "jsse.SSLEngine.acceptLargeFragments", false); |
|
817 |
888 |
818 /** |
889 /** |
819 * Expand the buffer size of both SSL/TLS network packet and |
890 * Expand the buffer size of both SSL/TLS network packet and |
820 * application data. |
891 * application data. |
821 */ |
892 */ |
833 // and negotiatedMaxFragLen. |
904 // and negotiatedMaxFragLen. |
834 int packetSize = 0; |
905 int packetSize = 0; |
835 if (negotiatedMaxFragLen > 0) { |
906 if (negotiatedMaxFragLen > 0) { |
836 packetSize = cipherSuite.calculatePacketSize( |
907 packetSize = cipherSuite.calculatePacketSize( |
837 negotiatedMaxFragLen, protocolVersion, |
908 negotiatedMaxFragLen, protocolVersion, |
838 protocolVersion.isDTLSProtocol()); |
909 protocolVersion.isDTLS); |
839 } |
910 } |
840 |
911 |
841 if (maximumPacketSize > 0) { |
912 if (maximumPacketSize > 0) { |
842 return (maximumPacketSize > packetSize) ? |
913 return (maximumPacketSize > packetSize) ? |
843 maximumPacketSize : packetSize; |
914 maximumPacketSize : packetSize; |
845 |
916 |
846 if (packetSize != 0) { |
917 if (packetSize != 0) { |
847 return packetSize; |
918 return packetSize; |
848 } |
919 } |
849 |
920 |
850 if (protocolVersion.isDTLSProtocol()) { |
921 if (protocolVersion.isDTLS) { |
851 return DTLSRecord.maxRecordSize; |
922 return DTLSRecord.maxRecordSize; |
852 } else { |
923 } else { |
853 return acceptLargeFragments ? |
924 return acceptLargeFragments ? |
854 SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize; |
925 SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize; |
855 } |
926 } |
865 // and negotiatedMaxFragLen. |
936 // and negotiatedMaxFragLen. |
866 int fragmentSize = 0; |
937 int fragmentSize = 0; |
867 if (maximumPacketSize > 0) { |
938 if (maximumPacketSize > 0) { |
868 fragmentSize = cipherSuite.calculateFragSize( |
939 fragmentSize = cipherSuite.calculateFragSize( |
869 maximumPacketSize, protocolVersion, |
940 maximumPacketSize, protocolVersion, |
870 protocolVersion.isDTLSProtocol()); |
941 protocolVersion.isDTLS); |
871 } |
942 } |
872 |
943 |
873 if (negotiatedMaxFragLen > 0) { |
944 if (negotiatedMaxFragLen > 0) { |
874 return (negotiatedMaxFragLen > fragmentSize) ? |
945 return (negotiatedMaxFragLen > fragmentSize) ? |
875 negotiatedMaxFragLen : fragmentSize; |
946 negotiatedMaxFragLen : fragmentSize; |
877 |
948 |
878 if (fragmentSize != 0) { |
949 if (fragmentSize != 0) { |
879 return fragmentSize; |
950 return fragmentSize; |
880 } |
951 } |
881 |
952 |
882 if (protocolVersion.isDTLSProtocol()) { |
953 if (protocolVersion.isDTLS) { |
883 return Record.maxDataSize; |
954 return Record.maxDataSize; |
884 } else { |
955 } else { |
885 int maxPacketSize = acceptLargeFragments ? |
956 int maxPacketSize = acceptLargeFragments ? |
886 SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize; |
957 SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize; |
887 return (maxPacketSize - SSLRecord.headerSize); |
958 return (maxPacketSize - SSLRecord.headerSize); |
966 public String toString() { |
1037 public String toString() { |
967 return "[Session-" + sessionCount |
1038 return "[Session-" + sessionCount |
968 + ", " + getCipherSuite() |
1039 + ", " + getCipherSuite() |
969 + "]"; |
1040 + "]"; |
970 } |
1041 } |
971 |
|
972 } |
1042 } |
973 |
1043 |
974 |
1044 |
975 /** |
1045 /** |
976 * This "struct" class serves as a Hash Key that combines an |
1046 * This "struct" class serves as a Hash Key that combines an |
977 * application-specific key and a security context. |
1047 * application-specific key and a security context. |
978 */ |
1048 */ |
979 class SecureKey { |
1049 class SecureKey { |
980 private static Object nullObject = new Object(); |
1050 private static Object nullObject = new Object(); |
981 private Object appKey; |
1051 private Object appKey; |
982 private Object securityCtx; |
1052 private Object securityCtx; |
983 |
1053 |
984 static Object getCurrentSecurityContext() { |
1054 static Object getCurrentSecurityContext() { |
985 SecurityManager sm = System.getSecurityManager(); |
1055 SecurityManager sm = System.getSecurityManager(); |
986 Object context = null; |
1056 Object context = null; |
987 |
1057 |