jdk-sandbox: comparison src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java

equal deleted inserted replaced

-:356eaea05bf0
+:68fa3d4026ea
 /*
-* Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */
 package sun.security.ssl;
-import java.net.*;
+import java.math.BigInteger;
-import java.util.Enumeration;
+import java.net.InetAddress;
-import java.util.Hashtable;
+import java.security.Principal;
-import java.util.Vector;
+import java.security.PrivateKey;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Queue;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.Enumeration;
 import java.util.List;
-import java.util.ArrayList;
+import java.util.Optional;
+import java.util.concurrent.ConcurrentHashMap;
-import java.security.Principal;
+import java.util.concurrent.ConcurrentLinkedQueue;
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-import java.security.cert.CertificateEncodingException;
 import javax.crypto.SecretKey;
+import javax.net.ssl.ExtendedSSLSession;
-import javax.net.ssl.SSLSessionContext;
+import javax.net.ssl.SNIServerName;
-import javax.net.ssl.SSLSessionBindingListener;
-import javax.net.ssl.SSLSessionBindingEvent;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLPermission;
-import javax.net.ssl.ExtendedSSLSession;
+import javax.net.ssl.SSLSessionBindingEvent;
-import javax.net.ssl.SNIServerName;
+import javax.net.ssl.SSLSessionBindingListener;
+import javax.net.ssl.SSLSessionContext;
-import static sun.security.ssl.CipherSuite.KeyExchange.*;
 /**
 * Implements the SSL session interface, and exposes the session context
 * which is maintained by SSL servers.
 *
 /*
 * we only really need a single null session
 */
 static final SSLSessionImpl         nullSession = new SSLSessionImpl();
-// compression methods
-private static final byte           compression_null = 0;
 /*
 * The state of a single session, as described in section 7.1
 * of the SSLv3 spec.
 */
 private final ProtocolVersion       protocolVersion;
 private final SessionId             sessionId;
 private X509Certificate[]   peerCerts;
-private byte                compressionMethod;
 private CipherSuite         cipherSuite;
 private SecretKey           masterSecret;
-private final boolean       useExtendedMasterSecret;
+final boolean               useExtendedMasterSecret;
 /*
 * Information not part of the SSLv3 protocol spec, but used
 * to support session management policies.
 */
-private final long          creationTime = System.currentTimeMillis();
+private final long          creationTime;
 private long                lastUsedTime = 0;
 private final String        host;
 private final int           port;
 private SSLSessionContextImpl       context;
-private int                 sessionCount;
 private boolean             invalidated;
 private X509Certificate[]   localCerts;
 private PrivateKey          localPrivateKey;
-private String[]            localSupportedSignAlgs;
+private final String[]      localSupportedSignAlgs;
-private String[]            peerSupportedSignAlgs;
+private String[]            peerSupportedSignAlgs;      // for certificate
-private List<SNIServerName>    requestedServerNames;
+private boolean             useDefaultPeerSignAlgs = false;
 private List<byte[]>        statusResponses;
+private SecretKey           resumptionMasterSecret;
-private int                 negotiatedMaxFragLen;
+private SecretKey           preSharedKey;
+private byte[]              pskIdentity;
+private final long          ticketCreationTime = System.currentTimeMillis();
+private int                 ticketAgeAdd;
+private int                 negotiatedMaxFragLen = -1;
 private int                 maximumPacketSize;
-// Principals for non-certificate based cipher suites
+private final Queue<SSLSessionImpl> childSessions =
-private Principal peerPrincipal;
+new ConcurrentLinkedQueue<>();
-private Principal localPrincipal;
 /*
 * Is the session currently re-established with a session-resumption
 * abbreviated initial handshake?
 *
 * Note that currently we only set this variable in client side.
 */
 private boolean isSessionResumption = false;
 /*
-* We count session creations, eventually for statistical data but
-* also since counters make shorter debugging IDs than the big ones
-* we use in the protocol for uniqueness-over-time.
-*/
-private static volatile int counter;
-/*
 * Use of session caches is globally enabled/disabled.
 */
 private static boolean      defaultRejoinable = true;
-/* Class and subclass dynamic debugging support */
+// server name indication
-private static final Debug debug = Debug.getInstance("ssl");
+final SNIServerName         serverNameIndication;
+private final List<SNIServerName>    requestedServerNames;
+// Counter used to create unique nonces in NewSessionTicket
+private BigInteger ticketNonceCounter = BigInteger.ONE;
 /*
 * Create a new non-rejoinable session, using the default (null)
 * cipher spec.  This constructor returns a session which could
 * be used either by a client or by a server, as a connection is
 * first opened and before handshaking begins.
 */
 private SSLSessionImpl() {
-this(ProtocolVersion.NONE, CipherSuite.C_NULL, null,
+this.protocolVersion = ProtocolVersion.NONE;
-new SessionId(false, null), null, -1, false);
+this.cipherSuite = CipherSuite.C_NULL;
+this.sessionId = new SessionId(false, null);
+this.host = null;
+this.port = -1;
+this.localSupportedSignAlgs = new String[0];
+this.serverNameIndication = null;
+this.requestedServerNames = Collections.<SNIServerName>emptyList();
+this.useExtendedMasterSecret = false;
+this.creationTime = System.currentTimeMillis();
 }
 /*
 * Create a new session, using a given cipher spec.  This will
 * be rejoinable if session caching is enabled; the constructor
 * is intended mostly for use by serves.
 */
-SSLSessionImpl(ProtocolVersion protocolVersion, CipherSuite cipherSuite,
+SSLSessionImpl(HandshakeContext hc, CipherSuite cipherSuite) {
-Collection<SignatureAndHashAlgorithm> algorithms,
+this(hc, cipherSuite,
-SecureRandom generator, String host, int port,
+new SessionId(defaultRejoinable, hc.sslContext.getSecureRandom()));
-boolean useExtendedMasterSecret) {
-this(protocolVersion, cipherSuite, algorithms,
-new SessionId(defaultRejoinable, generator), host, port,
-useExtendedMasterSecret);
 }
 /*
 * Record a new session, using a given cipher spec and session ID.
 */
-SSLSessionImpl(ProtocolVersion protocolVersion, CipherSuite cipherSuite,
+SSLSessionImpl(HandshakeContext hc, CipherSuite cipherSuite, SessionId id) {
-Collection<SignatureAndHashAlgorithm> algorithms,
+this(hc, cipherSuite, id, System.currentTimeMillis());
-SessionId id, String host, int port,
+}
-boolean useExtendedMasterSecret) {
-this.protocolVersion = protocolVersion;
+/*
-sessionId = id;
+* Record a new session, using a given cipher spec, session ID,
-peerCerts = null;
+* and creation time
-compressionMethod = compression_null;
+*/
+SSLSessionImpl(HandshakeContext hc,
+CipherSuite cipherSuite, SessionId id, long creationTime) {
+this.protocolVersion = hc.negotiatedProtocol;
 this.cipherSuite = cipherSuite;
-masterSecret = null;
+this.sessionId = id;
-this.host = host;
+this.host = hc.conContext.transport.getPeerHost();
-this.port = port;
+this.port = hc.conContext.transport.getPeerPort();
-sessionCount = ++counter;
+this.localSupportedSignAlgs =
-localSupportedSignAlgs =
+SignatureScheme.getAlgorithmNames(hc.localSupportedSignAlgs);
-SignatureAndHashAlgorithm.getAlgorithmNames(algorithms);
+this.serverNameIndication = hc.negotiatedServerName;
-negotiatedMaxFragLen = -1;
+this.requestedServerNames = Collections.<SNIServerName>unmodifiableList(
-statusResponses = null;
+hc.getRequestedServerNames());
-this.useExtendedMasterSecret = useExtendedMasterSecret;
+if (hc.sslConfig.isClientMode) {
+this.useExtendedMasterSecret =
-if (debug != null && Debug.isOn("session")) {
+(hc.handshakeExtensions.get(
-System.out.println("%% Initialized:  " + this);
+SSLExtension.CH_EXTENDED_MASTER_SECRET) != null) &&
+(hc.handshakeExtensions.get(
+SSLExtension.SH_EXTENDED_MASTER_SECRET) != null);
+} else {
+this.useExtendedMasterSecret =
+(hc.handshakeExtensions.get(
+SSLExtension.CH_EXTENDED_MASTER_SECRET) != null) &&
+(!hc.negotiatedProtocol.useTLS13PlusSpec());
+}
+this.creationTime = creationTime;
+if (SSLLogger.isOn && SSLLogger.isOn("session")) {
+SSLLogger.finest("Session initialized:  " + this);
 }
 }
 void setMasterSecret(SecretKey secret) {
-if (masterSecret == null) {
+masterSecret = secret;
-masterSecret = secret;
+}
-} else {
-throw new RuntimeException("setMasterSecret() error");
+void setResumptionMasterSecret(SecretKey secret) {
-}
+resumptionMasterSecret = secret;
+}
+void setPreSharedKey(SecretKey key) {
+preSharedKey = key;
+}
+void addChild(SSLSessionImpl session) {
+childSessions.add(session);
+}
+void setTicketAgeAdd(int ticketAgeAdd) {
+this.ticketAgeAdd = ticketAgeAdd;
+}
+void setPskIdentity(byte[] pskIdentity) {
+this.pskIdentity = pskIdentity;
+}
+BigInteger incrTicketNonceCounter() {
+BigInteger result = ticketNonceCounter;
+ticketNonceCounter = ticketNonceCounter.add(BigInteger.valueOf(1));
+return result;
 }
 /**
 * Returns the master secret ... treat with extreme caution!
 */
 SecretKey getMasterSecret() {
 return masterSecret;
 }
-boolean getUseExtendedMasterSecret() {
+Optional<SecretKey> getResumptionMasterSecret() {
-return useExtendedMasterSecret;
+return Optional.ofNullable(resumptionMasterSecret);
+}
+synchronized Optional<SecretKey> getPreSharedKey() {
+return Optional.ofNullable(preSharedKey);
+}
+synchronized Optional<SecretKey> consumePreSharedKey() {
+Optional<SecretKey> result = Optional.ofNullable(preSharedKey);
+preSharedKey = null;
+return result;
+}
+int getTicketAgeAdd() {
+return ticketAgeAdd;
+}
+/*
+* Get the PSK identity. Take care not to use it in multiple connections.
+*/
+synchronized Optional<byte[]> getPskIdentity() {
+return Optional.ofNullable(pskIdentity);
+}
+/* PSK identities created from new_session_ticket messages should only
+* be used once. This method will return the identity and then clear it
+* so it cannot be used again.
+*/
+synchronized Optional<byte[]> consumePskIdentity() {
+Optional<byte[]> result = Optional.ofNullable(pskIdentity);
+pskIdentity = null;
+return result;
 }
 void setPeerCertificates(X509Certificate[] peer) {
 if (peerCerts == null) {
 peerCerts = peer;
 void setLocalPrivateKey(PrivateKey privateKey) {
 localPrivateKey = privateKey;
 }
 void setPeerSupportedSignatureAlgorithms(
-Collection<SignatureAndHashAlgorithm> algorithms) {
+Collection<SignatureScheme> signatureSchemes) {
 peerSupportedSignAlgs =
-SignatureAndHashAlgorithm.getAlgorithmNames(algorithms);
+SignatureScheme.getAlgorithmNames(signatureSchemes);
 }
-void setRequestedServerNames(List<SNIServerName> requestedServerNames) {
+// TLS 1.2 only
-this.requestedServerNames = new ArrayList<>(requestedServerNames);
+//
+// Per RFC 5246, If the client supports only the default hash
+// and signature algorithms, it MAY omit the
+// signature_algorithms extension.  If the client does not
+// support the default algorithms, or supports other hash
+// and signature algorithms (and it is willing to use them
+// for verifying messages sent by the server, i.e., server
+// certificates and server key exchange), it MUST send the
+// signature_algorithms extension, listing the algorithms it
+// is willing to accept.
+void setUseDefaultPeerSignAlgs() {
+useDefaultPeerSignAlgs = true;
+peerSupportedSignAlgs = new String[] {
+"SHA1withRSA", "SHA1withDSA", "SHA1withECDSA"};
+}
+// Returns the connection session.
+SSLSessionImpl finish() {
+if (useDefaultPeerSignAlgs) {
+this.peerSupportedSignAlgs = new String[0];
+}
+return this;
 }
 /**
 * Provide status response data obtained during the SSL handshake.
 *
 statusResponses = Collections.emptyList();
 }
 }
 /**
-* Set the peer principal.
-*/
-void setPeerPrincipal(Principal principal) {
-if (peerPrincipal == null) {
-peerPrincipal = principal;
-}
-}
-/**
-* Set the local principal.
-*/
-void setLocalPrincipal(Principal principal) {
-localPrincipal = principal;
-}
-/**
 * Returns true iff this session may be resumed ... sessions are
 * usually resumable.  Security policies may suggest otherwise,
 * for example sessions that haven't been used for a while (say,
 * a working day) won't be resumable, and sessions might have a
 * maximum lifetime in any case.
 /**
 * Check if the authentication used when establishing this session
 * is still valid. Returns true if no authentication was used
 */
-boolean isLocalAuthenticationValid() {
+private boolean isLocalAuthenticationValid() {
 if (localPrivateKey != null) {
 try {
 // if the private key is no longer valid, getAlgorithm()
 // should throw an exception
 // (e.g. Smartcard has been removed from the reader)
 } catch (Exception e) {
 invalidate();
 return false;
 }
 }
 return true;
 }
 /**
 * Returns the ID for this session.  The ID is fixed for the
 * Resets the cipher spec in use on this session
 */
 void setSuite(CipherSuite suite) {
 cipherSuite = suite;
-if (debug != null && Debug.isOn("session")) {
+if (SSLLogger.isOn && SSLLogger.isOn("session")) {
-System.out.println("%% Negotiating:  " + this);
+SSLLogger.finest("Negotiating session:  " + this);
 }
 }
 /**
 * Return true if the session is currently re-established with a
 public String getProtocol() {
 return getProtocolVersion().name;
 }
 /**
-* Returns the compression technique used in this session
-*/
-byte getCompression() {
-return compressionMethod;
-}
-/**
 * Returns the hashcode for this session
 */
 @Override
 public int hashCode() {
 return sessionId.hashCode();
 }
 /**
 * Returns true if sessions have same ids, false otherwise.
 */
 @Override
 /**
 * Return the cert chain presented by the peer in the
 * java.security.cert format.
 * Note: This method can be used only when using certificate-based
-* cipher suites; using it with non-certificate-based cipher suites,
+* cipher suites; using it with non-certificate-based cipher suites
-* such as Kerberos, will throw an SSLPeerUnverifiedException.
+* will throw an SSLPeerUnverifiedException.
 *
 * @return array of peer X.509 certs, with the peer's own cert
 *  first in the chain, and with the "root" CA last.
 */
 @Override
 //
 // clone to preserve integrity of session ... caller can't
 // change record of peer identity even by accident, much
 // less do it intentionally.
 //
-if (ClientKeyExchangeService.find(cipherSuite.keyExchange.name) != null) {
-throw new SSLPeerUnverifiedException("no certificates expected"
-+ " for " + cipherSuite.keyExchange + " cipher suites");
-}
 if (peerCerts == null) {
 throw new SSLPeerUnverifiedException("peer not authenticated");
 }
 // Certs are immutable objects, therefore we don't clone them.
 // But do need to clone the array, so that nothing is inserted
 /**
 * Return the cert chain presented by the peer in the
 * javax.security.cert format.
 * Note: This method can be used only when using certificate-based
-* cipher suites; using it with non-certificate-based cipher suites,
+* cipher suites; using it with non-certificate-based cipher suites
-* such as Kerberos, will throw an SSLPeerUnverifiedException.
+* will throw an SSLPeerUnverifiedException.
 *
 * @return array of peer X.509 certs, with the peer's own cert
 *  first in the chain, and with the "root" CA last.
 *
 * @deprecated This method returns the deprecated
 //
 // clone to preserve integrity of session ... caller can't
 // change record of peer identity even by accident, much
 // less do it intentionally.
 //
-if (ClientKeyExchangeService.find(cipherSuite.keyExchange.name) != null) {
-throw new SSLPeerUnverifiedException("no certificates expected"
-+ " for " + cipherSuite.keyExchange + " cipher suites");
-}
 if (peerCerts == null) {
 throw new SSLPeerUnverifiedException("peer not authenticated");
 }
 javax.security.cert.X509Certificate[] certs;
 certs = new javax.security.cert.X509Certificate[peerCerts.length];
 }
 /**
 * Return the cert chain presented by the peer.
 * Note: This method can be used only when using certificate-based
-* cipher suites; using it with non-certificate-based cipher suites,
+* cipher suites; using it with non-certificate-based cipher suites
-* such as Kerberos, will throw an SSLPeerUnverifiedException.
+* will throw an SSLPeerUnverifiedException.
 *
 * @return array of peer X.509 certs, with the peer's own cert
 *  first in the chain, and with the "root" CA last.
 */
 public X509Certificate[] getCertificateChain()
 /*
 * clone to preserve integrity of session ... caller can't
 * change record of peer identity even by accident, much
 * less do it intentionally.
 */
-if (ClientKeyExchangeService.find(cipherSuite.keyExchange.name) != null) {
-throw new SSLPeerUnverifiedException("no certificates expected"
-+ " for " + cipherSuite.keyExchange + " cipher suites");
-}
 if (peerCerts != null) {
 return peerCerts.clone();
 } else {
 throw new SSLPeerUnverifiedException("peer not authenticated");
 }
 /**
 * Returns the identity of the peer which was established as part of
 * defining the session.
 *
 * @return the peer's principal. Returns an X500Principal of the
-* end-entity certificate for X509-based cipher suites, and
+* end-entity certificate for X509-based cipher suites.
-* Principal for Kerberos cipher suites, etc.
 *
 * @throws SSLPeerUnverifiedException if the peer's identity has not
 *          been verified
 */
 @Override
 public Principal getPeerPrincipal()
 throws SSLPeerUnverifiedException
 {
-if (ClientKeyExchangeService.find(cipherSuite.keyExchange.name) != null) {
-if (peerPrincipal == null) {
-throw new SSLPeerUnverifiedException("peer not authenticated");
-} else {
-return peerPrincipal;
-}
-}
 if (peerCerts == null) {
 throw new SSLPeerUnverifiedException("peer not authenticated");
 }
 return peerCerts[0].getSubjectX500Principal();
 }
 /**
 * Returns the principal that was sent to the peer during handshaking.
 *
 * @return the principal sent to the peer. Returns an X500Principal
-* of the end-entity certificate for X509-based cipher suites, and
+* of the end-entity certificate for X509-based cipher suites.
-* Principal for Kerberos cipher suites, etc. If no principal was
+* If no principal was sent, then null is returned.
-* sent, then null is returned.
 */
 @Override
 public Principal getLocalPrincipal() {
+return ((localCerts == null && localCerts.length != 0) ? null :
-if (ClientKeyExchangeService.find(cipherSuite.keyExchange.name) != null) {
-return (localPrincipal == null ? null : localPrincipal);
-}
-return (localCerts == null ? null :
 localCerts[0].getSubjectX500Principal());
+}
+/*
+* Return the time the ticket for this session was created.
+*/
+public long getTicketCreationTime() {
+return ticketCreationTime;
 }
 /**
 * Returns the time this session was created.
 */
 // new connection, with no "real" session yet.
 //
 if (this == nullSession) {
 return;
 }
-invalidated = true;
-if (debug != null && Debug.isOn("session")) {
-System.out.println("%% Invalidated:  " + this);
-}
 if (context != null) {
 context.remove(sessionId);
 context = null;
 }
+if (invalidated) {
+return;
+}
+invalidated = true;
+if (SSLLogger.isOn && SSLLogger.isOn("session")) {
+SSLLogger.finest("Invalidated session:  " + this);
+}
+for (SSLSessionImpl child : childSessions) {
+child.invalidate();
+}
 }
 /*
 * Table of application-specific session data indexed by an application
 * key and the calling security context. This is important since
 * sessions can be shared across different protection domains.
 */
-private Hashtable<SecureKey, Object> table = new Hashtable<>();
+private final ConcurrentHashMap<SecureKey, Object> boundValues =
+new ConcurrentHashMap<>();
 /**
 * Assigns a session value.  Session change events are given if
 * appropriate, to any original value as well as the new value.
 */
 if ((key == null) || (value == null)) {
 throw new IllegalArgumentException("arguments can not be null");
 }
 SecureKey secureKey = new SecureKey(key);
-Object oldValue = table.put(secureKey, value);
+Object oldValue = boundValues.put(secureKey, value);
 if (oldValue instanceof SSLSessionBindingListener) {
 SSLSessionBindingEvent e;
 e = new SSLSessionBindingEvent(this, key);
 e = new SSLSessionBindingEvent(this, key);
 ((SSLSessionBindingListener)value).valueBound(e);
 }
 }
 /**
 * Returns the specified session value.
 */
 @Override
 if (key == null) {
 throw new IllegalArgumentException("argument can not be null");
 }
 SecureKey secureKey = new SecureKey(key);
-return table.get(secureKey);
+return boundValues.get(secureKey);
 }
 /**
 * Removes the specified session value, delivering a session changed
 if (key == null) {
 throw new IllegalArgumentException("argument can not be null");
 }
 SecureKey secureKey = new SecureKey(key);
-Object value = table.remove(secureKey);
+Object value = boundValues.remove(secureKey);
 if (value instanceof SSLSessionBindingListener) {
 SSLSessionBindingEvent e;
 e = new SSLSessionBindingEvent(this, key);
 /**
 * Lists the names of the session values.
 */
 @Override
 public String[] getValueNames() {
-Enumeration<SecureKey> e;
+ArrayList<Object> v = new ArrayList<>();
-Vector<Object> v = new Vector<>();
-SecureKey key;
 Object securityCtx = SecureKey.getCurrentSecurityContext();
+for (Enumeration<SecureKey> e = boundValues.keys();
-for (e = table.keys(); e.hasMoreElements(); ) {
+e.hasMoreElements(); ) {
-key = e.nextElement();
+SecureKey key = e.nextElement();
 if (securityCtx.equals(key.getSecurityContext())) {
-v.addElement(key.getAppKey());
+v.add(key.getAppKey());
 }
 }
-String[] names = new String[v.size()];
-v.copyInto(names);
+return v.toArray(new String[0]);
-return names;
 }
 /**
 * Use large packet sizes now or follow RFC 2246 packet sizes (2^14)
 * until changed.
 * Application could accept large fragments up to 2^15 bytes by
 * setting the system property jsse.SSLEngine.acceptLargeFragments
 * to "true".
 */
 private boolean acceptLargeFragments =
-Debug.getBooleanProperty("jsse.SSLEngine.acceptLargeFragments", false);
+Utilities.getBooleanProperty(
+"jsse.SSLEngine.acceptLargeFragments", false);
 /**
 * Expand the buffer size of both SSL/TLS network packet and
 * application data.
 */
 // and negotiatedMaxFragLen.
 int packetSize = 0;
 if (negotiatedMaxFragLen > 0) {
 packetSize = cipherSuite.calculatePacketSize(
 negotiatedMaxFragLen, protocolVersion,
-protocolVersion.isDTLSProtocol());
+protocolVersion.isDTLS);
 }
 if (maximumPacketSize > 0) {
 return (maximumPacketSize > packetSize) ?
 maximumPacketSize : packetSize;
 if (packetSize != 0) {
 return packetSize;
 }
-if (protocolVersion.isDTLSProtocol()) {
+if (protocolVersion.isDTLS) {
 return DTLSRecord.maxRecordSize;
 } else {
 return acceptLargeFragments ?
 SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize;
 }
 // and negotiatedMaxFragLen.
 int fragmentSize = 0;
 if (maximumPacketSize > 0) {
 fragmentSize = cipherSuite.calculateFragSize(
 maximumPacketSize, protocolVersion,
-protocolVersion.isDTLSProtocol());
+protocolVersion.isDTLS);
 }
 if (negotiatedMaxFragLen > 0) {
 return (negotiatedMaxFragLen > fragmentSize) ?
 negotiatedMaxFragLen : fragmentSize;
 if (fragmentSize != 0) {
 return fragmentSize;
 }
-if (protocolVersion.isDTLSProtocol()) {
+if (protocolVersion.isDTLS) {
 return Record.maxDataSize;
 } else {
 int maxPacketSize = acceptLargeFragments ?
 SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize;
 return (maxPacketSize - SSLRecord.headerSize);
 * Obtains a <code>List</code> containing all {@link SNIServerName}s
 * of the requested Server Name Indication (SNI) extension.
 */
 @Override
 public List<SNIServerName> getRequestedServerNames() {
-if (requestedServerNames != null && !requestedServerNames.isEmpty()) {
+return requestedServerNames;
-return Collections.<SNIServerName>unmodifiableList(
-requestedServerNames);
-}
-return Collections.<SNIServerName>emptyList();
 }
 /** Returns a string representation of this SSL session */
 @Override
 public String toString() {
-return "[Session-" + sessionCount
+return "Session(" + creationTime + "|" + getCipherSuite() + ")";
-+ ", " + getCipherSuite()
+}
-+ "]";
-}
 }
 /**
 * This "struct" class serves as a Hash Key that combines an
 * application-specific key and a security context.
 */
 class SecureKey {
-private static Object       nullObject = new Object();
+private static final Object     nullObject = new Object();
-private Object        appKey;
+private final Object            appKey;
-private Object      securityCtx;
+private final Object            securityCtx;
 static Object getCurrentSecurityContext() {
 SecurityManager sm = System.getSecurityManager();
 Object context = null;

changeset 50768	68fa3d4026ea
parent 48225	718669e6b375
child 50987	e4a92c455d1c