jdk-sandbox: comparison src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java

equal deleted inserted replaced

-:f7cc25dda38a
+:c2398053ee90
 /*
-* Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 import java.util.Locale;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSessionContext;
 import sun.security.action.GetIntegerAction;
+import sun.security.action.GetPropertyAction;
 import sun.security.util.Cache;
+/**
+* @systemProperty jdk.tls.server.enableSessionTicketExtension} determines if the
+* server will provide stateless session tickets, if the client supports it,
+* as described in RFC 5077 and RFC 8446.  a stateless session ticket
+* contains the encrypted server's state which saves server resources.
+*
+* {@systemProperty jdk.tls.client.enableSessionTicketExtension} determines if the
+* client will send an extension in the ClientHello in the pre-TLS 1.3.
+* This extension allows the client to accept the server's session state for
+* Server Side stateless resumption (RFC 5077).  Setting the property to
+* "true" turns this on, by default it is false.  For TLS 1.3, the system
+* property is not needed as this support is part of the spec.
+*
+* {@systemProperty jdk.tls.server.sessionTicketTimeout} determines how long
+* a session in the server cache or the stateless resumption tickets are
+* available for use.  The value set by the property can be modified by
+* {@code SSLSessionContext.setSessionTimeout()} during runtime.
+*
+*/
 final class SSLSessionContextImpl implements SSLSessionContext {
 private final static int DEFAULT_MAX_CACHE_SIZE = 20480;
+// Default lifetime of a session. 24 hours
+final static int DEFAULT_SESSION_TIMEOUT = 86400;
 private final Cache<SessionId, SSLSessionImpl> sessionCache;
 // session cache, session id as key
 private final Cache<String, SSLSessionImpl> sessionHostPortCache;
 // session cache, "host:port" as key
 private int cacheLimit;             // the max cache size
 private int timeout;                // timeout in seconds
+// Does this context support stateless session (RFC 5077)
+private boolean statelessSession = true;
 // package private
-SSLSessionContextImpl() {
+SSLSessionContextImpl(boolean server) {
-cacheLimit = getDefaultCacheLimit();    // default cache size
+timeout = DEFAULT_SESSION_TIMEOUT;
-timeout = 86400;                        // default, 24 hours
+cacheLimit = getDefaults(server);    // default cache size
 // use soft reference
 sessionCache = Cache.newSoftMemoryCache(cacheLimit, timeout);
 sessionHostPortCache = Cache.newSoftMemoryCache(cacheLimit, timeout);
+}
+// Stateless sessions when available, but there is a cache
+boolean statelessEnabled() {
+return statelessSession;
 }
 /**
 * Returns the <code>SSLSession</code> bound to the specified session id.
 */
 return null;
 }
 private static String getKey(String hostname, int port) {
-return (hostname + ":" +
+return (hostname + ":" + port).toLowerCase(Locale.ENGLISH);
-String.valueOf(port)).toLowerCase(Locale.ENGLISH);
 }
 // cache a SSLSession
 //
 // In SunJSSE implementation, a session is created while getting a
 sessionHostPortCache.remove(
 getKey(s.getPeerHost(), s.getPeerPort()));
 }
 }
-private static int getDefaultCacheLimit() {
+private int getDefaults(boolean server) {
 try {
+String st;
+// Property for Session Cache state
+if (server) {
+st = GetPropertyAction.privilegedGetProperty(
+"jdk.tls.server.enableSessionTicketExtension", "true");
+} else {
+st = GetPropertyAction.privilegedGetProperty(
+"jdk.tls.client.enableSessionTicketExtension", "true");
+}
+if (st.compareToIgnoreCase("false") == 0) {
+statelessSession = false;
+}
+// Property for Session Ticket Timeout.  The value can be changed
+// by SSLSessionContext.setSessionTimeout(int)
+String s = GetPropertyAction.privilegedGetProperty(
+"jdk.tls.server.sessionTicketTimeout");
+if (s != null) {
+try {
+int t = Integer.parseInt(s);
+if (t < 0 ||
+t > NewSessionTicket.MAX_TICKET_LIFETIME) {
+timeout = DEFAULT_SESSION_TIMEOUT;
+if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
+SSLLogger.warning("Invalid timeout given " +
+"jdk.tls.server.sessionTicketTimeout: " + t +
+".  Set to default value " + timeout);
+}
+} else {
+timeout = t;
+}
+} catch (NumberFormatException e) {
+setSessionTimeout(DEFAULT_SESSION_TIMEOUT);
+if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
+SSLLogger.warning("Invalid timeout for " +
+"jdk.tls.server.sessionTicketTimeout: " + s +
+".  Set to default value " + timeout);
+}
+}
+}
 int defaultCacheLimit = GetIntegerAction.privilegedGetProperty(
 "javax.net.ssl.sessionCacheSize", DEFAULT_MAX_CACHE_SIZE);
 if (defaultCacheLimit >= 0) {
 return defaultCacheLimit;

changeset 55336	c2398053ee90
parent 52764	8a85d21d9616
child 57483	afeafa018937