jdk-sandbox: comparison src/java.base/share/classes/sun/security/ssl/ServerHello.java

equal deleted inserted replaced

-:f7cc25dda38a
+:c2398053ee90
 import sun.security.ssl.ClientHello.ClientHelloMessage;
 import sun.security.ssl.SSLCipher.SSLReadCipher;
 import sun.security.ssl.SSLCipher.SSLWriteCipher;
 import sun.security.ssl.SSLHandshake.HandshakeMessage;
 import sun.security.ssl.SupportedVersionsExtension.SHSupportedVersionsSpec;
+import static sun.security.ssl.SSLExtension.SH_SESSION_TICKET;
 /**
 * Pack of the ServerHello/HelloRetryRequest handshake message.
 */
 final class ServerHello {
 }
 }
 shc.handshakeProducers.put(SSLHandshake.SERVER_HELLO_DONE.id,
 SSLHandshake.SERVER_HELLO_DONE);
 } else {
+// stateless and use the client session id (RFC 5077 3.4)
+if (shc.statelessResumption) {
+shc.resumingSession = new SSLSessionImpl(shc.resumingSession,
+(clientHello.sessionId.length() == 0) ?
+new SessionId(true,
+shc.sslContext.getSecureRandom()) :
+new SessionId(clientHello.sessionId.getId())
+);
+}
 shc.handshakeSession = shc.resumingSession;
 shc.negotiatedProtocol =
 shc.resumingSession.getProtocolVersion();
 shc.negotiatedCipherSuite = shc.resumingSession.getSuite();
 shc.handshakeHash.determine(
 HandshakeMessage message) throws IOException {
 // The producing happens in server side only.
 ServerHandshakeContext shc = (ServerHandshakeContext)context;
 ClientHelloMessage clientHello = (ClientHelloMessage)message;
+SSLSessionContextImpl sessionCache = (SSLSessionContextImpl)
+shc.sslContext.engineGetServerSessionContext();
 // If client hasn't specified a session we can resume, start a
 // new one and choose its cipher suite and compression options,
 // unless new session creation is disabled for this connection!
 if (!shc.isResumption || shc.resumingSession == null) {
 if (!shc.sslConfig.enableSessionCreation) {
 setUpPskKD(shc,
 shc.resumingSession.consumePreSharedKey());
 // The session can't be resumed again---remove it from cache
-SSLSessionContextImpl sessionCache = (SSLSessionContextImpl)
-shc.sslContext.engineGetServerSessionContext();
 sessionCache.remove(shc.resumingSession.getSessionId());
 }
 // update the responders
 shc.handshakeProducers.put(SSLHandshake.ENCRYPTED_EXTENSIONS.id,
 writeCipher, (clientHello.sessionId.length() != 0));
 // Update the context for master key derivation.
 shc.handshakeKeyDerivation = kd;
+// Check if the server supports stateless resumption
+if (sessionCache.statelessEnabled()) {
+shc.statelessResumption = true;
+}
 // The handshake message has been delivered.
 return null;
 }
 private static CipherSuite chooseCipherSuite(
 if (!chc.sslConfig.enableSessionCreation) {
 throw chc.conContext.fatal(Alert.PROTOCOL_VERSION,
 "New session creation is disabled");
 }
-chc.handshakeSession = new SSLSessionImpl(chc,
-chc.negotiatedCipherSuite,
+if (serverHello.sessionId.length() == 0 &&
-serverHello.sessionId);
+chc.statelessResumption) {
+SessionId newId = new SessionId(true,
+chc.sslContext.getSecureRandom());
+chc.handshakeSession = new SSLSessionImpl(chc,
+chc.negotiatedCipherSuite, newId);
+if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
+SSLLogger.fine("Locally assigned Session Id: " +
+newId.toString());
+}
+} else {
+chc.handshakeSession = new SSLSessionImpl(chc,
+chc.negotiatedCipherSuite,
+serverHello.sessionId);
+}
 chc.handshakeSession.setMaximumPacketSize(
 chc.sslConfig.maximumPacketSize);
 }
 //
 }
 chc.conContext.consumers.putIfAbsent(
 ContentType.CHANGE_CIPHER_SPEC.id,
 ChangeCipherSpec.t10Consumer);
+if (chc.statelessResumption) {
+chc.handshakeConsumers.putIfAbsent(
+SSLHandshake.NEW_SESSION_TICKET.id,
+SSLHandshake.NEW_SESSION_TICKET);
+}
 chc.handshakeConsumers.put(
 SSLHandshake.FINISHED.id,
 SSLHandshake.FINISHED);
 } else {
 SSLKeyExchange ke = SSLKeyExchange.valueOf(

changeset 55336	c2398053ee90
parent 54253	01d8eae542ff
child 57485	af4b0fc25bc4