654 SSLLogger.fine("Existing session has no PSK."); |
654 SSLLogger.fine("Existing session has no PSK."); |
655 } |
655 } |
656 return null; |
656 return null; |
657 } |
657 } |
658 SecretKey psk = pskOpt.get(); |
658 SecretKey psk = pskOpt.get(); |
659 Optional<byte[]> pskIdOpt = chc.resumingSession.getPskIdentity(); |
659 Optional<byte[]> pskIdOpt = chc.resumingSession.consumePskIdentity(); |
660 if (!pskIdOpt.isPresent()) { |
660 if (!pskIdOpt.isPresent()) { |
661 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
661 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
662 SSLLogger.fine( |
662 SSLLogger.fine( |
663 "PSK has no identity, or identity was already used"); |
663 "PSK has no identity, or identity was already used"); |
664 } |
664 } |
665 return null; |
665 return null; |
666 } |
666 } |
667 byte[] pskId = pskIdOpt.get(); |
667 byte[] pskId = pskIdOpt.get(); |
|
668 |
|
669 //The session cannot be used again. Remove it from the cache. |
|
670 SSLSessionContextImpl sessionCache = (SSLSessionContextImpl) |
|
671 chc.sslContext.engineGetClientSessionContext(); |
|
672 sessionCache.remove(chc.resumingSession.getSessionId()); |
668 |
673 |
669 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
674 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
670 SSLLogger.fine( |
675 SSLLogger.fine( |
671 "Found resumable session. Preparing PSK message."); |
676 "Found resumable session. Preparing PSK message."); |
672 } |
677 } |
826 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
831 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
827 SSLLogger.fine( |
832 SSLLogger.fine( |
828 "Received pre_shared_key extension: ", shPsk); |
833 "Received pre_shared_key extension: ", shPsk); |
829 } |
834 } |
830 |
835 |
831 // The PSK identity should not be reused, even if it is |
|
832 // not selected. |
|
833 chc.resumingSession.consumePskIdentity(); |
|
834 |
|
835 if (shPsk.selectedIdentity != 0) { |
836 if (shPsk.selectedIdentity != 0) { |
836 chc.conContext.fatal(Alert.ILLEGAL_PARAMETER, |
837 chc.conContext.fatal(Alert.ILLEGAL_PARAMETER, |
837 "Selected identity index is not in correct range."); |
838 "Selected identity index is not in correct range."); |
838 } |
839 } |
839 |
840 |
840 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
841 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
841 SSLLogger.fine( |
842 SSLLogger.fine( |
842 "Resuming session: ", chc.resumingSession); |
843 "Resuming session: ", chc.resumingSession); |
843 } |
844 } |
844 |
|
845 // remove the session from the cache |
|
846 SSLSessionContextImpl sessionCache = (SSLSessionContextImpl) |
|
847 chc.sslContext.engineGetClientSessionContext(); |
|
848 sessionCache.remove(chc.resumingSession.getSessionId()); |
|
849 } |
845 } |
850 } |
846 } |
851 |
847 |
852 private static final |
848 private static final |
853 class SHPreSharedKeyAbsence implements HandshakeAbsence { |
849 class SHPreSharedKeyAbsence implements HandshakeAbsence { |
856 HandshakeMessage message) throws IOException { |
852 HandshakeMessage message) throws IOException { |
857 ClientHandshakeContext chc = (ClientHandshakeContext)context; |
853 ClientHandshakeContext chc = (ClientHandshakeContext)context; |
858 |
854 |
859 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
855 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
860 SSLLogger.fine("Handling pre_shared_key absence."); |
856 SSLLogger.fine("Handling pre_shared_key absence."); |
861 } |
|
862 |
|
863 if (chc.handshakeExtensions.containsKey( |
|
864 SSLExtension.CH_PRE_SHARED_KEY)) { |
|
865 // The PSK identity should not be reused, even if it is |
|
866 // not selected. |
|
867 chc.resumingSession.consumePskIdentity(); |
|
868 } |
857 } |
869 |
858 |
870 // The server refused to resume, or the client did not |
859 // The server refused to resume, or the client did not |
871 // request 1.3 resumption. |
860 // request 1.3 resumption. |
872 chc.resumingSession = null; |
861 chc.resumingSession = null; |