diff -r c0b3077af726 -r e5d5f0f2d40d jdk/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/SessionManager.java --- a/jdk/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/SessionManager.java Tue Dec 06 14:54:11 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,296 +0,0 @@ -/* - * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.pkcs11; - -import java.util.*; - -import java.security.ProviderException; - -import sun.security.util.Debug; - -import sun.security.pkcs11.wrapper.*; -import static sun.security.pkcs11.wrapper.PKCS11Constants.*; - -import java.util.concurrent.LinkedBlockingQueue; -import java.util.concurrent.atomic.AtomicInteger; - -/** - * Session manager. There is one session manager object per PKCS#11 - * provider. It allows code to checkout a session, release it - * back to the pool, or force it to be closed. - * - * The session manager pools sessions to minimize the number of - * C_OpenSession() and C_CloseSession() that have to be made. It - * maintains two pools: one for "object" sessions and one for - * "operation" sessions. - * - * The reason for this separation is how PKCS#11 deals with session objects. - * It defines that when a session is closed, all objects created within - * that session are destroyed. In other words, we may never close a session - * while a Key created it in is still in use. We would like to keep the - * number of such sessions low. Note that we occasionally want to explicitly - * close a session, see P11Signature. - * - * NOTE that sessions obtained from this class SHOULD be returned using - * either releaseSession() or closeSession() using a finally block when - * not needed anymore. Otherwise, they will be left for cleanup via the - * PhantomReference mechanism when GC kicks in, but it's best not to rely - * on that since GC may not run timely enough since the native PKCS11 library - * is also consuming memory. - * - * Note that sessions are automatically closed when they are not used for a - * period of time, see Session. - * - * @author Andreas Sterbenz - * @since 1.5 - */ -final class SessionManager { - - private final static int DEFAULT_MAX_SESSIONS = 32; - - private final static Debug debug = Debug.getInstance("pkcs11"); - - // token instance - private final Token token; - - // maximum number of sessions to open with this token - private final int maxSessions; - - // total number of active sessions - private AtomicInteger activeSessions = new AtomicInteger(); - - // pool of available object sessions - private final Pool objSessions; - - // pool of available operation sessions - private final Pool opSessions; - - // maximum number of active sessions during this invocation, for debugging - private int maxActiveSessions; - private Object maxActiveSessionsLock; - - // flags to use in the C_OpenSession() call - private final long openSessionFlags; - - SessionManager(Token token) { - long n; - if (token.isWriteProtected()) { - openSessionFlags = CKF_SERIAL_SESSION; - n = token.tokenInfo.ulMaxSessionCount; - } else { - openSessionFlags = CKF_SERIAL_SESSION | CKF_RW_SESSION; - n = token.tokenInfo.ulMaxRwSessionCount; - } - if (n == CK_EFFECTIVELY_INFINITE) { - n = Integer.MAX_VALUE; - } else if ((n == CK_UNAVAILABLE_INFORMATION) || (n < 0)) { - // choose an arbitrary concrete value - n = DEFAULT_MAX_SESSIONS; - } - maxSessions = (int)Math.min(n, Integer.MAX_VALUE); - this.token = token; - this.objSessions = new Pool(this, true); - this.opSessions = new Pool(this, false); - if (debug != null) { - maxActiveSessionsLock = new Object(); - } - } - - // returns whether only a fairly low number of sessions are - // supported by this token. - boolean lowMaxSessions() { - return (maxSessions <= DEFAULT_MAX_SESSIONS); - } - - Session getObjSession() throws PKCS11Exception { - Session session = objSessions.poll(); - if (session != null) { - return ensureValid(session); - } - session = opSessions.poll(); - if (session != null) { - return ensureValid(session); - } - session = openSession(); - return ensureValid(session); - } - - Session getOpSession() throws PKCS11Exception { - Session session = opSessions.poll(); - if (session != null) { - return ensureValid(session); - } - // create a new session rather than re-using an obj session - // that avoids potential expensive cancels() for Signatures & RSACipher - if (maxSessions == Integer.MAX_VALUE || - activeSessions.get() < maxSessions) { - session = openSession(); - return ensureValid(session); - } - session = objSessions.poll(); - if (session != null) { - return ensureValid(session); - } - throw new ProviderException("Could not obtain session"); - } - - private Session ensureValid(Session session) { - session.id(); - return session; - } - - Session killSession(Session session) { - if ((session == null) || (token.isValid() == false)) { - return null; - } - if (debug != null) { - String location = new Exception().getStackTrace()[2].toString(); - System.out.println("Killing session (" + location + ") active: " - + activeSessions.get()); - } - closeSession(session); - return null; - } - - Session releaseSession(Session session) { - if ((session == null) || (token.isValid() == false)) { - return null; - } - - if (session.hasObjects()) { - objSessions.release(session); - } else { - opSessions.release(session); - } - return null; - } - - void demoteObjSession(Session session) { - if (token.isValid() == false) { - return; - } - if (debug != null) { - System.out.println("Demoting session, active: " + - activeSessions.get()); - } - boolean present = objSessions.remove(session); - if (present == false) { - // session is currently in use - // will be added to correct pool on release, nothing to do now - return; - } - opSessions.release(session); - } - - private Session openSession() throws PKCS11Exception { - if ((maxSessions != Integer.MAX_VALUE) && - (activeSessions.get() >= maxSessions)) { - throw new ProviderException("No more sessions available"); - } - - long id = token.p11.C_OpenSession - (token.provider.slotID, openSessionFlags, null, null); - Session session = new Session(token, id); - activeSessions.incrementAndGet(); - if (debug != null) { - synchronized(maxActiveSessionsLock) { - if (activeSessions.get() > maxActiveSessions) { - maxActiveSessions = activeSessions.get(); - if (maxActiveSessions % 10 == 0) { - System.out.println("Open sessions: " + maxActiveSessions); - } - } - } - } - return session; - } - - private void closeSession(Session session) { - session.close(); - activeSessions.decrementAndGet(); - } - - public static final class Pool { - - private final SessionManager mgr; - private final AbstractQueue pool; - private final int SESSION_MAX = 5; - - // Object session pools can contain unlimited sessions. - // Operation session pools are limited and enforced by the queue. - Pool(SessionManager mgr, boolean obj) { - this.mgr = mgr; - if (obj) { - pool = new LinkedBlockingQueue(); - } else { - pool = new LinkedBlockingQueue(SESSION_MAX); - } - } - - boolean remove(Session session) { - return pool.remove(session); - } - - Session poll() { - return pool.poll(); - } - - void release(Session session) { - // Object session pools never return false, only Operation ones - if (!pool.offer(session)) { - mgr.closeSession(session); - free(); - } - } - - // Free any old operation session if this queue is full - void free() { - int n = SESSION_MAX; - int i = 0; - Session oldestSession; - long time = System.currentTimeMillis(); - // Check if the session head is too old and continue through pool - // until only one is left. - do { - oldestSession = pool.peek(); - if (oldestSession == null || oldestSession.isLive(time) || - !pool.remove(oldestSession)) { - break; - } - - i++; - mgr.closeSession(oldestSession); - } while ((n - i) > 1); - - if (debug != null) { - System.out.println("Closing " + i + " idle sessions, active: " - + mgr.activeSessions); - } - } - - } - -}