# HG changeset patch
# User apetcher
# Date 1526410444 14400
# Node ID 4a3deb6759b15d68b104eb8be83727df34cfeaa2
# Parent  daa34bd1c8dc80eafd4cc91165970c050df0cba3
minor session management improvements to try to address some bugs

diff -r daa34bd1c8dc -r 4a3deb6759b1 src/java.base/share/classes/sun/security/ssl/Finished.java
--- a/src/java.base/share/classes/sun/security/ssl/Finished.java	Tue May 15 10:48:19 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/Finished.java	Tue May 15 14:54:04 2018 -0400
@@ -902,6 +902,13 @@
                 return;    // make the compiler happy
             }
 
+            // save the session
+            if (!chc.isResumption && chc.handshakeSession.isRejoinable()) {
+                SSLSessionContextImpl sessionContext = (SSLSessionContextImpl)
+                chc.sslContext.engineGetClientSessionContext();
+                sessionContext.put(chc.handshakeSession);
+            }
+
             // derive salt secret
             try {
                 SecretKey saltSecret = kd.deriveKey("TlsSaltSecret", null);
@@ -1008,6 +1015,13 @@
                 return;    // make the compiler happy
             }
 
+            // save the session
+            if (!shc.isResumption && shc.handshakeSession.isRejoinable()) {
+                SSLSessionContextImpl sessionContext = (SSLSessionContextImpl)
+                shc.sslContext.engineGetServerSessionContext();
+                sessionContext.put(shc.handshakeSession);
+            }
+
             try {
                 // update the application traffic read keys.
                 SecretKey readSecret = kd.deriveKey(
diff -r daa34bd1c8dc -r 4a3deb6759b1 src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java
--- a/src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java	Tue May 15 10:48:19 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java	Tue May 15 14:54:04 2018 -0400
@@ -216,10 +216,13 @@
                         "Produced NewSessionTicket handshake message", nstm);
             }
 
-            // cache the new session
+            // create and cache the new session
+            // The new session must be a child of the existing session so
+            // they will be invalidated together, etc.
             SSLSessionImpl sessionCopy = new SSLSessionImpl(shc,
                 shc.handshakeSession.getSuite(), newId,
                 shc.handshakeSession.getCreationTime());
+            shc.handshakeSession.addChild(sessionCopy);
             sessionCopy.setPreSharedKey(psk);
             sessionCopy.setPskIdentity(newId.getId());
             sessionCopy.setTicketAgeAdd(nstm.ticketAgeAdd);
@@ -316,13 +319,16 @@
                 sessionToSave.getSuite().hashAlg, resumptionMasterSecret.get(),
                 nstm.ticketNonce);
 
-            // create the new session from the context
+            // create and cache the new session
+            // The new session must be a child of the existing session so
+            // they will be invalidated together, etc.
             chc.negotiatedProtocol = chc.conContext.protocolVersion;
             SessionId newId =
                 new SessionId(true, chc.sslContext.getSecureRandom());
             SSLSessionImpl sessionCopy =
                 new SSLSessionImpl(chc, sessionToSave.getSuite(), newId,
                 sessionToSave.getCreationTime());
+            sessionToSave.addChild(sessionCopy);
             sessionCopy.setPreSharedKey(psk);
             sessionCopy.setTicketAgeAdd(nstm.ticketAgeAdd);
             sessionCopy.setPskIdentity(nstm.ticket);
diff -r daa34bd1c8dc -r 4a3deb6759b1 src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java
--- a/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java	Tue May 15 10:48:19 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java	Tue May 15 14:54:04 2018 -0400
@@ -318,7 +318,9 @@
             int idIndex = 0;
             for (PskIdentity requestedId : pskSpec.identities) {
                 SSLSessionImpl s = sessionCache.get(requestedId.identity);
-                if (s != null && s.getPreSharedKey().isPresent()) {
+                if (s != null && s.isRejoinable() &&
+                    s.getPreSharedKey().isPresent()) {
+
                     resumeSession(shc, s, idIndex);
                     break;
                 }
@@ -368,9 +370,6 @@
             pskBinderHash.receive(messageBuf, length);
 
             checkBinder(shc, shc.resumingSession, pskBinderHash, binder);
-
-            SSLSessionContextImpl sessionCache = (SSLSessionContextImpl)
-                message.handshakeContext.sslContext.engineGetServerSessionContext();
         }
     }
 
@@ -466,7 +465,6 @@
                 if (ext == SSLExtension.CH_PRE_SHARED_KEY) {
                     continue;
                 }
-                System.err.println("partial CH extension: " + ext.name());
                 int extID = ext.id;
                 hos.putInt16(extID);
                 hos.putBytes16(extData);
diff -r daa34bd1c8dc -r 4a3deb6759b1 src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java	Tue May 15 10:48:19 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java	Tue May 15 14:54:04 2018 -0400
@@ -31,6 +31,7 @@
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.Queue;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Enumeration;
@@ -38,6 +39,7 @@
 import java.util.List;
 import java.util.Vector;
 import java.util.Optional;
+import java.util.concurrent.ConcurrentLinkedQueue;
 import javax.crypto.SecretKey;
 import javax.net.ssl.ExtendedSSLSession;
 import javax.net.ssl.SNIServerName;
@@ -86,11 +88,6 @@
     private CipherSuite         cipherSuite;
     private SecretKey           masterSecret;
     final boolean               useExtendedMasterSecret;
-    private SecretKey           resumptionMasterSecret;
-    private SecretKey           preSharedKey;
-    private byte[]              pskIdentity;
-    private final long          ticketCreationTime = System.currentTimeMillis();
-    private int                 ticketAgeAdd;
 
     /*
      * Information not part of the SSLv3 protocol spec, but used
@@ -108,6 +105,11 @@
     private final String[]      localSupportedSignAlgs;
     private String[]            peerSupportedSignAlgs;
     private List<byte[]>        statusResponses;
+    private SecretKey           resumptionMasterSecret;
+    private SecretKey           preSharedKey;
+    private byte[]              pskIdentity;
+    private final long          ticketCreationTime = System.currentTimeMillis();
+    private int                 ticketAgeAdd;
 
     private int                 negotiatedMaxFragLen;
     private int                 maximumPacketSize;
@@ -116,6 +118,8 @@
     private Principal peerPrincipal;
     private Principal localPrincipal;
 
+    private Queue<SSLSessionImpl> childSessions = new ConcurrentLinkedQueue<SSLSessionImpl>();
+
     /*
      * Is the session currently re-established with a session-resumption
      * abbreviated initial handshake?
@@ -243,6 +247,10 @@
         }
     }
 
+    void addChild(SSLSessionImpl session) {
+        childSessions.add(session);
+    }
+
     void setTicketAgeAdd(int ticketAgeAdd) {
         this.ticketAgeAdd = ticketAgeAdd;
     }
@@ -766,13 +774,20 @@
         if (this == nullSession) {
             return;
         }
+
+        if (context != null) {
+            context.remove(sessionId);
+            context = null;
+        }
+        if (invalidated) {
+            return;
+        }
         invalidated = true;
         if (SSLLogger.isOn && SSLLogger.isOn("session")) {
              SSLLogger.finest("Invalidated session:  " + this);
         }
-        if (context != null) {
-            context.remove(sessionId);
-            context = null;
+        for (SSLSessionImpl child : childSessions) {
+            child.invalidate();
         }
     }