--- a/src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java Fri Mar 22 09:31:36 2019 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java Fri Mar 22 13:47:37 2019 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -32,7 +32,6 @@
import java.security.SecureRandom;
import java.text.MessageFormat;
import java.util.Locale;
-import java.util.Optional;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLHandshakeException;
import sun.security.ssl.PskKeyExchangeModesExtension.PskKeyExchangeModesSpec;
@@ -224,9 +223,9 @@
SessionId newId = new SessionId(true,
shc.sslContext.getSecureRandom());
- Optional<SecretKey> resumptionMasterSecret =
+ SecretKey resumptionMasterSecret =
shc.handshakeSession.getResumptionMasterSecret();
- if (!resumptionMasterSecret.isPresent()) {
+ if (resumptionMasterSecret == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Session has no resumption secret. No ticket sent.");
@@ -239,7 +238,7 @@
byte[] nonceArr = nonce.toByteArray();
SecretKey psk = derivePreSharedKey(
shc.negotiatedCipherSuite.hashAlg,
- resumptionMasterSecret.get(), nonceArr);
+ resumptionMasterSecret, nonceArr);
int sessionTimeoutSeconds = sessionCache.getSessionTimeout();
if (sessionTimeoutSeconds > MAX_TICKET_LIFETIME) {
@@ -354,9 +353,9 @@
SSLSessionImpl sessionToSave = hc.conContext.conSession;
- Optional<SecretKey> resumptionMasterSecret =
+ SecretKey resumptionMasterSecret =
sessionToSave.getResumptionMasterSecret();
- if (!resumptionMasterSecret.isPresent()) {
+ if (resumptionMasterSecret == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Session has no resumption master secret. Ignoring ticket.");
@@ -366,7 +365,7 @@
// derive the PSK
SecretKey psk = derivePreSharedKey(
- sessionToSave.getSuite().hashAlg, resumptionMasterSecret.get(),
+ sessionToSave.getSuite().hashAlg, resumptionMasterSecret,
nstm.ticketNonce);
// create and cache the new session
--- a/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java Fri Mar 22 09:31:36 2019 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java Fri Mar 22 13:47:37 2019 -0700
@@ -33,7 +33,6 @@
import java.util.Locale;
import java.util.Arrays;
import java.util.Objects;
-import java.util.Optional;
import java.util.Collection;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
@@ -402,7 +401,7 @@
private static boolean canRejoin(ClientHelloMessage clientHello,
ServerHandshakeContext shc, SSLSessionImpl s) {
- boolean result = s.isRejoinable() && s.getPreSharedKey().isPresent();
+ boolean result = s.isRejoinable() && (s.getPreSharedKey() != null);
// Check protocol version
if (result && s.getProtocolVersion() != shc.negotiatedProtocol) {
@@ -530,12 +529,11 @@
private static void checkBinder(ServerHandshakeContext shc,
SSLSessionImpl session,
HandshakeHash pskBinderHash, byte[] binder) throws IOException {
- Optional<SecretKey> pskOpt = session.getPreSharedKey();
- if (!pskOpt.isPresent()) {
+ SecretKey psk = session.getPreSharedKey();
+ if (psk == null) {
throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
"Session has no PSK");
}
- SecretKey psk = pskOpt.get();
SecretKey binderKey = deriveBinderKey(shc, psk, session);
byte[] computedBinder =
@@ -647,27 +645,28 @@
}
// The session must have a pre-shared key
- Optional<SecretKey> pskOpt = chc.resumingSession.getPreSharedKey();
- if (!pskOpt.isPresent()) {
+ SecretKey psk = chc.resumingSession.getPreSharedKey();
+ if (psk == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Existing session has no PSK.");
}
return null;
}
- SecretKey psk = pskOpt.get();
+
// The PSK ID can only be used in one connections, but this method
// may be called twice in a connection if the server sends HRR.
// ID is saved in the context so it can be used in the second call.
- Optional<byte[]> pskIdOpt = Optional.ofNullable(chc.pskIdentity)
- .or(chc.resumingSession::consumePskIdentity);
- if (!pskIdOpt.isPresent()) {
+ if (chc.pskIdentity == null) {
+ chc.pskIdentity = chc.resumingSession.consumePskIdentity();
+ }
+
+ if (chc.pskIdentity == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"PSK has no identity, or identity was already used");
}
return null;
}
- chc.pskIdentity = pskIdOpt.get();
//The session cannot be used again. Remove it from the cache.
SSLSessionContextImpl sessionCache = (SSLSessionContextImpl)
--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java Fri Mar 22 09:31:36 2019 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java Fri Mar 22 13:47:37 2019 -0700
@@ -36,7 +36,6 @@
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
-import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentLinkedQueue;
import javax.crypto.SecretKey;
@@ -286,18 +285,20 @@
return masterSecret;
}
- Optional<SecretKey> getResumptionMasterSecret() {
- return Optional.ofNullable(resumptionMasterSecret);
+ SecretKey getResumptionMasterSecret() {
+ return resumptionMasterSecret;
}
- synchronized Optional<SecretKey> getPreSharedKey() {
- return Optional.ofNullable(preSharedKey);
+ synchronized SecretKey getPreSharedKey() {
+ return preSharedKey;
}
- synchronized Optional<SecretKey> consumePreSharedKey() {
- Optional<SecretKey> result = Optional.ofNullable(preSharedKey);
- preSharedKey = null;
- return result;
+ synchronized SecretKey consumePreSharedKey() {
+ try {
+ return preSharedKey;
+ } finally {
+ preSharedKey = null;
+ }
}
int getTicketAgeAdd() {
@@ -312,10 +313,12 @@
* be used once. This method will return the identity and then clear it
* so it cannot be used again.
*/
- synchronized Optional<byte[]> consumePskIdentity() {
- Optional<byte[]> result = Optional.ofNullable(pskIdentity);
- pskIdentity = null;
- return result;
+ synchronized byte[] consumePskIdentity() {
+ try {
+ return pskIdentity;
+ } finally {
+ pskIdentity = null;
+ }
}
void setPeerCertificates(X509Certificate[] peer) {
--- a/src/java.base/share/classes/sun/security/ssl/ServerHello.java Fri Mar 22 09:31:36 2019 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/ServerHello.java Fri Mar 22 13:47:37 2019 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -35,7 +35,6 @@
import java.util.List;
import java.util.Locale;
import java.util.Map;
-import java.util.Optional;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.net.ssl.SSLException;
@@ -544,7 +543,7 @@
shc.negotiatedProtocol, shc.negotiatedCipherSuite);
setUpPskKD(shc,
- shc.resumingSession.consumePreSharedKey().get());
+ shc.resumingSession.consumePreSharedKey());
// The session can't be resumed again---remove it from cache
SSLSessionContextImpl sessionCache = (SSLSessionContextImpl)
@@ -1223,16 +1222,16 @@
chc.sslConfig.maximumPacketSize);
} else {
// The PSK is consumed to allow it to be deleted
- Optional<SecretKey> psk =
+ SecretKey psk =
chc.resumingSession.consumePreSharedKey();
- if(!psk.isPresent()) {
+ if(psk == null) {
throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
"No PSK available. Unable to resume.");
}
chc.handshakeSession = chc.resumingSession;
- setUpPskKD(chc, psk.get());
+ setUpPskKD(chc, psk);
}
//