8218889: Improperly use of the Optional API
authorxuelei
Fri, 22 Mar 2019 13:47:37 -0700
changeset 54253 01d8eae542ff
parent 54252 83deaa8f0c8e
child 54254 a2956337451b
8218889: Improperly use of the Optional API Reviewed-by: jnimeh, wetmore
src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java
src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java
src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
src/java.base/share/classes/sun/security/ssl/ServerHello.java
--- a/src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java	Fri Mar 22 09:31:36 2019 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java	Fri Mar 22 13:47:37 2019 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,7 +32,6 @@
 import java.security.SecureRandom;
 import java.text.MessageFormat;
 import java.util.Locale;
-import java.util.Optional;
 import javax.crypto.SecretKey;
 import javax.net.ssl.SSLHandshakeException;
 import sun.security.ssl.PskKeyExchangeModesExtension.PskKeyExchangeModesSpec;
@@ -224,9 +223,9 @@
             SessionId newId = new SessionId(true,
                 shc.sslContext.getSecureRandom());
 
-            Optional<SecretKey> resumptionMasterSecret =
+            SecretKey resumptionMasterSecret =
                 shc.handshakeSession.getResumptionMasterSecret();
-            if (!resumptionMasterSecret.isPresent()) {
+            if (resumptionMasterSecret == null) {
                 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                     SSLLogger.fine(
                         "Session has no resumption secret. No ticket sent.");
@@ -239,7 +238,7 @@
             byte[] nonceArr = nonce.toByteArray();
             SecretKey psk = derivePreSharedKey(
                     shc.negotiatedCipherSuite.hashAlg,
-                    resumptionMasterSecret.get(), nonceArr);
+                    resumptionMasterSecret, nonceArr);
 
             int sessionTimeoutSeconds = sessionCache.getSessionTimeout();
             if (sessionTimeoutSeconds > MAX_TICKET_LIFETIME) {
@@ -354,9 +353,9 @@
 
             SSLSessionImpl sessionToSave = hc.conContext.conSession;
 
-            Optional<SecretKey> resumptionMasterSecret =
+            SecretKey resumptionMasterSecret =
                 sessionToSave.getResumptionMasterSecret();
-            if (!resumptionMasterSecret.isPresent()) {
+            if (resumptionMasterSecret == null) {
                 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                     SSLLogger.fine(
                     "Session has no resumption master secret. Ignoring ticket.");
@@ -366,7 +365,7 @@
 
             // derive the PSK
             SecretKey psk = derivePreSharedKey(
-                sessionToSave.getSuite().hashAlg, resumptionMasterSecret.get(),
+                sessionToSave.getSuite().hashAlg, resumptionMasterSecret,
                 nstm.ticketNonce);
 
             // create and cache the new session
--- a/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java	Fri Mar 22 09:31:36 2019 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java	Fri Mar 22 13:47:37 2019 -0700
@@ -33,7 +33,6 @@
 import java.util.Locale;
 import java.util.Arrays;
 import java.util.Objects;
-import java.util.Optional;
 import java.util.Collection;
 import javax.crypto.Mac;
 import javax.crypto.SecretKey;
@@ -402,7 +401,7 @@
     private static boolean canRejoin(ClientHelloMessage clientHello,
         ServerHandshakeContext shc, SSLSessionImpl s) {
 
-        boolean result = s.isRejoinable() && s.getPreSharedKey().isPresent();
+        boolean result = s.isRejoinable() && (s.getPreSharedKey() != null);
 
         // Check protocol version
         if (result && s.getProtocolVersion() != shc.negotiatedProtocol) {
@@ -530,12 +529,11 @@
     private static void checkBinder(ServerHandshakeContext shc,
             SSLSessionImpl session,
             HandshakeHash pskBinderHash, byte[] binder) throws IOException {
-        Optional<SecretKey> pskOpt = session.getPreSharedKey();
-        if (!pskOpt.isPresent()) {
+        SecretKey psk = session.getPreSharedKey();
+        if (psk == null) {
             throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
                     "Session has no PSK");
         }
-        SecretKey psk = pskOpt.get();
 
         SecretKey binderKey = deriveBinderKey(shc, psk, session);
         byte[] computedBinder =
@@ -647,27 +645,28 @@
             }
 
             // The session must have a pre-shared key
-            Optional<SecretKey> pskOpt = chc.resumingSession.getPreSharedKey();
-            if (!pskOpt.isPresent()) {
+            SecretKey psk = chc.resumingSession.getPreSharedKey();
+            if (psk == null) {
                 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                     SSLLogger.fine("Existing session has no PSK.");
                 }
                 return null;
             }
-            SecretKey psk = pskOpt.get();
+
             // The PSK ID can only be used in one connections, but this method
             // may be called twice in a connection if the server sends HRR.
             // ID is saved in the context so it can be used in the second call.
-            Optional<byte[]> pskIdOpt = Optional.ofNullable(chc.pskIdentity)
-                .or(chc.resumingSession::consumePskIdentity);
-            if (!pskIdOpt.isPresent()) {
+            if (chc.pskIdentity == null) {
+                chc.pskIdentity = chc.resumingSession.consumePskIdentity();
+            }
+
+            if (chc.pskIdentity == null) {
                 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                     SSLLogger.fine(
                         "PSK has no identity, or identity was already used");
                 }
                 return null;
             }
-            chc.pskIdentity = pskIdOpt.get();
 
             //The session cannot be used again. Remove it from the cache.
             SSLSessionContextImpl sessionCache = (SSLSessionContextImpl)
--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java	Fri Mar 22 09:31:36 2019 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java	Fri Mar 22 13:47:37 2019 -0700
@@ -36,7 +36,6 @@
 import java.util.Collections;
 import java.util.Enumeration;
 import java.util.List;
-import java.util.Optional;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentLinkedQueue;
 import javax.crypto.SecretKey;
@@ -286,18 +285,20 @@
         return masterSecret;
     }
 
-    Optional<SecretKey> getResumptionMasterSecret() {
-        return Optional.ofNullable(resumptionMasterSecret);
+    SecretKey getResumptionMasterSecret() {
+        return resumptionMasterSecret;
     }
 
-    synchronized Optional<SecretKey> getPreSharedKey() {
-        return Optional.ofNullable(preSharedKey);
+    synchronized SecretKey getPreSharedKey() {
+        return preSharedKey;
     }
 
-    synchronized Optional<SecretKey> consumePreSharedKey() {
-        Optional<SecretKey> result = Optional.ofNullable(preSharedKey);
-        preSharedKey = null;
-        return result;
+    synchronized SecretKey consumePreSharedKey() {
+        try {
+            return preSharedKey;
+        } finally {
+            preSharedKey = null;
+        }
     }
 
     int getTicketAgeAdd() {
@@ -312,10 +313,12 @@
      * be used once. This method will return the identity and then clear it
      * so it cannot be used again.
      */
-    synchronized Optional<byte[]> consumePskIdentity() {
-        Optional<byte[]> result = Optional.ofNullable(pskIdentity);
-        pskIdentity = null;
-        return result;
+    synchronized byte[] consumePskIdentity() {
+        try {
+            return pskIdentity;
+        } finally {
+            pskIdentity = null;
+        }
     }
 
     void setPeerCertificates(X509Certificate[] peer) {
--- a/src/java.base/share/classes/sun/security/ssl/ServerHello.java	Fri Mar 22 09:31:36 2019 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/ServerHello.java	Fri Mar 22 13:47:37 2019 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,7 +35,6 @@
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
-import java.util.Optional;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;
 import javax.net.ssl.SSLException;
@@ -544,7 +543,7 @@
                         shc.negotiatedProtocol, shc.negotiatedCipherSuite);
 
                 setUpPskKD(shc,
-                        shc.resumingSession.consumePreSharedKey().get());
+                        shc.resumingSession.consumePreSharedKey());
 
                 // The session can't be resumed again---remove it from cache
                 SSLSessionContextImpl sessionCache = (SSLSessionContextImpl)
@@ -1223,16 +1222,16 @@
                         chc.sslConfig.maximumPacketSize);
             } else {
                 // The PSK is consumed to allow it to be deleted
-                Optional<SecretKey> psk =
+                SecretKey psk =
                         chc.resumingSession.consumePreSharedKey();
-                if(!psk.isPresent()) {
+                if(psk == null) {
                     throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
                     "No PSK available. Unable to resume.");
                 }
 
                 chc.handshakeSession = chc.resumingSession;
 
-                setUpPskKD(chc, psk.get());
+                setUpPskKD(chc, psk);
             }
 
             //