--- a/src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java Sat Jun 09 13:38:27 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java Sat Jun 09 21:52:54 2018 -0700
@@ -261,8 +261,8 @@
// The new session must be a child of the existing session so
// they will be invalidated together, etc.
SSLSessionImpl sessionCopy = new SSLSessionImpl(shc,
- shc.handshakeSession.getSuite(), newId,
- shc.handshakeSession.getCreationTime());
+ shc.handshakeSession.getSuite(), newId,
+ shc.handshakeSession.getCreationTime());
shc.handshakeSession.addChild(sessionCopy);
sessionCopy.setPreSharedKey(psk);
sessionCopy.setPskIdentity(newId.getId());
@@ -375,9 +375,9 @@
// they will be invalidated together, etc.
SessionId newId =
new SessionId(true, hc.sslContext.getSecureRandom());
- SSLSessionImpl sessionCopy =
- new SSLSessionImpl(hc, sessionToSave.getSuite(), newId,
- sessionToSave.getCreationTime());
+ SSLSessionImpl sessionCopy = new SSLSessionImpl(
+ hc, sessionToSave.getSuite(), newId,
+ sessionToSave.getCreationTime());
sessionToSave.addChild(sessionCopy);
sessionCopy.setPreSharedKey(psk);
sessionCopy.setTicketAgeAdd(nstm.ticketAgeAdd);
--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java Sat Jun 09 13:38:27 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java Sat Jun 09 21:52:54 2018 -0700
@@ -35,10 +35,9 @@
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
-import java.util.Hashtable;
import java.util.List;
-import java.util.Vector;
import java.util.Optional;
+import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentLinkedQueue;
import javax.crypto.SecretKey;
import javax.net.ssl.ExtendedSSLSession;
@@ -74,9 +73,6 @@
*/
static final SSLSessionImpl nullSession = new SSLSessionImpl();
- // compression methods
- private static final byte compression_null = 0;
-
/*
* The state of a single session, as described in section 7.1
* of the SSLv3 spec.
@@ -84,7 +80,6 @@
private final ProtocolVersion protocolVersion;
private final SessionId sessionId;
private X509Certificate[] peerCerts;
- private byte compressionMethod;
private CipherSuite cipherSuite;
private SecretKey masterSecret;
final boolean useExtendedMasterSecret;
@@ -98,7 +93,6 @@
private final String host;
private final int port;
private SSLSessionContextImpl context;
- private int sessionCount;
private boolean invalidated;
private X509Certificate[] localCerts;
private PrivateKey localPrivateKey;
@@ -112,14 +106,11 @@
private final long ticketCreationTime = System.currentTimeMillis();
private int ticketAgeAdd;
- private int negotiatedMaxFragLen;
+ private int negotiatedMaxFragLen = -1;
private int maximumPacketSize;
- // Principals for non-certificate based cipher suites
- private Principal peerPrincipal;
- private Principal localPrincipal;
-
- private Queue<SSLSessionImpl> childSessions = new ConcurrentLinkedQueue<SSLSessionImpl>();
+ private final Queue<SSLSessionImpl> childSessions =
+ new ConcurrentLinkedQueue<>();
/*
* Is the session currently re-established with a session-resumption
@@ -130,13 +121,6 @@
private boolean isSessionResumption = false;
/*
- * We count session creations, eventually for statistical data but
- * also since counters make shorter debugging IDs than the big ones
- * we use in the protocol for uniqueness-over-time.
- */
- private static volatile int counter;
-
- /*
* Use of session caches is globally enabled/disabled.
*/
private static boolean defaultRejoinable = true;
@@ -190,23 +174,16 @@
*/
SSLSessionImpl(HandshakeContext hc,
CipherSuite cipherSuite, SessionId id, long creationTime) {
- this.creationTime = creationTime;
this.protocolVersion = hc.negotiatedProtocol;
+ this.cipherSuite = cipherSuite;
this.sessionId = id;
- peerCerts = null;
- compressionMethod = compression_null;
- this.cipherSuite = cipherSuite;
- masterSecret = null;
this.host = hc.conContext.transport.getPeerHost();
this.port = hc.conContext.transport.getPeerPort();
- sessionCount = ++counter;
this.localSupportedSignAlgs =
- SignatureScheme.getAlgorithmNames(hc.localSupportedSignAlgs);
- negotiatedMaxFragLen = -1;
- statusResponses = null;
+ SignatureScheme.getAlgorithmNames(hc.localSupportedSignAlgs);
+ this.serverNameIndication = hc.negotiatedServerName;
this.requestedServerNames = Collections.<SNIServerName>unmodifiableList(
hc.getRequestedServerNames());
- this.serverNameIndication = hc.negotiatedServerName;
if (hc.sslConfig.isClientMode) {
this.useExtendedMasterSecret =
(hc.handshakeExtensions.get(
@@ -219,6 +196,7 @@
SSLExtension.CH_EXTENDED_MASTER_SECRET) != null) &&
(!hc.negotiatedProtocol.useTLS13PlusSpec());
}
+ this.creationTime = creationTime;
if (SSLLogger.isOn && SSLLogger.isOn("session")) {
SSLLogger.finest("Session initialized: " + this);
@@ -226,27 +204,15 @@
}
void setMasterSecret(SecretKey secret) {
- if (masterSecret == null) {
- masterSecret = secret;
- } else {
- throw new RuntimeException("setMasterSecret() error");
- }
+ masterSecret = secret;
}
void setResumptionMasterSecret(SecretKey secret) {
- if (resumptionMasterSecret == null) {
- resumptionMasterSecret = secret;
- } else {
- throw new RuntimeException("setResumptionMasterSecret() error");
- }
+ resumptionMasterSecret = secret;
}
void setPreSharedKey(SecretKey key) {
- if (preSharedKey == null) {
- preSharedKey = key;
- } else {
- throw new RuntimeException("setPreSharedKey() error");
- }
+ preSharedKey = key;
}
void addChild(SSLSessionImpl session) {
@@ -258,11 +224,7 @@
}
void setPskIdentity(byte[] pskIdentity) {
- if (this.pskIdentity == null) {
- this.pskIdentity = pskIdentity;
- } else {
- throw new RuntimeException("setPskIdentity() error");
- }
+ this.pskIdentity = pskIdentity;
}
BigInteger incrTicketNonceCounter() {
@@ -373,22 +335,6 @@
}
/**
- * Set the peer principal.
- */
- void setPeerPrincipal(Principal principal) {
- if (peerPrincipal == null) {
- peerPrincipal = principal;
- }
- }
-
- /**
- * Set the local principal.
- */
- void setLocalPrincipal(Principal principal) {
- localPrincipal = principal;
- }
-
- /**
* Returns true iff this session may be resumed ... sessions are
* usually resumable. Security policies may suggest otherwise,
* for example sessions that haven't been used for a while (say,
@@ -520,13 +466,6 @@
}
/**
- * Returns the compression technique used in this session
- */
- byte getCompression() {
- return compressionMethod;
- }
-
- /**
* Returns the hashcode for this session
*/
@Override
@@ -822,7 +761,8 @@
* key and the calling security context. This is important since
* sessions can be shared across different protection domains.
*/
- private Hashtable<SecureKey, Object> table = new Hashtable<>();
+ private final ConcurrentHashMap<SecureKey, Object> boundValues =
+ new ConcurrentHashMap<>();
/**
* Assigns a session value. Session change events are given if
@@ -835,7 +775,7 @@
}
SecureKey secureKey = new SecureKey(key);
- Object oldValue = table.put(secureKey, value);
+ Object oldValue = boundValues.put(secureKey, value);
if (oldValue instanceof SSLSessionBindingListener) {
SSLSessionBindingEvent e;
@@ -861,7 +801,7 @@
}
SecureKey secureKey = new SecureKey(key);
- return table.get(secureKey);
+ return boundValues.get(secureKey);
}
@@ -876,7 +816,7 @@
}
SecureKey secureKey = new SecureKey(key);
- Object value = table.remove(secureKey);
+ Object value = boundValues.remove(secureKey);
if (value instanceof SSLSessionBindingListener) {
SSLSessionBindingEvent e;
@@ -892,22 +832,17 @@
*/
@Override
public String[] getValueNames() {
- Enumeration<SecureKey> e;
- Vector<Object> v = new Vector<>();
- SecureKey key;
+ ArrayList<Object> v = new ArrayList<>();
Object securityCtx = SecureKey.getCurrentSecurityContext();
-
- for (e = table.keys(); e.hasMoreElements(); ) {
- key = e.nextElement();
-
+ for (Enumeration<SecureKey> e = boundValues.keys();
+ e.hasMoreElements(); ) {
+ SecureKey key = e.nextElement();
if (securityCtx.equals(key.getSecurityContext())) {
- v.addElement(key.getAppKey());
+ v.add(key.getAppKey());
}
}
- String[] names = new String[v.size()];
- v.copyInto(names);
- return names;
+ return v.toArray(new String[0]);
}
/**
@@ -1065,30 +1000,24 @@
*/
@Override
public List<SNIServerName> getRequestedServerNames() {
- if (requestedServerNames == null) {
- return Collections.<SNIServerName>emptyList();
- }
return requestedServerNames;
}
/** Returns a string representation of this SSL session */
@Override
public String toString() {
- return "[Session-" + sessionCount
- + ", " + getCipherSuite()
- + "]";
+ return "Session(" + creationTime + "|" + getCipherSuite() + ")";
}
}
-
/**
* This "struct" class serves as a Hash Key that combines an
* application-specific key and a security context.
*/
class SecureKey {
- private static Object nullObject = new Object();
- private Object appKey;
- private Object securityCtx;
+ private static final Object nullObject = new Object();
+ private final Object appKey;
+ private final Object securityCtx;
static Object getCurrentSecurityContext() {
SecurityManager sm = System.getSecurityManager();