--- a/src/java.base/share/classes/sun/security/ssl/Finished.java Tue May 15 10:48:19 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/Finished.java Tue May 15 14:54:04 2018 -0400
@@ -902,6 +902,13 @@
return; // make the compiler happy
}
+ // save the session
+ if (!chc.isResumption && chc.handshakeSession.isRejoinable()) {
+ SSLSessionContextImpl sessionContext = (SSLSessionContextImpl)
+ chc.sslContext.engineGetClientSessionContext();
+ sessionContext.put(chc.handshakeSession);
+ }
+
// derive salt secret
try {
SecretKey saltSecret = kd.deriveKey("TlsSaltSecret", null);
@@ -1008,6 +1015,13 @@
return; // make the compiler happy
}
+ // save the session
+ if (!shc.isResumption && shc.handshakeSession.isRejoinable()) {
+ SSLSessionContextImpl sessionContext = (SSLSessionContextImpl)
+ shc.sslContext.engineGetServerSessionContext();
+ sessionContext.put(shc.handshakeSession);
+ }
+
try {
// update the application traffic read keys.
SecretKey readSecret = kd.deriveKey(
--- a/src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java Tue May 15 10:48:19 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java Tue May 15 14:54:04 2018 -0400
@@ -216,10 +216,13 @@
"Produced NewSessionTicket handshake message", nstm);
}
- // cache the new session
+ // create and cache the new session
+ // The new session must be a child of the existing session so
+ // they will be invalidated together, etc.
SSLSessionImpl sessionCopy = new SSLSessionImpl(shc,
shc.handshakeSession.getSuite(), newId,
shc.handshakeSession.getCreationTime());
+ shc.handshakeSession.addChild(sessionCopy);
sessionCopy.setPreSharedKey(psk);
sessionCopy.setPskIdentity(newId.getId());
sessionCopy.setTicketAgeAdd(nstm.ticketAgeAdd);
@@ -316,13 +319,16 @@
sessionToSave.getSuite().hashAlg, resumptionMasterSecret.get(),
nstm.ticketNonce);
- // create the new session from the context
+ // create and cache the new session
+ // The new session must be a child of the existing session so
+ // they will be invalidated together, etc.
chc.negotiatedProtocol = chc.conContext.protocolVersion;
SessionId newId =
new SessionId(true, chc.sslContext.getSecureRandom());
SSLSessionImpl sessionCopy =
new SSLSessionImpl(chc, sessionToSave.getSuite(), newId,
sessionToSave.getCreationTime());
+ sessionToSave.addChild(sessionCopy);
sessionCopy.setPreSharedKey(psk);
sessionCopy.setTicketAgeAdd(nstm.ticketAgeAdd);
sessionCopy.setPskIdentity(nstm.ticket);
--- a/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java Tue May 15 10:48:19 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java Tue May 15 14:54:04 2018 -0400
@@ -318,7 +318,9 @@
int idIndex = 0;
for (PskIdentity requestedId : pskSpec.identities) {
SSLSessionImpl s = sessionCache.get(requestedId.identity);
- if (s != null && s.getPreSharedKey().isPresent()) {
+ if (s != null && s.isRejoinable() &&
+ s.getPreSharedKey().isPresent()) {
+
resumeSession(shc, s, idIndex);
break;
}
@@ -368,9 +370,6 @@
pskBinderHash.receive(messageBuf, length);
checkBinder(shc, shc.resumingSession, pskBinderHash, binder);
-
- SSLSessionContextImpl sessionCache = (SSLSessionContextImpl)
- message.handshakeContext.sslContext.engineGetServerSessionContext();
}
}
@@ -466,7 +465,6 @@
if (ext == SSLExtension.CH_PRE_SHARED_KEY) {
continue;
}
- System.err.println("partial CH extension: " + ext.name());
int extID = ext.id;
hos.putInt16(extID);
hos.putBytes16(extData);
--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java Tue May 15 10:48:19 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java Tue May 15 14:54:04 2018 -0400
@@ -31,6 +31,7 @@
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.Queue;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
@@ -38,6 +39,7 @@
import java.util.List;
import java.util.Vector;
import java.util.Optional;
+import java.util.concurrent.ConcurrentLinkedQueue;
import javax.crypto.SecretKey;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.SNIServerName;
@@ -86,11 +88,6 @@
private CipherSuite cipherSuite;
private SecretKey masterSecret;
final boolean useExtendedMasterSecret;
- private SecretKey resumptionMasterSecret;
- private SecretKey preSharedKey;
- private byte[] pskIdentity;
- private final long ticketCreationTime = System.currentTimeMillis();
- private int ticketAgeAdd;
/*
* Information not part of the SSLv3 protocol spec, but used
@@ -108,6 +105,11 @@
private final String[] localSupportedSignAlgs;
private String[] peerSupportedSignAlgs;
private List<byte[]> statusResponses;
+ private SecretKey resumptionMasterSecret;
+ private SecretKey preSharedKey;
+ private byte[] pskIdentity;
+ private final long ticketCreationTime = System.currentTimeMillis();
+ private int ticketAgeAdd;
private int negotiatedMaxFragLen;
private int maximumPacketSize;
@@ -116,6 +118,8 @@
private Principal peerPrincipal;
private Principal localPrincipal;
+ private Queue<SSLSessionImpl> childSessions = new ConcurrentLinkedQueue<SSLSessionImpl>();
+
/*
* Is the session currently re-established with a session-resumption
* abbreviated initial handshake?
@@ -243,6 +247,10 @@
}
}
+ void addChild(SSLSessionImpl session) {
+ childSessions.add(session);
+ }
+
void setTicketAgeAdd(int ticketAgeAdd) {
this.ticketAgeAdd = ticketAgeAdd;
}
@@ -766,13 +774,20 @@
if (this == nullSession) {
return;
}
+
+ if (context != null) {
+ context.remove(sessionId);
+ context = null;
+ }
+ if (invalidated) {
+ return;
+ }
invalidated = true;
if (SSLLogger.isOn && SSLLogger.isOn("session")) {
SSLLogger.finest("Invalidated session: " + this);
}
- if (context != null) {
- context.remove(sessionId);
- context = null;
+ for (SSLSessionImpl child : childSessions) {
+ child.invalidate();
}
}