--- old/src/java.base/share/classes/sun/security/ssl/SessionId.java 2018-05-11 15:06:10.587362000 -0700 +++ new/src/java.base/share/classes/sun/security/ssl/SessionId.java 2018-05-11 15:06:10.106630300 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,105 +23,83 @@ * questions. */ - package sun.security.ssl; import java.security.SecureRandom; +import java.util.Arrays; import javax.net.ssl.SSLProtocolException; /** - * Encapsulates an SSL session ID. SSL Session IDs are not reused by - * servers during the lifetime of any sessions it created. Sessions may - * be used by many connections, either concurrently (for example, two - * connections to a web server at the same time) or sequentially (over as - * long a time period as is allowed by a given server). + * Encapsulates an SSL session ID. * * @author Satish Dharmaraj * @author David Brownell */ -final -class SessionId -{ - static int MAX_LENGTH = 32; - private byte[] sessionId; // max 32 bytes - - /** Constructs a new session ID ... perhaps for a rejoinable session */ - SessionId (boolean isRejoinable, SecureRandom generator) - { - if (isRejoinable) - // this will be unique, it's a timestamp plus much randomness - sessionId = new RandomCookie (generator).random_bytes; - else - sessionId = new byte [0]; - } - - /** Constructs a session ID from a byte array (max size 32 bytes) */ - SessionId (byte[] sessionId) - { this.sessionId = sessionId; } - - /** Returns the length of the ID, in bytes */ - int length () - { return sessionId.length; } - - /** Returns the bytes in the ID. May be an empty array. */ - byte[] getId () - { - return sessionId.clone (); +final class SessionId { + private static final int MAX_LENGTH = 32; + private final byte[] sessionId; // max 32 bytes + + // Constructs a new session ID ... perhaps for a rejoinable session + SessionId(boolean isRejoinable, SecureRandom generator) { + if (isRejoinable && (generator != null)) { + sessionId = new RandomCookie(generator).randomBytes; + } else { + sessionId = new byte[0]; + } + } + + // Constructs a session ID from a byte array (max size 32 bytes) + SessionId(byte[] sessionId) { + this.sessionId = sessionId.clone(); + } + + // Returns the length of the ID, in bytes + int length() { + return sessionId.length; + } + + // Returns the bytes in the ID. May be an empty array. + byte[] getId() { + return sessionId.clone(); } - /** Returns the ID as a string */ + // Returns the ID as a string @Override - public String toString () - { - int len = sessionId.length; - StringBuilder sb = new StringBuilder (10 + 2 * len); - - sb.append("{"); - for (int i = 0; i < len; i++) { - sb.append(0x0ff & sessionId[i]); - if (i != (len - 1)) - sb.append (", "); + public String toString() { + if (sessionId.length == 0) { + return ""; } - sb.append("}"); - return sb.toString (); + + return Utilities.toHexString(sessionId); } - /** Returns a value which is the same for session IDs which are equal */ + // Returns a value which is the same for session IDs which are equal @Override - public int hashCode () - { - int retval = 0; - - for (int i = 0; i < sessionId.length; i++) - retval += sessionId [i]; - return retval; + public int hashCode() { + return Arrays.hashCode(sessionId); } - /** Returns true if the parameter is the same session ID */ + // Returns true if the parameter is the same session ID @Override - public boolean equals (Object obj) - { - if (!(obj instanceof SessionId)) - return false; - - SessionId s = (SessionId) obj; - byte[] b = s.getId (); - - if (b.length != sessionId.length) - return false; - for (int i = 0; i < sessionId.length; i++) { - if (b [i] != sessionId [i]) - return false; + public boolean equals (Object obj) { + if (obj == this) { + return true; } - return true; + + if (obj instanceof SessionId) { + SessionId that = (SessionId)obj; + return Arrays.equals(this.sessionId, that.sessionId); + } + + return false; } /** * Checks the length of the session ID to make sure it sits within * the range called out in the specification */ - void checkLength(ProtocolVersion pv) throws SSLProtocolException { + void checkLength(int protocolVersion) throws SSLProtocolException { // As of today all versions of TLS have a 32-byte maximum length. // In the future we can do more here to support protocol versions // that may have longer max lengths. @@ -130,5 +108,4 @@ sessionId.length + " bytes)"); } } - }