src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java

Print this page




  92     private CipherSuite         cipherSuite;
  93     private SecretKey           masterSecret;
  94 
  95     /*
  96      * Information not part of the SSLv3 protocol spec, but used
  97      * to support session management policies.
  98      */
  99     private final long          creationTime = System.currentTimeMillis();
 100     private long                lastUsedTime = 0;
 101     private final String        host;
 102     private final int           port;
 103     private SSLSessionContextImpl       context;
 104     private int                 sessionCount;
 105     private boolean             invalidated;
 106     private X509Certificate[]   localCerts;
 107     private PrivateKey          localPrivateKey;
 108     private String[]            localSupportedSignAlgs;
 109     private String[]            peerSupportedSignAlgs;
 110     private List<SNIServerName>    requestedServerNames;
 111 


 112 
 113     // Principals for non-certificate based cipher suites
 114     private Principal peerPrincipal;
 115     private Principal localPrincipal;
 116 
 117     /*
 118      * Is the session currently re-established with a session-resumption
 119      * abbreviated initial handshake?
 120      *
 121      * Note that currently we only set this variable in client side.
 122      */
 123     private boolean isSessionResumption = false;
 124 
 125     /*
 126      * We count session creations, eventually for statistical data but
 127      * also since counters make shorter debugging IDs than the big ones
 128      * we use in the protocol for uniqueness-over-time.
 129      */
 130     private static volatile int counter = 0;
 131 


 160              new SessionId(defaultRejoinable, generator), host, port);
 161     }
 162 
 163     /*
 164      * Record a new session, using a given cipher spec and session ID.
 165      */
 166     SSLSessionImpl(ProtocolVersion protocolVersion, CipherSuite cipherSuite,
 167             Collection<SignatureAndHashAlgorithm> algorithms,
 168             SessionId id, String host, int port) {
 169         this.protocolVersion = protocolVersion;
 170         sessionId = id;
 171         peerCerts = null;
 172         compressionMethod = compression_null;
 173         this.cipherSuite = cipherSuite;
 174         masterSecret = null;
 175         this.host = host;
 176         this.port = port;
 177         sessionCount = ++counter;
 178         localSupportedSignAlgs =
 179             SignatureAndHashAlgorithm.getAlgorithmNames(algorithms);

 180 
 181         if (debug != null && Debug.isOn("session")) {
 182             System.out.println("%% Initialized:  " + this);
 183         }
 184     }
 185 
 186     void setMasterSecret(SecretKey secret) {
 187         if (masterSecret == null) {
 188             masterSecret = secret;
 189         } else {
 190             throw new RuntimeException("setMasterSecret() error");
 191         }
 192     }
 193 
 194     /**
 195      * Returns the master secret ... treat with extreme caution!
 196      */
 197     SecretKey getMasterSecret() {
 198         return masterSecret;
 199     }


 768      * setting the system property jsse.SSLEngine.acceptLargeFragments
 769      * to "true".
 770      */
 771     private boolean acceptLargeFragments =
 772         Debug.getBooleanProperty("jsse.SSLEngine.acceptLargeFragments", false);
 773 
 774     /**
 775      * Expand the buffer size of both SSL/TLS network packet and
 776      * application data.
 777      */
 778     protected synchronized void expandBufferSizes() {
 779         acceptLargeFragments = true;
 780     }
 781 
 782     /**
 783      * Gets the current size of the largest SSL/TLS packet that is expected
 784      * when using this session.
 785      */
 786     @Override
 787     public synchronized int getPacketBufferSize() {





















 788         return acceptLargeFragments ?
 789                 Record.maxLargeRecordSize : Record.maxRecordSize;
 790     }

 791 
 792     /**
 793      * Gets the current size of the largest application data that is
 794      * expected when using this session.
 795      */
 796     @Override
 797     public synchronized int getApplicationBufferSize() {
 798         return getPacketBufferSize() - Record.headerSize;






 799     }
 800 



















































 801     /**
 802      * Gets an array of supported signature algorithms that the local side is
 803      * willing to verify.
 804      */
 805     @Override
 806     public String[] getLocalSupportedSignatureAlgorithms() {
 807         if (localSupportedSignAlgs != null) {
 808             return localSupportedSignAlgs.clone();
 809         }
 810 
 811         return new String[0];
 812     }
 813 
 814     /**
 815      * Gets an array of supported signature algorithms that the peer is
 816      * able to verify.
 817      */
 818     @Override
 819     public String[] getPeerSupportedSignatureAlgorithms() {
 820         if (peerSupportedSignAlgs != null) {




  92     private CipherSuite         cipherSuite;
  93     private SecretKey           masterSecret;
  94 
  95     /*
  96      * Information not part of the SSLv3 protocol spec, but used
  97      * to support session management policies.
  98      */
  99     private final long          creationTime = System.currentTimeMillis();
 100     private long                lastUsedTime = 0;
 101     private final String        host;
 102     private final int           port;
 103     private SSLSessionContextImpl       context;
 104     private int                 sessionCount;
 105     private boolean             invalidated;
 106     private X509Certificate[]   localCerts;
 107     private PrivateKey          localPrivateKey;
 108     private String[]            localSupportedSignAlgs;
 109     private String[]            peerSupportedSignAlgs;
 110     private List<SNIServerName>    requestedServerNames;
 111 
 112     private int                 negotiatedMaxFragLen;
 113     private int                 maximumPacketSize;
 114 
 115     // Principals for non-certificate based cipher suites
 116     private Principal peerPrincipal;
 117     private Principal localPrincipal;
 118 
 119     /*
 120      * Is the session currently re-established with a session-resumption
 121      * abbreviated initial handshake?
 122      *
 123      * Note that currently we only set this variable in client side.
 124      */
 125     private boolean isSessionResumption = false;
 126 
 127     /*
 128      * We count session creations, eventually for statistical data but
 129      * also since counters make shorter debugging IDs than the big ones
 130      * we use in the protocol for uniqueness-over-time.
 131      */
 132     private static volatile int counter = 0;
 133 


 162              new SessionId(defaultRejoinable, generator), host, port);
 163     }
 164 
 165     /*
 166      * Record a new session, using a given cipher spec and session ID.
 167      */
 168     SSLSessionImpl(ProtocolVersion protocolVersion, CipherSuite cipherSuite,
 169             Collection<SignatureAndHashAlgorithm> algorithms,
 170             SessionId id, String host, int port) {
 171         this.protocolVersion = protocolVersion;
 172         sessionId = id;
 173         peerCerts = null;
 174         compressionMethod = compression_null;
 175         this.cipherSuite = cipherSuite;
 176         masterSecret = null;
 177         this.host = host;
 178         this.port = port;
 179         sessionCount = ++counter;
 180         localSupportedSignAlgs =
 181             SignatureAndHashAlgorithm.getAlgorithmNames(algorithms);
 182         negotiatedMaxFragLen = -1;
 183 
 184         if (debug != null && Debug.isOn("session")) {
 185             System.out.println("%% Initialized:  " + this);
 186         }
 187     }
 188 
 189     void setMasterSecret(SecretKey secret) {
 190         if (masterSecret == null) {
 191             masterSecret = secret;
 192         } else {
 193             throw new RuntimeException("setMasterSecret() error");
 194         }
 195     }
 196 
 197     /**
 198      * Returns the master secret ... treat with extreme caution!
 199      */
 200     SecretKey getMasterSecret() {
 201         return masterSecret;
 202     }


 771      * setting the system property jsse.SSLEngine.acceptLargeFragments
 772      * to "true".
 773      */
 774     private boolean acceptLargeFragments =
 775         Debug.getBooleanProperty("jsse.SSLEngine.acceptLargeFragments", false);
 776 
 777     /**
 778      * Expand the buffer size of both SSL/TLS network packet and
 779      * application data.
 780      */
 781     protected synchronized void expandBufferSizes() {
 782         acceptLargeFragments = true;
 783     }
 784 
 785     /**
 786      * Gets the current size of the largest SSL/TLS packet that is expected
 787      * when using this session.
 788      */
 789     @Override
 790     public synchronized int getPacketBufferSize() {
 791         // Use the bigger packet size calculated from maximumPacketSize
 792         // and negotiatedMaxFragLen.
 793         int packetSize = 0;
 794         if (negotiatedMaxFragLen > 0) {
 795             packetSize = cipherSuite.calculatePacketSize(
 796                     negotiatedMaxFragLen, protocolVersion,
 797                     protocolVersion.isDTLSProtocol());
 798         }
 799 
 800         if (maximumPacketSize > 0) {
 801             return (maximumPacketSize > packetSize) ?
 802                     maximumPacketSize : packetSize;
 803         }
 804 
 805         if (packetSize != 0) {
 806            return packetSize;
 807         }
 808 
 809         if (protocolVersion.isDTLSProtocol()) {
 810             return DTLSRecord.maxRecordSize;
 811         } else {
 812             return acceptLargeFragments ?
 813                     SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize;
 814         }
 815     }
 816 
 817     /**
 818      * Gets the current size of the largest application data that is
 819      * expected when using this session.
 820      */
 821     @Override
 822     public synchronized int getApplicationBufferSize() {
 823         // Use the bigger fragment size calculated from maximumPacketSize
 824         // and negotiatedMaxFragLen.
 825         int fragmentSize = 0;
 826         if (maximumPacketSize > 0) {
 827             fragmentSize = cipherSuite.calculateFragSize(
 828                     maximumPacketSize, protocolVersion,
 829                     protocolVersion.isDTLSProtocol());
 830         }
 831 
 832         if (negotiatedMaxFragLen > 0) {
 833             return (negotiatedMaxFragLen > fragmentSize) ?
 834                     negotiatedMaxFragLen : fragmentSize;
 835         }
 836 
 837         if (fragmentSize != 0) {
 838             return fragmentSize;
 839         }
 840 
 841         if (protocolVersion.isDTLSProtocol()) {
 842             return Record.maxDataSize;
 843         } else {
 844             int maxPacketSize = acceptLargeFragments ?
 845                         SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize;
 846             return (maxPacketSize - SSLRecord.headerSize);
 847         }
 848     }
 849 
 850     /**
 851      * Sets the negotiated maximum fragment length, as specified by the
 852      * max_fragment_length ClientHello extension in RFC 6066.
 853      *
 854      * @param  negotiatedMaxFragLen
 855      *         the negotiated maximum fragment length, or {@code -1} if
 856      *         no such length has been negotiated.
 857      */
 858     synchronized void setNegotiatedMaxFragSize(
 859             int negotiatedMaxFragLen) {
 860 
 861         this.negotiatedMaxFragLen = negotiatedMaxFragLen;
 862     }
 863 
 864     /**
 865      * Get the negotiated maximum fragment length, as specified by the
 866      * max_fragment_length ClientHello extension in RFC 6066.
 867      *
 868      * @return the negotiated maximum fragment length, or {@code -1} if
 869      *         no such length has been negotiated.
 870      */
 871     synchronized int getNegotiatedMaxFragSize() {
 872         return negotiatedMaxFragLen;
 873     }
 874 
 875     synchronized void setMaximumPacketSize(int maximumPacketSize) {
 876         this.maximumPacketSize = maximumPacketSize;
 877     }
 878 
 879     synchronized int getMaximumPacketSize() {
 880         return maximumPacketSize;
 881     }
 882 
 883     /**
 884      * Gets an array of supported signature algorithms that the local side is
 885      * willing to verify.
 886      */
 887     @Override
 888     public String[] getLocalSupportedSignatureAlgorithms() {
 889         if (localSupportedSignAlgs != null) {
 890             return localSupportedSignAlgs.clone();
 891         }
 892 
 893         return new String[0];
 894     }
 895 
 896     /**
 897      * Gets an array of supported signature algorithms that the peer is
 898      * able to verify.
 899      */
 900     @Override
 901     public String[] getPeerSupportedSignatureAlgorithms() {
 902         if (peerSupportedSignAlgs != null) {