92 private CipherSuite cipherSuite;
93 private SecretKey masterSecret;
94
95 /*
96 * Information not part of the SSLv3 protocol spec, but used
97 * to support session management policies.
98 */
99 private final long creationTime = System.currentTimeMillis();
100 private long lastUsedTime = 0;
101 private final String host;
102 private final int port;
103 private SSLSessionContextImpl context;
104 private int sessionCount;
105 private boolean invalidated;
106 private X509Certificate[] localCerts;
107 private PrivateKey localPrivateKey;
108 private String[] localSupportedSignAlgs;
109 private String[] peerSupportedSignAlgs;
110 private List<SNIServerName> requestedServerNames;
111
112
113 // Principals for non-certificate based cipher suites
114 private Principal peerPrincipal;
115 private Principal localPrincipal;
116
117 /*
118 * Is the session currently re-established with a session-resumption
119 * abbreviated initial handshake?
120 *
121 * Note that currently we only set this variable in client side.
122 */
123 private boolean isSessionResumption = false;
124
125 /*
126 * We count session creations, eventually for statistical data but
127 * also since counters make shorter debugging IDs than the big ones
128 * we use in the protocol for uniqueness-over-time.
129 */
130 private static volatile int counter = 0;
131
160 new SessionId(defaultRejoinable, generator), host, port);
161 }
162
163 /*
164 * Record a new session, using a given cipher spec and session ID.
165 */
166 SSLSessionImpl(ProtocolVersion protocolVersion, CipherSuite cipherSuite,
167 Collection<SignatureAndHashAlgorithm> algorithms,
168 SessionId id, String host, int port) {
169 this.protocolVersion = protocolVersion;
170 sessionId = id;
171 peerCerts = null;
172 compressionMethod = compression_null;
173 this.cipherSuite = cipherSuite;
174 masterSecret = null;
175 this.host = host;
176 this.port = port;
177 sessionCount = ++counter;
178 localSupportedSignAlgs =
179 SignatureAndHashAlgorithm.getAlgorithmNames(algorithms);
180
181 if (debug != null && Debug.isOn("session")) {
182 System.out.println("%% Initialized: " + this);
183 }
184 }
185
186 void setMasterSecret(SecretKey secret) {
187 if (masterSecret == null) {
188 masterSecret = secret;
189 } else {
190 throw new RuntimeException("setMasterSecret() error");
191 }
192 }
193
194 /**
195 * Returns the master secret ... treat with extreme caution!
196 */
197 SecretKey getMasterSecret() {
198 return masterSecret;
199 }
768 * setting the system property jsse.SSLEngine.acceptLargeFragments
769 * to "true".
770 */
771 private boolean acceptLargeFragments =
772 Debug.getBooleanProperty("jsse.SSLEngine.acceptLargeFragments", false);
773
774 /**
775 * Expand the buffer size of both SSL/TLS network packet and
776 * application data.
777 */
778 protected synchronized void expandBufferSizes() {
779 acceptLargeFragments = true;
780 }
781
782 /**
783 * Gets the current size of the largest SSL/TLS packet that is expected
784 * when using this session.
785 */
786 @Override
787 public synchronized int getPacketBufferSize() {
788 return acceptLargeFragments ?
789 Record.maxLargeRecordSize : Record.maxRecordSize;
790 }
791
792 /**
793 * Gets the current size of the largest application data that is
794 * expected when using this session.
795 */
796 @Override
797 public synchronized int getApplicationBufferSize() {
798 return getPacketBufferSize() - Record.headerSize;
799 }
800
801 /**
802 * Gets an array of supported signature algorithms that the local side is
803 * willing to verify.
804 */
805 @Override
806 public String[] getLocalSupportedSignatureAlgorithms() {
807 if (localSupportedSignAlgs != null) {
808 return localSupportedSignAlgs.clone();
809 }
810
811 return new String[0];
812 }
813
814 /**
815 * Gets an array of supported signature algorithms that the peer is
816 * able to verify.
817 */
818 @Override
819 public String[] getPeerSupportedSignatureAlgorithms() {
820 if (peerSupportedSignAlgs != null) {
|
92 private CipherSuite cipherSuite;
93 private SecretKey masterSecret;
94
95 /*
96 * Information not part of the SSLv3 protocol spec, but used
97 * to support session management policies.
98 */
99 private final long creationTime = System.currentTimeMillis();
100 private long lastUsedTime = 0;
101 private final String host;
102 private final int port;
103 private SSLSessionContextImpl context;
104 private int sessionCount;
105 private boolean invalidated;
106 private X509Certificate[] localCerts;
107 private PrivateKey localPrivateKey;
108 private String[] localSupportedSignAlgs;
109 private String[] peerSupportedSignAlgs;
110 private List<SNIServerName> requestedServerNames;
111
112 private int negotiatedMaxFragLen;
113 private int maximumPacketSize;
114
115 // Principals for non-certificate based cipher suites
116 private Principal peerPrincipal;
117 private Principal localPrincipal;
118
119 /*
120 * Is the session currently re-established with a session-resumption
121 * abbreviated initial handshake?
122 *
123 * Note that currently we only set this variable in client side.
124 */
125 private boolean isSessionResumption = false;
126
127 /*
128 * We count session creations, eventually for statistical data but
129 * also since counters make shorter debugging IDs than the big ones
130 * we use in the protocol for uniqueness-over-time.
131 */
132 private static volatile int counter = 0;
133
162 new SessionId(defaultRejoinable, generator), host, port);
163 }
164
165 /*
166 * Record a new session, using a given cipher spec and session ID.
167 */
168 SSLSessionImpl(ProtocolVersion protocolVersion, CipherSuite cipherSuite,
169 Collection<SignatureAndHashAlgorithm> algorithms,
170 SessionId id, String host, int port) {
171 this.protocolVersion = protocolVersion;
172 sessionId = id;
173 peerCerts = null;
174 compressionMethod = compression_null;
175 this.cipherSuite = cipherSuite;
176 masterSecret = null;
177 this.host = host;
178 this.port = port;
179 sessionCount = ++counter;
180 localSupportedSignAlgs =
181 SignatureAndHashAlgorithm.getAlgorithmNames(algorithms);
182 negotiatedMaxFragLen = -1;
183
184 if (debug != null && Debug.isOn("session")) {
185 System.out.println("%% Initialized: " + this);
186 }
187 }
188
189 void setMasterSecret(SecretKey secret) {
190 if (masterSecret == null) {
191 masterSecret = secret;
192 } else {
193 throw new RuntimeException("setMasterSecret() error");
194 }
195 }
196
197 /**
198 * Returns the master secret ... treat with extreme caution!
199 */
200 SecretKey getMasterSecret() {
201 return masterSecret;
202 }
771 * setting the system property jsse.SSLEngine.acceptLargeFragments
772 * to "true".
773 */
774 private boolean acceptLargeFragments =
775 Debug.getBooleanProperty("jsse.SSLEngine.acceptLargeFragments", false);
776
777 /**
778 * Expand the buffer size of both SSL/TLS network packet and
779 * application data.
780 */
781 protected synchronized void expandBufferSizes() {
782 acceptLargeFragments = true;
783 }
784
785 /**
786 * Gets the current size of the largest SSL/TLS packet that is expected
787 * when using this session.
788 */
789 @Override
790 public synchronized int getPacketBufferSize() {
791 // Use the bigger packet size calculated from maximumPacketSize
792 // and negotiatedMaxFragLen.
793 int packetSize = 0;
794 if (negotiatedMaxFragLen > 0) {
795 packetSize = cipherSuite.calculatePacketSize(
796 negotiatedMaxFragLen, protocolVersion,
797 protocolVersion.isDTLSProtocol());
798 }
799
800 if (maximumPacketSize > 0) {
801 return (maximumPacketSize > packetSize) ?
802 maximumPacketSize : packetSize;
803 }
804
805 if (packetSize != 0) {
806 return packetSize;
807 }
808
809 if (protocolVersion.isDTLSProtocol()) {
810 return DTLSRecord.maxRecordSize;
811 } else {
812 return acceptLargeFragments ?
813 SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize;
814 }
815 }
816
817 /**
818 * Gets the current size of the largest application data that is
819 * expected when using this session.
820 */
821 @Override
822 public synchronized int getApplicationBufferSize() {
823 // Use the bigger fragment size calculated from maximumPacketSize
824 // and negotiatedMaxFragLen.
825 int fragmentSize = 0;
826 if (maximumPacketSize > 0) {
827 fragmentSize = cipherSuite.calculateFragSize(
828 maximumPacketSize, protocolVersion,
829 protocolVersion.isDTLSProtocol());
830 }
831
832 if (negotiatedMaxFragLen > 0) {
833 return (negotiatedMaxFragLen > fragmentSize) ?
834 negotiatedMaxFragLen : fragmentSize;
835 }
836
837 if (fragmentSize != 0) {
838 return fragmentSize;
839 }
840
841 if (protocolVersion.isDTLSProtocol()) {
842 return Record.maxDataSize;
843 } else {
844 int maxPacketSize = acceptLargeFragments ?
845 SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize;
846 return (maxPacketSize - SSLRecord.headerSize);
847 }
848 }
849
850 /**
851 * Sets the negotiated maximum fragment length, as specified by the
852 * max_fragment_length ClientHello extension in RFC 6066.
853 *
854 * @param negotiatedMaxFragLen
855 * the negotiated maximum fragment length, or {@code -1} if
856 * no such length has been negotiated.
857 */
858 synchronized void setNegotiatedMaxFragSize(
859 int negotiatedMaxFragLen) {
860
861 this.negotiatedMaxFragLen = negotiatedMaxFragLen;
862 }
863
864 /**
865 * Get the negotiated maximum fragment length, as specified by the
866 * max_fragment_length ClientHello extension in RFC 6066.
867 *
868 * @return the negotiated maximum fragment length, or {@code -1} if
869 * no such length has been negotiated.
870 */
871 synchronized int getNegotiatedMaxFragSize() {
872 return negotiatedMaxFragLen;
873 }
874
875 synchronized void setMaximumPacketSize(int maximumPacketSize) {
876 this.maximumPacketSize = maximumPacketSize;
877 }
878
879 synchronized int getMaximumPacketSize() {
880 return maximumPacketSize;
881 }
882
883 /**
884 * Gets an array of supported signature algorithms that the local side is
885 * willing to verify.
886 */
887 @Override
888 public String[] getLocalSupportedSignatureAlgorithms() {
889 if (localSupportedSignAlgs != null) {
890 return localSupportedSignAlgs.clone();
891 }
892
893 return new String[0];
894 }
895
896 /**
897 * Gets an array of supported signature algorithms that the peer is
898 * able to verify.
899 */
900 @Override
901 public String[] getPeerSupportedSignatureAlgorithms() {
902 if (peerSupportedSignAlgs != null) {
|