1 /*
   2  * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.ssl;
  27 
  28 import java.security.*;
  29 import java.util.concurrent.locks.ReentrantLock;
  30 
  31 /**
  32  * The "KeyManager" for ephemeral RSA keys. Ephemeral DH and ECDH keys
  33  * are handled by the DHCrypt and ECDHCrypt classes, respectively.
  34  *
  35  * @author  Andreas Sterbenz
  36  */
  37 final class EphemeralKeyManager {
  38 
  39     // indices for the keys array below
  40     private static final int INDEX_RSA512 = 0;
  41     private static final int INDEX_RSA1024 = 1;
  42 
  43     /*
  44      * Current cached RSA KeyPairs. Elements are never null.
  45      * Indexed via the constants above.
  46      */
  47     private final EphemeralKeyPair[] keys = new EphemeralKeyPair[] {
  48         new EphemeralKeyPair(null),
  49         new EphemeralKeyPair(null),
  50     };
  51 
  52     private final ReentrantLock cachedKeysLock = new ReentrantLock();
  53 
  54     EphemeralKeyManager() {
  55         // empty
  56     }
  57 
  58     /*
  59      * Get a temporary RSA KeyPair.
  60      */
  61     KeyPair getRSAKeyPair(boolean export, SecureRandom random) {
  62         int length, index;
  63         if (export) {
  64             length = 512;
  65             index = INDEX_RSA512;
  66         } else {
  67             length = 1024;
  68             index = INDEX_RSA1024;
  69         }
  70 
  71         KeyPair kp = keys[index].getKeyPair();
  72         if (kp != null) {
  73             return kp;
  74         }
  75 
  76         cachedKeysLock.lock();
  77         try {
  78             // double check
  79             kp = keys[index].getKeyPair();
  80             if (kp != null) {
  81                 return kp;
  82             }
  83 
  84             try {
  85                 KeyPairGenerator kgen = KeyPairGenerator.getInstance("RSA");
  86                 kgen.initialize(length, random);
  87                 keys[index] = new EphemeralKeyPair(kgen.genKeyPair());
  88                 kp = keys[index].getKeyPair();
  89             } catch (Exception e) {
  90                 // ignore
  91             }
  92         } finally {
  93             cachedKeysLock.unlock();
  94         }
  95 
  96         return kp;
  97     }
  98 
  99     /**
 100      * Inner class to handle storage of ephemeral KeyPairs.
 101      */
 102     private static class EphemeralKeyPair {
 103 
 104         // maximum number of times a KeyPair is used
 105         private static final int MAX_USE = 200;
 106 
 107         // maximum time interval in which the keypair is used (1 hour in ms)
 108         private static final long USE_INTERVAL = 3600*1000;
 109 
 110         private KeyPair keyPair;
 111         private int uses;
 112         private long expirationTime;
 113 
 114         private EphemeralKeyPair(KeyPair keyPair) {
 115             this.keyPair = keyPair;
 116             expirationTime = System.currentTimeMillis() + USE_INTERVAL;
 117         }
 118 
 119         /*
 120          * Check if the KeyPair can still be used.
 121          */
 122         private boolean isValid() {
 123             return (keyPair != null) && (uses < MAX_USE)
 124                    && (System.currentTimeMillis() < expirationTime);
 125         }
 126 
 127         /*
 128          * Return the KeyPair or null if it is invalid.
 129          */
 130         private KeyPair getKeyPair() {
 131             if (isValid() == false) {
 132                 keyPair = null;
 133                 return null;
 134             }
 135             uses++;
 136             return keyPair;
 137         }
 138     }
 139 }
--- EOF ---