< prev index next >

src/java.base/share/classes/sun/security/ssl/EphemeralKeyManager.java

Print this page




   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.ssl;
  27 
  28 import java.security.*;
  29 import java.util.concurrent.locks.ReentrantLock;
  30 
  31 /**
  32  * The "KeyManager" for ephemeral RSA keys. Ephemeral DH and ECDH keys
  33  * are handled by the DHCrypt and ECDHCrypt classes, respectively.
  34  *
  35  * @author  Andreas Sterbenz
  36  */
  37 final class EphemeralKeyManager {
  38 
  39     // indices for the keys array below
  40     private static final int INDEX_RSA512 = 0;
  41     private static final int INDEX_RSA1024 = 1;
  42 
  43     /*
  44      * Current cached RSA KeyPairs. Elements are never null.
  45      * Indexed via the constants above.
  46      */
  47     private final EphemeralKeyPair[] keys = new EphemeralKeyPair[] {
  48         new EphemeralKeyPair(null),
  49         new EphemeralKeyPair(null),
  50     };
  51 
  52     private final ReentrantLock cachedKeysLock = new ReentrantLock();
  53 
  54     EphemeralKeyManager() {
  55         // empty
  56     }
  57 
  58     /*
  59      * Get a temporary RSA KeyPair.
  60      */
  61     KeyPair getRSAKeyPair(boolean export, SecureRandom random) {
  62         int length, index;
  63         if (export) {
  64             length = 512;
  65             index = INDEX_RSA512;
  66         } else {
  67             length = 1024;
  68             index = INDEX_RSA1024;
  69         }
  70 
  71         KeyPair kp = keys[index].getKeyPair();
  72         if (kp != null) {
  73             return kp;
  74         }
  75 
  76         cachedKeysLock.lock();
  77         try {
  78             // double check
  79             kp = keys[index].getKeyPair();
  80             if (kp != null) {
  81                 return kp;
  82             }
  83 
  84             try {
  85                 KeyPairGenerator kgen = KeyPairGenerator.getInstance("RSA");
  86                 kgen.initialize(length, random);
  87                 keys[index] = new EphemeralKeyPair(kgen.genKeyPair());
  88                 kp = keys[index].getKeyPair();
  89             } catch (Exception e) {
  90                 // ignore
  91             }
  92         } finally {
  93             cachedKeysLock.unlock();
  94         }
  95 
  96         return kp;
  97     }
  98 
  99     /**
 100      * Inner class to handle storage of ephemeral KeyPairs.
 101      */
 102     private static class EphemeralKeyPair {
 103 
 104         // maximum number of times a KeyPair is used
 105         private static final int MAX_USE = 200;
 106 
 107         // maximum time interval in which the keypair is used (1 hour in ms)
 108         private static final long USE_INTERVAL = 3600*1000;
 109 
 110         private KeyPair keyPair;
 111         private int uses;
 112         private long expirationTime;
 113 
 114         private EphemeralKeyPair(KeyPair keyPair) {
 115             this.keyPair = keyPair;
 116             expirationTime = System.currentTimeMillis() + USE_INTERVAL;




   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.ssl;
  27 
  28 import java.security.*;

  29 
  30 /**
  31  * The "KeyManager" for ephemeral RSA keys. Ephemeral DH and ECDH keys
  32  * are handled by the DHCrypt and ECDHCrypt classes, respectively.
  33  *
  34  * @author  Andreas Sterbenz
  35  */
  36 final class EphemeralKeyManager {
  37 
  38     // indices for the keys array below
  39     private static final int INDEX_RSA512 = 0;
  40     private static final int INDEX_RSA1024 = 1;
  41 
  42     /*
  43      * Current cached RSA KeyPairs. Elements are never null.
  44      * Indexed via the constants above.
  45      */
  46     private final EphemeralKeyPair[] keys = new EphemeralKeyPair[] {
  47         new EphemeralKeyPair(null),
  48         new EphemeralKeyPair(null),
  49     };
  50 


  51     EphemeralKeyManager() {
  52         // empty
  53     }
  54 
  55     /*
  56      * Get a temporary RSA KeyPair.
  57      */
  58     KeyPair getRSAKeyPair(boolean export, SecureRandom random) {
  59         int length, index;
  60         if (export) {
  61             length = 512;
  62             index = INDEX_RSA512;
  63         } else {
  64             length = 1024;
  65             index = INDEX_RSA1024;
  66         }
  67 
  68         synchronized (keys) {
  69             KeyPair kp = keys[index].getKeyPair();
  70             if (kp == null) {
  71                 try {
  72                     KeyPairGenerator kgen = KeyPairGenerator.getInstance("RSA");
  73                     kgen.initialize(length, random);
  74                     keys[index] = new EphemeralKeyPair(kgen.genKeyPair());
  75                     kp = keys[index].getKeyPair();
  76                 } catch (Exception e) {
  77                     // ignore
  78                 }
  79             }
  80             return kp;










  81         }


  82     }
  83 
  84     /**
  85      * Inner class to handle storage of ephemeral KeyPairs.
  86      */
  87     private static class EphemeralKeyPair {
  88 
  89         // maximum number of times a KeyPair is used
  90         private static final int MAX_USE = 200;
  91 
  92         // maximum time interval in which the keypair is used (1 hour in ms)
  93         private static final long USE_INTERVAL = 3600*1000;
  94 
  95         private KeyPair keyPair;
  96         private int uses;
  97         private long expirationTime;
  98 
  99         private EphemeralKeyPair(KeyPair keyPair) {
 100             this.keyPair = keyPair;
 101             expirationTime = System.currentTimeMillis() + USE_INTERVAL;


< prev index next >