< prev index next >

src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java

Print this page

        

*** 36,46 **** import java.util.Collections; import java.util.Enumeration; import java.util.List; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentLinkedQueue; - import java.util.concurrent.locks.ReentrantLock; import javax.crypto.SecretKey; import javax.net.ssl.ExtendedSSLSession; import javax.net.ssl.SNIServerName; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLPermission; --- 36,45 ----
*** 132,144 **** // Counter used to create unique nonces in NewSessionTicket private BigInteger ticketNonceCounter = BigInteger.ONE; // The endpoint identification algorithm used to check certificates // in this session. ! private final String identificationProtocol; ! ! private final ReentrantLock sessionLock = new ReentrantLock(); /* * Create a new non-rejoinable session, using the default (null) * cipher spec. This constructor returns a session which could * be used either by a client or by a server, as a connection is --- 131,141 ---- // Counter used to create unique nonces in NewSessionTicket private BigInteger ticketNonceCounter = BigInteger.ONE; // The endpoint identification algorithm used to check certificates // in this session. ! private final String identificationProtocol; /* * Create a new non-rejoinable session, using the default (null) * cipher spec. This constructor returns a session which could * be used either by a client or by a server, as a connection is
*** 290,315 **** SecretKey getResumptionMasterSecret() { return resumptionMasterSecret; } ! SecretKey getPreSharedKey() { ! sessionLock.lock(); ! try { ! return preSharedKey; ! } finally { ! sessionLock.unlock(); ! } } ! SecretKey consumePreSharedKey() { ! sessionLock.lock(); try { return preSharedKey; } finally { preSharedKey = null; - sessionLock.unlock(); } } int getTicketAgeAdd() { return ticketAgeAdd; --- 287,305 ---- SecretKey getResumptionMasterSecret() { return resumptionMasterSecret; } ! synchronized SecretKey getPreSharedKey() { ! return preSharedKey; } ! synchronized SecretKey consumePreSharedKey() { try { return preSharedKey; } finally { preSharedKey = null; } } int getTicketAgeAdd() { return ticketAgeAdd;
*** 321,337 **** /* PSK identities created from new_session_ticket messages should only * be used once. This method will return the identity and then clear it * so it cannot be used again. */ ! byte[] consumePskIdentity() { ! sessionLock.lock(); try { return pskIdentity; } finally { pskIdentity = null; - sessionLock.unlock(); } } void setPeerCertificates(X509Certificate[] peer) { if (peerCerts == null) { --- 311,325 ---- /* PSK identities created from new_session_ticket messages should only * be used once. This method will return the identity and then clear it * so it cannot be used again. */ ! synchronized byte[] consumePskIdentity() { try { return pskIdentity; } finally { pskIdentity = null; } } void setPeerCertificates(X509Certificate[] peer) { if (peerCerts == null) {
*** 403,419 **** return sessionId != null && sessionId.length() != 0 && !invalidated && isLocalAuthenticationValid(); } @Override ! public boolean isValid() { ! sessionLock.lock(); ! try { ! return isRejoinable(); ! } finally { ! sessionLock.unlock(); ! } } /** * Check if the authentication used when establishing this session * is still valid. Returns true if no authentication was used --- 391,402 ---- return sessionId != null && sessionId.length() != 0 && !invalidated && isLocalAuthenticationValid(); } @Override ! public synchronized boolean isValid() { ! return isRejoinable(); } /** * Check if the authentication used when establishing this session * is still valid. Returns true if no authentication was used
*** 792,830 **** /** * Invalidate a session. Active connections may still exist, but * no connections will be able to rejoin this session. */ @Override ! public void invalidate() { ! sessionLock.lock(); ! try { ! // ! // Can't invalidate the NULL session -- this would be ! // attempted when we get a handshaking error on a brand ! // new connection, with no "real" session yet. ! // ! if (this == nullSession) { ! return; ! } ! ! if (context != null) { ! context.remove(sessionId); ! context = null; ! } ! if (invalidated) { ! return; ! } ! invalidated = true; ! if (SSLLogger.isOn && SSLLogger.isOn("session")) { ! SSLLogger.finest("Invalidated session: " + this); ! } ! for (SSLSessionImpl child : childSessions) { ! child.invalidate(); ! } ! } finally { ! sessionLock.unlock(); } } /* * Table of application-specific session data indexed by an application --- 775,807 ---- /** * Invalidate a session. Active connections may still exist, but * no connections will be able to rejoin this session. */ @Override ! public synchronized void invalidate() { ! // ! // Can't invalidate the NULL session -- this would be ! // attempted when we get a handshaking error on a brand ! // new connection, with no "real" session yet. ! // ! if (this == nullSession) { ! return; ! } ! if (context != null) { ! context.remove(sessionId); ! context = null; ! } ! if (invalidated) { ! return; ! } ! invalidated = true; ! if (SSLLogger.isOn && SSLLogger.isOn("session")) { ! SSLLogger.finest("Invalidated session: " + this); ! } ! for (SSLSessionImpl child : childSessions) { ! child.invalidate(); } } /* * Table of application-specific session data indexed by an application
*** 933,1023 **** /** * Expand the buffer size of both SSL/TLS network packet and * application data. */ ! protected void expandBufferSizes() { ! sessionLock.lock(); ! try { ! acceptLargeFragments = true; ! } finally { ! sessionLock.unlock(); ! } } /** * Gets the current size of the largest SSL/TLS packet that is expected * when using this session. */ @Override ! public int getPacketBufferSize() { ! sessionLock.lock(); ! try { ! // Use the bigger packet size calculated from maximumPacketSize ! // and negotiatedMaxFragLen. ! int packetSize = 0; ! if (negotiatedMaxFragLen > 0) { ! packetSize = cipherSuite.calculatePacketSize( ! negotiatedMaxFragLen, protocolVersion, ! protocolVersion.isDTLS); ! } ! if (maximumPacketSize > 0) { ! return (maximumPacketSize > packetSize) ? ! maximumPacketSize : packetSize; ! } ! if (packetSize != 0) { ! return packetSize; ! } ! if (protocolVersion.isDTLS) { ! return DTLSRecord.maxRecordSize; ! } else { ! return acceptLargeFragments ? ! SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize; ! } ! } finally { ! sessionLock.unlock(); } } /** * Gets the current size of the largest application data that is * expected when using this session. */ @Override ! public int getApplicationBufferSize() { ! sessionLock.lock(); ! try { ! // Use the bigger fragment size calculated from maximumPacketSize ! // and negotiatedMaxFragLen. ! int fragmentSize = 0; ! if (maximumPacketSize > 0) { ! fragmentSize = cipherSuite.calculateFragSize( ! maximumPacketSize, protocolVersion, ! protocolVersion.isDTLS); ! } ! if (negotiatedMaxFragLen > 0) { ! return (negotiatedMaxFragLen > fragmentSize) ? ! negotiatedMaxFragLen : fragmentSize; ! } ! if (fragmentSize != 0) { ! return fragmentSize; ! } ! if (protocolVersion.isDTLS) { ! return Record.maxDataSize; ! } else { ! int maxPacketSize = acceptLargeFragments ? ! SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize; ! return (maxPacketSize - SSLRecord.headerSize); ! } ! } finally { ! sessionLock.unlock(); } } /** * Sets the negotiated maximum fragment length, as specified by the --- 910,985 ---- /** * Expand the buffer size of both SSL/TLS network packet and * application data. */ ! protected synchronized void expandBufferSizes() { ! acceptLargeFragments = true; } /** * Gets the current size of the largest SSL/TLS packet that is expected * when using this session. */ @Override ! public synchronized int getPacketBufferSize() { ! // Use the bigger packet size calculated from maximumPacketSize ! // and negotiatedMaxFragLen. ! int packetSize = 0; ! if (negotiatedMaxFragLen > 0) { ! packetSize = cipherSuite.calculatePacketSize( ! negotiatedMaxFragLen, protocolVersion, ! protocolVersion.isDTLS); ! } ! if (maximumPacketSize > 0) { ! return (maximumPacketSize > packetSize) ? ! maximumPacketSize : packetSize; ! } ! if (packetSize != 0) { ! return packetSize; ! } ! if (protocolVersion.isDTLS) { ! return DTLSRecord.maxRecordSize; ! } else { ! return acceptLargeFragments ? ! SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize; } } /** * Gets the current size of the largest application data that is * expected when using this session. */ @Override ! public synchronized int getApplicationBufferSize() { ! // Use the bigger fragment size calculated from maximumPacketSize ! // and negotiatedMaxFragLen. ! int fragmentSize = 0; ! if (maximumPacketSize > 0) { ! fragmentSize = cipherSuite.calculateFragSize( ! maximumPacketSize, protocolVersion, ! protocolVersion.isDTLS); ! } ! if (negotiatedMaxFragLen > 0) { ! return (negotiatedMaxFragLen > fragmentSize) ? ! negotiatedMaxFragLen : fragmentSize; ! } ! if (fragmentSize != 0) { ! return fragmentSize; ! } ! if (protocolVersion.isDTLS) { ! return Record.maxDataSize; ! } else { ! int maxPacketSize = acceptLargeFragments ? ! SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize; ! return (maxPacketSize - SSLRecord.headerSize); } } /** * Sets the negotiated maximum fragment length, as specified by the
*** 1025,1076 **** * * @param negotiatedMaxFragLen * the negotiated maximum fragment length, or {@code -1} if * no such length has been negotiated. */ ! void setNegotiatedMaxFragSize( int negotiatedMaxFragLen) { ! sessionLock.lock(); ! try { ! this.negotiatedMaxFragLen = negotiatedMaxFragLen; ! } finally { ! sessionLock.unlock(); ! } } /** * Get the negotiated maximum fragment length, as specified by the * max_fragment_length ClientHello extension in RFC 6066. * * @return the negotiated maximum fragment length, or {@code -1} if * no such length has been negotiated. */ ! int getNegotiatedMaxFragSize() { ! sessionLock.lock(); ! try { ! return negotiatedMaxFragLen; ! } finally { ! sessionLock.unlock(); ! } } ! void setMaximumPacketSize(int maximumPacketSize) { ! sessionLock.lock(); ! try { ! this.maximumPacketSize = maximumPacketSize; ! } finally { ! sessionLock.unlock(); ! } } ! int getMaximumPacketSize() { ! sessionLock.lock(); ! try { ! return maximumPacketSize; ! } finally { ! sessionLock.unlock(); ! } } /** * Gets an array of supported signature algorithm names that the local * side is willing to verify. --- 987,1019 ---- * * @param negotiatedMaxFragLen * the negotiated maximum fragment length, or {@code -1} if * no such length has been negotiated. */ ! synchronized void setNegotiatedMaxFragSize( int negotiatedMaxFragLen) { ! ! this.negotiatedMaxFragLen = negotiatedMaxFragLen; } /** * Get the negotiated maximum fragment length, as specified by the * max_fragment_length ClientHello extension in RFC 6066. * * @return the negotiated maximum fragment length, or {@code -1} if * no such length has been negotiated. */ ! synchronized int getNegotiatedMaxFragSize() { ! return negotiatedMaxFragLen; } ! synchronized void setMaximumPacketSize(int maximumPacketSize) { ! this.maximumPacketSize = maximumPacketSize; } ! synchronized int getMaximumPacketSize() { ! return maximumPacketSize; } /** * Gets an array of supported signature algorithm names that the local * side is willing to verify.
< prev index next >