3909N/A * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * Implements the SSL session interface, and exposes the session context 0N/A * which is maintained by SSL servers. 0N/A * <P> Servers have the ability to manage the sessions associated with 0N/A * their authentication context(s). They can do this by enumerating the 0N/A * IDs of the sessions which are cached, examining those sessions, and then 0N/A * perhaps invalidating a given session so that it can't be used again. 0N/A * If servers do not explicitly manage the cache, sessions will linger 0N/A * until memory is low enough that the runtime environment purges cache 0N/A * entries automatically to reclaim space. 0N/A * <P><em> The only reason this class is not package-private is that 0N/A * there's no other public way to get at the server session context which 0N/A * is associated with any given authentication context. </em> 0N/A * @author David Brownell 0N/A * we only really need a single null session 0N/A // compression methods 0N/A * The state of a single session, as described in section 7.1 0N/A * of the SSLv3 spec. 0N/A * Information not part of the SSLv3 protocol spec, but used 0N/A * to support session management policies. 0N/A // Principals for non-certificate based cipher suites 0N/A * We count session creations, eventually for statistical data but 0N/A * also since counters make shorter debugging IDs than the big ones 0N/A * we use in the protocol for uniqueness-over-time. 0N/A /* Class and subclass dynamic debugging support */ 0N/A * Create a new non-rejoinable session, using the default (null) 0N/A * cipher spec. This constructor returns a session which could 0N/A * be used either by a client or by a server, as a connection is 0N/A * first opened and before handshaking begins. 0N/A * Create a new session, using a given cipher spec. This will 0N/A * be rejoinable if session caching is enabled; the constructor 0N/A * is intended mostly for use by serves. 0N/A * Record a new session, using a given cipher spec and session ID. 0N/A * Returns the master secret ... treat with extreme caution! 0N/A * Set the peer principal. 0N/A * Set the local principal. 0N/A * Returns true iff this session may be resumed ... sessions are 0N/A * usually resumable. Security policies may suggest otherwise, 0N/A * for example sessions that haven't been used for a while (say, 0N/A * a working day) won't be resumable, and sessions might have a 0N/A * maximum lifetime in any case. 0N/A * Check if the authentication used when establishing this session 0N/A * is still valid. Returns true if no authentication was used 0N/A // if the private key is no longer valid, getAlgorithm() 0N/A // should throw an exception 0N/A // (e.g. Smartcard has been removed from the reader) 0N/A * Returns the ID for this session. The ID is fixed for the 0N/A * duration of the session; neither it, nor its value, changes. 0N/A * For server sessions, this returns the set of sessions which 0N/A * are currently valid in this process. For client sessions, 0N/A * this returns null. 0N/A * An interim security policy until we can do something 0N/A * more specific in 1.2. Only allow trusted code (code which 0N/A * can set system properties) to get an 0N/A * SSLSessionContext. This is to limit the ability of code to 0N/A * look up specific sessions or enumerate over them. Otherwise, 0N/A * code can only get session objects from successful SSL 0N/A * connections which implies that they must have had permission 0N/A * to make the network connection in the first place. 0N/A * Returns the cipher spec in use on this session 3002N/A * Resets the cipher spec in use on this session 0N/A * Returns the name of the cipher suite in use on this session 0N/A * Returns the standard name of the protocol in use on this session 0N/A * Returns the compression technique used in this session 0N/A * Returns the hashcode for this session 0N/A * Returns true if sessions have same ids, false otherwise. 0N/A * Return the cert chain presented by the peer in the 0N/A * java.security.cert format. 0N/A * Note: This method can be used only when using certificate-based 0N/A * cipher suites; using it with non-certificate-based cipher suites, 0N/A * such as Kerberos, will throw an SSLPeerUnverifiedException. 0N/A * @return array of peer X.509 certs, with the peer's own cert 0N/A * first in the chain, and with the "root" CA last. 0N/A // clone to preserve integrity of session ... caller can't 0N/A // change record of peer identity even by accident, much 0N/A // less do it intentionally. 0N/A +
" for Kerberos cipher suites");
0N/A // Certs are immutable objects, therefore we don't clone them. 0N/A // But do need to clone the array, so that nothing is inserted 0N/A * Return the cert chain presented to the peer in the 0N/A * java.security.cert format. 0N/A * Note: This method is useful only when using certificate-based 0N/A * @return array of peer X.509 certs, with the peer's own cert 0N/A * first in the chain, and with the "root" CA last. 0N/A // clone to preserve integrity of session ... caller can't 0N/A // change record of peer identity even by accident, much 0N/A // less do it intentionally. 0N/A * Return the cert chain presented by the peer in the 0N/A * javax.security.cert format. 0N/A * Note: This method can be used only when using certificate-based 0N/A * cipher suites; using it with non-certificate-based cipher suites, 0N/A * such as Kerberos, will throw an SSLPeerUnverifiedException. 0N/A * @return array of peer X.509 certs, with the peer's own cert 0N/A * first in the chain, and with the "root" CA last. 0N/A // clone to preserve integrity of session ... caller can't 0N/A // change record of peer identity even by accident, much 0N/A // less do it intentionally. 0N/A +
" for Kerberos cipher suites");
0N/A * Return the cert chain presented by the peer. 0N/A * Note: This method can be used only when using certificate-based 0N/A * cipher suites; using it with non-certificate-based cipher suites, 0N/A * such as Kerberos, will throw an SSLPeerUnverifiedException. 0N/A * @return array of peer X.509 certs, with the peer's own cert 0N/A * first in the chain, and with the "root" CA last. 0N/A * clone to preserve integrity of session ... caller can't 0N/A * change record of peer identity even by accident, much 0N/A * less do it intentionally. 0N/A +
" for Kerberos cipher suites");
0N/A * Returns the identity of the peer which was established as part of 0N/A * defining the session. 0N/A * @return the peer's principal. Returns an X500Principal of the 1870N/A * end-entity certificate for X509-based cipher suites, and 1870N/A * Principal for Kerberos cipher suites. 0N/A * @throws SSLPeerUnverifiedException if the peer's identity has not 1870N/A // Eliminate dependency on KerberosPrincipal 0N/A * Returns the principal that was sent to the peer during handshaking. 0N/A * @return the principal sent to the peer. Returns an X500Principal 0N/A * of the end-entity certificate for X509-based cipher suites, and 1870N/A * Principal for Kerberos cipher suites. If no principal was 0N/A * sent, then null is returned. 1870N/A // Eliminate dependency on KerberosPrincipal 0N/A * Returns the time this session was created. 0N/A * Returns the last time this session was used to initialize 0N/A * Returns the network address of the session's peer. This 0N/A * implementation does not insist that connections between 0N/A * different ports on the same host must necessarily belong 0N/A * to different sessions, though that is of course allowed. 0N/A * Need to provide the port info for caching sessions based on 0N/A * host and port. Accessed by SSLSessionContextImpl 0N/A * Invalidate a session. Active connections may still exist, but 0N/A * no connections will be able to rejoin this session. 0N/A // Can't invalidate the NULL session -- this would be 0N/A // attempted when we get a handshaking error on a brand 0N/A // new connection, with no "real" session yet. 0N/A * Table of application-specific session data indexed by an application 0N/A * key and the calling security context. This is important since 0N/A * sessions can be shared across different protection domains. 0N/A * Assigns a session value. Session change events are given if 0N/A * appropriate, to any original value as well as the new value. 0N/A * Returns the specified session value. 0N/A * Removes the specified session value, delivering a session changed 0N/A * event as appropriate. 0N/A * Lists the names of the session values. 0N/A * Use large packet sizes now or follow RFC 2246 packet sizes (2^14) 0N/A * In the TLS specification (section 6.2.1, RFC2246), it is not 0N/A * recommended that the plaintext has more than 2^14 bytes. 0N/A * However, some TLS implementations violate the specification. 0N/A * This is a workaround for interoperability with these stacks. 0N/A * Application could accept large fragments up to 2^15 bytes by 0N/A * setting the system property jsse.SSLEngine.acceptLargeFragments 0N/A * Expand the buffer size of both SSL/TLS network packet and 0N/A * Gets the current size of the largest SSL/TLS packet that is expected 0N/A * when using this session. 0N/A * Gets the current size of the largest application data that is 0N/A * expected when using this session. 3002N/A * Gets an array of supported signature algorithms that the local side is 3002N/A * Gets an array of supported signature algorithms that the peer is 0N/A /** Returns a string representation of this SSL session */ 0N/A * When SSL sessions are finalized, all values bound to 0N/A * This "struct" class serves as a Hash Key that combines an 0N/A * application-specific key and a security context.