@Override public void configureSessionContext(SSLSessionContext sslSessionContext) { int sessionCacheSize; if (endpoint.getSessionCacheSize() != null) { sessionCacheSize = Integer.parseInt( endpoint.getSessionCacheSize()); } else { sessionCacheSize = defaultSessionCacheSize; } int sessionTimeout; if (endpoint.getSessionTimeout() != null) { sessionTimeout = Integer.parseInt(endpoint.getSessionTimeout()); } else { sessionTimeout = defaultSessionTimeout; } sslSessionContext.setSessionCacheSize(sessionCacheSize); sslSessionContext.setSessionTimeout(sessionTimeout); }
/** * For server sessions, this returns the set of sessions which * are currently valid in this process. For client sessions, * this returns null. */ @Override public SSLSessionContext getSessionContext() { /* * An interim security policy until we can do something * more specific in 1.2. Only allow trusted code (code which * can set system properties) to get an * SSLSessionContext. This is to limit the ability of code to * look up specific sessions or enumerate over them. Otherwise, * code can only get session objects from successful SSL * connections which implies that they must have had permission * to make the network connection in the first place. */ SecurityManager sm; if ((sm = System.getSecurityManager()) != null) { sm.checkPermission(new SSLPermission("getSSLSessionContext")); } return context; }
/** * Invalidates all SSL/TLS sessions in {@code sessionContext} associated with {@code remoteAddress}. * * @param sessionContext collection of SSL/TLS sessions to be (potentially) invalidated * @param remoteAddress associated with sessions to invalidate */ private void clearSessionCache(final SSLSessionContext sessionContext, final InetSocketAddress remoteAddress) { final String hostName = remoteAddress.getHostName(); final int port = remoteAddress.getPort(); final Enumeration<byte[]> ids = sessionContext.getIds(); if (ids == null) { return; } while (ids.hasMoreElements()) { final byte[] id = ids.nextElement(); final SSLSession session = sessionContext.getSession(id); if (session != null && session.getPeerHost() != null && session.getPeerHost().equalsIgnoreCase(hostName) && session.getPeerPort() == port) { session.invalidate(); if (LOG.isDebugEnabled()) { LOG.debug("Invalidated session " + session); } } } }
@Override public void configureSessionContext(SSLSessionContext sslSessionContext) { int sessionCacheSize; if (endpoint.getSessionCacheSize() != null) { sessionCacheSize = Integer.parseInt(endpoint.getSessionCacheSize()); } else { sessionCacheSize = defaultSessionCacheSize; } int sessionTimeout; if (endpoint.getSessionTimeout() != null) { sessionTimeout = Integer.parseInt(endpoint.getSessionTimeout()); } else { sessionTimeout = defaultSessionTimeout; } sslSessionContext.setSessionCacheSize(sessionCacheSize); sslSessionContext.setSessionTimeout(sessionTimeout); }
@Test public void test_SSLContext_getServerSessionContext() throws Exception { for (String protocol : StandardNames.SSL_CONTEXT_PROTOCOLS) { SSLContext sslContext = SSLContext.getInstance(protocol); SSLSessionContext sessionContext = sslContext.getServerSessionContext(); assertNotNull(sessionContext); if (protocol.equals(StandardNames.SSL_CONTEXT_PROTOCOLS_DEFAULT)) { assertSame( SSLContext.getInstance(protocol).getServerSessionContext(), sessionContext); } else { assertNotSame( SSLContext.getInstance(protocol).getServerSessionContext(), sessionContext); } } }
@Test public void test_SSLContext_getClientSessionContext() throws Exception { for (String protocol : StandardNames.SSL_CONTEXT_PROTOCOLS) { SSLContext sslContext = SSLContext.getInstance(protocol); SSLSessionContext sessionContext = sslContext.getClientSessionContext(); assertNotNull(sessionContext); if (protocol.equals(StandardNames.SSL_CONTEXT_PROTOCOLS_DEFAULT)) { assertSame( SSLContext.getInstance(protocol).getClientSessionContext(), sessionContext); } else { assertNotSame( SSLContext.getInstance(protocol).getClientSessionContext(), sessionContext); } } }
/** * @throws NoSuchAlgorithmException * @throws KeyManagementException * @tests javax.net.ssl.SSLSessionContex#getSession(byte[] sessionId) */ @TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "getSession", args = {byte[].class} ) public final void test_getSession() throws NoSuchAlgorithmException, KeyManagementException { SSLContext context = SSLContext.getInstance("TLS"); context.init(null, null, null); SSLSessionContext sc = context .getClientSessionContext(); try { sc.getSession(null); } catch (NullPointerException e) { // expected } assertNull(sc.getSession(new byte[5])); }
/** * For server sessions, this returns the set of sessions which * are currently valid in this process. For client sessions, * this returns null. */ public SSLSessionContext getSessionContext() { /* * An interim security policy until we can do something * more specific in 1.2. Only allow trusted code (code which * can set system properties) to get an * SSLSessionContext. This is to limit the ability of code to * look up specific sessions or enumerate over them. Otherwise, * code can only get session objects from successful SSL * connections which implies that they must have had permission * to make the network connection in the first place. */ SecurityManager sm; if ((sm = System.getSecurityManager()) != null) { sm.checkPermission(new SSLPermission("getSSLSessionContext")); } return context; }
private SSLSessionImpl findSessionToResume() { String host; int port; if (engineOwner != null) { host = engineOwner.getPeerHost(); port = engineOwner.getPeerPort(); } else { host = socketOwner.getInetAddress().getHostName(); port = socketOwner.getPort(); } if (host == null || port == -1) { return null; // starts new session } byte[] id; SSLSession ses; SSLSessionContext context = parameters.getClientSessionContext(); for (Enumeration<?> en = context.getIds(); en.hasMoreElements();) { id = (byte[])en.nextElement(); ses = context.getSession(id); if (host.equals(ses.getPeerHost()) && port == ses.getPeerPort()) { return (SSLSessionImpl)((SSLSessionImpl)ses).clone(); // resume } } return null; // starts new session }
private SSLSessionImpl findSessionToResume() { String host; int port; if (engineOwner != null) { host = engineOwner.getPeerHost(); port = engineOwner.getPeerPort(); } else { host = socketOwner.getInetAddress().getHostName(); port = socketOwner.getPort(); } if (host == null || port == -1) { return null; // starts new session } byte[] id; SSLSession ses; SSLSessionContext context = parameters.getClientSessionContext(); for (Enumeration en = context.getIds(); en.hasMoreElements();) { id = (byte[])en.nextElement(); ses = context.getSession(id); if (host.equals(ses.getPeerHost()) && port == ses.getPeerPort()) { return (SSLSessionImpl)((SSLSessionImpl)ses).clone(); // resume } } return null; // starts new session }
public static void main(String[] args) throws Exception { // try { SSLServerSocketFactory ssf = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket(); String[] protocols = ss.getSupportedProtocols(); for (int i = 0; i < protocols.length; i++) { // try { if (protocols[i].equals("SSLv2Hello")) { continue; } SSLContext sslc = SSLContext.getInstance(protocols[i]); SSLSessionContext sslsc = sslc.getServerSessionContext(); System.out.println("Protocol: " + protocols[i]); sslsc.setSessionTimeout(Integer.MAX_VALUE); int newtime = sslsc.getSessionTimeout(); if (newtime != Integer.MAX_VALUE) { throw new Exception ("Expected timeout: " + Integer.MAX_VALUE + ", got instead: " + newtime); } // } catch (Exception e) { // } } // } catch (Exception e) { // System.out.println(e); // } System.out.println("Finished"); }
/** * Reads the keystore and initializes the SSL socket factory. */ void init() throws IOException { try { String clientAuthStr = endpoint.getClientAuth(); if ("true".equalsIgnoreCase(clientAuthStr) || "yes".equalsIgnoreCase(clientAuthStr)) { requireClientAuth = true; } else if ("want".equalsIgnoreCase(clientAuthStr)) { wantClientAuth = true; } SSLContext context = createSSLContext(); context.init(getKeyManagers(), getTrustManagers(), null); // Configure SSL session cache SSLSessionContext sessionContext = context.getServerSessionContext(); if (sessionContext != null) { configureSessionContext(sessionContext); } // create proxy sslProxy = context.getServerSocketFactory(); // Determine which cipher suites to enable enabledCiphers = getEnableableCiphers(context); enabledProtocols = getEnableableProtocols(context); allowUnsafeLegacyRenegotiation = "true".equals(endpoint.getAllowUnsafeLegacyRenegotiation()); // Check the SSL config is OK checkConfig(); } catch (Exception e) { if (e instanceof IOException) throw (IOException) e; throw new IOException(e.getMessage(), e); } }
/** * Sets the client-side persistent cache to be used by the context. */ public static void setClientSessionCache(SSLContext context, SSLClientSessionCache cache) { SSLSessionContext clientContext = context.getClientSessionContext(); if (!(clientContext instanceof ClientSessionContext)) { throw new IllegalArgumentException( "Not a conscrypt client context: " + clientContext.getClass().getName()); } ((ClientSessionContext) clientContext).setPersistentCache(cache); }
/** * Sets the server-side persistent cache to be used by the context. */ public static void setServerSessionCache(SSLContext context, SSLServerSessionCache cache) { SSLSessionContext serverContext = context.getServerSessionContext(); if (!(serverContext instanceof ServerSessionContext)) { throw new IllegalArgumentException( "Not a conscrypt client context: " + serverContext.getClass().getName()); } ((ServerSessionContext) serverContext).setPersistentCache(cache); }
private static void assertNoConnectSetSessionCacheSizeBehavior( int expectedDefault, SSLSessionContext s) { try { s.setSessionCacheSize(-1); fail(); } catch (IllegalArgumentException expected) { // Ignored. } assertEquals(expectedDefault, s.getSessionCacheSize()); s.setSessionCacheSize(1); assertEquals(1, s.getSessionCacheSize()); }
@Test public void test_SSLSessionContext_setSessionCacheSize_oneConnect() { TestSSLSocketPair s = TestSSLSocketPair.create().connect(); int expectedClientSessionCacheSize = expectedClientSslSessionCacheSize(s.c); int expectedServerSessionCacheSize = expectedServerSslSessionCacheSize(s.c); SSLSessionContext client = s.c.clientContext.getClientSessionContext(); SSLSessionContext server = s.c.serverContext.getServerSessionContext(); assertEquals(expectedClientSessionCacheSize, client.getSessionCacheSize()); assertEquals(expectedServerSessionCacheSize, server.getSessionCacheSize()); assertSSLSessionContextSize(1, s.c); s.close(); }
private static void assertSSLSessionContextSize( int expected, SSLSessionContext s, boolean server) { if (server && TestSSLContext.sslServerSocketSupportsSessionTickets()) { assertEquals(0, numSessions(s)); } else { assertEquals(expected, numSessions(s)); } }
@Test public void testSessionTimeout() throws Exception { final int port1 = SSLTestUtils.PORT; final int port2 = SSLTestUtils.SECONDARY_PORT; try ( ServerSocket serverSocket1 = SSLTestUtils.createServerSocket(port1); ServerSocket serverSocket2 = SSLTestUtils.createServerSocket(port2) ) { final Thread acceptThread1 = startServer(serverSocket1); final Thread acceptThread2 = startServer(serverSocket2); SSLContext clientContext = SSLTestUtils.createClientSSLContext("openssl.TLSv1"); final SSLSessionContext clientSession = clientContext.getClientSessionContext(); byte[] host1SessionId = connectAndWrite(clientContext, port1); byte[] host2SessionId = connectAndWrite(clientContext, port2); // No timeout was set, id's should be identical Assert.assertArrayEquals(host1SessionId, connectAndWrite(clientContext, port1)); Assert.assertArrayEquals(host2SessionId, connectAndWrite(clientContext, port2)); // Set the session timeout to 1 second and sleep for 2 to ensure the timeout works clientSession.setSessionTimeout(1); TimeUnit.SECONDS.sleep(2L); Assert.assertFalse(Arrays.equals(host1SessionId, connectAndWrite(clientContext, port1))); Assert.assertFalse(Arrays.equals(host1SessionId, connectAndWrite(clientContext, port2))); serverSocket1.close(); serverSocket2.close(); acceptThread1.join(); acceptThread2.join(); } }