org.openeuler.sun.security.ssl

类 SSLSessionImpl

java.lang.Object

javax.net.ssl.ExtendedSSLSession

org.openeuler.sun.security.ssl.SSLSessionImpl

所有已实现的接口:

SSLSession

final class SSLSessionImpl
extends ExtendedSSLSession

Implements the SSL session interface, and exposes the session context which is maintained by SSL servers.

Servers have the ability to manage the sessions associated with their authentication context(s). They can do this by enumerating the IDs of the sessions which are cached, examining those sessions, and then perhaps invalidating a given session so that it can't be used again. If servers do not explicitly manage the cache, sessions will linger until memory is low enough that the runtime environment purges cache entries automatically to reclaim space.

The only reason this class is not package-private is that there's no other public way to get at the server session context which is associated with any given authentication context.

作者:

David Brownell

字段概要

字段

限定符和类型	字段和说明
private boolean	acceptLargeFragments Use large packet sizes now or follow RFC 2246 packet sizes (2^14) until changed.
private ConcurrentHashMap<SecureKey,Object>	boundValues
private Queue<SSLSessionImpl>	childSessions
private CipherSuite	cipherSuite
private SSLSessionContextImpl	context
private long	creationTime
private static boolean	defaultRejoinable
private String	host
private String	identificationProtocol
private boolean	invalidated
private boolean	isSessionResumption
private long	lastUsedTime
private X509Certificate[]	localCerts
private Principal	localPrincipal
private PrivateKey	localPrivateKey
private Collection<SignatureScheme>	localSupportedSignAlgs
private SecretKey	masterSecret
private int	maximumPacketSize
private int	negotiatedMaxFragLen
private X509Certificate[]	peerCerts
private Principal	peerPrincipal
private String[]	peerSupportedSignAlgs
private int	port
private SecretKey	preSharedKey
private ProtocolVersion	protocolVersion
private byte[]	pskIdentity
private List<SNIServerName>	requestedServerNames
private SecretKey	resumptionMasterSecret
(专用程序包) SNIServerName	serverNameIndication
private SessionId	sessionId
private List<byte[]>	statusResponses
private int	ticketAgeAdd
private long	ticketCreationTime
private BigInteger	ticketNonceCounter
private boolean	useDefaultPeerSignAlgs
(专用程序包) boolean	useExtendedMasterSecret

构造器概要

构造器

构造器和说明
SSLSessionImpl()
SSLSessionImpl(HandshakeContext hc, CipherSuite cipherSuite)
SSLSessionImpl(HandshakeContext hc, CipherSuite cipherSuite, SessionId id)
SSLSessionImpl(HandshakeContext hc, CipherSuite cipherSuite, SessionId id, long creationTime)
SSLSessionImpl(SSLSessionImpl baseSession, SessionId newId)

方法概要

限定符和类型	方法和说明
(专用程序包) void	addChild(SSLSessionImpl session)
(专用程序包) SecretKey	consumePreSharedKey()
(专用程序包) byte[]	consumePskIdentity()
boolean	equals(Object obj) Returns true if sessions have same ids, false otherwise.
protected void	expandBufferSizes() Expand the buffer size of both SSL/TLS network packet and application data.
(专用程序包) SSLSessionImpl	finish()
int	getApplicationBufferSize() Gets the current size of the largest application data that is expected when using this session.
X509Certificate[]	getCertificateChain() Return the cert chain presented by the peer.
String	getCipherSuite() Returns the name of the cipher suite in use on this session
long	getCreationTime() Returns the time this session was created.
byte[]	getId() Returns the ID for this session.
(专用程序包) String	getIdentificationProtocol()
long	getLastAccessedTime() Returns the last time this session was used to initialize a connection.
Certificate[]	getLocalCertificates() Return the cert chain presented to the peer in the java.security.cert format.
Principal	getLocalPrincipal() Returns the principal that was sent to the peer during handshaking.
String[]	getLocalSupportedSignatureAlgorithms() Gets an array of supported signature algorithm names that the local side is willing to verify.
Collection<SignatureScheme>	getLocalSupportedSignatureSchemes() Gets an array of supported signature schemes that the local side is willing to verify.
(专用程序包) SecretKey	getMasterSecret() Returns the master secret ... treat with extreme caution!
(专用程序包) int	getMaximumPacketSize()
(专用程序包) int	getNegotiatedMaxFragSize() Get the negotiated maximum fragment length, as specified by the max_fragment_length ClientHello extension in RFC 6066.
int	getPacketBufferSize() Gets the current size of the largest SSL/TLS packet that is expected when using this session.
InetAddress	getPeerAddress() Returns the network address of the session's peer.
X509Certificate[]	getPeerCertificateChain() 已过时。 This method returns the deprecated javax.security.cert.X509Certificate type. Use getPeerCertificates() instead.
Certificate[]	getPeerCertificates() Return the cert chain presented by the peer in the java.security.cert format.
String	getPeerHost()
int	getPeerPort() Need to provide the port info for caching sessions based on host and port.
Principal	getPeerPrincipal() Returns the identity of the peer which was established as part of defining the session.
String[]	getPeerSupportedSignatureAlgorithms() Gets an array of supported signature algorithms that the peer is able to verify.
(专用程序包) SecretKey	getPreSharedKey()
String	getProtocol() Returns the standard name of the protocol in use on this session
(专用程序包) ProtocolVersion	getProtocolVersion()
List<SNIServerName>	getRequestedServerNames() Obtains a List containing all SNIServerNames of the requested Server Name Indication (SNI) extension.
(专用程序包) SecretKey	getResumptionMasterSecret()
SSLSessionContext	getSessionContext() For server sessions, this returns the set of sessions which are currently valid in this process.
(专用程序包) SessionId	getSessionId()
List<byte[]>	getStatusResponses() Return a List of status responses presented by the peer.
(专用程序包) CipherSuite	getSuite() Returns the cipher spec in use on this session
(专用程序包) int	getTicketAgeAdd()
long	getTicketCreationTime()
Object	getValue(String key) Returns the specified session value.
String[]	getValueNames() Lists the names of the session values.
int	hashCode() Returns the hashcode for this session
(专用程序包) BigInteger	incrTicketNonceCounter()
void	invalidate() Invalidate a session.
private boolean	isLocalAuthenticationValid() Check if the authentication used when establishing this session is still valid.
(专用程序包) boolean	isRejoinable() Returns true iff this session may be resumed ... sessions are usually resumable.
(专用程序包) boolean	isSessionResumption() Return true if the session is currently re-established with a session-resumption abbreviated initial handshake.
boolean	isValid()
void	putValue(String key, Object value) Assigns a session value.
void	removeValue(String key) Removes the specified session value, delivering a session changed event as appropriate.
(专用程序包) void	setAsSessionResumption(boolean flag) Resets whether the session is re-established with a session-resumption abbreviated initial handshake.
(专用程序包) void	setContext(SSLSessionContextImpl ctx)
(专用程序包) void	setLastAccessedTime(long time)
(专用程序包) void	setLocalCertificates(X509Certificate[] local)
(专用程序包) void	setLocalPrincipal(Principal local)
(专用程序包) void	setLocalPrivateKey(PrivateKey privateKey)
(专用程序包) void	setMasterSecret(SecretKey secret)
(专用程序包) void	setMaximumPacketSize(int maximumPacketSize)
(专用程序包) void	setNegotiatedMaxFragSize(int negotiatedMaxFragLen) Sets the negotiated maximum fragment length, as specified by the max_fragment_length ClientHello extension in RFC 6066.
(专用程序包) void	setPeerCertificates(X509Certificate[] peer)
(专用程序包) void	setPeerPrincipal(Principal peer)
(专用程序包) void	setPeerSupportedSignatureAlgorithms(Collection<SignatureScheme> signatureSchemes)
(专用程序包) void	setPreSharedKey(SecretKey key)
(专用程序包) void	setPskIdentity(byte[] pskIdentity)
(专用程序包) void	setResumptionMasterSecret(SecretKey secret)
(专用程序包) void	setStatusResponses(List<byte[]> responses) Provide status response data obtained during the SSL handshake.
(专用程序包) void	setSuite(CipherSuite suite) Resets the cipher spec in use on this session
(专用程序包) void	setTicketAgeAdd(int ticketAgeAdd)
(专用程序包) void	setUseDefaultPeerSignAlgs()
String	toString() Returns a string representation of this SSL session

从类继承的方法 java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

字段详细资料

protocolVersion

private final ProtocolVersion protocolVersion

sessionId

private final SessionId sessionId

peerCerts

private X509Certificate[] peerCerts

peerPrincipal

private Principal peerPrincipal

cipherSuite

private CipherSuite cipherSuite

masterSecret

private SecretKey masterSecret

useExtendedMasterSecret

final boolean useExtendedMasterSecret

creationTime

private final long creationTime

lastUsedTime

private long lastUsedTime

host

private final String host

port

private final int port

context

private SSLSessionContextImpl context

invalidated

private boolean invalidated

localCerts

private X509Certificate[] localCerts

localPrincipal

private Principal localPrincipal

localPrivateKey

private PrivateKey localPrivateKey

localSupportedSignAlgs

private final Collection<SignatureScheme> localSupportedSignAlgs

peerSupportedSignAlgs

private String[] peerSupportedSignAlgs

useDefaultPeerSignAlgs

private boolean useDefaultPeerSignAlgs

statusResponses

private List<byte[]> statusResponses

resumptionMasterSecret

private SecretKey resumptionMasterSecret

preSharedKey

private SecretKey preSharedKey

pskIdentity

private byte[] pskIdentity

ticketCreationTime

private final long ticketCreationTime

ticketAgeAdd

private int ticketAgeAdd

negotiatedMaxFragLen

private int negotiatedMaxFragLen

maximumPacketSize

private int maximumPacketSize

childSessions

private final Queue<SSLSessionImpl> childSessions

isSessionResumption

private boolean isSessionResumption

defaultRejoinable

private static boolean defaultRejoinable

serverNameIndication

final SNIServerName serverNameIndication

requestedServerNames

private final List<SNIServerName> requestedServerNames

ticketNonceCounter

private BigInteger ticketNonceCounter

identificationProtocol

private final String identificationProtocol

boundValues

private final ConcurrentHashMap<SecureKey,Object> boundValues

acceptLargeFragments

private boolean acceptLargeFragments

Use large packet sizes now or follow RFC 2246 packet sizes (2^14) until changed. In the TLS specification (section 6.2.1, RFC2246), it is not recommended that the plaintext has more than 2^14 bytes. However, some TLS implementations violate the specification. This is a workaround for interoperability with these stacks. Application could accept large fragments up to 2^15 bytes by setting the system property jsse.SSLEngine.acceptLargeFragments to "true".

构造器详细资料

SSLSessionImpl

SSLSessionImpl()

SSLSessionImpl

SSLSessionImpl(HandshakeContext hc,
               CipherSuite cipherSuite)

SSLSessionImpl

SSLSessionImpl(HandshakeContext hc,
               CipherSuite cipherSuite,
               SessionId id)

SSLSessionImpl

SSLSessionImpl(HandshakeContext hc,
               CipherSuite cipherSuite,
               SessionId id,
               long creationTime)

SSLSessionImpl

SSLSessionImpl(SSLSessionImpl baseSession,
               SessionId newId)

方法详细资料

setMasterSecret

void setMasterSecret(SecretKey secret)

setResumptionMasterSecret

void setResumptionMasterSecret(SecretKey secret)

setPreSharedKey

void setPreSharedKey(SecretKey key)

addChild

void addChild(SSLSessionImpl session)

setTicketAgeAdd

void setTicketAgeAdd(int ticketAgeAdd)

setPskIdentity

void setPskIdentity(byte[] pskIdentity)

incrTicketNonceCounter

BigInteger incrTicketNonceCounter()

getMasterSecret

SecretKey getMasterSecret()

Returns the master secret ... treat with extreme caution!

getResumptionMasterSecret

SecretKey getResumptionMasterSecret()

getPreSharedKey

SecretKey getPreSharedKey()

consumePreSharedKey

SecretKey consumePreSharedKey()

getTicketAgeAdd

int getTicketAgeAdd()

getIdentificationProtocol

String getIdentificationProtocol()

consumePskIdentity

byte[] consumePskIdentity()

setPeerCertificates

void setPeerCertificates(X509Certificate[] peer)

setPeerPrincipal

void setPeerPrincipal(Principal peer)

setLocalCertificates

void setLocalCertificates(X509Certificate[] local)

setLocalPrincipal

void setLocalPrincipal(Principal local)

setLocalPrivateKey

void setLocalPrivateKey(PrivateKey privateKey)

setPeerSupportedSignatureAlgorithms

void setPeerSupportedSignatureAlgorithms(Collection<SignatureScheme> signatureSchemes)

setUseDefaultPeerSignAlgs

void setUseDefaultPeerSignAlgs()

finish

SSLSessionImpl finish()

setStatusResponses

void setStatusResponses(List<byte[]> responses)

Provide status response data obtained during the SSL handshake.

参数:

responses - a List of responses in binary form.

isRejoinable

boolean isRejoinable()

Returns true iff this session may be resumed ... sessions are usually resumable. Security policies may suggest otherwise, for example sessions that haven't been used for a while (say, a working day) won't be resumable, and sessions might have a maximum lifetime in any case.

isValid

public boolean isValid()

isLocalAuthenticationValid

private boolean isLocalAuthenticationValid()

Check if the authentication used when establishing this session is still valid. Returns true if no authentication was used

getId

public byte[] getId()

Returns the ID for this session. The ID is fixed for the duration of the session; neither it, nor its value, changes.

getSessionContext

public SSLSessionContext getSessionContext()

For server sessions, this returns the set of sessions which are currently valid in this process. For client sessions, this returns null.

getSessionId

SessionId getSessionId()

getSuite

CipherSuite getSuite()

Returns the cipher spec in use on this session

setSuite

void setSuite(CipherSuite suite)

Resets the cipher spec in use on this session

isSessionResumption

boolean isSessionResumption()

Return true if the session is currently re-established with a session-resumption abbreviated initial handshake.

setAsSessionResumption

void setAsSessionResumption(boolean flag)

Resets whether the session is re-established with a session-resumption abbreviated initial handshake.

getCipherSuite

public String getCipherSuite()

Returns the name of the cipher suite in use on this session

getProtocolVersion

ProtocolVersion getProtocolVersion()

getProtocol

public String getProtocol()

Returns the standard name of the protocol in use on this session

hashCode

public int hashCode()

Returns the hashcode for this session

覆盖:

hashCode 在类中 Object

equals

public boolean equals(Object obj)

Returns true if sessions have same ids, false otherwise.

覆盖:

equals 在类中 Object

getPeerCertificates

public Certificate[] getPeerCertificates()
                                  throws SSLPeerUnverifiedException

Return the cert chain presented by the peer in the java.security.cert format. Note: This method can be used only when using certificate-based cipher suites; using it with non-certificate-based cipher suites, such as Kerberos, will throw an SSLPeerUnverifiedException.

返回:

array of peer X.509 certs, with the peer's own cert first in the chain, and with the "root" CA last.

抛出:

SSLPeerUnverifiedException

getLocalCertificates

public Certificate[] getLocalCertificates()

Return the cert chain presented to the peer in the java.security.cert format. Note: This method is useful only when using certificate-based cipher suites.

返回:

array of peer X.509 certs, with the peer's own cert first in the chain, and with the "root" CA last.

getPeerCertificateChain

@Deprecated
public X509Certificate[] getPeerCertificateChain()
                                                       throws SSLPeerUnverifiedException

已过时。 This method returns the deprecated javax.security.cert.X509Certificate type. Use getPeerCertificates() instead.

Return the cert chain presented by the peer in the javax.security.cert format. Note: This method can be used only when using certificate-based cipher suites; using it with non-certificate-based cipher suites, such as Kerberos, will throw an SSLPeerUnverifiedException.

返回:

array of peer X.509 certs, with the peer's own cert first in the chain, and with the "root" CA last.

抛出:

SSLPeerUnverifiedException

getCertificateChain

public X509Certificate[] getCertificateChain()
                                      throws SSLPeerUnverifiedException

Return the cert chain presented by the peer. Note: This method can be used only when using certificate-based cipher suites; using it with non-certificate-based cipher suites, such as Kerberos, will throw an SSLPeerUnverifiedException.

返回:

array of peer X.509 certs, with the peer's own cert first in the chain, and with the "root" CA last.

抛出:

SSLPeerUnverifiedException

getStatusResponses

public List<byte[]> getStatusResponses()

Return a List of status responses presented by the peer. Note: This method can be used only when using certificate-based server authentication; otherwise an empty List will be returned.

返回:

an unmodifiable List of byte arrays, each consisting of a DER-encoded OCSP response (see RFC 6960). If no responses have been presented by the server or non-certificate based server authentication is used then an empty List is returned.

getPeerPrincipal

public Principal getPeerPrincipal()
                           throws SSLPeerUnverifiedException

Returns the identity of the peer which was established as part of defining the session.

返回:

the peer's principal. Returns an X500Principal of the end-entity certificate for X509-based cipher suites, and Principal for Kerberos cipher suites.

抛出:

SSLPeerUnverifiedException - if the peer's identity has not been verified

getLocalPrincipal

public Principal getLocalPrincipal()

Returns the principal that was sent to the peer during handshaking.

返回:

the principal sent to the peer. Returns an X500Principal of the end-entity certificate for X509-based cipher suites, and Principal for Kerberos cipher suites. If no principal was sent, then null is returned.

getTicketCreationTime

public long getTicketCreationTime()

getCreationTime

public long getCreationTime()

Returns the time this session was created.

getLastAccessedTime

public long getLastAccessedTime()

Returns the last time this session was used to initialize a connection.

setLastAccessedTime

void setLastAccessedTime(long time)

getPeerAddress

public InetAddress getPeerAddress()

Returns the network address of the session's peer. This implementation does not insist that connections between different ports on the same host must necessarily belong to different sessions, though that is of course allowed.

getPeerHost

public String getPeerHost()

getPeerPort

public int getPeerPort()

Need to provide the port info for caching sessions based on host and port. Accessed by SSLSessionContextImpl

setContext

void setContext(SSLSessionContextImpl ctx)

invalidate

public void invalidate()

Invalidate a session. Active connections may still exist, but no connections will be able to rejoin this session.

putValue

public void putValue(String key,
                     Object value)

Assigns a session value. Session change events are given if appropriate, to any original value as well as the new value.

getValue

public Object getValue(String key)

Returns the specified session value.

removeValue

public void removeValue(String key)

Removes the specified session value, delivering a session changed event as appropriate.

getValueNames

public String[] getValueNames()

Lists the names of the session values.

expandBufferSizes

protected void expandBufferSizes()

Expand the buffer size of both SSL/TLS network packet and application data.

getPacketBufferSize

public int getPacketBufferSize()

Gets the current size of the largest SSL/TLS packet that is expected when using this session.

getApplicationBufferSize

public int getApplicationBufferSize()

Gets the current size of the largest application data that is expected when using this session.

setNegotiatedMaxFragSize

void setNegotiatedMaxFragSize(int negotiatedMaxFragLen)

Sets the negotiated maximum fragment length, as specified by the max_fragment_length ClientHello extension in RFC 6066.

参数:

negotiatedMaxFragLen - the negotiated maximum fragment length, or -1 if no such length has been negotiated.

getNegotiatedMaxFragSize

int getNegotiatedMaxFragSize()

Get the negotiated maximum fragment length, as specified by the max_fragment_length ClientHello extension in RFC 6066.

返回:

the negotiated maximum fragment length, or -1 if no such length has been negotiated.

setMaximumPacketSize

void setMaximumPacketSize(int maximumPacketSize)

getMaximumPacketSize

int getMaximumPacketSize()

getLocalSupportedSignatureAlgorithms

public String[] getLocalSupportedSignatureAlgorithms()

Gets an array of supported signature algorithm names that the local side is willing to verify.

指定者:

getLocalSupportedSignatureAlgorithms 在类中 ExtendedSSLSession

getLocalSupportedSignatureSchemes

public Collection<SignatureScheme> getLocalSupportedSignatureSchemes()

Gets an array of supported signature schemes that the local side is willing to verify.

getPeerSupportedSignatureAlgorithms

public String[] getPeerSupportedSignatureAlgorithms()

Gets an array of supported signature algorithms that the peer is able to verify.

指定者:

getPeerSupportedSignatureAlgorithms 在类中 ExtendedSSLSession

getRequestedServerNames

public List<SNIServerName> getRequestedServerNames()

Obtains a List containing all SNIServerNames of the requested Server Name Indication (SNI) extension.

覆盖:

getRequestedServerNames 在类中 ExtendedSSLSession

toString

public String toString()

Returns a string representation of this SSL session

覆盖:

toString 在类中 Object