Package org.conscrypt
Class OpenSSLSessionImpl
java.lang.Object
org.conscrypt.OpenSSLSessionImpl
- All Implemented Interfaces:
SSLSession
public class OpenSSLSessionImpl extends Object implements SSLSession
Implementation of the class OpenSSLSessionImpl
based on OpenSSL.
-
Field Summary
Fields Modifier and Type Field Description protected longsslSessionNativePointer -
Constructor Summary
Constructors Modifier Constructor Description protectedOpenSSLSessionImpl(long sslSessionNativePointer, X509Certificate[] localCertificates, X509Certificate[] peerCertificates, String peerHost, int peerPort, org.conscrypt.AbstractSessionContext sessionContext)Class constructor creates an SSL session context given the appropriate SSL parameters. -
Method Summary
Modifier and Type Method Description protected voidfinalize()Invoked when the garbage collector has detected that this instance is no longer reachable.intgetApplicationBufferSize()Returns the largest buffer size for the application's data bound to this concrete SSL session.StringgetCipherSuite()Returns a string identifier of the crypto tools used in the actual SSL session.longgetCreationTime()Gets the creation time of the SSL session.byte[]getId()Gets the identifier of the actual SSL sessionlonggetLastAccessedTime()Returns the last time this concrete SSL session was accessed.Certificate[]getLocalCertificates()Returns the certificate(s) of the principal (subject) of this concrete SSL session used in the handshaking phase of the connection.PrincipalgetLocalPrincipal()Returns the principal (subject) of this concrete SSL session used in the handshaking phase of the connection.intgetPacketBufferSize()Returns the largest SSL/TLS packet size one can expect for this concrete SSL session.X509Certificate[]getPeerCertificateChain()Returns the certificate(s) of the peer in this SSL session used in the handshaking phase of the connection.Certificate[]getPeerCertificates()Return the identity of the peer in this SSL session determined via certificate(s).StringgetPeerHost()The peer's host name used in this SSL session is returned.intgetPeerPort()Returns the peer's port number for the actual SSL session.PrincipalgetPeerPrincipal()The identity of the principal that was used by the peer during the SSL handshake phase is returned by this method.StringgetProtocol()Returns the standard version name of the SSL protocol used in all connections pertaining to this SSL session.SSLSessionContextgetSessionContext()Returns the context to which the actual SSL session is bound.ObjectgetValue(String name)Returns the object which is bound to the the input parameter name.String[]getValueNames()Returns an array with the names (sort of links) of all the data objects of the application layer bound into the SSL session.voidinvalidate()It invalidates a SSL session forbidding any resumption.booleanisValid()Returns a boolean flag signaling whether a SSL session is valid and available for resuming or joining or not.voidputValue(String name, Object value)A link (name) with the specified value object of the SSL session's application layer data is created or replaced.voidremoveValue(String name)Removes a link (name) with the specified value object of the SSL session's application layer data.
-
Field Details
-
sslSessionNativePointer
protected long sslSessionNativePointer
-
-
Constructor Details
-
OpenSSLSessionImpl
protected OpenSSLSessionImpl(long sslSessionNativePointer, X509Certificate[] localCertificates, X509Certificate[] peerCertificates, String peerHost, int peerPort, org.conscrypt.AbstractSessionContext sessionContext)Class constructor creates an SSL session context given the appropriate SSL parameters.
-
-
Method Details
-
getId
public byte[] getId()Gets the identifier of the actual SSL session- Specified by:
getIdin interfaceSSLSession- Returns:
- array of sessions' identifiers.
-
getCreationTime
public long getCreationTime()Gets the creation time of the SSL session.- Specified by:
getCreationTimein interfaceSSLSession- Returns:
- the session's creation time in milliseconds since the epoch
-
getLastAccessedTime
public long getLastAccessedTime()Returns the last time this concrete SSL session was accessed. Accessing here is to mean that a new connection with the same SSL context data was established.- Specified by:
getLastAccessedTimein interfaceSSLSession- Returns:
- the session's last access time in milliseconds since the epoch
-
getApplicationBufferSize
public int getApplicationBufferSize()Returns the largest buffer size for the application's data bound to this concrete SSL session.- Specified by:
getApplicationBufferSizein interfaceSSLSession- Returns:
- the largest buffer size
-
getPacketBufferSize
public int getPacketBufferSize()Returns the largest SSL/TLS packet size one can expect for this concrete SSL session.- Specified by:
getPacketBufferSizein interfaceSSLSession- Returns:
- the largest packet size
-
getLocalPrincipal
Returns the principal (subject) of this concrete SSL session used in the handshaking phase of the connection.- Specified by:
getLocalPrincipalin interfaceSSLSession- Returns:
- a X509 certificate or null if no principal was defined
-
getLocalCertificates
Returns the certificate(s) of the principal (subject) of this concrete SSL session used in the handshaking phase of the connection. The OpenSSL native method supports only RSA certificates.- Specified by:
getLocalCertificatesin interfaceSSLSession- Returns:
- an array of certificates (the local one first and then eventually that of the certification authority) or null if no certificate were used during the handshaking phase.
-
getPeerCertificateChain
Returns the certificate(s) of the peer in this SSL session used in the handshaking phase of the connection. Please notice hat this method is superseded bygetPeerCertificates().- Specified by:
getPeerCertificateChainin interfaceSSLSession- Returns:
- an array of X509 certificates (the peer's one first and then eventually that of the certification authority) or null if no certificate were used during the SSL connection.
- Throws:
SSLPeerUnverifiedException- if either a non-X.509 certificate was used (i.e. Kerberos certificates) or the peer could not be verified.
-
getPeerCertificates
Return the identity of the peer in this SSL session determined via certificate(s).- Specified by:
getPeerCertificatesin interfaceSSLSession- Returns:
- an array of X509 certificates (the peer's one first and then eventually that of the certification authority) or null if no certificate were used during the SSL connection.
- Throws:
SSLPeerUnverifiedException- if either a non-X.509 certificate was used (i.e. Kerberos certificates) or the peer could not be verified.
-
getPeerPrincipal
The identity of the principal that was used by the peer during the SSL handshake phase is returned by this method.- Specified by:
getPeerPrincipalin interfaceSSLSession- Returns:
- a X500Principal of the last certificate for X509-based cipher suites.
- Throws:
SSLPeerUnverifiedException- if either a non-X.509 certificate was used (i.e. Kerberos certificates) or the peer does not exist.
-
getPeerHost
The peer's host name used in this SSL session is returned. It is the host name of the client for the server; and that of the server for the client. It is not a reliable way to get a fully qualified host name: it is mainly used internally to implement links for a temporary cache of SSL sessions.- Specified by:
getPeerHostin interfaceSSLSession- Returns:
- the host name of the peer, or null if no information is available.
-
getPeerPort
public int getPeerPort()Returns the peer's port number for the actual SSL session. It is the port number of the client for the server; and that of the server for the client. It is not a reliable way to get a peer's port number: it is mainly used internally to implement links for a temporary cache of SSL sessions.- Specified by:
getPeerPortin interfaceSSLSession- Returns:
- the peer's port number, or -1 if no one is available.
-
getCipherSuite
Returns a string identifier of the crypto tools used in the actual SSL session. For example AES_256_WITH_MD5.- Specified by:
getCipherSuitein interfaceSSLSession- Returns:
- the name of the cipher suite used in this session.
-
getProtocol
Returns the standard version name of the SSL protocol used in all connections pertaining to this SSL session.- Specified by:
getProtocolin interfaceSSLSession- Returns:
- the protocol name that is used for all connections in this session.
-
getSessionContext
Returns the context to which the actual SSL session is bound. A SSL context consists of (1) a possible delegate, (2) a provider and (3) a protocol.- Specified by:
getSessionContextin interfaceSSLSession- Returns:
- the SSL context used for this session, or null if it is unavailable.
-
isValid
public boolean isValid()Returns a boolean flag signaling whether a SSL session is valid and available for resuming or joining or not.- Specified by:
isValidin interfaceSSLSession- Returns:
- true if this session may be resumed.
-
invalidate
public void invalidate()It invalidates a SSL session forbidding any resumption.- Specified by:
invalidatein interfaceSSLSession
-
getValue
Returns the object which is bound to the the input parameter name. This name is a sort of link to the data of the SSL session's application layer, if any exists.- Specified by:
getValuein interfaceSSLSession- Parameters:
name- the name of the binding to find.- Returns:
- the value bound to that name, or null if the binding does not exist.
- Throws:
IllegalArgumentException- if the argument is null.
-
getValueNames
Returns an array with the names (sort of links) of all the data objects of the application layer bound into the SSL session.- Specified by:
getValueNamesin interfaceSSLSession- Returns:
- a non-null (possibly empty) array of names of the data objects bound to this SSL session.
-
putValue
A link (name) with the specified value object of the SSL session's application layer data is created or replaced. If the new (or existing) value object implements theSSLSessionBindingListenerinterface, that object will be notified in due course.- Specified by:
putValuein interfaceSSLSession- Parameters:
name- the name of the link (no null are accepted!)value- data object that shall be bound to name.- Throws:
IllegalArgumentException- if one or both argument(s) is null.
-
removeValue
Removes a link (name) with the specified value object of the SSL session's application layer data.If the value object implements the
SSLSessionBindingListenerinterface, the object will receive avalueUnboundnotification.- Specified by:
removeValuein interfaceSSLSession- Parameters:
name- the name of the link (no null are accepted!)- Throws:
IllegalArgumentException- if the argument is null.
-
finalize
Description copied from class:ObjectInvoked when the garbage collector has detected that this instance is no longer reachable. The default implementation does nothing, but this method can be overridden to free resources.Note that objects that override
finalizeare significantly more expensive than objects that don't. Finalizers may be run a long time after the object is no longer reachable, depending on memory pressure, so it's a bad idea to rely on them for cleanup. Note also that finalizers are run on a single VM-wide finalizer thread, so doing blocking work in a finalizer is a bad idea. A finalizer is usually only necessary for a class that has a native peer and needs to call a native method to destroy that peer. Even then, it's better to provide an explicitclosemethod (and implementCloseable), and insist that callers manually dispose of instances. This works well for something like files, but less well for something like aBigIntegerwhere typical calling code would have to deal with lots of temporaries. Unfortunately, code that creates lots of temporaries is the worst kind of code from the point of view of the single finalizer thread.If you must use finalizers, consider at least providing your own
ReferenceQueueand having your own thread process that queue.Unlike constructors, finalizers are not automatically chained. You are responsible for calling
super.finalize()yourself.Uncaught exceptions thrown by finalizers are ignored and do not terminate the finalizer thread. See Effective Java Item 7, "Avoid finalizers" for more.
-