org.conscrypt

Class AbstractOpenSSLSession

java.lang.Object

org.conscrypt.AbstractOpenSSLSession

All Implemented Interfaces:

SSLSession

Direct Known Subclasses:

OpenSSLSessionImpl

public abstract class AbstractOpenSSLSession
extends Object
implements SSLSession

Extends the base SSLSession with some methods used exclusively in Conscrypt.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	AbstractOpenSSLSession(org.conscrypt.AbstractSessionContext sessionContext) Class constructor creates an SSL session context given the appropriate session context.

Method Summary

Modifier and Type	Method and Description
int	getApplicationBufferSize() Returns the largest buffer size for the application's data bound to this concrete SSL session.
Certificate[]	getLocalCertificates() Returns the certificate(s) of the principal (subject) of this concrete SSL session used in the handshaking phase of the connection.
Principal	getLocalPrincipal() Returns the principal (subject) of this concrete SSL session used in the handshaking phase of the connection.
int	getPacketBufferSize() Returns the largest SSL/TLS packet size one can expect for this concrete SSL session.
X509Certificate[]	getPeerCertificateChain() Returns the certificate(s) of the peer in this SSL session used in the handshaking phase of the connection.
Certificate[]	getPeerCertificates() Return the identity of the peer in this SSL session determined via certificate(s).
Principal	getPeerPrincipal() The identity of the principal that was used by the peer during the SSL handshake phase is returned by this method.
abstract String	getRequestedServerName() Returns the name requested by the SNI extension.
SSLSessionContext	getSessionContext() Returns the context to which the actual SSL session is bound.
abstract List<byte[]>	getStatusResponses() Returns the OCSP stapled response.
abstract byte[]	getTlsSctData() Returns the TLS Stapled Certificate Transparency data.
Object	getValue(String name) Returns the object which is bound to the the input parameter name.
String[]	getValueNames() Returns an array with the names (sort of links) of all the data objects of the application layer bound into the SSL session.
protected abstract X509Certificate[]	getX509LocalCertificates()
protected abstract X509Certificate[]	getX509PeerCertificates()
void	invalidate() It invalidates a SSL session forbidding any resumption.
boolean	isValid() Returns a boolean flag signaling whether a SSL session is valid and available for resuming or joining or not.
void	putValue(String name, Object value) A link (name) with the specified value object of the SSL session's application layer data is created or replaced.
void	removeValue(String name) Removes a link (name) with the specified value object of the SSL session's application layer data.
abstract void	setLastAccessedTime(long accessTimeMillis) Sets the last accessed time for this session in milliseconds since Jan 1, 1970 00:00:00 UTC.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.net.ssl.SSLSession

getCipherSuite, getCreationTime, getId, getLastAccessedTime, getPeerHost, getPeerPort, getProtocol

Constructor Detail

AbstractOpenSSLSession

protected AbstractOpenSSLSession(org.conscrypt.AbstractSessionContext sessionContext)

Class constructor creates an SSL session context given the appropriate session context.

Method Detail

getX509PeerCertificates

protected abstract X509Certificate[] getX509PeerCertificates()
                                                      throws SSLPeerUnverifiedException

Throws:

SSLPeerUnverifiedException

getX509LocalCertificates

protected abstract X509Certificate[] getX509LocalCertificates()

getPeerCertificates

public Certificate[] getPeerCertificates()
                                  throws SSLPeerUnverifiedException

Return the identity of the peer in this SSL session determined via certificate(s).

Specified by:

getPeerCertificates in interface SSLSession

Returns:

an array of X509 certificates (the peer's one first and then eventually that of the certification authority) or null if no certificate were used during the SSL connection.

Throws:

SSLPeerUnverifiedException - if either a non-X.509 certificate was used (i.e. Kerberos certificates) or the peer could not be verified.

getPeerCertificateChain

public X509Certificate[] getPeerCertificateChain()
                                          throws SSLPeerUnverifiedException

Returns the certificate(s) of the peer in this SSL session used in the handshaking phase of the connection. Please notice hat this method is superseded by getPeerCertificates().

Specified by:

getPeerCertificateChain in interface SSLSession

Returns:

an array of X509 certificates (the peer's one first and then eventually that of the certification authority) or null if no certificate were used during the SSL connection.

Throws:

SSLPeerUnverifiedException - if either a non-X.509 certificate was used (i.e. Kerberos certificates) or the peer could not be verified.

getPeerPrincipal

public Principal getPeerPrincipal()
                           throws SSLPeerUnverifiedException

The identity of the principal that was used by the peer during the SSL handshake phase is returned by this method.

Specified by:

getPeerPrincipal in interface SSLSession

Returns:

a X500Principal of the last certificate for X509-based cipher suites.

Throws:

SSLPeerUnverifiedException - if either a non-X.509 certificate was used (i.e. Kerberos certificates) or the peer does not exist.

getLocalPrincipal

public Principal getLocalPrincipal()

Returns the principal (subject) of this concrete SSL session used in the handshaking phase of the connection.

Specified by:

getLocalPrincipal in interface SSLSession

Returns:

a X509 certificate or null if no principal was defined

getLocalCertificates

public Certificate[] getLocalCertificates()

Returns the certificate(s) of the principal (subject) of this concrete SSL session used in the handshaking phase of the connection. The OpenSSL native method supports only RSA certificates.

Specified by:

getLocalCertificates in interface SSLSession

Returns:

an array of certificates (the local one first and then eventually that of the certification authority) or null if no certificate were used during the handshaking phase.

getApplicationBufferSize

public int getApplicationBufferSize()

Returns the largest buffer size for the application's data bound to this concrete SSL session.

Specified by:

getApplicationBufferSize in interface SSLSession

Returns:

the largest buffer size

getPacketBufferSize

public int getPacketBufferSize()

Returns the largest SSL/TLS packet size one can expect for this concrete SSL session.

Specified by:

getPacketBufferSize in interface SSLSession

Returns:

the largest packet size

getValue

public Object getValue(String name)

Returns the object which is bound to the the input parameter name. This name is a sort of link to the data of the SSL session's application layer, if any exists.

Specified by:

getValue in interface SSLSession

Parameters:

name - the name of the binding to find.

Returns:

the value bound to that name, or null if the binding does not exist.

Throws:

IllegalArgumentException - if the argument is null.

getValueNames

public String[] getValueNames()

Returns an array with the names (sort of links) of all the data objects of the application layer bound into the SSL session.

Specified by:

getValueNames in interface SSLSession

Returns:

a non-null (possibly empty) array of names of the data objects bound to this SSL session.

putValue

public void putValue(String name,
                     Object value)

A link (name) with the specified value object of the SSL session's application layer data is created or replaced. If the new (or existing) value object implements the SSLSessionBindingListener interface, that object will be notified in due course.

Specified by:

putValue in interface SSLSession

Parameters:

name - the name of the link (no null are accepted!)

value - data object that shall be bound to name.

Throws:

IllegalArgumentException - if one or both argument(s) is null.

removeValue

public void removeValue(String name)

Removes a link (name) with the specified value object of the SSL session's application layer data.

If the value object implements the SSLSessionBindingListener interface, the object will receive a valueUnbound notification.

Specified by:

removeValue in interface SSLSession

Parameters:

name - the name of the link (no null are accepted!)

Throws:

IllegalArgumentException - if the argument is null.

getSessionContext

public SSLSessionContext getSessionContext()

Returns the context to which the actual SSL session is bound. A SSL context consists of (1) a possible delegate, (2) a provider and (3) a protocol.

Specified by:

getSessionContext in interface SSLSession

Returns:

the SSL context used for this session, or null if it is unavailable.

isValid

public boolean isValid()

Returns a boolean flag signaling whether a SSL session is valid and available for resuming or joining or not.

Specified by:

isValid in interface SSLSession

Returns:

true if this session may be resumed.

invalidate

public void invalidate()

It invalidates a SSL session forbidding any resumption.

Specified by:

invalidate in interface SSLSession

getRequestedServerName

public abstract String getRequestedServerName()

Returns the name requested by the SNI extension.

getStatusResponses

public abstract List<byte[]> getStatusResponses()

Returns the OCSP stapled response.

getTlsSctData

public abstract byte[] getTlsSctData()

Returns the TLS Stapled Certificate Transparency data.

setLastAccessedTime

public abstract void setLastAccessedTime(long accessTimeMillis)

Sets the last accessed time for this session in milliseconds since Jan 1, 1970 00:00:00 UTC.