classlib/modules/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionImpl.java - harmony - Git at Google

 /*
  *  Licensed to the Apache Software Foundation (ASF) under one or more
  *  contributor license agreements.  See the NOTICE file distributed with
  *  this work for additional information regarding copyright ownership.
  *  The ASF licenses this file to You under the Apache License, Version 2.0
  *  (the "License"); you may not use this file except in compliance with
  *  the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing, software
  *  distributed under the License is distributed on an "AS IS" BASIS,
  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  */

 package org.apache.harmony.xnet.provider.jsse;

 import java.io.ByteArrayInputStream;
 import java.security.AccessControlContext;
 import java.security.AccessController;
 import java.security.Principal;
 import java.security.SecureRandom;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Vector;

 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLPermission;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSessionBindingEvent;
 import javax.net.ssl.SSLSessionBindingListener;
 import javax.net.ssl.SSLSessionContext;
 import javax.net.ssl.SSLSocket;

 /**
  *
  * SSLSession implementation
  *
  * @see javax.net.ssl.SSLSession
  */
 public class SSLSessionImpl implements SSLSession, Cloneable  {

     /**
      * Session object reporting an invalid cipher suite of "SSL_NULL_WITH_NULL_NULL"
      */
     public static final SSLSessionImpl NULL_SESSION = new SSLSessionImpl();

     /**
      * Maximum length of allowed plain data fragment
      * as specified by TLS specification.
      */
     protected static final int MAX_DATA_LENGTH = 16384; // 2^14
     /**
      * Maximum length of allowed compressed data fragment
      * as specified by TLS specification.
      */
     protected static final int MAX_COMPRESSED_DATA_LENGTH
                                     = MAX_DATA_LENGTH + 1024;
     /**
      * Maximum length of allowed ciphered data fragment
      * as specified by TLS specification.
      */
     protected static final int MAX_CIPHERED_DATA_LENGTH
                                     = MAX_COMPRESSED_DATA_LENGTH + 1024;
     /**
      * Maximum length of ssl record. It is counted as:
      * type(1) + version(2) + length(2) + MAX_CIPHERED_DATA_LENGTH
      */
     protected static final int MAX_SSL_PACKET_SIZE
                                     = MAX_CIPHERED_DATA_LENGTH + 5;

     /**
      * Container class for the 'value' map's keys.
      */
     private static final class ValueKey {
         final String name;
         final AccessControlContext acc;

         ValueKey(String name) {
             super();
             this.name = name;
             this.acc = AccessController.getContext();
         }

         @Override
         public int hashCode() {
             final int prime = 31;
             int result = 1;
             result = prime * result + ((acc == null) ? 0 : acc.hashCode());
             result = prime * result + ((name == null) ? 0 : name.hashCode());
             return result;
         }

         @Override
         public boolean equals(Object obj) {
             if (this == obj)
                 return true;
             if (obj == null)
                 return false;
             if (!(obj instanceof ValueKey))
                 return false;
             ValueKey other = (ValueKey) obj;
             if (acc == null) {
                 if (other.acc != null)
                     return false;
             } else if (!acc.equals(other.acc))
                 return false;
             if (name == null) {
                 if (other.name != null)
                     return false;
             } else if (!name.equals(other.name))
                 return false;
             return true;
         }
     }

     private long creationTime;
     private boolean isValid = true;
     private Map<ValueKey, Object> values = new HashMap<ValueKey, Object>();

     /**
      * ID of the session
      */
     byte[] id;

     /**
      * Last time the session was accessed
      */
     long lastAccessedTime;

     /**
      * Protocol used in the session
      */
     String protocol;

     /**
      * Context of the session
      */
     SSLSessionContextImpl context;

     /**
      * certificates were sent to the peer
      */
     X509Certificate[] localCertificates;

     /**
      * Peer certificates
      */
     X509Certificate[] peerCertificates;

     /**
      * Peer host name
      */
     private String peerHost;

     /**
      * Peer port number
      */
     private int peerPort = -1;

     /**
      * True if this entity is considered the server
      */
     boolean isServer;

     // OpenSSL SSL_SESSION pointer
     private long SSL_SESSION;

     // The associated OpenSSL SSL pointer
     private long SSL;

     private static final SecureRandom rng = new SecureRandom();

     private SSLParameters sslParameters;

     private String cipherName;


     private native long initialiseSession(long SSL);

     private native String getCipherNameImpl(long SSL);
     private native long getCreationTimeImpl(long SSL_SESSION);
     private native Object[] getPeerCertificatesImpl(long SSL);

     private SSLSessionImpl() {
         creationTime = System.currentTimeMillis();
         cipherName = "SSL_NULL_WITH_NULL_NULL";
         protocol = "NONE";
         id = new byte[0];
     }

     public SSLSessionImpl(SSLParameters parms, long SSL) {
         refreshSessionData(null, parms, SSL);
     }

     public SSLSessionImpl(SSLSocket socket, SSLParameters parms, long SSL) {
         refreshSessionData(socket, parms, SSL);
     }

     public void refreshSessionData(SSLSocket socket, SSLParameters parms, long SSL) {
         sslParameters = parms;
         this.SSL = SSL;
         this.isServer = !sslParameters.getUseClientMode();

         if (SSL == 0) {
             creationTime = System.currentTimeMillis();
             cipherName = "SSL_NULL_WITH_NULL_NULL";
             id = new byte[0];
         } else {
             SSL_SESSION = initialiseSession(SSL);

             // Get back the cipher name with protocol prefixed
             // Expected to be in the format "<protocol>:<cipher_name>"
             String[] tokens = getCipherNameImpl(SSL).split(":");
             protocol = tokens[0];
             cipherName = tokens[1];

             creationTime = getCreationTimeImpl(SSL_SESSION);

             if (socket != null) {
                 peerPort = socket.getPort();
                 peerHost = socket.getInetAddress().getHostName();
             }

             id = new byte[32];
             rng.nextBytes(id);
             long time = creationTime / 1000;
             id[28] = (byte) ((time & 0xFF000000) >>> 24);
             id[29] = (byte) ((time & 0x00FF0000) >>> 16);
             id[30] = (byte) ((time & 0x0000FF00) >>> 8);
             id[31] = (byte) ((time & 0x000000FF));

             // Get the list of DER encoded peer certificates from OpenSSL
             Object[] DERCerts = getPeerCertificatesImpl(SSL);
             if (DERCerts != null) {
                 // If we have got an array of DER certificates, generate X509Certificates from them
                 CertificateFactory cf;
                 try {
                     cf = CertificateFactory.getInstance("X.509");
                 } catch (CertificateException e) {
                     throw new Error(e);
                 }
                 peerCertificates = new X509Certificate[DERCerts.length];
                 for (int i=0; i<peerCertificates.length; i++) {
                     try {
                         peerCertificates[i] = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream((byte[])DERCerts[i]));
                     } catch (CertificateException e) {
                         // Do nothing
                     }
                 }
             }
         }

         lastAccessedTime = creationTime;
         localCertificates = parms.getCertificateChain();
     }

     public int getApplicationBufferSize() {
         return MAX_DATA_LENGTH;
     }

     public String getCipherSuite() {
         return cipherName;
     }

     public long getCreationTime() {
         return creationTime;
     }

     public byte[] getId() {
         return id;
     }

     public long getLastAccessedTime() {
         return lastAccessedTime;
     }

     public Certificate[] getLocalCertificates() {
         return localCertificates;
     }

     public Principal getLocalPrincipal() {
         if (localCertificates != null && localCertificates.length > 0) {
             return localCertificates[0].getSubjectX500Principal();
         }
         return null;
     }

     public int getPacketBufferSize() {
         return MAX_SSL_PACKET_SIZE;
     }

     public javax.security.cert.X509Certificate[] getPeerCertificateChain()
             throws SSLPeerUnverifiedException {
         if (peerCertificates == null) {
             throw new SSLPeerUnverifiedException("No peer certificate");
         }
         javax.security.cert.X509Certificate[] certs = new javax.security.cert.X509Certificate[peerCertificates.length];
         for (int i = 0; i < certs.length; i++) {
             try {
                 certs[i] = javax.security.cert.X509Certificate.getInstance(peerCertificates[i]
                         .getEncoded());
             } catch (javax.security.cert.CertificateException e) {
             } catch (CertificateEncodingException e) {
             }
         }
         return certs;
     }

     public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
         if (peerCertificates == null) {
             throw new SSLPeerUnverifiedException("No peer certificate");
         }
         return peerCertificates;
     }

     public String getPeerHost() {
         return peerHost;
     }

     public int getPeerPort() {
         return peerPort;
     }

     public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
         if (peerCertificates == null) {
             throw new SSLPeerUnverifiedException("No peer certificate");
         }
         return peerCertificates[0].getSubjectX500Principal();
     }

     public String getProtocol() {
         return protocol;
     }

     public SSLSessionContext getSessionContext() {
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) {
             sm.checkPermission(new SSLPermission("getSSLSessionContext"));
         }
         return context;
     }

     public Object getValue(String name) {
         if (name == null) {
             throw new IllegalArgumentException("Parameter is null");
         }
         return values.get(new ValueKey(name));
     }

     public String[] getValueNames() {
         final Vector<String> v = new Vector<String>();
         final AccessControlContext currAcc = AccessController.getContext();
         for (ValueKey key : values.keySet()) {
             if ((currAcc == null && key.acc == null)
                     || (currAcc != null && currAcc.equals(key.acc))) {
                 v.add(key.name);
             }
         }
         return v.toArray(new String[v.size()]);
     }

     public void invalidate() {
         isValid = false;
     }

     public boolean isValid() {
         if (isValid && context != null && context.getSessionTimeout() != 0
                 && lastAccessedTime + context.getSessionTimeout() > System.currentTimeMillis()) {
             isValid = false;
         }
         return isValid;
     }

     public void putValue(String name, Object value) {
         if (name == null || value == null) {
             throw new IllegalArgumentException("Parameter is null");
         }
         Object old = values.put(new ValueKey(name), value);
         if (value instanceof SSLSessionBindingListener) {
             ((SSLSessionBindingListener) value).valueBound(new SSLSessionBindingEvent(this, name));
         }
         if (old != null && old instanceof SSLSessionBindingListener) {
             ((SSLSessionBindingListener) old).valueUnbound(new SSLSessionBindingEvent(this, name));
         }

     }

     public void removeValue(String name) {
         if (name == null) {
             throw new IllegalArgumentException("Parameter is null");
         }
         values.remove(new ValueKey(name));

     }

     @Override
     public Object clone() {
         SSLSessionImpl clonedSession = new SSLSessionImpl();

         clonedSession.creationTime = creationTime;
         clonedSession.isValid = isValid;
         clonedSession.values = new HashMap<ValueKey, Object>(values);
         clonedSession.id = (byte[])id.clone();
         clonedSession.lastAccessedTime = lastAccessedTime;
         clonedSession.protocol = protocol;
         clonedSession.context = context;
         clonedSession.localCertificates = localCertificates.clone();
         clonedSession.peerCertificates = peerCertificates.clone();
         clonedSession.peerHost = peerHost;
         clonedSession.isServer = isServer;
         clonedSession.SSL_SESSION = SSL_SESSION;
         clonedSession.SSL = SSL;
         clonedSession.sslParameters = (SSLParameters)sslParameters.clone();
         clonedSession.cipherName = cipherName;

         return clonedSession;
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.harmony.xnet.provider.jsse;

	import java.io.ByteArrayInputStream;
	import java.security.AccessControlContext;
	import java.security.AccessController;
	import java.security.Principal;
	import java.security.SecureRandom;
	import java.security.cert.Certificate;
	import java.security.cert.CertificateException;
	import java.security.cert.CertificateFactory;
	import java.security.cert.CertificateEncodingException;
	import java.security.cert.X509Certificate;
	import java.util.HashMap;
	import java.util.Map;
	import java.util.Vector;

	import javax.net.ssl.SSLPeerUnverifiedException;
	import javax.net.ssl.SSLPermission;
	import javax.net.ssl.SSLSession;
	import javax.net.ssl.SSLSessionBindingEvent;
	import javax.net.ssl.SSLSessionBindingListener;
	import javax.net.ssl.SSLSessionContext;
	import javax.net.ssl.SSLSocket;

	/**
	*
	* SSLSession implementation
	*
	* @see javax.net.ssl.SSLSession
	*/
	public class SSLSessionImpl implements SSLSession, Cloneable {

	/**
	* Session object reporting an invalid cipher suite of "SSL_NULL_WITH_NULL_NULL"
	*/
	public static final SSLSessionImpl NULL_SESSION = new SSLSessionImpl();

	/**
	* Maximum length of allowed plain data fragment
	* as specified by TLS specification.
	*/
	protected static final int MAX_DATA_LENGTH = 16384; // 2^14
	/**
	* Maximum length of allowed compressed data fragment
	* as specified by TLS specification.
	*/
	protected static final int MAX_COMPRESSED_DATA_LENGTH
	= MAX_DATA_LENGTH + 1024;
	/**
	* Maximum length of allowed ciphered data fragment
	* as specified by TLS specification.
	*/
	protected static final int MAX_CIPHERED_DATA_LENGTH
	= MAX_COMPRESSED_DATA_LENGTH + 1024;
	/**
	* Maximum length of ssl record. It is counted as:
	* type(1) + version(2) + length(2) + MAX_CIPHERED_DATA_LENGTH
	*/
	protected static final int MAX_SSL_PACKET_SIZE
	= MAX_CIPHERED_DATA_LENGTH + 5;

	/**
	* Container class for the 'value' map's keys.
	*/
	private static final class ValueKey {
	final String name;
	final AccessControlContext acc;

	ValueKey(String name) {
	super();
	this.name = name;
	this.acc = AccessController.getContext();
	}

	@Override
	public int hashCode() {
	final int prime = 31;
	int result = 1;
	result = prime * result + ((acc == null) ? 0 : acc.hashCode());
	result = prime * result + ((name == null) ? 0 : name.hashCode());
	return result;
	}

	@Override
	public boolean equals(Object obj) {
	if (this == obj)
	return true;
	if (obj == null)
	return false;
	if (!(obj instanceof ValueKey))
	return false;
	ValueKey other = (ValueKey) obj;
	if (acc == null) {
	if (other.acc != null)
	return false;
	} else if (!acc.equals(other.acc))
	return false;
	if (name == null) {
	if (other.name != null)
	return false;
	} else if (!name.equals(other.name))
	return false;
	return true;
	}
	}

	private long creationTime;
	private boolean isValid = true;
	private Map<ValueKey, Object> values = new HashMap<ValueKey, Object>();

	/**
	* ID of the session
	*/
	byte[] id;

	/**
	* Last time the session was accessed
	*/
	long lastAccessedTime;

	/**
	* Protocol used in the session
	*/
	String protocol;

	/**
	* Context of the session
	*/
	SSLSessionContextImpl context;

	/**
	* certificates were sent to the peer
	*/
	X509Certificate[] localCertificates;

	/**
	* Peer certificates
	*/
	X509Certificate[] peerCertificates;

	/**
	* Peer host name
	*/
	private String peerHost;

	/**
	* Peer port number
	*/
	private int peerPort = -1;

	/**
	* True if this entity is considered the server
	*/
	boolean isServer;

	// OpenSSL SSL_SESSION pointer
	private long SSL_SESSION;

	// The associated OpenSSL SSL pointer
	private long SSL;

	private static final SecureRandom rng = new SecureRandom();

	private SSLParameters sslParameters;

	private String cipherName;


	private native long initialiseSession(long SSL);

	private native String getCipherNameImpl(long SSL);
	private native long getCreationTimeImpl(long SSL_SESSION);
	private native Object[] getPeerCertificatesImpl(long SSL);

	private SSLSessionImpl() {
	creationTime = System.currentTimeMillis();
	cipherName = "SSL_NULL_WITH_NULL_NULL";
	protocol = "NONE";
	id = new byte[0];
	}

	public SSLSessionImpl(SSLParameters parms, long SSL) {
	refreshSessionData(null, parms, SSL);
	}

	public SSLSessionImpl(SSLSocket socket, SSLParameters parms, long SSL) {
	refreshSessionData(socket, parms, SSL);
	}

	public void refreshSessionData(SSLSocket socket, SSLParameters parms, long SSL) {
	sslParameters = parms;
	this.SSL = SSL;
	this.isServer = !sslParameters.getUseClientMode();

	if (SSL == 0) {
	creationTime = System.currentTimeMillis();
	cipherName = "SSL_NULL_WITH_NULL_NULL";
	id = new byte[0];
	} else {
	SSL_SESSION = initialiseSession(SSL);

	// Get back the cipher name with protocol prefixed
	// Expected to be in the format "<protocol>:<cipher_name>"
	String[] tokens = getCipherNameImpl(SSL).split(":");
	protocol = tokens[0];
	cipherName = tokens[1];

	creationTime = getCreationTimeImpl(SSL_SESSION);

	if (socket != null) {
	peerPort = socket.getPort();
	peerHost = socket.getInetAddress().getHostName();
	}

	id = new byte[32];
	rng.nextBytes(id);
	long time = creationTime / 1000;
	id[28] = (byte) ((time & 0xFF000000) >>> 24);
	id[29] = (byte) ((time & 0x00FF0000) >>> 16);
	id[30] = (byte) ((time & 0x0000FF00) >>> 8);
	id[31] = (byte) ((time & 0x000000FF));

	// Get the list of DER encoded peer certificates from OpenSSL
	Object[] DERCerts = getPeerCertificatesImpl(SSL);
	if (DERCerts != null) {
	// If we have got an array of DER certificates, generate X509Certificates from them
	CertificateFactory cf;
	try {
	cf = CertificateFactory.getInstance("X.509");
	} catch (CertificateException e) {
	throw new Error(e);
	}
	peerCertificates = new X509Certificate[DERCerts.length];
	for (int i=0; i<peerCertificates.length; i++) {
	try {
	peerCertificates[i] = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream((byte[])DERCerts[i]));
	} catch (CertificateException e) {
	// Do nothing
	}
	}
	}
	}

	lastAccessedTime = creationTime;
	localCertificates = parms.getCertificateChain();
	}

	public int getApplicationBufferSize() {
	return MAX_DATA_LENGTH;
	}

	public String getCipherSuite() {
	return cipherName;
	}

	public long getCreationTime() {
	return creationTime;
	}

	public byte[] getId() {
	return id;
	}

	public long getLastAccessedTime() {
	return lastAccessedTime;
	}

	public Certificate[] getLocalCertificates() {
	return localCertificates;
	}

	public Principal getLocalPrincipal() {
	if (localCertificates != null && localCertificates.length > 0) {
	return localCertificates[0].getSubjectX500Principal();
	}
	return null;
	}

	public int getPacketBufferSize() {
	return MAX_SSL_PACKET_SIZE;
	}

	public javax.security.cert.X509Certificate[] getPeerCertificateChain()
	throws SSLPeerUnverifiedException {
	if (peerCertificates == null) {
	throw new SSLPeerUnverifiedException("No peer certificate");
	}
	javax.security.cert.X509Certificate[] certs = new javax.security.cert.X509Certificate[peerCertificates.length];
	for (int i = 0; i < certs.length; i++) {
	try {
	certs[i] = javax.security.cert.X509Certificate.getInstance(peerCertificates[i]
	.getEncoded());
	} catch (javax.security.cert.CertificateException e) {
	} catch (CertificateEncodingException e) {
	}
	}
	return certs;
	}

	public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
	if (peerCertificates == null) {
	throw new SSLPeerUnverifiedException("No peer certificate");
	}
	return peerCertificates;
	}

	public String getPeerHost() {
	return peerHost;
	}

	public int getPeerPort() {
	return peerPort;
	}

	public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
	if (peerCertificates == null) {
	throw new SSLPeerUnverifiedException("No peer certificate");
	}
	return peerCertificates[0].getSubjectX500Principal();
	}

	public String getProtocol() {
	return protocol;
	}

	public SSLSessionContext getSessionContext() {
	SecurityManager sm = System.getSecurityManager();
	if (sm != null) {
	sm.checkPermission(new SSLPermission("getSSLSessionContext"));
	}
	return context;
	}

	public Object getValue(String name) {
	if (name == null) {
	throw new IllegalArgumentException("Parameter is null");
	}
	return values.get(new ValueKey(name));
	}

	public String[] getValueNames() {
	final Vector<String> v = new Vector<String>();
	final AccessControlContext currAcc = AccessController.getContext();
	for (ValueKey key : values.keySet()) {
	if ((currAcc == null && key.acc == null)
	\|\| (currAcc != null && currAcc.equals(key.acc))) {
	v.add(key.name);
	}
	}
	return v.toArray(new String[v.size()]);
	}

	public void invalidate() {
	isValid = false;
	}

	public boolean isValid() {
	if (isValid && context != null && context.getSessionTimeout() != 0
	&& lastAccessedTime + context.getSessionTimeout() > System.currentTimeMillis()) {
	isValid = false;
	}
	return isValid;
	}

	public void putValue(String name, Object value) {
	if (name == null \|\| value == null) {
	throw new IllegalArgumentException("Parameter is null");
	}
	Object old = values.put(new ValueKey(name), value);
	if (value instanceof SSLSessionBindingListener) {
	((SSLSessionBindingListener) value).valueBound(new SSLSessionBindingEvent(this, name));
	}
	if (old != null && old instanceof SSLSessionBindingListener) {
	((SSLSessionBindingListener) old).valueUnbound(new SSLSessionBindingEvent(this, name));
	}

	}

	public void removeValue(String name) {
	if (name == null) {
	throw new IllegalArgumentException("Parameter is null");
	}
	values.remove(new ValueKey(name));

	}

	@Override
	public Object clone() {
	SSLSessionImpl clonedSession = new SSLSessionImpl();

	clonedSession.creationTime = creationTime;
	clonedSession.isValid = isValid;
	clonedSession.values = new HashMap<ValueKey, Object>(values);
	clonedSession.id = (byte[])id.clone();
	clonedSession.lastAccessedTime = lastAccessedTime;
	clonedSession.protocol = protocol;
	clonedSession.context = context;
	clonedSession.localCertificates = localCertificates.clone();
	clonedSession.peerCertificates = peerCertificates.clone();
	clonedSession.peerHost = peerHost;
	clonedSession.isServer = isServer;
	clonedSession.SSL_SESSION = SSL_SESSION;
	clonedSession.SSL = SSL;
	clonedSession.sslParameters = (SSLParameters)sslParameters.clone();
	clonedSession.cipherName = cipherName;

	return clonedSession;
	}
	}