Lines 1039-1048
Link Here
|
1039 |
// Last accessed time |
1039 |
// Last accessed time |
1040 |
private long lastAccessedTime = -1; |
1040 |
private long lastAccessedTime = -1; |
1041 |
|
1041 |
|
|
|
1042 |
// Cache to protect from async access |
1043 |
private byte[] id = SSL.getSessionId(ssl); |
1044 |
private long creationTime = SSL.getTime(ssl); |
1045 |
|
1042 |
@Override |
1046 |
@Override |
1043 |
public byte[] getId() { |
1047 |
public byte[] getId() { |
1044 |
// We don't cache that to keep memory usage to a minimum. |
|
|
1045 |
byte[] id = SSL.getSessionId(ssl); |
1046 |
if (id == null) { |
1048 |
if (id == null) { |
1047 |
// The id should never be null, if it was null then the SESSION itself was not valid. |
1049 |
// The id should never be null, if it was null then the SESSION itself was not valid. |
1048 |
throw new IllegalStateException(sm.getString("engine.noSession")); |
1050 |
throw new IllegalStateException(sm.getString("engine.noSession")); |
Lines 1058-1064
Link Here
|
1058 |
@Override |
1060 |
@Override |
1059 |
public long getCreationTime() { |
1061 |
public long getCreationTime() { |
1060 |
// We need to multiply by 1000 as OpenSSL uses seconds and we need milliseconds. |
1062 |
// We need to multiply by 1000 as OpenSSL uses seconds and we need milliseconds. |
1061 |
return SSL.getTime(ssl) * 1000L; |
1063 |
return creationTime * 1000L; |
1062 |
} |
1064 |
} |
1063 |
|
1065 |
|
1064 |
@Override |
1066 |
@Override |
Lines 1140-1158
Link Here
|
1140 |
// these are lazy created to reduce memory overhead |
1142 |
// these are lazy created to reduce memory overhead |
1141 |
Certificate[] c = peerCerts; |
1143 |
Certificate[] c = peerCerts; |
1142 |
if (c == null) { |
1144 |
if (c == null) { |
1143 |
if (SSL.isInInit(ssl) != 0) { |
|
|
1144 |
throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer")); |
1145 |
} |
1146 |
byte[][] chain = SSL.getPeerCertChain(ssl); |
1147 |
byte[] clientCert; |
1145 |
byte[] clientCert; |
1148 |
if (!clientMode) { |
1146 |
byte[][] chain; |
1149 |
// if used on the server side SSL_get_peer_cert_chain(...) will not include the remote peer certificate. |
1147 |
synchronized (OpenSSLEngine.this) { |
1150 |
// We use SSL_get_peer_certificate to get it in this case and add it to our array later. |
1148 |
if (destroyed || SSL.isInInit(ssl) != 0) { |
1151 |
// |
1149 |
throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer")); |
1152 |
// See https://www.openssl.org/docs/ssl/SSL_get_peer_cert_chain.html |
1150 |
} |
1153 |
clientCert = SSL.getPeerCertificate(ssl); |
1151 |
chain = SSL.getPeerCertChain(ssl); |
1154 |
} else { |
1152 |
if (!clientMode) { |
1155 |
clientCert = null; |
1153 |
// if used on the server side SSL_get_peer_cert_chain(...) will not include the remote peer certificate. |
|
|
1154 |
// We use SSL_get_peer_certificate to get it in this case and add it to our array later. |
1155 |
// |
1156 |
// See https://www.openssl.org/docs/ssl/SSL_get_peer_cert_chain.html |
1157 |
clientCert = SSL.getPeerCertificate(ssl); |
1158 |
} else { |
1159 |
clientCert = null; |
1160 |
} |
1156 |
} |
1161 |
} |
1157 |
if (chain == null && clientCert == null) { |
1162 |
if (chain == null && clientCert == null) { |
1158 |
return null; |
1163 |
return null; |
Lines 1193-1202
Link Here
|
1193 |
// these are lazy created to reduce memory overhead |
1198 |
// these are lazy created to reduce memory overhead |
1194 |
X509Certificate[] c = x509PeerCerts; |
1199 |
X509Certificate[] c = x509PeerCerts; |
1195 |
if (c == null) { |
1200 |
if (c == null) { |
1196 |
if (SSL.isInInit(ssl) != 0) { |
1201 |
byte[][] chain; |
1197 |
throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer")); |
1202 |
synchronized (OpenSSLEngine.this) { |
|
|
1203 |
if (destroyed || SSL.isInInit(ssl) != 0) { |
1204 |
throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer")); |
1205 |
} |
1206 |
chain = SSL.getPeerCertChain(ssl); |
1198 |
} |
1207 |
} |
1199 |
byte[][] chain = SSL.getPeerCertChain(ssl); |
|
|
1200 |
if (chain == null) { |
1208 |
if (chain == null) { |
1201 |
throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer")); |
1209 |
throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer")); |
1202 |
} |
1210 |
} |
Lines 1241-1247
Link Here
|
1241 |
return INVALID_CIPHER; |
1249 |
return INVALID_CIPHER; |
1242 |
} |
1250 |
} |
1243 |
if (cipher == null) { |
1251 |
if (cipher == null) { |
1244 |
String c = OpenSSLCipherConfigurationParser.openSSLToJsse(SSL.getCipherForSSL(ssl)); |
1252 |
String ciphers; |
|
|
1253 |
synchronized (OpenSSLEngine.this) { |
1254 |
if (destroyed) { |
1255 |
return INVALID_CIPHER; |
1256 |
} |
1257 |
ciphers = SSL.getCipherForSSL(ssl); |
1258 |
} |
1259 |
String c = OpenSSLCipherConfigurationParser.openSSLToJsse(ciphers); |
1245 |
if (c != null) { |
1260 |
if (c != null) { |
1246 |
cipher = c; |
1261 |
cipher = c; |
1247 |
} |
1262 |
} |
Lines 1251-1256
Link Here
|
1251 |
|
1266 |
|
1252 |
@Override |
1267 |
@Override |
1253 |
public String getProtocol() { |
1268 |
public String getProtocol() { |
|
|
1269 |
// No sync as ALPN is called when opening the connection |
1254 |
String applicationProtocol = OpenSSLEngine.this.applicationProtocol; |
1270 |
String applicationProtocol = OpenSSLEngine.this.applicationProtocol; |
1255 |
if (applicationProtocol == null) { |
1271 |
if (applicationProtocol == null) { |
1256 |
applicationProtocol = SSL.getNextProtoNegotiated(ssl); |
1272 |
applicationProtocol = SSL.getNextProtoNegotiated(ssl); |