|
Lines 1039-1048
Link Here
|
| 1039 |
// Last accessed time |
1039 |
// Last accessed time |
| 1040 |
private long lastAccessedTime = -1; |
1040 |
private long lastAccessedTime = -1; |
| 1041 |
|
1041 |
|
|
|
1042 |
// Cache to protect from async access |
| 1043 |
private byte[] id = SSL.getSessionId(ssl); |
| 1044 |
private long creationTime = SSL.getTime(ssl); |
| 1045 |
|
| 1042 |
@Override |
1046 |
@Override |
| 1043 |
public byte[] getId() { |
1047 |
public byte[] getId() { |
| 1044 |
// We don't cache that to keep memory usage to a minimum. |
|
|
| 1045 |
byte[] id = SSL.getSessionId(ssl); |
| 1046 |
if (id == null) { |
1048 |
if (id == null) { |
| 1047 |
// The id should never be null, if it was null then the SESSION itself was not valid. |
1049 |
// The id should never be null, if it was null then the SESSION itself was not valid. |
| 1048 |
throw new IllegalStateException(sm.getString("engine.noSession")); |
1050 |
throw new IllegalStateException(sm.getString("engine.noSession")); |
|
Lines 1058-1064
Link Here
|
| 1058 |
@Override |
1060 |
@Override |
| 1059 |
public long getCreationTime() { |
1061 |
public long getCreationTime() { |
| 1060 |
// We need to multiply by 1000 as OpenSSL uses seconds and we need milliseconds. |
1062 |
// We need to multiply by 1000 as OpenSSL uses seconds and we need milliseconds. |
| 1061 |
return SSL.getTime(ssl) * 1000L; |
1063 |
return creationTime * 1000L; |
| 1062 |
} |
1064 |
} |
| 1063 |
|
1065 |
|
| 1064 |
@Override |
1066 |
@Override |
|
Lines 1140-1158
Link Here
|
| 1140 |
// these are lazy created to reduce memory overhead |
1142 |
// these are lazy created to reduce memory overhead |
| 1141 |
Certificate[] c = peerCerts; |
1143 |
Certificate[] c = peerCerts; |
| 1142 |
if (c == null) { |
1144 |
if (c == null) { |
| 1143 |
if (SSL.isInInit(ssl) != 0) { |
|
|
| 1144 |
throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer")); |
| 1145 |
} |
| 1146 |
byte[][] chain = SSL.getPeerCertChain(ssl); |
| 1147 |
byte[] clientCert; |
1145 |
byte[] clientCert; |
| 1148 |
if (!clientMode) { |
1146 |
byte[][] chain; |
| 1149 |
// if used on the server side SSL_get_peer_cert_chain(...) will not include the remote peer certificate. |
1147 |
synchronized (OpenSSLEngine.this) { |
| 1150 |
// We use SSL_get_peer_certificate to get it in this case and add it to our array later. |
1148 |
if (destroyed || SSL.isInInit(ssl) != 0) { |
| 1151 |
// |
1149 |
throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer")); |
| 1152 |
// See https://www.openssl.org/docs/ssl/SSL_get_peer_cert_chain.html |
1150 |
} |
| 1153 |
clientCert = SSL.getPeerCertificate(ssl); |
1151 |
chain = SSL.getPeerCertChain(ssl); |
| 1154 |
} else { |
1152 |
if (!clientMode) { |
| 1155 |
clientCert = null; |
1153 |
// if used on the server side SSL_get_peer_cert_chain(...) will not include the remote peer certificate. |
|
|
1154 |
// We use SSL_get_peer_certificate to get it in this case and add it to our array later. |
| 1155 |
// |
| 1156 |
// See https://www.openssl.org/docs/ssl/SSL_get_peer_cert_chain.html |
| 1157 |
clientCert = SSL.getPeerCertificate(ssl); |
| 1158 |
} else { |
| 1159 |
clientCert = null; |
| 1160 |
} |
| 1156 |
} |
1161 |
} |
| 1157 |
if (chain == null && clientCert == null) { |
1162 |
if (chain == null && clientCert == null) { |
| 1158 |
return null; |
1163 |
return null; |
|
Lines 1193-1202
Link Here
|
| 1193 |
// these are lazy created to reduce memory overhead |
1198 |
// these are lazy created to reduce memory overhead |
| 1194 |
X509Certificate[] c = x509PeerCerts; |
1199 |
X509Certificate[] c = x509PeerCerts; |
| 1195 |
if (c == null) { |
1200 |
if (c == null) { |
| 1196 |
if (SSL.isInInit(ssl) != 0) { |
1201 |
byte[][] chain; |
| 1197 |
throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer")); |
1202 |
synchronized (OpenSSLEngine.this) { |
|
|
1203 |
if (destroyed || SSL.isInInit(ssl) != 0) { |
| 1204 |
throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer")); |
| 1205 |
} |
| 1206 |
chain = SSL.getPeerCertChain(ssl); |
| 1198 |
} |
1207 |
} |
| 1199 |
byte[][] chain = SSL.getPeerCertChain(ssl); |
|
|
| 1200 |
if (chain == null) { |
1208 |
if (chain == null) { |
| 1201 |
throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer")); |
1209 |
throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer")); |
| 1202 |
} |
1210 |
} |
|
Lines 1241-1247
Link Here
|
| 1241 |
return INVALID_CIPHER; |
1249 |
return INVALID_CIPHER; |
| 1242 |
} |
1250 |
} |
| 1243 |
if (cipher == null) { |
1251 |
if (cipher == null) { |
| 1244 |
String c = OpenSSLCipherConfigurationParser.openSSLToJsse(SSL.getCipherForSSL(ssl)); |
1252 |
String ciphers; |
|
|
1253 |
synchronized (OpenSSLEngine.this) { |
| 1254 |
if (destroyed) { |
| 1255 |
return INVALID_CIPHER; |
| 1256 |
} |
| 1257 |
ciphers = SSL.getCipherForSSL(ssl); |
| 1258 |
} |
| 1259 |
String c = OpenSSLCipherConfigurationParser.openSSLToJsse(ciphers); |
| 1245 |
if (c != null) { |
1260 |
if (c != null) { |
| 1246 |
cipher = c; |
1261 |
cipher = c; |
| 1247 |
} |
1262 |
} |
|
Lines 1251-1256
Link Here
|
| 1251 |
|
1266 |
|
| 1252 |
@Override |
1267 |
@Override |
| 1253 |
public String getProtocol() { |
1268 |
public String getProtocol() { |
|
|
1269 |
// No sync as ALPN is called when opening the connection |
| 1254 |
String applicationProtocol = OpenSSLEngine.this.applicationProtocol; |
1270 |
String applicationProtocol = OpenSSLEngine.this.applicationProtocol; |
| 1255 |
if (applicationProtocol == null) { |
1271 |
if (applicationProtocol == null) { |
| 1256 |
applicationProtocol = SSL.getNextProtoNegotiated(ssl); |
1272 |
applicationProtocol = SSL.getNextProtoNegotiated(ssl); |