| Methods Summary |
|---|
| protected void | finalize()Frees the OpenSSL session in the memory.
synchronized (OpenSSLSocketImpl.class) {
nativefree(session);
}
|
| public int | getApplicationBufferSize()Gives the largest buffer size for the application's data bound to this
concrete SSL session.
return SSLRecordProtocol.MAX_DATA_LENGTH;
|
| public java.lang.String | getCipherSuite()Gives back a string identifier of the crypto tools used in the actual SSL
session. For example AES_256_WITH_MD5.
return nativegetciphersuite();
|
| public long | getCreationTime()Gets the creation time of the SSL session.
return nativegetcreationtime();
|
| byte[] | getEncoded()Get the session object in DER format. This allows saving the session
data or sharing it with other processes.
return nativeserialize();
|
| public byte[] | getId()Gets the identifier of the actual SSL session
return nativegetid();
|
| public long | getLastAccessedTime()Gives the last time this concrete SSL session was accessed. Accessing
here is to mean that a new connection with the same SSL context data was
established.
if (lastAccessedTime == 0)
return nativegetcreationtime();
else
return lastAccessedTime;
|
| public java.security.cert.Certificate[] | getLocalCertificates()Gives the certificate(s) of the principal (subject) of this concrete SSL
session used in the handshaking phase of the connection. The OpenSSL
native method supports only RSA certificates.
X509Certificate[] localCertificates = null;
// This implementation only supports RSA certificates.
String alias = sslParameters.getKeyManager().chooseClientAlias(new String[] { "RSA" }, null, null);
if (alias != null) {
localCertificates = sslParameters.getKeyManager().getCertificateChain(alias);
}
return localCertificates;
|
| public java.security.Principal | getLocalPrincipal()Gives the principal (subject) of this concrete SSL session used in the
handshaking phase of the connection.
if (localCertificates != null && localCertificates.length > 0) {
return localCertificates[0].getSubjectX500Principal();
} else {
return null;
}
|
| public int | getPacketBufferSize()Gives the largest SSL/TLS packet size one can expect for this concrete
SSL session.
return SSLRecordProtocol.MAX_SSL_PACKET_SIZE;
|
| public javax.security.cert.X509Certificate[] | getPeerCertificateChain()Gives the certificate(s) of the peer in this SSL session
used in the handshaking phase of the connection.
Please notice hat this method is superseded by
getPeerCertificates().
if (peerCertificateChain == null) {
try {
byte[][] bytes = nativegetpeercertificates();
if (bytes == null) throw new SSLPeerUnverifiedException("No certificate available");
peerCertificateChain = new javax.security.cert.X509Certificate[bytes.length];
for(int i = 0; i < bytes.length; i++) {
peerCertificateChain[i] = javax.security.cert.X509Certificate.getInstance(bytes[i]);
}
return peerCertificateChain;
} catch (javax.security.cert.CertificateException e) {
throw new SSLPeerUnverifiedException(e.getMessage());
}
} else {
return peerCertificateChain;
}
|
| public java.security.cert.Certificate[] | getPeerCertificates()Gives the identitity of the peer in this SSL session
determined via certificate(s).
if (peerCertificates == null) {
if (peerCertificateChain == null) getPeerCertificateChain();
try {
if (peerCertificateChain.length == 0) return new X509Certificate[]{};
peerCertificates = new X509CertImpl[peerCertificateChain.length];
for(int i = 0; i < peerCertificates.length; i++) {
peerCertificates[i] = new X509CertImpl(peerCertificateChain[i].getEncoded());
}
return peerCertificates;
} catch (SSLPeerUnverifiedException e) {
return new X509Certificate[]{};
} catch (IOException e) {
return new X509Certificate[]{};
} catch (CertificateEncodingException e) {
return new X509Certificate[]{};
}
} else {
return peerCertificates;
}
|
| public java.lang.String | getPeerHost()The peer's host name used in this SSL session is returned. It is the host
name of the client for the server; and that of the server for the client.
It is not a reliable way to get a fully qualified host name: it is mainly
used internally to implement links for a temporary cache of SSL sessions.
return peerHost;
//return nativegetpeerhost();
|
| public int | getPeerPort()Gives the peer's port number for the actual SSL session. It is the port
number of the client for the server; and that of the server for the
client. It is not a reliable way to get a peer's port number: it is
mainly used internally to implement links for a temporary cache of SSL
sessions.
return peerPort;
//return Integer.parseInt(nativegetpeerport());
|
| public java.security.Principal | getPeerPrincipal()The identity of the principal that was used by the peer during the SSL
handshake phase is returned by this method.
if (peerCertificates == null) {
throw new SSLPeerUnverifiedException("No peer certificate");
}
return peerCertificates[0].getSubjectX500Principal();
|
| public java.lang.String | getProtocol()Gives back the standard version name of the SSL protocol used in all
connections pertaining to this SSL session.
return nativegetprotocol();
|
| public javax.net.ssl.SSLSessionContext | getSessionContext()Gives back the context to which the actual SSL session is bound. A SSL
context consists of (1) a possible delegate, (2) a provider and (3) a
protocol. If the security manager is activated and one tries to access
the SSL context an exception may be thrown if a
SSLPermission("getSSLSessionContext")
permission is not set.
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SSLPermission("getSSLSessionContext"));
}
return sessionContext;
|
| public java.lang.Object | getValue(java.lang.String name)Gives back the object which is bound to the the input parameter name.
This name is a sort of link to the data of the SSL session's application
layer, if any exists. The search for this link is monitored, as a matter
of security, by the full machinery of the AccessController
class.
if (name == null) {
throw new IllegalArgumentException("Parameter is null");
}
return values.get(name, AccessController.getContext());
|
| public java.lang.String[] | getValueNames()Gives back an array with the names (sort of links) of all the data
objects of the application layer bound into the SSL session. The search
for this link is monitored, as a matter of security, by the full
machinery of the AccessController class.
Vector v = new Vector();
AccessControlContext current = AccessController.getContext();
AccessControlContext cont;
for (Iterator it = values.entrySet().iterator(); it.hasNext();) {
TwoKeyHashMap.Entry entry = (TwoKeyHashMap.Entry) it.next();
cont = (AccessControlContext) entry.getKey2();
if ((current == null && cont == null)
|| (current != null && current.equals(cont))) {
v.add(entry.getKey1());
}
}
return (String[]) v.toArray(new String[0]);
|
| private void | initializeNative(byte[] derData)Init the underlying native object from DER data. This
allows loading the saved session.
this.session = nativedeserialize(derData, derData.length);
if (this.session == 0) {
throw new IOException("Invalid session data");
}
|
| public void | invalidate()It invalidates a SSL session forbidding any resumption.
isValid = false;
|
| public boolean | isValid()Gives back a boolean flag signaling whether a SSL session is valid and
available
for resuming or joining or not.
SSLSessionContext context = sessionContext;
if (isValid
&& context != null
&& context.getSessionTimeout() != 0
&& lastAccessedTime + context.getSessionTimeout() > System
.currentTimeMillis()) {
isValid = false;
}
return isValid;
|
| private native int | nativedeserialize(byte[] data, int size)Create a SSL_SESSION object using d2i_SSL_SESSION.
|
| private native void | nativefree(int session)
|
| private native java.lang.String | nativegetciphersuite()Returns via OpenSSL call the actual cipher suite in use.
|
| private native long | nativegetcreationtime()Gets the creation time of the OpenSSL session.
|
| private native byte[] | nativegetid()Returns the identifier of the actual OpenSSL session.
|
| private native byte[][] | nativegetpeercertificates()Returns the X509 certificates of the peer in the PEM format.
|
| private native java.lang.String | nativegetpeerhost()Returns via OpenSSL call the actual peer host name.
|
| private native java.lang.String | nativegetpeerport()Returns via OpenSSL call the actual peer port number.
|
| private native java.lang.String | nativegetprotocol()Returns via OpenSSL call the actual version of the SSL protocol.
|
| private native byte[] | nativeserialize()Serialize the native state of the session ( ID, cypher, keys - but
not certs ), using openSSL i2d_SSL_SESSION()
|
| public void | putValue(java.lang.String name, java.lang.Object value)A link (name) with the specified value object of the SSL session's
application layer data is created or replaced. If the new (or existing)
value object implements the SSLSessionBindingListener
interface, that object will be notified in due course. These links-to
-data bounds are monitored, as a matter of security, by the full
machinery of the AccessController class.
if (name == null || value == null) {
throw new IllegalArgumentException("Parameter is null");
}
Object old = values.put(name, AccessController.getContext(), value);
if (value instanceof SSLSessionBindingListener) {
((SSLSessionBindingListener) value)
.valueBound(new SSLSessionBindingEvent(this, name));
}
if (old != null && old instanceof SSLSessionBindingListener) {
((SSLSessionBindingListener) old)
.valueUnbound(new SSLSessionBindingEvent(this, name));
}
|
| public void | removeValue(java.lang.String name)Removes a link (name) with the specified value object of the SSL
session's application layer data. These links-to -data bounds are
monitored, as a matter of security, by the full machinery of the
AccessController class.
if (name == null) {
throw new IllegalArgumentException("Parameter is null");
}
values.remove(name, AccessController.getContext());
|
