CoCalc -- SSLSession.java

GitHub Repository: PojavLauncherTeam/mobile
Path: blob/master/src/java.base/share/classes/javax/net/ssl/SSLSession.java
⁴¹¹⁵⁹ views
1
/*
2
 * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.  Oracle designates this
8
 * particular file as subject to the "Classpath" exception as provided
9
 * by Oracle in the LICENSE file that accompanied this code.
10
 *
11
 * This code is distributed in the hope that it will be useful, but WITHOUT
12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14
 * version 2 for more details (a copy is included in the LICENSE file that
15
 * accompanied this code).
16
 *
17
 * You should have received a copy of the GNU General Public License version
18
 * 2 along with this work; if not, write to the Free Software Foundation,
19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20
 *
21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22
 * or visit www.oracle.com if you need additional information or have any
23
 * questions.
24
 */
25

26
package javax.net.ssl;
27

28
import java.security.Principal;
29

30
/**
31
 * In SSL, sessions are used to describe an ongoing relationship between
32
 * two entities.  Each SSL connection involves one session at a time, but
33
 * that session may be used on many connections between those entities,
34
 * simultaneously or sequentially.  The session used on a connection may
35
 * also be replaced by a different session.  Sessions are created, or
36
 * rejoined, as part of the SSL handshaking protocol. Sessions may be
37
 * invalidated due to policies affecting security or resource usage,
38
 * or by an application explicitly calling {@code invalidate}.
39
 * Session management policies are typically used to tune performance.
40
 *
41
 * <P> In addition to the standard session attributes, SSL sessions expose
42
 * these read-only attributes:  <UL>
43
 *
44
 *      <LI> <em>Peer Identity.</em>  Sessions are between a particular
45
 *      client and a particular server.  The identity of the peer may
46
 *      have been established as part of session setup.  Peers are
47
 *      generally identified by X.509 certificate chains.
48
 *
49
 *      <LI> <em>Cipher Suite Name.</em>  Cipher suites describe the
50
 *      kind of cryptographic protection that's used by connections
51
 *      in a particular session.
52
 *
53
 *      <LI> <em>Peer Host.</em>  All connections in a session are
54
 *      between the same two hosts.  The address of the host on the other
55
 *      side of the connection is available.
56
 *
57
 *      </UL>
58
 *
59
 * <P> Sessions may be explicitly invalidated.  Invalidation may also
60
 * be done implicitly, when faced with certain kinds of errors.
61
 *
62
 * @since 1.4
63
 * @author David Brownell
64
 */
65
public interface SSLSession {
66

67
    /**
68
     * Returns the identifier assigned to this Session.
69
     *
70
     * @return the Session identifier
71
     */
72
    public byte[] getId();
73

74

75
    /**
76
     * Returns the context in which this session is bound.
77
     * <P>
78
     * This context may be unavailable in some environments,
79
     * in which case this method returns null.
80
     * <P>
81
     * If the context is available and there is a
82
     * security manager installed, the caller may require
83
     * permission to access it or a security exception may be thrown.
84
     * In a Java environment, the security manager's
85
     * {@code checkPermission} method is called with a
86
     * {@code SSLPermission("getSSLSessionContext")} permission.
87
     *
88
     * @throws SecurityException if the calling thread does not have
89
     *         permission to get SSL session context.
90
     * @return the session context used for this session, or null
91
     * if the context is unavailable.
92
     */
93
    public SSLSessionContext getSessionContext();
94

95

96
    /**
97
     * Returns the time at which this Session representation was created,
98
     * in milliseconds since midnight, January 1, 1970 UTC.
99
     *
100
     * @return the time this Session was created
101
     */
102
    public long getCreationTime();
103

104

105
    /**
106
     * Returns the last time this Session representation was accessed by the
107
     * session level infrastructure, in milliseconds since
108
     * midnight, January 1, 1970 UTC.
109
     * <P>
110
     * Access indicates a new connection being established using session data.
111
     * Application level operations, such as getting or setting a value
112
     * associated with the session, are not reflected in this access time.
113
     *
114
     * <P> This information is particularly useful in session management
115
     * policies.  For example, a session manager thread could leave all
116
     * sessions in a given context which haven't been used in a long time;
117
     * or, the sessions might be sorted according to age to optimize some task.
118
     *
119
     * @return the last time this Session was accessed
120
     */
121
    public long getLastAccessedTime();
122

123

124
    /**
125
     * Invalidates the session.
126
     * <P>
127
     * Future connections will not be able to
128
     * resume or join this session.  However, any existing connection
129
     * using this session can continue to use the session until the
130
     * connection is closed.
131
     *
132
     * @see #isValid()
133
     */
134
    public void invalidate();
135

136

137
    /**
138
     * Returns whether this session is valid and available for resuming or
139
     * joining.
140
     *
141
     * @return true if this session may be rejoined.
142
     * @see #invalidate()
143
     *
144
     * @since 1.5
145
     */
146
    public boolean isValid();
147

148

149
    /**
150
     *
151
     * Binds the specified {@code value} object into the
152
     * session's application layer data
153
     * with the given {@code name}.
154
     * <P>
155
     * Any existing binding using the same {@code name} is
156
     * replaced.  If the new (or existing) {@code value} implements the
157
     * {@code SSLSessionBindingListener} interface, the object
158
     * represented by {@code value} is notified appropriately.
159
     * <p>
160
     * For security reasons, the same named values may not be
161
     * visible across different access control contexts.
162
     *
163
     * @param name the name to which the data object will be bound.
164
     *          This may not be null.
165
     * @param value the data object to be bound. This may not be null.
166
     * @throws IllegalArgumentException if either argument is null.
167
     */
168
    public void putValue(String name, Object value);
169

170

171
    /**
172
     * Returns the object bound to the given name in the session's
173
     * application layer data.  Returns null if there is no such binding.
174
     * <p>
175
     * For security reasons, the same named values may not be
176
     * visible across different access control contexts.
177
     *
178
     * @param name the name of the binding to find.
179
     * @return the value bound to that name, or null if the binding does
180
     *          not exist.
181
     * @throws IllegalArgumentException if the argument is null.
182
     */
183
    public Object getValue(String name);
184

185

186
    /**
187
     * Removes the object bound to the given name in the session's
188
     * application layer data.  Does nothing if there is no object
189
     * bound to the given name.  If the bound existing object
190
     * implements the {@code SSLSessionBindingListener} interface,
191
     * it is notified appropriately.
192
     * <p>
193
     * For security reasons, the same named values may not be
194
     * visible across different access control contexts.
195
     *
196
     * @param name the name of the object to remove visible
197
     *          across different access control contexts
198
     * @throws IllegalArgumentException if the argument is null.
199
     */
200
    public void removeValue(String name);
201

202

203
    /**
204
     * Returns an array of the names of all the application layer
205
     * data objects bound into the Session.
206
     * <p>
207
     * For security reasons, the same named values may not be
208
     * visible across different access control contexts.
209
     *
210
     * @return a non-null (possibly empty) array of names of the objects
211
     *  bound to this Session.
212
     */
213
    public String [] getValueNames();
214

215
    /**
216
     * Returns the identity of the peer which was established as part
217
     * of defining the session.
218
     * <P>
219
     * Note: This method can be used only when using certificate-based
220
     * cipher suites; using it with non-certificate-based cipher suites,
221
     * such as Kerberos, will throw an SSLPeerUnverifiedException.
222
     * <P>
223
     * Note: The returned value may not be a valid certificate chain
224
     * and should not be relied on for trust decisions.
225
     *
226
     * @return an ordered array of peer certificates,
227
     *          with the peer's own certificate first followed by any
228
     *          certificate authorities.
229
     * @exception SSLPeerUnverifiedException if the peer's identity has not
230
     *          been verified
231
     * @see #getPeerPrincipal()
232
     */
233
    public java.security.cert.Certificate [] getPeerCertificates()
234
            throws SSLPeerUnverifiedException;
235

236
    /**
237
     * Returns the certificate(s) that were sent to the peer during
238
     * handshaking.
239
     * <P>
240
     * Note: This method is useful only when using certificate-based
241
     * cipher suites.
242
     * <P>
243
     * When multiple certificates are available for use in a
244
     * handshake, the implementation chooses what it considers the
245
     * "best" certificate chain available, and transmits that to
246
     * the other side.  This method allows the caller to know
247
     * which certificate chain was actually used.
248
     *
249
     * @return an ordered array of certificates,
250
     * with the local certificate first followed by any
251
     * certificate authorities.  If no certificates were sent,
252
     * then null is returned.
253
     *
254
     * @see #getLocalPrincipal()
255
     */
256
    public java.security.cert.Certificate [] getLocalCertificates();
257

258
    /**
259
     * Returns the identity of the peer which was identified as part
260
     * of defining the session.
261
     * <P>
262
     * Note: This method can be used only when using certificate-based
263
     * cipher suites; using it with non-certificate-based cipher suites,
264
     * such as Kerberos, will throw an SSLPeerUnverifiedException.
265
     * <P>
266
     * Note: The returned value may not be a valid certificate chain
267
     * and should not be relied on for trust decisions.
268
     *
269
     * <p><em>Note: this method exists for compatibility with previous
270
     * releases. New applications should use
271
     * {@link #getPeerCertificates} instead.</em></p>
272
     *
273
     * @implSpec
274
     *     This default implementation throws UnsupportedOperationException.
275
     *
276
     * @return an ordered array of peer X.509 certificates,
277
     *          with the peer's own certificate first followed by any
278
     *          certificate authorities.  (The certificates are in
279
     *          the original JSSE certificate
280
     *          {@link javax.security.cert.X509Certificate} format.)
281
     * @throws SSLPeerUnverifiedException if the peer's identity
282
     *         has not been verified.
283
     * @throws UnsupportedOperationException if the underlying provider
284
     *         does not implement the operation.
285
     *
286
     * @see #getPeerPrincipal()
287
     * @deprecated The {@link #getPeerCertificates()} method that returns an
288
     *               array of {@code java.security.cert.Certificate} should
289
     *               be used instead.
290
     */
291
    @SuppressWarnings("removal")
292
    @Deprecated(since="9", forRemoval=true)
293
    public default javax.security.cert.X509Certificate[]
294
            getPeerCertificateChain() throws SSLPeerUnverifiedException {
295
        throw new UnsupportedOperationException(
296
             "This method is deprecated and marked for removal. Use the " +
297
             "getPeerCertificates() method instead.");
298
    }
299

300
    /**
301
     * Returns the identity of the peer which was established as part of
302
     * defining the session.
303
     *
304
     * @return the peer's principal. Returns an X500Principal of the
305
     * end-entity certificate for X509-based cipher suites, and
306
     * KerberosPrincipal for Kerberos cipher suites.
307
     *
308
     * @throws SSLPeerUnverifiedException if the peer's identity has not
309
     *          been verified
310
     *
311
     * @see #getPeerCertificates()
312
     * @see #getLocalPrincipal()
313
     *
314
     * @since 1.5
315
     */
316
    public Principal getPeerPrincipal()
317
            throws SSLPeerUnverifiedException;
318

319
    /**
320
     * Returns the principal that was sent to the peer during handshaking.
321
     *
322
     * @return the principal sent to the peer. Returns an X500Principal
323
     * of the end-entity certificate for X509-based cipher suites, and
324
     * KerberosPrincipal for Kerberos cipher suites. If no principal was
325
     * sent, then null is returned.
326
     *
327
     * @see #getLocalCertificates()
328
     * @see #getPeerPrincipal()
329
     *
330
     * @since 1.5
331
     */
332
    public Principal getLocalPrincipal();
333

334
    /**
335
     * Returns the name of the SSL cipher suite which is used for all
336
     * connections in the session.
337
     *
338
     * <P> This defines the level of protection
339
     * provided to the data sent on the connection, including the kind
340
     * of encryption used and most aspects of how authentication is done.
341
     *
342
     * @return the name of the session's cipher suite
343
     */
344
    public String getCipherSuite();
345

346
    /**
347
     * Returns the standard name of the protocol used for all
348
     * connections in the session.
349
     *
350
     * <P> This defines the protocol used in the connection.
351
     *
352
     * @return the standard name of the protocol used for all
353
     * connections in the session.
354
     */
355
    public String getProtocol();
356

357
    /**
358
     * Returns the host name of the peer in this session.
359
     * <P>
360
     * For the server, this is the client's host;  and for
361
     * the client, it is the server's host. The name may not be
362
     * a fully qualified host name or even a host name at all as
363
     * it may represent a string encoding of the peer's network address.
364
     * If such a name is desired, it might
365
     * be resolved through a name service based on the value returned
366
     * by this method.
367
     * <P>
368
     * This value is not authenticated and should not be relied upon.
369
     * It is mainly used as a hint for {@code SSLSession} caching
370
     * strategies.
371
     *
372
     * @return  the host name of the peer host, or null if no information
373
     *          is available.
374
     */
375
    public String getPeerHost();
376

377
    /**
378
     * Returns the port number of the peer in this session.
379
     * <P>
380
     * For the server, this is the client's port number;  and for
381
     * the client, it is the server's port number.
382
     * <P>
383
     * This value is not authenticated and should not be relied upon.
384
     * It is mainly used as a hint for {@code SSLSession} caching
385
     * strategies.
386
     *
387
     * @return  the port number of the peer host, or -1 if no information
388
     *          is available.
389
     *
390
     * @since 1.5
391
     */
392
    public int getPeerPort();
393

394
    /**
395
     * Gets the current size of the largest SSL/TLS/DTLS packet that is
396
     * expected when using this session.
397
     * <P>
398
     * An {@code SSLEngine} using this session may generate SSL/TLS/DTLS
399
     * packets of any size up to and including the value returned by this
400
     * method. All {@code SSLEngine} network buffers should be sized
401
     * at least this large to avoid insufficient space problems when
402
     * performing {@code wrap} and {@code unwrap} calls.
403
     *
404
     * @return  the current maximum expected network packet size
405
     *
406
     * @see SSLEngine#wrap(ByteBuffer, ByteBuffer)
407
     * @see SSLEngine#unwrap(ByteBuffer, ByteBuffer)
408
     *
409
     * @since 1.5
410
     */
411
    public int getPacketBufferSize();
412

413

414
    /**
415
     * Gets the current size of the largest application data that is
416
     * expected when using this session.
417
     * <P>
418
     * {@code SSLEngine} application data buffers must be large
419
     * enough to hold the application data from any inbound network
420
     * application data packet received.  Typically, outbound
421
     * application data buffers can be of any size.
422
     *
423
     * @return  the current maximum expected application packet size
424
     *
425
     * @see SSLEngine#wrap(ByteBuffer, ByteBuffer)
426
     * @see SSLEngine#unwrap(ByteBuffer, ByteBuffer)
427
     *
428
     * @since 1.5
429
     */
430
    public int getApplicationBufferSize();
431
}
432

433
Product

Resources

Company
