Path: blob/master/src/java.base/share/classes/sun/security/ssl/EphemeralKeyManager.java
41159 views
/*1* Copyright (c) 2002, 2021, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package sun.security.ssl;2627import java.security.*;28import java.util.concurrent.locks.ReentrantLock;2930/**31* The "KeyManager" for ephemeral RSA keys. Ephemeral DH and ECDH keys32* are handled by the DHCrypt and ECDHCrypt classes, respectively.33*34* @author Andreas Sterbenz35*/36final class EphemeralKeyManager {3738// indices for the keys array below39private static final int INDEX_RSA512 = 0;40private static final int INDEX_RSA1024 = 1;4142/*43* Current cached RSA KeyPairs. Elements are never null.44* Indexed via the constants above.45*/46private final EphemeralKeyPair[] keys = new EphemeralKeyPair[] {47new EphemeralKeyPair(null),48new EphemeralKeyPair(null),49};5051private final ReentrantLock cachedKeysLock = new ReentrantLock();5253EphemeralKeyManager() {54// empty55}5657/*58* Get a temporary RSA KeyPair.59*/60KeyPair getRSAKeyPair(boolean export, SecureRandom random) {61int length, index;62if (export) {63length = 512;64index = INDEX_RSA512;65} else {66length = 1024;67index = INDEX_RSA1024;68}6970KeyPair kp = keys[index].getKeyPair();71if (kp != null) {72return kp;73}7475cachedKeysLock.lock();76try {77// double check78kp = keys[index].getKeyPair();79if (kp != null) {80return kp;81}8283try {84KeyPairGenerator kgen = KeyPairGenerator.getInstance("RSA");85kgen.initialize(length, random);86keys[index] = new EphemeralKeyPair(kgen.genKeyPair());87kp = keys[index].getKeyPair();88} catch (Exception e) {89// ignore90}91} finally {92cachedKeysLock.unlock();93}9495return kp;96}9798/**99* Inner class to handle storage of ephemeral KeyPairs.100*/101private static class EphemeralKeyPair {102103// maximum number of times a KeyPair is used104private static final int MAX_USE = 200;105106// maximum time interval in which the keypair is used (1 hour in ms)107private static final long USE_INTERVAL = 3600*1000;108109private KeyPair keyPair;110private int uses;111private final long expirationTime;112113private EphemeralKeyPair(KeyPair keyPair) {114this.keyPair = keyPair;115expirationTime = System.currentTimeMillis() + USE_INTERVAL;116}117118/*119* Check if the KeyPair can still be used.120*/121private boolean isValid() {122return (keyPair != null) && (uses < MAX_USE)123&& (System.currentTimeMillis() < expirationTime);124}125126/*127* Return the KeyPair or null if it is invalid.128*/129private KeyPair getKeyPair() {130if (!isValid()) {131keyPair = null;132return null;133}134uses++;135return keyPair;136}137}138}139140141