1
/*
2
 * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.  Oracle designates this
8
 * particular file as subject to the "Classpath" exception as provided
9
 * by Oracle in the LICENSE file that accompanied this code.
10
 *
11
 * This code is distributed in the hope that it will be useful, but WITHOUT
12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14
 * version 2 for more details (a copy is included in the LICENSE file that
15
 * accompanied this code).
16
 *
17
 * You should have received a copy of the GNU General Public License version
18
 * 2 along with this work; if not, write to the Free Software Foundation,
19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20
 *
21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22
 * or visit www.oracle.com if you need additional information or have any
23
 * questions.
24
 */
25

26
package sun.security.pkcs11;
27

28
import java.util.*;
29
import java.security.ProviderException;
30

31
import sun.security.util.Debug;
32
import sun.security.pkcs11.wrapper.*;
33
import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
34

35
import java.util.concurrent.LinkedBlockingQueue;
36
import java.util.concurrent.atomic.AtomicInteger;
37

38
/**
39
 * Session manager. There is one session manager object per PKCS#11
40
 * provider. It allows code to checkout a session, release it
41
 * back to the pool, or force it to be closed.
42
 *
43
 * The session manager pools sessions to minimize the number of
44
 * C_OpenSession() and C_CloseSession() that have to be made. It
45
 * maintains two pools: one for "object" sessions and one for
46
 * "operation" sessions.
47
 *
48
 * The reason for this separation is how PKCS#11 deals with session objects.
49
 * It defines that when a session is closed, all objects created within
50
 * that session are destroyed. In other words, we may never close a session
51
 * while a Key created it in is still in use. We would like to keep the
52
 * number of such sessions low. Note that we occasionally want to explicitly
53
 * close a session, see P11Signature.
54
 *
55
 * NOTE that sessions obtained from this class SHOULD be returned using
56
 * either releaseSession() or closeSession() using a finally block when
57
 * not needed anymore. Otherwise, they will be left for cleanup via the
58
 * PhantomReference mechanism when GC kicks in, but it's best not to rely
59
 * on that since GC may not run timely enough since the native PKCS11 library
60
 * is also consuming memory.
61
 *
62
 * Note that sessions are automatically closed when they are not used for a
63
 * period of time, see Session.
64
 *
65
 * @author  Andreas Sterbenz
66
 * @since   1.5
67
 */
68
final class SessionManager {
69

70
    private static final int DEFAULT_MAX_SESSIONS = 32;
71

72
    private static final Debug debug = Debug.getInstance("pkcs11");
73

74
    // token instance
75
    private final Token token;
76

77
    // maximum number of sessions to open with this token
78
    private final int maxSessions;
79

80
    // total number of active sessions
81
    private AtomicInteger activeSessions = new AtomicInteger();
82

83
    // pool of available object sessions
84
    private final Pool objSessions;
85

86
    // pool of available operation sessions
87
    private final Pool opSessions;
88

89
    // maximum number of active sessions during this invocation, for debugging
90
    private int maxActiveSessions;
91
    private Object maxActiveSessionsLock;
92

93
    // flags to use in the C_OpenSession() call
94
    private final long openSessionFlags;
95

96
    SessionManager(Token token) {
97
        long n;
98
        if (token.isWriteProtected()) {
99
            openSessionFlags = CKF_SERIAL_SESSION;
100
            n = token.tokenInfo.ulMaxSessionCount;
101
        } else {
102
            openSessionFlags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
103
            n = token.tokenInfo.ulMaxRwSessionCount;
104
        }
105
        if (n == CK_EFFECTIVELY_INFINITE) {
106
            n = Integer.MAX_VALUE;
107
        } else if ((n == CK_UNAVAILABLE_INFORMATION) || (n < 0)) {
108
            // choose an arbitrary concrete value
109
            n = DEFAULT_MAX_SESSIONS;
110
        }
111
        maxSessions = (int)Math.min(n, Integer.MAX_VALUE);
112
        this.token = token;
113
        this.objSessions = new Pool(this, true);
114
        this.opSessions = new Pool(this, false);
115
        if (debug != null) {
116
            maxActiveSessionsLock = new Object();
117
        }
118
    }
119

120
    // returns whether only a fairly low number of sessions are
121
    // supported by this token.
122
    boolean lowMaxSessions() {
123
        return (maxSessions <= DEFAULT_MAX_SESSIONS);
124
    }
125

126
    Session getObjSession() throws PKCS11Exception {
127
        Session session = objSessions.poll();
128
        if (session != null) {
129
            return ensureValid(session);
130
        }
131
        session = opSessions.poll();
132
        if (session != null) {
133
            return ensureValid(session);
134
        }
135
        session = openSession();
136
        return ensureValid(session);
137
    }
138

139
    Session getOpSession() throws PKCS11Exception {
140
        Session session = opSessions.poll();
141
        if (session != null) {
142
            return ensureValid(session);
143
        }
144
        // create a new session rather than re-using an obj session
145
        // that avoids potential expensive cancels() for Signatures & RSACipher
146
        if (maxSessions == Integer.MAX_VALUE ||
147
                activeSessions.get() < maxSessions) {
148
            session = openSession();
149
            return ensureValid(session);
150
        }
151
        session = objSessions.poll();
152
        if (session != null) {
153
            return ensureValid(session);
154
        }
155
        throw new ProviderException("Could not obtain session");
156
    }
157

158
    private Session ensureValid(Session session) {
159
        session.id();
160
        return session;
161
    }
162

163
    Session killSession(Session session) {
164
        if ((session == null) || (token.isValid() == false)) {
165
            return null;
166
        }
167
        if (debug != null) {
168
            String location = new Exception().getStackTrace()[2].toString();
169
            System.out.println("Killing session (" + location + ") active: "
170
                + activeSessions.get());
171
        }
172

173
        session.kill();
174
        activeSessions.decrementAndGet();
175
        return null;
176
    }
177

178
    Session releaseSession(Session session) {
179
        if ((session == null) || (token.isValid() == false)) {
180
            return null;
181
        }
182
        if (session.hasObjects()) {
183
            objSessions.release(session);
184
        } else {
185
            opSessions.release(session);
186
        }
187
        return null;
188
    }
189

190
    void clearPools() {
191
        objSessions.closeAll();
192
        opSessions.closeAll();
193
    }
194

195
    void demoteObjSession(Session session) {
196
        if (token.isValid() == false) {
197
            return;
198
        }
199
        if (debug != null) {
200
            System.out.println("Demoting session, active: " +
201
                activeSessions.get());
202
        }
203

204
        boolean present = objSessions.remove(session);
205
        if (present == false) {
206
            // session is currently in use
207
            // will be added to correct pool on release, nothing to do now
208
            return;
209
        }
210
        opSessions.release(session);
211
    }
212

213
    private Session openSession() throws PKCS11Exception {
214
        if ((maxSessions != Integer.MAX_VALUE) &&
215
                (activeSessions.get() >= maxSessions)) {
216
            throw new ProviderException("No more sessions available");
217
        }
218

219
        long id = token.p11.C_OpenSession
220
                    (token.provider.slotID, openSessionFlags, null, null);
221
        Session session = new Session(token, id);
222
        activeSessions.incrementAndGet();
223
        if (debug != null) {
224
            synchronized(maxActiveSessionsLock) {
225
                if (activeSessions.get() > maxActiveSessions) {
226
                    maxActiveSessions = activeSessions.get();
227
                    if (maxActiveSessions % 10 == 0) {
228
                        System.out.println("Open sessions: " + maxActiveSessions);
229
                    }
230
                }
231
            }
232
        }
233
        return session;
234
    }
235

236
    private void closeSession(Session session) {
237
        session.close();
238
        activeSessions.decrementAndGet();
239
    }
240

241
    public static final class Pool {
242

243
        private final SessionManager mgr;
244
        private final AbstractQueue<Session> pool;
245
        private final int SESSION_MAX = 5;
246
        private volatile boolean closed = false;
247

248
        // Object session pools can contain unlimited sessions.
249
        // Operation session pools are limited and enforced by the queue.
250
        Pool(SessionManager mgr, boolean obj) {
251
            this.mgr = mgr;
252
            if (obj) {
253
                pool = new LinkedBlockingQueue<Session>();
254
            } else {
255
                pool = new LinkedBlockingQueue<Session>(SESSION_MAX);
256
            }
257
        }
258

259
        boolean remove(Session session) {
260
            return pool.remove(session);
261
        }
262

263
        Session poll() {
264
            return pool.poll();
265
        }
266

267
        void release(Session session) {
268
            // Object session pools never return false, only Operation ones
269
            if (closed || !pool.offer(session)) {
270
                mgr.closeSession(session);
271
                free();
272
            }
273
        }
274

275
        // Free any old operation session if this queue is full
276
        void free() {
277
            // quick return path
278
            if (pool.size() == 0) return;
279

280
            int n = SESSION_MAX;
281
            int i = 0;
282
            Session oldestSession;
283
            long time = System.currentTimeMillis();
284
            // Check if the session head is too old and continue through pool
285
            // until only one is left.
286
            do {
287
                oldestSession = pool.peek();
288
                if (oldestSession == null || oldestSession.isLive(time) ||
289
                        !pool.remove(oldestSession)) {
290
                    break;
291
                }
292

293
                i++;
294
                mgr.closeSession(oldestSession);
295
            } while ((n - i) > 1);
296

297
            if (debug != null) {
298
                System.out.println("Closing " + i + " idle sessions, active: "
299
                        + mgr.activeSessions);
300
            }
301
        }
302

303
        // empty out all sessions inside 'pool' and close them.
304
        // however the Pool can still accept sessions
305
        void closeAll() {
306
            closed = true;
307
            Session s;
308
            while ((s = pool.poll()) != null) {
309
                mgr.killSession(s);
310
            }
311
        }
312
    }
313
}
314

315