Correctly implement SSLSession.getLastAccessedTime() for OpenSSLEngine

Motivation: We need to return a correct time for SSLSession.getLastAccessedTime() so it reflect when the handshake was done when the session was reused. Modifications: Correctly reflect handshake time in getLastAccessedTime(). Result: More conform SSLSession implementation.
2016-06-22 09:46:41 +02:00 · 2016-06-22 09:46:41 +02:00 · 77c6d7a672
commit 77c6d7a672
parent d495792c48
1 changed files with 12 additions and 2 deletions
--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslEngine.java
+++ b/handler/src/main/java/io/netty/handler/ssl/OpenSslEngine.java
@ -199,6 +199,9 @@ public final class OpenSslEngine extends SSLEngine {

    private volatile ClientAuth clientAuth = ClientAuth.NONE;

+    // Updated once a new handshake is started and so the SSLSession reused.
+    private volatile long lastAccessed = -1;
+
    private String endPointIdentificationAlgorithm;
    // Store as object as AlgorithmConstraints only exists since java 7.
    private Object algorithmConstraints;
@ -1231,6 +1234,9 @@ public final class OpenSslEngine extends SSLEngine {
                }

                SSL.setState(ssl, SSL.SSL_ST_ACCEPT);
+
+                lastAccessed = System.currentTimeMillis();
+
                // fall-through
            case NOT_STARTED:
                handshakeState = HandshakeState.STARTED_EXPLICITLY;
@ -1277,6 +1283,9 @@ public final class OpenSslEngine extends SSLEngine {

        // Adding the OpenSslEngine to the OpenSslEngineMap so it can be used in the AbstractCertificateVerifier.
        engineMap.add(this);
+        if (lastAccessed == -1) {
+            lastAccessed = System.currentTimeMillis();
+        }

        int code = SSL.doHandshake(ssl);
        if (code <= 0) {
@ -1574,8 +1583,9 @@ public final class OpenSslEngine extends SSLEngine {

        @Override
        public long getLastAccessedTime() {
-            // TODO: Add proper implementation
-            return getCreationTime();
+            long lastAccessed = OpenSslEngine.this.lastAccessed;
+            // if lastAccessed is -1 we will just return the creation time as the handshake was not started yet.
+            return lastAccessed == -1 ? getCreationTime() : lastAccessed;
        }

        @Override