Correctly implement SSLSession.getLastAccessedTime() for OpenSSLEngine

Motivation:

We need to return a correct time for SSLSession.getLastAccessedTime() so it reflect when the handshake was done when the session was reused.

Modifications:

Correctly reflect handshake time in getLastAccessedTime().

Result:

More conform SSLSession implementation.
This commit is contained in:
Norman Maurer 2016-06-22 09:46:41 +02:00
parent f982b0bda9
commit fc85eb34ce

View File

@ -199,6 +199,9 @@ public final class OpenSslEngine extends SSLEngine {
private volatile ClientAuth clientAuth = ClientAuth.NONE;
// Updated once a new handshake is started and so the SSLSession reused.
private volatile long lastAccessed = -1;
private String endPointIdentificationAlgorithm;
// Store as object as AlgorithmConstraints only exists since java 7.
private Object algorithmConstraints;
@ -1231,6 +1234,9 @@ public final class OpenSslEngine extends SSLEngine {
}
SSL.setState(ssl, SSL.SSL_ST_ACCEPT);
lastAccessed = System.currentTimeMillis();
// fall-through
case NOT_STARTED:
handshakeState = HandshakeState.STARTED_EXPLICITLY;
@ -1277,6 +1283,9 @@ public final class OpenSslEngine extends SSLEngine {
// Adding the OpenSslEngine to the OpenSslEngineMap so it can be used in the AbstractCertificateVerifier.
engineMap.add(this);
if (lastAccessed == -1) {
lastAccessed = System.currentTimeMillis();
}
int code = SSL.doHandshake(ssl);
if (code <= 0) {
@ -1574,8 +1583,9 @@ public final class OpenSslEngine extends SSLEngine {
@Override
public long getLastAccessedTime() {
// TODO: Add proper implementation
return getCreationTime();
long lastAccessed = OpenSslEngine.this.lastAccessed;
// if lastAccessed is -1 we will just return the creation time as the handshake was not started yet.
return lastAccessed == -1 ? getCreationTime() : lastAccessed;
}
@Override