1 /*
   2  * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 
  27 package sun.security.ssl;
  28 
  29 import java.security.SecureRandom;
  30 import javax.net.ssl.SSLProtocolException;
  31 
  32 /**
  33  * Encapsulates an SSL session ID.  SSL Session IDs are not reused by
  34  * servers during the lifetime of any sessions it created.  Sessions may
  35  * be used by many connections, either concurrently (for example, two
  36  * connections to a web server at the same time) or sequentially (over as
  37  * long a time period as is allowed by a given server).
  38  *
  39  * @author Satish Dharmaraj
  40  * @author David Brownell
  41  */
  42 final
  43 class SessionId
  44 {
  45     static int MAX_LENGTH = 32;
  46     private byte[] sessionId;          // max 32 bytes
  47 
  48     /** Constructs a new session ID ... perhaps for a rejoinable session */
  49     SessionId (boolean isRejoinable, SecureRandom generator)
  50     {
  51         if (isRejoinable)
  52             // this will be unique, it's a timestamp plus much randomness
  53             sessionId = new RandomCookie (generator).random_bytes;
  54         else
  55             sessionId = new byte [0];
  56     }
  57 
  58     /** Constructs a session ID from a byte array (max size 32 bytes) */
  59     SessionId (byte[] sessionId)
  60         { this.sessionId = sessionId; }
  61 
  62     /** Returns the length of the ID, in bytes */
  63     int length ()
  64         { return sessionId.length; }
  65 
  66     /** Returns the bytes in the ID.  May be an empty array.  */
  67     byte[] getId ()
  68     {
  69         return sessionId.clone ();
  70     }
  71 
  72     /** Returns the ID as a string */
  73     @Override
  74     public String toString ()
  75     {
  76         int             len = sessionId.length;
  77         StringBuilder    sb = new StringBuilder (10 + 2 * len);
  78 
  79         sb.append("{");
  80         for (int i = 0; i < len; i++) {
  81             sb.append(0x0ff & sessionId[i]);
  82             if (i != (len - 1))
  83                 sb.append (", ");
  84         }
  85         sb.append("}");
  86         return sb.toString ();
  87     }
  88 
  89 
  90     /** Returns a value which is the same for session IDs which are equal */
  91     @Override
  92     public int hashCode ()
  93     {
  94         int     retval = 0;
  95 
  96         for (int i = 0; i < sessionId.length; i++)
  97             retval += sessionId [i];
  98         return retval;
  99     }
 100 
 101     /** Returns true if the parameter is the same session ID */
 102     @Override
 103     public boolean equals (Object obj)
 104     {
 105         if (!(obj instanceof SessionId))
 106             return false;
 107 
 108         SessionId s = (SessionId) obj;
 109         byte[] b = s.getId ();
 110 
 111         if (b.length != sessionId.length)
 112             return false;
 113         for (int i = 0; i < sessionId.length; i++) {
 114             if (b [i] != sessionId [i])
 115                 return false;
 116         }
 117         return true;
 118     }
 119 
 120     /**
 121      * Checks the length of the session ID to make sure it sits within
 122      * the range called out in the specification
 123      */
 124     void checkLength(ProtocolVersion pv) throws SSLProtocolException {
 125         // As of today all versions of TLS have a 32-byte maximum length.
 126         // In the future we can do more here to support protocol versions
 127         // that may have longer max lengths.
 128         if (sessionId.length > MAX_LENGTH) {
 129             throw new SSLProtocolException("Invalid session ID length (" +
 130                     sessionId.length + " bytes)");
 131         }
 132     }
 133 
 134 }