1 /*
   2  * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 
  27 package sun.security.ssl;
  28 
  29 import java.security.SecureRandom;
  30 import java.util.Arrays;
  31 import javax.net.ssl.SSLProtocolException;
  32 
  33 /**
  34  * Encapsulates an SSL session ID.  SSL Session IDs are not reused by
  35  * servers during the lifetime of any sessions it created.  Sessions may
  36  * be used by many connections, either concurrently (for example, two
  37  * connections to a web server at the same time) or sequentially (over as
  38  * long a time period as is allowed by a given server).
  39  *
  40  * @author Satish Dharmaraj
  41  * @author David Brownell
  42  */
  43 final
  44 class SessionId
  45 {
  46     static int MAX_LENGTH = 32;
  47     private byte[] sessionId;          // max 32 bytes
  48 
  49     /** Constructs a new session ID ... perhaps for a rejoinable session */
  50     SessionId (boolean isRejoinable, SecureRandom generator)
  51     {
  52         if (isRejoinable)
  53             // this will be unique, it's a timestamp plus much randomness
  54             sessionId = new RandomCookie (generator).random_bytes;
  55         else
  56             sessionId = new byte [0];
  57     }
  58 
  59     /** Constructs a session ID from a byte array (max size 32 bytes) */
  60     SessionId (byte[] sessionId)
  61         { this.sessionId = sessionId; }
  62 
  63     /** Returns the length of the ID, in bytes */
  64     int length ()
  65         { return sessionId.length; }
  66 
  67     /** Returns the bytes in the ID.  May be an empty array.  */
  68     byte[] getId ()
  69     {
  70         return sessionId.clone ();
  71     }
  72 
  73     /** Returns the ID as a string */
  74     @Override
  75     public String toString ()
  76     {
  77         int             len = sessionId.length;
  78         StringBuilder    sb = new StringBuilder (10 + 2 * len);
  79 
  80         sb.append("{");
  81         for (int i = 0; i < len; i++) {
  82             sb.append(0x0ff & sessionId[i]);
  83             if (i != (len - 1))
  84                 sb.append (", ");
  85         }
  86         sb.append("}");
  87         return sb.toString ();
  88     }
  89 
  90 
  91     /** Returns a value which is the same for session IDs which are equal */
  92     @Override
  93     public int hashCode ()
  94     {
  95         return Arrays.hashCode(sessionId);
  96     }
  97 
  98     /** Returns true if the parameter is the same session ID */
  99     @Override
 100     public boolean equals (Object obj)
 101     {
 102         return obj instanceof SessionId &&
 103                Arrays.equals(sessionId, ((SessionId)obj).sessionId);
 104     }
 105 
 106     /**
 107      * Checks the length of the session ID to make sure it sits within
 108      * the range called out in the specification
 109      */
 110     void checkLength(ProtocolVersion pv) throws SSLProtocolException {
 111         // As of today all versions of TLS have a 32-byte maximum length.
 112         // In the future we can do more here to support protocol versions
 113         // that may have longer max lengths.
 114         if (sessionId.length > MAX_LENGTH) {
 115             throw new SSLProtocolException("Invalid session ID length (" +
 116                     sessionId.length + " bytes)");
 117         }
 118     }
 119 
 120 }