de.tu_darmstadt.sp.ssl
Class SSLeaySessionContext

java.lang.Object
  |
  +--de.tu_darmstadt.sp.ssl.SSLeaySessionContext

public class SSLeaySessionContext
extends java.lang.Object
implements SSLSessionContext

Class SSLeaySessionContext is a grouping of SSLSessions associated with a single entity. For example, it could be associated with a server or client who participates in many sessions concurrently. This interface provides methods for retrieving a SSLSession based on its ID, and allows such IDs to be listed.

Implementation

A SSLeaySessionContext is just a proxy for the real session cache of the underlying SSLeay layer. At a certain point , its contents (list of sessions) may not be consistent with the existing sessions in the underlying SSLeay layer. It rather offers a snapshot of the existing sessions and their respective session Id's at a given point time in the past. The update method is used to re-read the session information of the SSL_CTX structure. After a call to update, the information stored in this object and the one in the SSLeay layer are consistent. Note that while navigating through the sessions in the Session Context, new connections may be issued in the underlying layer.

The getIds method always updates the session cache view.

Version:
$Revision: 1.6 $
Author:
Andrei Popovici

Field Summary
protected  int context
          the opaque pointer of this object
protected  java.util.Hashtable sessionHash
          The variable holding the view over the underlying session hash
 
Constructor Summary
  SSLeaySessionContext()
          Create a new SSLeay Session object together with the corresponding SSL_CTX structure in the underlying SSLeay layer.
protected SSLeaySessionContext(int context)
          Create a proxy of the real SSLeay Session context.
 
Method Summary
 void addTrustedCACerts(java.lang.String ca_file, java.lang.String ca_path)
          Add the CA certificates in the specified ca_file or ca_pathto the list of trusted ca's.
protected  void doSetUserIdentity(java.lang.String cert_file, java.lang.String key_file)
          Set the identity of the current user in the underlying SSLeay layer.
protected  void finalize()
          Free the underlying structures
 java.lang.String[] getDefaultCipherSuites()
          Return the cipher suites which will be used by default by all connections created in this context.
 java.util.Enumeration getIds()
          Returns an Enumeration of all session id's.
 SSLSession getSession(byte[] sessionId)
          Returns the SSLSession bound to the specified session id, or null if the specified session id does not refer to a valid SSLSession.
protected  int[] getSessionOpaquePointers()
          Return a array consisting of the opaque pointers for all the existing sessions in the underlying SSL_CTX structure.
 java.lang.String[] getSupportedCipherSuites()
          Return the cipher suites the current implementation supports.
 void setDefaultCipherSuites(java.lang.String[] ciphers)
          Set which cipher suites should be enabled by default for the connections created in this context.
 void setUserIdentity()
          Initialize the context with the identity of the user.
 void update()
           
 
Methods inherited from class java.lang.Object
clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

context

protected int context
the opaque pointer of this object

sessionHash

protected java.util.Hashtable sessionHash
The variable holding the view over the underlying session hash
Constructor Detail

SSLeaySessionContext

public SSLeaySessionContext()
                     throws SSLException
Create a new SSLeay Session object together with the corresponding SSL_CTX structure in the underlying SSLeay layer. The initialization is performed using the following properties or environment variables.

For all cases described above, the property (if existent) will override the environment variable. If all 4 values are null or corresponding files are inexistent, this context won't have an initial CA information, this is, sockets created with it won't be able to verify peers. However, the socket factory which created this context can specify the CA loations using the addTrustedCACerts method.

Throws:
SSLException - could not create context

SSLeaySessionContext

protected SSLeaySessionContext(int context)
Create a proxy of the real SSLeay Session context. The SSLeay session context is identified by the context opaque pointer.
Parameters:
context - opaque pointer, hiding a SSL_CTX*
Method Detail

setUserIdentity

public void setUserIdentity()
                     throws SSLeayIdentityException
Initialize the context with the identity of the user. The initialization is performed using the following properties or environment variables:

For all cases described above, the property (if existent) will override the environment variable.

Throws:
SSLeayIdentityException - if the identity information (certificate and private key) does not exist.

doSetUserIdentity

protected void doSetUserIdentity(java.lang.String cert_file,
                                 java.lang.String key_file)
                          throws SSLeayIdentityException
Set the identity of the current user in the underlying SSLeay layer. This identity will be used in all connections/sessions managed by this context.
Parameters:
cert_file - the certificate file to be used. If null, the value of the CERT_FILE environment variable will be used instead.
key_file - the private key of the user to be used. If null, the value of the KEY_FILE environment variable will be used instead.
Throws:
SSLeayIdentityException - if the certificate file or the key file were not specified or inexistent

getIds

public java.util.Enumeration getIds()
Returns an Enumeration of all session id's. Note that this methods first 'updates' the internal view of existing sessions. This view can be queried later via the getSession Method.
Specified by:
getIds in interface SSLSessionContext
Returns:
a Enumeration of the session Id's currently in the cache. Each element of the enumeration is a byte[] object.

getSession

public SSLSession getSession(byte[] sessionId)
Returns the SSLSession bound to the specified session id, or null if the specified session id does not refer to a valid SSLSession.

This method would reflect the context state corresponding to the last call of either getIds or update

Specified by:
getSession in interface SSLSessionContext
Parameters:
sessionId - a session Id
Returns:
a SSLeaySession object, the session corresponding to the specified session id

getSessionOpaquePointers

protected int[] getSessionOpaquePointers()
Return a array consisting of the opaque pointers for all the existing sessions in the underlying SSL_CTX structure.

update

public void update()

getDefaultCipherSuites

public java.lang.String[] getDefaultCipherSuites()
Return the cipher suites which will be used by default by all connections created in this context.
Returns:
an array of string, each string representing a cipher name

getSupportedCipherSuites

public java.lang.String[] getSupportedCipherSuites()
Return the cipher suites the current implementation supports.
Returns:
an array of string, each string representing a cipher name

setDefaultCipherSuites

public void setDefaultCipherSuites(java.lang.String[] ciphers)
Set which cipher suites should be enabled by default for the connections created in this context.
Parameters:
ciphers - the cipher suites to be enabled by default for all connections created via this context. If null, throw a IllegalArgumentException
ciphers - a list of strings, each string being a cipher name
Throws:
java.lang.IllegalArgumentException - if ciphers is null

addTrustedCACerts

public void addTrustedCACerts(java.lang.String ca_file,
                              java.lang.String ca_path)
                       throws java.io.IOException
Add the CA certificates in the specified ca_file or ca_pathto the list of trusted ca's. The contents of the ca_file/will be looked up lazy, upon certificate verification.
Parameters:
ca_file - a file containg a list of trusted certificates
ca_path - a directory in pem-format containg a list of trusted certificates.
Throws:
java.io.IOException - both ca_file and ca_path do not exist

finalize

protected void finalize()
Free the underlying structures
Overrides:
finalize in class java.lang.Object