From bbc16f1f24a92d4583e7dbafd4e4ebf2b290fba9 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Fri, 30 May 2025 14:06:05 -0600 Subject: [PATCH] updateStoredSessionValues updates packet size, cipher suite, peer certs cache when updated value is found --- .../jsse/WolfSSLImplementSSLSession.java | 68 +++++++++++++++++-- 1 file changed, 62 insertions(+), 6 deletions(-) diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java b/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java index bad9fc0..d77b6de 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java @@ -64,6 +64,8 @@ public class WolfSSLImplementSSLSession extends ExtendedSSLSession { private final int port; private final String host; String protocol = null; + int packetBufSz = -1; /* max packet size for TLS record */ + String cipherSuite = null; /* cipher suite used for this session */ Date creation = null; Date accessed = null; /* when new connection was made using session */ byte[] pseudoSessionID = null; /* used with TLS 1.3*/ @@ -508,6 +510,7 @@ public class WolfSSLImplementSSLSession extends ExtendedSSLSession { ByteArrayInputStream der; X509Certificate exportCert; + if (ssl == null) { throw new SSLPeerUnverifiedException( "internal WolfSSLSession null, handshake not complete or " + @@ -724,13 +727,20 @@ public class WolfSSLImplementSSLSession extends ExtendedSSLSession { } try { - return this.ssl.cipherGetName(); + String currentCipher = this.ssl.cipherGetName(); + if (currentCipher != null) { + if (!currentCipher.equals(this.cipherSuite)){ + this.cipherSuite = currentCipher; + } + return currentCipher; + } } catch (IllegalStateException | WolfSSLJNIException ex) { Logger.getLogger( - WolfSSLImplementSSLSession.class.getName()).log( - Level.SEVERE, null, ex); + WolfSSLImplementSSLSession.class.getName()).log( + Level.SEVERE, null, ex); } - return null; + + return this.cipherSuite; } /** @@ -801,6 +811,12 @@ public class WolfSSLImplementSSLSession extends ExtendedSSLSession { if ((nativeMax > 0) && (nativeMax > ret)) { ret = nativeMax; } + + if (ret > this.packetBufSz) { + this.packetBufSz = ret; + } + } else if (this.packetBufSz >= 0) { + ret = this.packetBufSz; } final int tmpRet = ret; @@ -929,10 +945,50 @@ public class WolfSSLImplementSSLSession extends ExtendedSSLSession { } } catch (UnsupportedOperationException ex) { WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, - () -> "Error extracting SNI server names: " + - ex.getMessage()); + () -> "Error extracting SNI server names: " + + ex.getMessage()); } } + + /* Update packet buffer size */ + try { + int maxOutputSize = this.ssl.getMaxOutputSize(); + if (this.packetBufSz < 0 || this.packetBufSz < maxOutputSize) + this.packetBufSz = maxOutputSize; + } catch (IllegalStateException ex) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + () -> "Not able to update packet buffer size: " + + ex.getMessage()); + } + + /* Update cipher suite */ + try { + if (this.ssl != null && this.cipherSuite == null) { + this.cipherSuite = this.ssl.cipherGetName(); + if (this.cipherSuite != null && !this.cipherSuite.isEmpty()) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + () -> "Updated cipher suite: " + this.cipherSuite); + } + } + } catch (WolfSSLJNIException ex) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + () -> "Not able to update cipher suite: " + + ex.getMessage()); + } + + /* Update peer certificates */ + try { + if (this.peerCerts == null) { + this.getPeerCertificates(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + () -> "Updated peer certificates for session" + + "getPeerCertificates() caches peer certs"); + } + } catch (SSLPeerUnverifiedException ex) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, () -> + "Not able to update peer certificates: " + ex.getMessage()); + } + } /**