WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #225 from cconlon/clientSessionCacheDisable 

JSSE: add Security property to disable Java client session cache
pull/227/head
JacobBarthelmeh 2024-10-10 11:00:50 -06:00 committed by GitHub
parent cfbc118cc7 7b13a4b42c
commit ad59d749f1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 562 additions and 334 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@ -437,6 +437,17 @@ This option can be used to restrict use of the wolfJCE "WKS" KeyStore type
to help ensure conformance to using FIPS-validated cryptography. Other
non-wolfJCE KeyStore implementations may not use/consume FIPS validated crypto.
**wolfjsse.clientSessionCache.disabled (String)** - Can be used to disable
the Java client session cache. Disabling this will cause client-side session
resumption to no longer resume, making all connections fall back to a full
handshake. This should be set to the String "true" if you want to disable
the Java client session cache. This does not need to be set to "enable" the
cache. The Java client cache is enabled by default.
```
wolfjsse.clientSessionCache.disabled=true
```
If there are other Security properties you would like to use with wolfJSSE,
please contact support@wolfssl.com.

7
src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
View File

@ -1407,7 +1407,12 @@ public class WolfSSLEngineHelper {
* maintains session cache at native level. */
this.session.setResume();
}
return this.authStore.addSession(this.session);
if (WolfSSLUtil.sessionCacheDisabled()) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"not storing session in cache, cache has been disabled");
} else {
return this.authStore.addSession(this.session);
}
}
return WolfSSL.SSL_FAILURE;

22
src/java/com/wolfssl/provider/jsse/WolfSSLUtil.java
View File

@ -247,6 +247,28 @@ public class WolfSSLUtil {
return requiredType;
}
/**
* Return if session cache has been disabled in java.security
* with 'wolfjsse.clientSessionCache.disabled' Security property.
*
* @return true if disabled, otherwise false
*/
protected static boolean sessionCacheDisabled() {
String disabled =
Security.getProperty("wolfjsse.clientSessionCache.disabled");
if (disabled == null || disabled.isEmpty()) {
return false;
}
if (disabled.equalsIgnoreCase("true")) {
return true;
}
return false;
}
/**
* Check given KeyStore against any pre-defind requirements for
* KeyStore use, including the following.

101
src/test/com/wolfssl/provider/jsse/test/WolfSSLEngineTest.java
View File

@ -981,55 +981,72 @@ public class WolfSSLEngineTest {
SSLEngine client;
int ret;
/* create new SSLEngine */
System.out.print("\tSession reuse");
this.ctx = tf.createSSLContext("TLS", engineProvider);
server = this.ctx.createSSLEngine();
client = this.ctx.createSSLEngine("wolfSSL client test", 11111);
server.setUseClientMode(false);
server.setNeedClientAuth(false);
client.setUseClientMode(true);
ret = tf.testConnection(server, client, null, null, "Test reuse");
if (ret != 0) {
error("\t\t\t... failed");
fail("failed to create engine");
}
/* wolfjsse.clientSessionCache.disabled could be set in users
* java.security file which would cause this test to not work
* properly. Save their setting here, and re-enable session
* cache for this test */
String originalProp = Security.getProperty(
"wolfjsse.clientSessionCache.disabled");
Security.setProperty("wolfjsse.clientSessionCache.disabled", "false");
try {
/* test close connection */
tf.CloseConnection(server, client, false);
} catch (SSLException ex) {
error("\t\t\t... failed");
fail("failed to create engine");
}
/* create new SSLEngine */
this.ctx = tf.createSSLContext("TLS", engineProvider);
server = this.ctx.createSSLEngine();
client = this.ctx.createSSLEngine("wolfSSL client test", 11111);
server = this.ctx.createSSLEngine();
client = this.ctx.createSSLEngine("wolfSSL client test", 11111);
client.setEnableSessionCreation(false);
server.setUseClientMode(false);
server.setNeedClientAuth(false);
client.setUseClientMode(true);
ret = tf.testConnection(server, client, null, null, "Test reuse");
if (ret != 0) {
error("\t\t\t... failed");
fail("failed to create engine");
}
try {
/* test close connection */
tf.CloseConnection(server, client, false);
} catch (SSLException ex) {
error("\t\t\t... failed");
fail("failed to create engine");
}
server.setUseClientMode(false);
server.setNeedClientAuth(false);
client.setUseClientMode(true);
ret = tf.testConnection(server, client, null, null, "Test reuse");
if (ret != 0) {
error("\t\t\t... failed");
fail("failed to create engine");
}
if (client.getEnableSessionCreation() ||
!server.getEnableSessionCreation()) {
error("\t\t\t... failed");
fail("bad enabled session creation");
try {
/* test close connection */
tf.CloseConnection(server, client, false);
} catch (SSLException ex) {
error("\t\t\t... failed");
fail("failed to create engine");
}
server = this.ctx.createSSLEngine();
client = this.ctx.createSSLEngine("wolfSSL client test", 11111);
client.setEnableSessionCreation(false);
server.setUseClientMode(false);
server.setNeedClientAuth(false);
client.setUseClientMode(true);
ret = tf.testConnection(server, client, null, null, "Test reuse");
if (ret != 0) {
error("\t\t\t... failed");
fail("failed to create engine");
}
try {
/* test close connection */
tf.CloseConnection(server, client, false);
} catch (SSLException ex) {
error("\t\t\t... failed");
fail("failed to create engine");
}
if (client.getEnableSessionCreation() ||
!server.getEnableSessionCreation()) {
error("\t\t\t... failed");
fail("bad enabled session creation");
}
pass("\t\t\t... passed");
} finally {
if (originalProp != null && !originalProp.isEmpty()) {
Security.setProperty(
"wolfjsse.clientSessionCache.disabled", originalProp);
}
}
pass("\t\t\t... passed");
}
/**

418
src/test/com/wolfssl/provider/jsse/test/WolfSSLSessionContextTest.java
View File

@ -266,111 +266,129 @@ public class WolfSSLSessionContextTest {
/* create new SSLEngine */
System.out.print("\tTesting SessionIDs with TLSv1.3");
this.ctx = tf.createSSLContext("TLS", engineProvider);
server = this.ctx.createSSLEngine();
client = this.ctx.createSSLEngine("wolfSSL begin handshake test", 11111);
server.setUseClientMode(false);
server.setNeedClientAuth(false);
client.setUseClientMode(true);
/* wolfjsse.clientSessionCache.disabled could be set in users
* java.security file which would cause this test to not work
* properly. Save their setting here, and re-enable session
* cache for this test */
String originalProp = Security.getProperty(
"wolfjsse.clientSessionCache.disabled");
Security.setProperty("wolfjsse.clientSessionCache.disabled", "false");
try {
String s[] = server.getEnabledProtocols();
if (Arrays.asList(s).contains("TLSv1.3") == false) {
pass("\t... skipped");
return;
this.ctx = tf.createSSLContext("TLS", engineProvider);
server = this.ctx.createSSLEngine();
client = this.ctx.createSSLEngine(
"wolfSSL begin handshake test", 11111);
server.setUseClientMode(false);
server.setNeedClientAuth(false);
client.setUseClientMode(true);
try {
String s[] = server.getEnabledProtocols();
if (Arrays.asList(s).contains("TLSv1.3") == false) {
pass("\t... skipped");
return;
}
server.setEnabledProtocols(proto);
client.setEnabledProtocols(proto);
} catch (Exception e) {
e.printStackTrace();
error("\t... failed");
}
server.setEnabledProtocols(proto);
client.setEnabledProtocols(proto);
} catch (Exception e) {
e.printStackTrace();
error("\t... failed");
}
try {
server.beginHandshake();
client.beginHandshake();
} catch (SSLException e) {
error("\t... failed");
fail("failed to begin handshake");
}
try {
server.beginHandshake();
client.beginHandshake();
} catch (SSLException e) {
error("\t... failed");
fail("failed to begin handshake");
}
ret = tf.testConnection(
server, client, null, null, "Test in/out bound");
if (ret != 0) {
error("\t... failed");
fail("failed to create engine");
}
ret = tf.testConnection(server, client, null, null, "Test in/out bound");
if (ret != 0) {
error("\t... failed");
fail("failed to create engine");
}
ses = server.getSession(); /* get a new copy of session */
if (ses == null) {
error("\t... failed");
fail("unable to get session after handshake");
}
ses = server.getSession(); /* get a new copy of session */
if (ses == null) {
error("\t... failed");
fail("unable to get session after handshake");
}
id = ses.getId();
if (id == null) {
error("\t... failed");
fail("session had no id....");
}
found = false;
id = ses.getId();
if (id == null) {
error("\t... failed");
fail("session had no id....");
}
found = false;
allIds = ctx.getServerSessionContext().getIds();
while (allIds.hasMoreElements()) {
byte[] current = allIds.nextElement();
if (Arrays.equals(current, id) == true) {
/* found matching session ID */
found = true;
}
}
allIds = ctx.getServerSessionContext().getIds();
while (allIds.hasMoreElements()) {
byte[] current = allIds.nextElement();
if (Arrays.equals(current, id) == true) {
/* found matching session ID */
found = true;
if (!found) {
error("\t... failed");
fail("did not find session id in global context list");
}
if (ses.isValid() == false) {
error("\t... failed");
fail("session not valid");
}
/* now test finding client session by ID */
ses = client.getSession(); /* get a new copy of session */
if (ses == null) {
error("\t... failed");
fail("unable to get session after handshake");
}
id = ses.getId();
if (id == null) {
error("\t... failed");
fail("client session had no id....");
}
found = false;
allIds = ctx.getClientSessionContext().getIds();
while (allIds.hasMoreElements()) {
byte[] current = allIds.nextElement();
if (Arrays.equals(current, id) == true) {
/* found matching session ID */
found = true;
}
}
if (!found) {
error("\t... failed");
fail("did not find client session id in global context list");
}
try {
tf.CloseConnection(server, client, false);
} catch (SSLException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
error("\t... failed");
fail("session close failed");
}
pass("\t... passed");
} finally {
if (originalProp != null && !originalProp.isEmpty()) {
Security.setProperty(
"wolfjsse.clientSessionCache.disabled", originalProp);
}
}
if (!found) {
error("\t... failed");
fail("did not find session id in global context list");
}
if (ses.isValid() == false) {
error("\t... failed");
fail("session not valid");
}
/* now test finding client session by ID */
ses = client.getSession(); /* get a new copy of session */
if (ses == null) {
error("\t... failed");
fail("unable to get session after handshake");
}
id = ses.getId();
if (id == null) {
error("\t... failed");
fail("client session had no id....");
}
found = false;
allIds = ctx.getClientSessionContext().getIds();
while (allIds.hasMoreElements()) {
byte[] current = allIds.nextElement();
if (Arrays.equals(current, id) == true) {
/* found matching session ID */
found = true;
}
}
if (!found) {
error("\t... failed");
fail("did not find client session id in global context list");
}
try {
tf.CloseConnection(server, client, false);
} catch (SSLException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
error("\t... failed");
fail("session close failed");
}
pass("\t... passed");
}
@Test
@ -388,115 +406,133 @@ public class WolfSSLSessionContextTest {
/* create new SSLEngine */
System.out.print("\tTesting SessionIDs with TLSv1.2");
this.ctx = tf.createSSLContext("TLS", engineProvider);
server = this.ctx.createSSLEngine();
client = this.ctx.createSSLEngine("wolfSSL begin handshake test", 11111);
server.setUseClientMode(false);
server.setNeedClientAuth(false);
client.setUseClientMode(true);
/* wolfjsse.clientSessionCache.disabled could be set in users
* java.security file which would cause this test to not work
* properly. Save their setting here, and re-enable session
* cache for this test */
String originalProp = Security.getProperty(
"wolfjsse.clientSessionCache.disabled");
Security.setProperty("wolfjsse.clientSessionCache.disabled", "false");
try {
String s[] = server.getEnabledProtocols();
if (Arrays.asList(s).contains("TLSv1.2") == false) {
pass("\t... skipped");
return;
this.ctx = tf.createSSLContext("TLS", engineProvider);
server = this.ctx.createSSLEngine();
client = this.ctx.createSSLEngine(
"wolfSSL begin handshake test", 11111);
server.setUseClientMode(false);
server.setNeedClientAuth(false);
client.setUseClientMode(true);
try {
String s[] = server.getEnabledProtocols();
if (Arrays.asList(s).contains("TLSv1.2") == false) {
pass("\t... skipped");
return;
}
server.setEnabledProtocols(proto);
client.setEnabledProtocols(proto);
} catch (Exception e) {
e.printStackTrace();
error("\t... failed");
}
server.setEnabledProtocols(proto);
client.setEnabledProtocols(proto);
} catch (Exception e) {
e.printStackTrace();
error("\t... failed");
}
try {
server.beginHandshake();
client.beginHandshake();
} catch (SSLException e) {
error("\t... failed");
fail("failed to begin handshake");
}
ret = tf.testConnection(server, client, null, null, "Test in/out bound");
if (ret != 0) {
error("\t... failed");
fail("failed to create engine");
}
ses = server.getSession(); /* get a new copy of session */
if (ses == null) {
error("\t... failed");
fail("unable to get session after handshake");
}
id = ses.getId();
if (id == null) {
error("\t... failed");
fail("session had no id....");
}
found = false;
allIds = ctx.getServerSessionContext().getIds();
while (allIds.hasMoreElements()) {
byte[] current = allIds.nextElement();
if (Arrays.equals(current, id) == true) {
/* found matching session ID */
found = true;
try {
server.beginHandshake();
client.beginHandshake();
} catch (SSLException e) {
error("\t... failed");
fail("failed to begin handshake");
}
}
if (!found) {
error("\t... failed");
fail("did not find session id in global context list");
}
if (ses.isValid() == false) {
error("\t... failed");
fail("session not valid");
}
/* now test finding client session by ID */
ses = client.getSession(); /* get a new copy of session */
if (ses == null) {
error("\t... failed");
fail("unable to get session after handshake");
}
id = ses.getId();
if (id == null) {
error("\t... failed");
fail("client session had no id....");
}
found = false;
allIds = ctx.getClientSessionContext().getIds();
while (allIds.hasMoreElements()) {
byte[] current = allIds.nextElement();
if (Arrays.equals(current, id) == true) {
/* found matching session ID */
found = true;
ret = tf.testConnection(
server, client, null, null, "Test in/out bound");
if (ret != 0) {
error("\t... failed");
fail("failed to create engine");
}
}
if (!found) {
error("\t... failed");
fail("did not find client session id in global context list");
}
ses = server.getSession(); /* get a new copy of session */
if (ses == null) {
error("\t... failed");
fail("unable to get session after handshake");
}
pass("\t... passed");
id = ses.getId();
if (id == null) {
error("\t... failed");
fail("session had no id....");
}
found = false;
/* additional tests on the engines and sessions while open */
testSetCacheSize(ses);
allIds = ctx.getServerSessionContext().getIds();
while (allIds.hasMoreElements()) {
byte[] current = allIds.nextElement();
if (Arrays.equals(current, id) == true) {
/* found matching session ID */
found = true;
}
}
if (!found) {
error("\t... failed");
fail("did not find session id in global context list");
}
if (ses.isValid() == false) {
error("\t... failed");
fail("session not valid");
}
/* now test finding client session by ID */
ses = client.getSession(); /* get a new copy of session */
if (ses == null) {
error("\t... failed");
fail("unable to get session after handshake");
}
id = ses.getId();
if (id == null) {
error("\t... failed");
fail("client session had no id....");
}
found = false;
allIds = ctx.getClientSessionContext().getIds();
while (allIds.hasMoreElements()) {
byte[] current = allIds.nextElement();
if (Arrays.equals(current, id) == true) {
/* found matching session ID */
found = true;
}
}
if (!found) {
error("\t... failed");
fail("did not find client session id in global context list");
}
pass("\t... passed");
/* additional tests on the engines and sessions while open */
testSetCacheSize(ses);
try {
tf.CloseConnection(server, client, false);
} catch (SSLException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
error("\t\t... failed");
fail("session close failed");
try {
tf.CloseConnection(server, client, false);
} catch (SSLException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
error("\t\t... failed");
fail("session close failed");
}
} finally {
if (originalProp != null && !originalProp.isEmpty()) {
Security.setProperty(
"wolfjsse.clientSessionCache.disabled", originalProp);
}
}
}

337
src/test/com/wolfssl/provider/jsse/test/WolfSSLSocketTest.java
View File

@ -2140,70 +2140,190 @@ public class WolfSSLSocketTest {
return;
}
/* create new CTX */
this.ctx = tf.createSSLContext(protocol, ctxProvider);
/* wolfjsse.clientSessionCache.disabled could be set in users
* java.security file which would cause this test to not work
* properly. Save their setting here, and re-enable session
* cache for this test */
String originalProp = Security.getProperty(
"wolfjsse.clientSessionCache.disabled");
Security.setProperty("wolfjsse.clientSessionCache.disabled", "false");
/* create SSLServerSocket first to get ephemeral port */
final SSLServerSocket ss = (SSLServerSocket)ctx.getServerSocketFactory()
.createServerSocket(0);
try {
/* create new CTX */
this.ctx = tf.createSSLContext(protocol, ctxProvider);
SSLSocketFactory cliFactory = ctx.getSocketFactory();
/* create SSLServerSocket first to get ephemeral port */
final SSLServerSocket ss =
(SSLServerSocket)ctx.getServerSocketFactory()
.createServerSocket(0);
SSLSocket cs = (SSLSocket)cliFactory.createSocket();
cs.connect(new InetSocketAddress(InetAddress.getLocalHost(),
ss.getLocalPort()));
SSLSocketFactory cliFactory = ctx.getSocketFactory();
/* start server */
ExecutorService es = Executors.newSingleThreadExecutor();
Future<Void> serverFuture = es.submit(new Callable<Void>() {
@Override
public Void call() throws Exception {
try {
for (int i = 0; i < 2; i++) {
SSLSocket server = (SSLSocket)ss.accept();
server.startHandshake();
server.close();
SSLSocket cs = (SSLSocket)cliFactory.createSocket();
cs.connect(new InetSocketAddress(InetAddress.getLocalHost(),
ss.getLocalPort()));
/* start server */
ExecutorService es = Executors.newSingleThreadExecutor();
Future<Void> serverFuture = es.submit(new Callable<Void>() {
@Override
public Void call() throws Exception {
try {
for (int i = 0; i < 2; i++) {
SSLSocket server = (SSLSocket)ss.accept();
server.startHandshake();
server.close();
}
} catch (SSLException e) {
System.out.println("\t... failed");
fail();
}
return null;
}
});
} catch (SSLException e) {
try {
/* connection #1 */
cs.startHandshake();
sessionID1 = cs.getSession().getId();
cs.close();
/* connection #2, should resume */
cs = (SSLSocket)cliFactory.createSocket();
cs.connect(new InetSocketAddress(InetAddress.getLocalHost(),
ss.getLocalPort()));
cs.startHandshake();
sessionID2 = cs.getSession().getId();
cs.close();
if (!Arrays.equals(sessionID1, sessionID2)) {
/* session not resumed */
System.out.println("\t... failed");
fail();
}
return null;
}
});
try {
/* connection #1 */
cs.startHandshake();
sessionID1 = cs.getSession().getId();
cs.close();
/* connection #2, should resume */
cs = (SSLSocket)cliFactory.createSocket();
cs.connect(new InetSocketAddress(InetAddress.getLocalHost(),
ss.getLocalPort()));
cs.startHandshake();
sessionID2 = cs.getSession().getId();
cs.close();
if (!Arrays.equals(sessionID1, sessionID2)) {
/* session not resumed */
} catch (SSLHandshakeException e) {
System.out.println("\t... failed");
fail();
}
} catch (SSLHandshakeException e) {
System.out.println("\t... failed");
fail();
es.shutdown();
serverFuture.get();
ss.close();
System.out.println("\t... passed");
} finally {
if (originalProp != null && !originalProp.isEmpty()) {
Security.setProperty(
"wolfjsse.clientSessionCache.disabled", originalProp);
}
}
}
@Test
public void testSessionResumptionSysPropDisabled() throws Exception {
byte[] sessionID1 = null;
byte[] sessionID2 = null;
String protocol = null;
System.out.print("\tDisabling client session cache");
/* Use TLS 1.2, else 1.1, else 1.0, else skip */
if (WolfSSL.TLSv12Enabled()) {
protocol = "TLSv1.2";
} else if (WolfSSL.TLSv11Enabled()) {
protocol = "TLSv1.1";
} else if (WolfSSL.TLSv1Enabled()) {
protocol = "TLSv1.0";
} else {
System.out.println("\t\t... skipped");
return;
}
/* Save original Security property value */
String originalProp = Security.getProperty(
"wolfjsse.clientSessionCache.disabled");
es.shutdown();
serverFuture.get();
ss.close();
/* Disable client session cache */
Security.setProperty("wolfjsse.clientSessionCache.disabled", "true");
System.out.println("\t... passed");
try {
/* Create new CTX */
this.ctx = tf.createSSLContext(protocol, ctxProvider);
/* Create SSLServerSocket first to get ephemeral port */
final SSLServerSocket ss =
(SSLServerSocket)ctx.getServerSocketFactory()
.createServerSocket(0);
SSLSocketFactory cliFactory = ctx.getSocketFactory();
SSLSocket cs = (SSLSocket)cliFactory.createSocket();
cs.connect(new InetSocketAddress(InetAddress.getLocalHost(),
ss.getLocalPort()));
/* Start server */
ExecutorService es = Executors.newSingleThreadExecutor();
Future<Void> serverFuture = es.submit(new Callable<Void>() {
@Override
public Void call() throws Exception {
try {
for (int i = 0; i < 2; i++) {
SSLSocket server = (SSLSocket)ss.accept();
server.startHandshake();
server.close();
}
} catch (SSLException e) {
System.out.println("\t... failed");
fail();
}
return null;
}
});
try {
/* connection #1 */
cs.startHandshake();
sessionID1 = cs.getSession().getId();
cs.close();
/* connection #2, should NOT resume */
cs = (SSLSocket)cliFactory.createSocket();
cs.connect(new InetSocketAddress(InetAddress.getLocalHost(),
ss.getLocalPort()));
cs.startHandshake();
sessionID2 = cs.getSession().getId();
cs.close();
if (Arrays.equals(sessionID1, sessionID2)) {
/* session resumed, but should not */
System.out.println("\t... failed");
fail();
}
} catch (SSLHandshakeException e) {
System.out.println("\t... failed");
fail();
}
es.shutdown();
serverFuture.get();
ss.close();
System.out.println("\t... passed");
} finally {
if (originalProp != null && !originalProp.isEmpty()) {
Security.setProperty(
"wolfjsse.clientSessionCache.disabled", originalProp);
}
}
}
@Test
@ -2236,72 +2356,89 @@ public class WolfSSLSocketTest {
return;
}
/* create new CTX */
this.ctx = tf.createSSLContext(protocol, ctxProvider);
/* create SSLServerSocket first to get ephemeral port */
final SSLServerSocket ss = (SSLServerSocket)ctx.getServerSocketFactory()
.createServerSocket(0);
SSLSocketFactory cliFactory = ctx.getSocketFactory();
WolfSSLSocket cs = (WolfSSLSocket)cliFactory.createSocket();
cs.setUseSessionTickets(true);
cs.connect(new InetSocketAddress(InetAddress.getLocalHost(),
ss.getLocalPort()));
/* start server */
ExecutorService es = Executors.newSingleThreadExecutor();
Future<Void> serverFuture = es.submit(new Callable<Void>() {
@Override
public Void call() throws Exception {
try {
for (int i = 0; i < 2; i++) {
SSLSocket server = (SSLSocket)ss.accept();
server.startHandshake();
server.close();
}
} catch (SSLException e) {
System.out.println("\t... failed");
fail();
}
return null;
}
});
/* wolfjsse.clientSessionCache.disabled could be set in users
* java.security file which would cause this test to not work
* properly. Save their setting here, and re-enable session
* cache for this test */
String originalProp = Security.getProperty(
"wolfjsse.clientSessionCache.disabled");
Security.setProperty("wolfjsse.clientSessionCache.disabled", "false");
try {
/* connection #1 */
cs.startHandshake();
sessionID1 = cs.getSession().getId();
cs.close();
/* create new CTX */
this.ctx = tf.createSSLContext(protocol, ctxProvider);
/* connection #2, should resume */
cs = (WolfSSLSocket)cliFactory.createSocket();
/* create SSLServerSocket first to get ephemeral port */
final SSLServerSocket ss =
(SSLServerSocket)ctx.getServerSocketFactory()
.createServerSocket(0);
SSLSocketFactory cliFactory = ctx.getSocketFactory();
WolfSSLSocket cs = (WolfSSLSocket)cliFactory.createSocket();
cs.setUseSessionTickets(true);
cs.connect(new InetSocketAddress(InetAddress.getLocalHost(),
ss.getLocalPort()));
cs.startHandshake();
sessionID2 = cs.getSession().getId();
cs.close();
if (!Arrays.equals(sessionID1, sessionID2)) {
/* session not resumed */
/* start server */
ExecutorService es = Executors.newSingleThreadExecutor();
Future<Void> serverFuture = es.submit(new Callable<Void>() {
@Override
public Void call() throws Exception {
try {
for (int i = 0; i < 2; i++) {
SSLSocket server = (SSLSocket)ss.accept();
server.startHandshake();
server.close();
}
} catch (SSLException e) {
System.out.println("\t... failed");
fail();
}
return null;
}
});
try {
/* connection #1 */
cs.startHandshake();
sessionID1 = cs.getSession().getId();
cs.close();
/* connection #2, should resume */
cs = (WolfSSLSocket)cliFactory.createSocket();
cs.setUseSessionTickets(true);
cs.connect(new InetSocketAddress(InetAddress.getLocalHost(),
ss.getLocalPort()));
cs.startHandshake();
sessionID2 = cs.getSession().getId();
cs.close();
if (!Arrays.equals(sessionID1, sessionID2)) {
/* session not resumed */
System.out.println("\t... failed");
fail();
}
} catch (SSLHandshakeException e) {
System.out.println("\t... failed");
fail();
}
} catch (SSLHandshakeException e) {
System.out.println("\t... failed");
fail();
es.shutdown();
serverFuture.get();
ss.close();
System.out.println("\t... passed");
} finally {
if (originalProp != null && !originalProp.isEmpty()) {
Security.setProperty(
"wolfjsse.clientSessionCache.disabled", originalProp);
}
}
es.shutdown();
serverFuture.get();
ss.close();
System.out.println("\t... passed");
}
@Test