archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 14:54:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8218889: Improperly use of the Optional API

Browse source 
Reviewed-by: jnimeh, wetmore
This commit is contained in:
Xue-Lei Andrew Fan 2019-03-22 13:47:37 -07:00
parent dc3c9c8439
commit 28adfb6d0d
4 changed files with 39 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,7 +32,6 @@ import java.security.ProviderException;
import java.security.SecureRandom;
import java.text.MessageFormat;
import java.util.Locale;
import java.util.Optional;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLHandshakeException;
import sun.security.ssl.PskKeyExchangeModesExtension.PskKeyExchangeModesSpec;
@ -224,9 +223,9 @@ final class NewSessionTicket {
SessionId newId = new SessionId(true,
shc.sslContext.getSecureRandom());
Optional<SecretKey> resumptionMasterSecret =
SecretKey resumptionMasterSecret =
shc.handshakeSession.getResumptionMasterSecret();
if (!resumptionMasterSecret.isPresent()) {
if (resumptionMasterSecret == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Session has no resumption secret. No ticket sent.");
@ -239,7 +238,7 @@ final class NewSessionTicket {
byte[] nonceArr = nonce.toByteArray();
SecretKey psk = derivePreSharedKey(
shc.negotiatedCipherSuite.hashAlg,
resumptionMasterSecret.get(), nonceArr);
resumptionMasterSecret, nonceArr);
int sessionTimeoutSeconds = sessionCache.getSessionTimeout();
if (sessionTimeoutSeconds > MAX_TICKET_LIFETIME) {
@ -354,9 +353,9 @@ final class NewSessionTicket {
SSLSessionImpl sessionToSave = hc.conContext.conSession;
Optional<SecretKey> resumptionMasterSecret =
SecretKey resumptionMasterSecret =
sessionToSave.getResumptionMasterSecret();
if (!resumptionMasterSecret.isPresent()) {
if (resumptionMasterSecret == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Session has no resumption master secret. Ignoring ticket.");
@ -366,7 +365,7 @@ final class NewSessionTicket {
// derive the PSK
SecretKey psk = derivePreSharedKey(
sessionToSave.getSuite().hashAlg, resumptionMasterSecret.get(),
sessionToSave.getSuite().hashAlg, resumptionMasterSecret,
nstm.ticketNonce);
// create and cache the new session

23
src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java
View file

@ -33,7 +33,6 @@ import java.util.ArrayList;
import java.util.Locale;
import java.util.Arrays;
import java.util.Objects;
import java.util.Optional;
import java.util.Collection;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
@ -402,7 +401,7 @@ final class PreSharedKeyExtension {
private static boolean canRejoin(ClientHelloMessage clientHello,
ServerHandshakeContext shc, SSLSessionImpl s) {
boolean result = s.isRejoinable() && s.getPreSharedKey().isPresent();
boolean result = s.isRejoinable() && (s.getPreSharedKey() != null);
// Check protocol version
if (result && s.getProtocolVersion() != shc.negotiatedProtocol) {
@ -530,12 +529,11 @@ final class PreSharedKeyExtension {
private static void checkBinder(ServerHandshakeContext shc,
SSLSessionImpl session,
HandshakeHash pskBinderHash, byte[] binder) throws IOException {
Optional<SecretKey> pskOpt = session.getPreSharedKey();
if (!pskOpt.isPresent()) {
SecretKey psk = session.getPreSharedKey();
if (psk == null) {
throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
"Session has no PSK");
}
SecretKey psk = pskOpt.get();
SecretKey binderKey = deriveBinderKey(shc, psk, session);
byte[] computedBinder =
@ -647,27 +645,28 @@ final class PreSharedKeyExtension {
}
// The session must have a pre-shared key
Optional<SecretKey> pskOpt = chc.resumingSession.getPreSharedKey();
if (!pskOpt.isPresent()) {
SecretKey psk = chc.resumingSession.getPreSharedKey();
if (psk == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Existing session has no PSK.");
}
return null;
}
SecretKey psk = pskOpt.get();
// The PSK ID can only be used in one connections, but this method
// may be called twice in a connection if the server sends HRR.
// ID is saved in the context so it can be used in the second call.
Optional<byte[]> pskIdOpt = Optional.ofNullable(chc.pskIdentity)
.or(chc.resumingSession::consumePskIdentity);
if (!pskIdOpt.isPresent()) {
if (chc.pskIdentity == null) {
chc.pskIdentity = chc.resumingSession.consumePskIdentity();
}
if (chc.pskIdentity == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"PSK has no identity, or identity was already used");
}
return null;
}
chc.pskIdentity = pskIdOpt.get();
//The session cannot be used again. Remove it from the cache.
SSLSessionContextImpl sessionCache = (SSLSessionContextImpl)

29
src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
View file

@ -36,7 +36,6 @@ import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentLinkedQueue;
import javax.crypto.SecretKey;
@ -286,18 +285,20 @@ final class SSLSessionImpl extends ExtendedSSLSession {
return masterSecret;
}
Optional<SecretKey> getResumptionMasterSecret() {
return Optional.ofNullable(resumptionMasterSecret);
SecretKey getResumptionMasterSecret() {
return resumptionMasterSecret;
}
synchronized Optional<SecretKey> getPreSharedKey() {
return Optional.ofNullable(preSharedKey);
synchronized SecretKey getPreSharedKey() {
return preSharedKey;
}
synchronized Optional<SecretKey> consumePreSharedKey() {
Optional<SecretKey> result = Optional.ofNullable(preSharedKey);
preSharedKey = null;
return result;
synchronized SecretKey consumePreSharedKey() {
try {
return preSharedKey;
} finally {
preSharedKey = null;
}
}
int getTicketAgeAdd() {
@ -312,10 +313,12 @@ final class SSLSessionImpl extends ExtendedSSLSession {
* be used once. This method will return the identity and then clear it
* so it cannot be used again.
*/
synchronized Optional<byte[]> consumePskIdentity() {
Optional<byte[]> result = Optional.ofNullable(pskIdentity);
pskIdentity = null;
return result;
synchronized byte[] consumePskIdentity() {
try {
return pskIdentity;
} finally {
pskIdentity = null;
}
}
void setPeerCertificates(X509Certificate[] peer) {

11
src/java.base/share/classes/sun/security/ssl/ServerHello.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -35,7 +35,6 @@ import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.net.ssl.SSLException;
@ -544,7 +543,7 @@ final class ServerHello {
shc.negotiatedProtocol, shc.negotiatedCipherSuite);
setUpPskKD(shc,
shc.resumingSession.consumePreSharedKey().get());
shc.resumingSession.consumePreSharedKey());
// The session can't be resumed again---remove it from cache
SSLSessionContextImpl sessionCache = (SSLSessionContextImpl)
@ -1223,16 +1222,16 @@ final class ServerHello {
chc.sslConfig.maximumPacketSize);
} else {
// The PSK is consumed to allow it to be deleted
Optional<SecretKey> psk =
SecretKey psk =
chc.resumingSession.consumePreSharedKey();
if(!psk.isPresent()) {
if(psk == null) {
throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
"No PSK available. Unable to resume.");
}
chc.handshakeSession = chc.resumingSession;
setUpPskKD(chc, psk.get());
setUpPskKD(chc, psk);
}
//