8212261: Add SSLSession accessors to HttpsURLConnection and SecureCacheResponse

Reviewed-by: mullan, chegar
2025-08-27 23:04:50 +02:00 · 2018-11-09 08:24:38 -08:00 · 2018-11-09 08:24:38 -08:00 · 3e9941ea2b
commit 3e9941ea2b
parent 7e17764cd3
8 changed files with 520 additions and 7 deletions
--- a/src/java.base/share/classes/java/net/SecureCacheResponse.java
+++ b/src/java.base/share/classes/java/net/SecureCacheResponse.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -26,9 +26,11 @@
 package java.net;

 import java.security.cert.Certificate;
+import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import java.security.Principal;
 import java.util.List;
+import java.util.Optional;

 /**
 * Represents a cache response originally retrieved through secure
@ -105,4 +107,27 @@ public abstract class SecureCacheResponse extends CacheResponse {
      * @see #getPeerPrincipal()
      */
     public abstract Principal getLocalPrincipal();
+
+    /**
+     * Returns an {@link Optional} containing the {@code SSLSession} in
+     * use on the original connection that retrieved the network resource.
+     * Returns an empty {@code Optional} if the underlying implementation
+     * does not support this method.
+     *
+     * @implSpec For compatibility, the default implementation of this
+     *           method returns an empty {@code Optional}.  Subclasses
+     *           should override this method with an appropriate
+     *           implementation since an application may need to access
+     *           additional parameters associated with the SSL session.
+     *
+     * @return   an {@link Optional} containing the {@code SSLSession} in
+     *           use on the original connection
+     *
+     * @see SSLSession
+     *
+     * @since 12
+     */
+    public Optional<SSLSession> getSSLSession() {
+        return Optional.empty();
+    }
 }
--- a/src/java.base/share/classes/javax/net/ssl/HttpsURLConnection.java
+++ b/src/java.base/share/classes/javax/net/ssl/HttpsURLConnection.java
@ -29,6 +29,7 @@ import java.net.URL;
 import java.net.HttpURLConnection;
 import java.security.Principal;
 import java.security.cert.X509Certificate;
+import java.util.Optional;

 /**
 * <code>HttpsURLConnection</code> extends <code>HttpURLConnection</code>
@ -52,9 +53,7 @@ import java.security.cert.X509Certificate;
 *
 * @since 1.4
 */
-public abstract
-class HttpsURLConnection extends HttpURLConnection
-{
+public abstract class HttpsURLConnection extends HttpURLConnection {
    /**
     * Creates an <code>HttpsURLConnection</code> using the
     * URL specified.
@ -378,4 +377,29 @@ class HttpsURLConnection extends HttpURLConnection
    public SSLSocketFactory getSSLSocketFactory() {
        return sslSocketFactory;
    }
+
+    /**
+     * Returns an {@link Optional} containing the {@code SSLSession} in
+     * use on this connection.  Returns an empty {@code Optional} if the
+     * underlying implementation does not support this method.
+     *
+     * @implSpec For compatibility, the default implementation of this
+     *           method returns an empty {@code Optional}.  Subclasses
+     *           should override this method with an appropriate
+     *           implementation since an application may need to access
+     *           additional parameters associated with the SSL session.
+     *
+     * @return   an {@link Optional} containing the {@code SSLSession} in
+     *           use on this connection.
+     *
+     * @throws   IllegalStateException if this method is called before
+     *           the connection has been established
+     *
+     * @see SSLSession
+     *
+     * @since 12
+     */
+    public Optional<SSLSession> getSSLSession() {
+        return Optional.empty();
+    }
 }
--- a/src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java
+++ b/src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -31,6 +31,8 @@ import java.net.SecureCacheResponse;
 import java.security.Principal;
 import java.io.IOException;
 import java.util.List;
+import java.util.Optional;
+import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import sun.net.www.http.*;
 import sun.net.www.protocol.http.HttpURLConnection;
@ -296,4 +298,19 @@ public abstract class AbstractDelegateHttpsURLConnection extends
        }
    }

+    SSLSession getSSLSession() {
+        if (cachedResponse != null) {
+            Optional<SSLSession> option =
+                    ((SecureCacheResponse)cachedResponse).getSSLSession();
+            if (option.isPresent()) {
+                return option.orElseThrow();
+            }
+        }
+
+        if (http == null) {
+            throw new IllegalStateException("connection not yet open");
+        }
+
+        return ((HttpsClient)http).getSSLSession();
+    }
 }
--- a/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java
+++ b/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -738,6 +738,13 @@ final class HttpsClient extends HttpClient
        return principal;
    }

+    /**
+     * Returns the {@code SSLSession} in use on this connection.
+     */
+    SSLSession getSSLSession() {
+        return session;
+    }
+
    /**
     * This method implements the SSL HandshakeCompleted callback,
     * remembering the resulting session so that it may be queried
--- a/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java
+++ b/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -46,6 +46,7 @@ import java.security.Permission;
 import java.security.Principal;
 import java.util.Map;
 import java.util.List;
+import java.util.Optional;
 import sun.net.www.http.HttpClient;

 /**
@ -533,4 +534,9 @@ public class HttpsURLConnectionImpl
    public void setAuthenticator(Authenticator auth) {
        delegate.setAuthenticator(auth);
    }
+
+    @Override
+    public Optional<SSLSession> getSSLSession() {
+        return Optional.ofNullable(delegate.getSSLSession());
+    }
 }