View Javadoc
1   /*
2    * Copyright 2014 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty.handler.ssl;
17  
18  import io.netty.internal.tcnative.SSL;
19  import io.netty.internal.tcnative.SSLContext;
20  
21  import java.util.concurrent.locks.Lock;
22  
23  
24  /**
25   * {@link OpenSslSessionContext} implementation which offers extra methods which are only useful for the server-side.
26   */
27  public final class OpenSslServerSessionContext extends OpenSslSessionContext {
28      OpenSslServerSessionContext(ReferenceCountedOpenSslContext context, OpenSslKeyMaterialProvider provider) {
29          super(context, provider);
30      }
31  
32      @Override
33      public void setSessionTimeout(int seconds) {
34          if (seconds < 0) {
35              throw new IllegalArgumentException();
36          }
37          Lock writerLock = context.ctxLock.writeLock();
38          writerLock.lock();
39          try {
40              SSLContext.setSessionCacheTimeout(context.ctx, seconds);
41          } finally {
42              writerLock.unlock();
43          }
44      }
45  
46      @Override
47      public int getSessionTimeout() {
48          Lock readerLock = context.ctxLock.readLock();
49          readerLock.lock();
50          try {
51              return (int) SSLContext.getSessionCacheTimeout(context.ctx);
52          } finally {
53              readerLock.unlock();
54          }
55      }
56  
57      @Override
58      public void setSessionCacheSize(int size) {
59          if (size < 0) {
60              throw new IllegalArgumentException();
61          }
62          Lock writerLock = context.ctxLock.writeLock();
63          writerLock.lock();
64          try {
65              SSLContext.setSessionCacheSize(context.ctx, size);
66          } finally {
67              writerLock.unlock();
68          }
69      }
70  
71      @Override
72      public int getSessionCacheSize() {
73          Lock readerLock = context.ctxLock.readLock();
74          readerLock.lock();
75          try {
76              return (int) SSLContext.getSessionCacheSize(context.ctx);
77          } finally {
78              readerLock.unlock();
79          }
80      }
81  
82      @Override
83      public void setSessionCacheEnabled(boolean enabled) {
84          long mode = enabled ? SSL.SSL_SESS_CACHE_SERVER : SSL.SSL_SESS_CACHE_OFF;
85  
86          Lock writerLock = context.ctxLock.writeLock();
87          writerLock.lock();
88          try {
89              SSLContext.setSessionCacheMode(context.ctx, mode);
90          } finally {
91              writerLock.unlock();
92          }
93      }
94  
95      @Override
96      public boolean isSessionCacheEnabled() {
97          Lock readerLock = context.ctxLock.readLock();
98          readerLock.lock();
99          try {
100             return SSLContext.getSessionCacheMode(context.ctx) == SSL.SSL_SESS_CACHE_SERVER;
101         } finally {
102             readerLock.unlock();
103         }
104     }
105 
106     /**
107      * Set the context within which session be reused (server side only)
108      * See <a href="http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html">
109      *     man SSL_CTX_set_session_id_context</a>
110      *
111      * @param sidCtx can be any kind of binary data, it is therefore possible to use e.g. the name
112      *               of the application and/or the hostname and/or service name
113      * @return {@code true} if success, {@code false} otherwise.
114      */
115     public boolean setSessionIdContext(byte[] sidCtx) {
116         Lock writerLock = context.ctxLock.writeLock();
117         writerLock.lock();
118         try {
119             return SSLContext.setSessionIdContext(context.ctx, sidCtx);
120         } finally {
121             writerLock.unlock();
122         }
123     }
124 }