diff --git a/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java b/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java index 0e0df0527fe..2d134f303fe 100644 --- a/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java +++ b/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java @@ -372,9 +372,11 @@ final class PreSharedKeyExtension { SSLSessionImpl s = null; for (PskIdentity requestedId : pskSpec.identities) { - // If we are keeping state, see if the identity is in the cache + // If we are keeping state, see if the identity is in the + // cache. Note that for TLS 1.3, we would also clean + // up the cached session if it is not rejoinable. if (requestedId.identity.length == SessionId.MAX_LENGTH) { - s = sessionCache.get(requestedId.identity); + s = sessionCache.pull(requestedId.identity); } // See if the identity is a stateless ticket if (s == null && diff --git a/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java index e30405f15e2..9584a35c5de 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java @@ -175,6 +175,15 @@ final class SSLSessionContextImpl implements SSLSessionContext { return (SSLSessionImpl)getSession(id); } + // package-private method, find and remove session from cache + // return found session + SSLSessionImpl pull(byte[] id) { + if (id != null) { + return sessionCache.pull(new SessionId(id)); + } + return null; + } + // package-private method, used ONLY by ClientHandshaker SSLSessionImpl get(String hostname, int port) { /* diff --git a/src/java.base/share/classes/sun/security/ssl/ServerHello.java b/src/java.base/share/classes/sun/security/ssl/ServerHello.java index f9dad6edf1f..193a71cde86 100644 --- a/src/java.base/share/classes/sun/security/ssl/ServerHello.java +++ b/src/java.base/share/classes/sun/security/ssl/ServerHello.java @@ -560,9 +560,6 @@ final class ServerHello { setUpPskKD(shc, shc.resumingSession.consumePreSharedKey()); - - // The session can't be resumed again---remove it from cache - sessionCache.remove(shc.resumingSession.getSessionId()); } // update the responders diff --git a/src/java.base/share/classes/sun/security/util/Cache.java b/src/java.base/share/classes/sun/security/util/Cache.java index 16752cc6eca..65bf6cc7581 100644 --- a/src/java.base/share/classes/sun/security/util/Cache.java +++ b/src/java.base/share/classes/sun/security/util/Cache.java @@ -100,6 +100,11 @@ public abstract class Cache { */ public abstract void remove(Object key); + /** + * Pull an entry from the cache. + */ + public abstract V pull(Object key); + /** * Set the maximum size. */ @@ -224,6 +229,10 @@ class NullCache extends Cache { // empty } + public V pull(Object key) { + return null; + } + public void setCapacity(int size) { // empty } @@ -412,6 +421,26 @@ class MemoryCache extends Cache { } } + public synchronized V pull(Object key) { + emptyQueue(); + CacheEntry entry = cacheMap.remove(key); + if (entry == null) { + return null; + } + + long time = (lifetime == 0) ? 0 : System.currentTimeMillis(); + if (entry.isValid(time)) { + V value = entry.getValue(); + entry.invalidate(); + return value; + } else { + if (DEBUG) { + System.out.println("Ignoring expired entry"); + } + return null; + } + } + public synchronized void setCapacity(int size) { expungeExpiredEntries(); if (size > 0 && cacheMap.size() > size) {