ExtendedSSLSession
public interface SSLSession
invalidate
. Session management policies are typically used to tune performance. In addition to the standard session attributes, SSL sessions expose these read-only attributes:
Sessions may be explicitly invalidated. Invalidation may also be done implicitly, when faced with certain kinds of errors.
Modifier and Type | Method | Description |
---|---|---|
int |
getApplicationBufferSize() |
Gets the current size of the largest application data that is expected when using this session. |
String |
getCipherSuite() |
Returns the name of the SSL cipher suite which is used for all connections in the session. |
long |
getCreationTime() |
Returns the time at which this Session representation was created, in milliseconds since midnight, January 1, 1970 UTC. |
byte[] |
getId() |
Returns the identifier assigned to this Session. |
long |
getLastAccessedTime() |
Returns the last time this Session representation was accessed by the session level infrastructure, in milliseconds since midnight, January 1, 1970 UTC. |
Certificate[] |
getLocalCertificates() |
Returns the certificate(s) that were sent to the peer during handshaking. |
Principal |
getLocalPrincipal() |
Returns the principal that was sent to the peer during handshaking. |
int |
getPacketBufferSize() |
Gets the current size of the largest SSL/TLS/DTLS packet that is expected when using this session. |
default X509Certificate[] |
getPeerCertificateChain() |
Deprecated, for removal: This API element is subject to removal in a future version. |
Certificate[] |
getPeerCertificates() |
Returns the identity of the peer which was established as part of defining the session. |
String |
getPeerHost() |
Returns the host name of the peer in this session. |
int |
getPeerPort() |
Returns the port number of the peer in this session. |
Principal |
getPeerPrincipal() |
Returns the identity of the peer which was established as part of defining the session. |
String |
getProtocol() |
Returns the standard name of the protocol used for all connections in the session. |
SSLSessionContext |
getSessionContext() |
Returns the context in which this session is bound. |
Object |
getValue |
Returns the object bound to the given name in the session's application layer data. |
String[] |
getValueNames() |
Returns an array of the names of all the application layer data objects bound into the Session. |
void |
invalidate() |
Invalidates the session. |
boolean |
isValid() |
Returns whether this session is valid and available for resuming or joining. |
void |
putValue |
Binds the specified value object into the session's application layer data with the given name . |
void |
removeValue |
Removes the object bound to the given name in the session's application layer data. |
byte[] getId()
SSLSessionContext getSessionContext()
This context may be unavailable in some environments, in which case this method returns null.
If the context is available and there is a security manager installed, the caller may require permission to access it or a security exception may be thrown. In a Java environment, the security manager's checkPermission
method is called with a SSLPermission("getSSLSessionContext")
permission.
SecurityException
- if the calling thread does not have permission to get SSL session context.long getCreationTime()
long getLastAccessedTime()
Access indicates a new connection being established using session data. Application level operations, such as getting or setting a value associated with the session, are not reflected in this access time.
This information is particularly useful in session management policies. For example, a session manager thread could leave all sessions in a given context which haven't been used in a long time; or, the sessions might be sorted according to age to optimize some task.
void invalidate()
Future connections will not be able to resume or join this session. However, any existing connection using this session can continue to use the session until the connection is closed.
boolean isValid()
void putValue(String name, Object value)
value
object into the session's application layer data with the given name
. Any existing binding using the same name
is replaced. If the new (or existing) value
implements the SSLSessionBindingListener
interface, the object represented by value
is notified appropriately.
For security reasons, the same named values may not be visible across different access control contexts.
name
- the name to which the data object will be bound. This may not be null.value
- the data object to be bound. This may not be null.IllegalArgumentException
- if either argument is null.Object getValue(String name)
For security reasons, the same named values may not be visible across different access control contexts.
name
- the name of the binding to find.IllegalArgumentException
- if the argument is null.void removeValue(String name)
SSLSessionBindingListener
interface, it is notified appropriately. For security reasons, the same named values may not be visible across different access control contexts.
name
- the name of the object to remove visible across different access control contextsIllegalArgumentException
- if the argument is null.String[] getValueNames()
For security reasons, the same named values may not be visible across different access control contexts.
Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException
Note: This method can be used only when using certificate-based cipher suites; using it with non-certificate-based cipher suites, such as Kerberos, will throw an SSLPeerUnverifiedException.
Note: The returned value may not be a valid certificate chain and should not be relied on for trust decisions.
SSLPeerUnverifiedException
- if the peer's identity has not been verifiedCertificate[] getLocalCertificates()
Note: This method is useful only when using certificate-based cipher suites.
When multiple certificates are available for use in a handshake, the implementation chooses what it considers the "best" certificate chain available, and transmits that to the other side. This method allows the caller to know which certificate chain was actually used.
@Deprecated(since="9", forRemoval=true) default X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException
getPeerCertificates()
method that returns an array of java.security.cert.Certificate
should be used instead.Note: This method can be used only when using certificate-based cipher suites; using it with non-certificate-based cipher suites, such as Kerberos, will throw an SSLPeerUnverifiedException.
Note: The returned value may not be a valid certificate chain and should not be relied on for trust decisions.
Note: this method exists for compatibility with previous releases. New applications should use getPeerCertificates()
instead.
X509Certificate
format.)SSLPeerUnverifiedException
- if the peer's identity has not been verified.UnsupportedOperationException
- if the underlying provider does not implement the operation.Principal getPeerPrincipal() throws SSLPeerUnverifiedException
SSLPeerUnverifiedException
- if the peer's identity has not been verifiedPrincipal getLocalPrincipal()
String getCipherSuite()
This defines the level of protection provided to the data sent on the connection, including the kind of encryption used and most aspects of how authentication is done.
String getProtocol()
This defines the protocol used in the connection.
String getPeerHost()
For the server, this is the client's host; and for the client, it is the server's host. The name may not be a fully qualified host name or even a host name at all as it may represent a string encoding of the peer's network address. If such a name is desired, it might be resolved through a name service based on the value returned by this method.
This value is not authenticated and should not be relied upon. It is mainly used as a hint for SSLSession
caching strategies.
int getPeerPort()
For the server, this is the client's port number; and for the client, it is the server's port number.
This value is not authenticated and should not be relied upon. It is mainly used as a hint for SSLSession
caching strategies.
int getPacketBufferSize()
An SSLEngine
using this session may generate SSL/TLS/DTLS packets of any size up to and including the value returned by this method. All SSLEngine
network buffers should be sized at least this large to avoid insufficient space problems when performing wrap
and unwrap
calls.
int getApplicationBufferSize()
SSLEngine
application data buffers must be large enough to hold the application data from any inbound network application data packet received. Typically, outbound application data buffers can be of any size.
© 1993, 2023, Oracle and/or its affiliates. All rights reserved.
Documentation extracted from Debian's OpenJDK Development Kit package.
Licensed under the GNU General Public License, version 2, with the Classpath Exception.
Various third party code in OpenJDK is licensed under different licenses (see Debian package).
Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
https://docs.oracle.com/en/java/javase/21/docs/api/java.base/javax/net/ssl/SSLSession.html
getPeerCertificates()
method that returns an array ofjava.security.cert.Certificate
should be used instead.