JSSE: check if session is resumable before storing or returning exist…

…ing one in WolfSSLAuthStore.getSession()
wolfSSL · May 31, 2024 · 1300881 · 1300881
1 parent 1afd3fc
commit 1300881
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 5 deletions.
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java b/src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java
@@ -351,6 +351,24 @@ protected synchronized WolfSSLImplementSSLSession getSession(
                  * after the resumed session completes the handshake, for
                  * subsequent resumption attempts to use. */
                 store.remove(toHash.hashCode());
+
+                /* Check if native WOLFSSL_SESSION is resumable before
+                 * returning it for resumption. If not, create a new
+                 * session instead. */
+                if (!ses.isResumable()) {
+                    WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                        "native WOLFSSL_SESSION not resumable, " +
+                        "creating new session");
+                    ses = new WolfSSLImplementSSLSession(ssl, port, host, this);
+                    ses.setValid(true); /* new sessions marked as valid */
+
+                    ses.isFromTable = false;
+                    ses.setPseudoSessionId(
+                        Integer.toString(ssl.hashCode()).getBytes());
+
+                    return ses;
+                }
+
                 ses.isFromTable = true;
 
                 WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
@@ -459,20 +477,27 @@ private boolean idAllZeros(byte[] id) {
      * the session cache is global and shared amongst all threads.
      *
      * @param session SSLSession to be stored in Java session cache
-     * @return SSL_SUCCESS on success
+     * @return WolfSSL.SSL_SUCCESS on success
      */
     protected int addSession(WolfSSLImplementSSLSession session) {
 
         String toHash;
         int    hashCode = 0;
 
         /* Don't store session if invalid (or not complete with sesPtr
-         * if on client side). Server-side still needs to store session
-         * for things like returning the session ID, even though sesPtr
-         * will be 0 since server manages session cache at native level. */
+         * if on client side, or not resumable). Server-side still needs to
+         * store session for things like returning the session ID, even though
+         * sesPtr will be 0 since server manages session cache at native
+         * level. */
         if (!session.isValid() ||
             (session.getSide() == WolfSSL.WOLFSSL_CLIENT_END &&
-             !session.sessionPointerSet())) {
+             (!session.sessionPointerSet() || !session.isResumable()))) {
+
+            if (!session.isResumable()) {
+                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                    "Not storing session in Java client cache since " +
+                    "native WOLFSSL_SESSION is not resumable");
+            }
             return WolfSSL.SSL_FAILURE;
         }
 

diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java b/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java
@@ -340,6 +340,24 @@ protected synchronized void setValid(boolean in) {
         this.valid = in;
     }
 
+    /**
+     * Check if this session is resumable.
+     *
+     * Calls down to native wolfSSL_SESSION_is_resumable() with
+     * WOLFSSL_SESSION pointer.
+     *
+     * @return true if resumable, otherwise false
+     */
+    protected synchronized boolean isResumable() {
+        synchronized (sesPtrLock) {
+            if (WolfSSLSession.sessionIsResumable(this.sesPtr) == 1) {
+                return true;
+            } else {
+                return false;
+            }
+        }
+    }
+
     /**
      * Return status of internal session pointer (WOLFSSL_SESSION).
      * @return true if this.sesPtr is set, otherwise false if 0 */