Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/src/share/classes/sun/security/ssl/EphemeralKeyManager.java
38830 views
/*1* Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package sun.security.ssl;2627import java.security.*;2829/**30* The "KeyManager" for ephemeral RSA keys. Ephemeral DH and ECDH keys31* are handled by the DHCrypt and ECDHCrypt classes, respectively.32*33* @author Andreas Sterbenz34*/35final class EphemeralKeyManager {3637// indices for the keys array below38private static final int INDEX_RSA512 = 0;39private static final int INDEX_RSA1024 = 1;4041/*42* Current cached RSA KeyPairs. Elements are never null.43* Indexed via the constants above.44*/45private final EphemeralKeyPair[] keys = new EphemeralKeyPair[] {46new EphemeralKeyPair(null),47new EphemeralKeyPair(null),48};4950EphemeralKeyManager() {51// empty52}5354/*55* Get a temporary RSA KeyPair.56*/57KeyPair getRSAKeyPair(boolean export, SecureRandom random) {58int length, index;59if (export) {60length = 512;61index = INDEX_RSA512;62} else {63length = 1024;64index = INDEX_RSA1024;65}6667synchronized (keys) {68KeyPair kp = keys[index].getKeyPair();69if (kp == null) {70try {71KeyPairGenerator kgen = JsseJce.getKeyPairGenerator("RSA");72kgen.initialize(length, random);73keys[index] = new EphemeralKeyPair(kgen.genKeyPair());74kp = keys[index].getKeyPair();75} catch (Exception e) {76// ignore77}78}79return kp;80}81}8283/**84* Inner class to handle storage of ephemeral KeyPairs.85*/86private static class EphemeralKeyPair {8788// maximum number of times a KeyPair is used89private static final int MAX_USE = 200;9091// maximum time interval in which the keypair is used (1 hour in ms)92private static final long USE_INTERVAL = 3600*1000;9394private KeyPair keyPair;95private int uses;96private long expirationTime;9798private EphemeralKeyPair(KeyPair keyPair) {99this.keyPair = keyPair;100expirationTime = System.currentTimeMillis() + USE_INTERVAL;101}102103/*104* Check if the KeyPair can still be used.105*/106private boolean isValid() {107return (keyPair != null) && (uses < MAX_USE)108&& (System.currentTimeMillis() < expirationTime);109}110111/*112* Return the KeyPair or null if it is invalid.113*/114private KeyPair getKeyPair() {115if (isValid() == false) {116keyPair = null;117return null;118}119uses++;120return keyPair;121}122}123}124125126