SSLSession

public interface SSLSession

In SSL, sessions are used to describe an ongoing relationship between two entities. Each SSL connection involves one session at a time, but that session may be used on many connections between those entities, simultaneously or sequentially. The session used on a connection may also be replaced by a different session. Sessions are created, or rejoined, as part of the SSL handshaking protocol. Sessions may be invalidated due to policies affecting security or resource usage, or by an application explicitly calling invalidate. Session management policies are typically used to tune performance.

In addition to the standard session attributes, SSL sessions expose these read-only attributes:

  • Peer Identity. Sessions are between a particular client and a particular server. The identity of the peer may have been established as part of session setup. Peers are generally identified by X.509 certificate chains.
  • Cipher Suite Name. Cipher suites describe the kind of cryptographic protection that's used by connections in a particular session.
  • Peer Host. All connections in a session are between the same two hosts. The address of the host on the other side of the connection is available.

Sessions may be explicitly invalidated. Invalidation may also be done implicitly, when faced with certain kinds of errors.

Public Method Summary

abstract int
getApplicationBufferSize()
Gets the current size of the largest application data that is expected when using this session.
abstract String
getCipherSuite()
Returns the name of the SSL cipher suite which is used for all connections in the session.
abstract long
getCreationTime()
Returns the time at which this Session representation was created, in milliseconds since midnight, January 1, 1970 UTC.
abstract byte[]
getId()
Returns the identifier assigned to this Session.
abstract long
getLastAccessedTime()
Returns the last time this Session representation was accessed by the session level infrastructure, in milliseconds since midnight, January 1, 1970 UTC.
abstract Certificate[]
getLocalCertificates()
Returns the certificate(s) that were sent to the peer during handshaking.
abstract Principal
getLocalPrincipal()
Returns the principal that was sent to the peer during handshaking.
abstract int
getPacketBufferSize()
Gets the current size of the largest SSL/TLS packet that is expected when using this session.
abstract X509Certificate[]
getPeerCertificateChain()
Returns the identity of the peer which was identified as part of defining the session.
abstract Certificate[]
getPeerCertificates()
Returns the identity of the peer which was established as part of defining the session.
abstract String
getPeerHost()
Returns the host name of the peer in this session.
abstract int
getPeerPort()
Returns the port number of the peer in this session.
abstract Principal
getPeerPrincipal()
Returns the identity of the peer which was established as part of defining the session.
abstract String
getProtocol()
Returns the standard name of the protocol used for all connections in the session.
abstract SSLSessionContext
getSessionContext()
Returns the context in which this session is bound.
abstract Object
getValue(String name)
Returns the object bound to the given name in the session's application layer data.
abstract String[]
getValueNames()
Returns an array of the names of all the application layer data objects bound into the Session.
abstract void
invalidate()
Invalidates the session.
abstract boolean
isValid()
Returns whether this session is valid and available for resuming or joining.
abstract void
putValue(String name, Object value)
Binds the specified value object into the session's application layer data with the given name.
abstract void
removeValue(String name)
Removes the object bound to the given name in the session's application layer data.

Public Methods

public abstract int getApplicationBufferSize ()

Gets the current size of the largest application data that is expected when using this session.

SSLEngine application data buffers must be large enough to hold the application data from any inbound network application data packet received. Typically, outbound application data buffers can be of any size.

Returns
  • the current maximum expected application packet size

public abstract String getCipherSuite ()

Returns the name of the SSL cipher suite which is used for all connections in the session.

This defines the level of protection provided to the data sent on the connection, including the kind of encryption used and most aspects of how authentication is done.

Returns
  • the name of the session's cipher suite

public abstract long getCreationTime ()

Returns the time at which this Session representation was created, in milliseconds since midnight, January 1, 1970 UTC.

Returns
  • the time this Session was created

public abstract byte[] getId ()

Returns the identifier assigned to this Session.

Returns
  • the Session identifier

public abstract long getLastAccessedTime ()

Returns the last time this Session representation was accessed by the session level infrastructure, in milliseconds since midnight, January 1, 1970 UTC.

Access indicates a new connection being established using session data. Application level operations, such as getting or setting a value associated with the session, are not reflected in this access time.

This information is particularly useful in session management policies. For example, a session manager thread could leave all sessions in a given context which haven't been used in a long time; or, the sessions might be sorted according to age to optimize some task.

Returns
  • the last time this Session was accessed

public abstract Certificate[] getLocalCertificates ()

Returns the certificate(s) that were sent to the peer during handshaking.

Note: This method is useful only when using certificate-based cipher suites.

When multiple certificates are available for use in a handshake, the implementation chooses what it considers the "best" certificate chain available, and transmits that to the other side. This method allows the caller to know which certificate chain was actually used.

Returns
  • an ordered array of certificates, with the local certificate first followed by any certificate authorities. If no certificates were sent, then null is returned.

public abstract Principal getLocalPrincipal ()

Returns the principal that was sent to the peer during handshaking.

Returns
  • the principal sent to the peer. Returns an X500Principal of the end-entity certificate for X509-based cipher suites, and KerberosPrincipal for Kerberos cipher suites. If no principal was sent, then null is returned.

public abstract int getPacketBufferSize ()

Gets the current size of the largest SSL/TLS packet that is expected when using this session.

A SSLEngine using this session may generate SSL/TLS packets of any size up to and including the value returned by this method. All SSLEngine network buffers should be sized at least this large to avoid insufficient space problems when performing wrap and unwrap calls.

Returns
  • the current maximum expected network packet size

public abstract X509Certificate[] getPeerCertificateChain ()

Returns the identity of the peer which was identified as part of defining the session.

Note: This method can be used only when using certificate-based cipher suites; using it with non-certificate-based cipher suites, such as Kerberos, will throw an SSLPeerUnverifiedException.

Note: this method exists for compatibility with previous releases. New applications should use getPeerCertificates() instead.

Returns
  • an ordered array of peer X.509 certificates, with the peer's own certificate first followed by any certificate authorities. (The certificates are in the original JSSE certificate X509Certificate format.)
Throws
SSLPeerUnverifiedException if the peer's identity has not been verified
See Also