SSLsession in Java

I. Overview

The interface is located under Javax.net.ssl, declared: Publicinterfacesslsession

In SSL, a session is used to describe a relationship that is occurring between two entities. Each SSL connection involves a session at a time, but the session can be used concurrently or successively on multiple connections to those entities. You can also use different sessions instead of sessions that are used on a connection. A session is created or re-added as part of the SSL handshake protocol. Policies that affect security or resource use or are explicitly called by an application invalidate may invalidate the session. Session management policies are often used to tune performance.

In addition to the standard session properties, the SSL session exposes the following read-only properties:

• sibling identity. A session is made between a specific client and a specific server. Sibling identities may have been established as part of the session settings. The same bit is usually identified by the certificate chain.
• the name of the cipher suite. Cipher Suites Describe the kind of encryption protection that is used by connections in a particular session.
• Peer host. all connections for a single session are made between the same two hosts. The address of the host at the other end of the connection is available.

You can explicitly invalidate the session. You can also implicitly invalidate a session when you encounter some kind of error.

second, the method

1. byte[] getId () returns the identifier assigned to this session.

2. Sslsessioncontextgetsessioncontext() returns the context in which this session resides.

This context may not be available in some environments, in which case this method returns NULL.

If there is a context and a security manager is installed, the caller may need the appropriate permissions to access the context, or a security exception may be thrown. In a Java environment, use SSLPermission("getSSLSessionContext") permissions to invoke the Security Manager checkPermission method.

Return:

The session context used for this session, or NULL if the context is not available.

Thrown:

SecurityException -If the calling thread does not have permission to get the SSL session context.

3. Long GetCreationTime () returns the time represented by the creation of this session, which is the number of milliseconds since the coordinated time of Midnight January 1, 1970.

4. Long Getlastaccessedtime () returns the number of milliseconds that this session represents the last time an application was accessed by the session layer, which is the time elapsed since midnight January 1, 1970 of the coordinated world.

Access will instruct you to establish a new connection using session data. Application-level actions, such as getting or setting values related to session, are not reflected during the visit.

This information is particularly useful in session management policies. For example, the session Manager thread can place all sessions in a given context that has not been used for a long time, or may sort the sessions based on their lifetime to optimize some tasks.

5. void Invalidate () invalidates the session.

Future connections cannot be resumed or joined to this session. However, any existing connections that use this session can continue to use this session until the connection is closed.

6. Boolean IsValid () returns whether this session is valid and available for recovery and accession.

7, void Putvalue (String name,object value) is used to name bind the specified value object to the application-tier data of the session.

Replace any name existing bindings that use the same. If a new (or existing) value implementation of the interface is implemented SSLSessionBindingListener , the represented object is notified accordingly value .

For security reasons, values with the same name are not visible between different access control contexts.

Parameters:

name -the name to which the data object will be bound. This parameter is not nullable.

value -The data object that will be bound. This parameter is not nullable.

Thrown:

IllegalArgumentException -If any one of the parameters is null.

8, Object GetValue (String name) returns the object bound to the given name in the application-level data of the session. If no such binding exists, NULL is returned.

For security reasons, values with the same name are not visible between different access control contexts.

Parameters:

name -The name of the binding to find.

Return:

The

value that is bound to the name, or null if there is no binding.

Thrown:

IllegalArgumentException -If the parameter is null

9. void RemoveValue (String name) removes the object bound to the given name in the application-level data of the session.

If no object is bound to the given name, nothing is done. If an existing object of the binding implements an SessionBindingListener interface, it is notified in an appropriate manner.

For security reasons, values with the same name are not visible between different access control contexts.

Parameters:

name-The name of the object that will be removed in the visible between the different access control contexts

Thrown:

IllegalArgumentException-if the parameter is null.

10, string[] GetValueNames () returns an array of the names of all application-tier data objects bound to the session.

For security reasons, values with the same name are not visible between different access control contexts.

Return:

The name of the object bound to this session consists of a non-null (possibly empty) array.

11, certificate[] getpeercertificates () throwssslpeerunverifiedexception returns the sibling identity, which is established as part of the definition session.

Note: You can use this method only if you are using a certificate-based cipher suite, and using it with a non-certificate-based cipher suite, such as Kerberos, throws Sslpeerunverifiedexception.

Return:

an ordered array of peer certificates, with the same peer's own certificate immediately following any certificate authorization.

Thrown:

SSLPeerUnverifiedException -If the sibling identity is not validated

12, certificate[] Getlocalcertificates () returns the certificate sent to the same body during the handshake.

Note: This method is only useful if you are using a certificate-based cipher suite.

When multiple certificates are available for use in a single handshake, the implementation can choose to use the "best" certificate chain that it considers "the" and transfer the certificate chain to the other end. This method allows the caller to know which certificate chains are actually used.

Return:

an ordered array of certificates, followed by any certificate authorization. If no certificate is sent, NULL is returned.

13, x509certificate[] Getpeercertificatechain () throwssslpeerunverifiedexception return sibling identity, The sibling identity is identified as part of the definition session.

Note: You can use this method only if you are using a certificate-based cipher suite, and using it with a non-certificate-based cipher suite, such as Kerberos, throws Sslpeerunverifiedexception.

Note: This method exists for compatibility with previous versions. The new application should be used getPeerCertificates() .

Return:

An ordered array of siblings of the same level, with the same body's own certificate immediately following any certificate authorization. (The certificate format uses the original JSSE certificate X509Certificate format.) ）

Thrown:

SSLPeerUnverifiedException-If the sibling identity is not validated

See also:

getPeerPrincipal()

14, Principal Getpeerprincipal () throwssslpeerunverifiedexception returns the sibling identity, which is established as part of the definition session.

Return:

The body of the same body. For X509-based cipher suites, returns the X500principal of the final entity certificate, and for the Kerberos cipher suite, returns KERBEROSPRINCIPAL.

Thrown:

SSLPeerUnverifiedException-If the sibling identity is not validated

Start from the following versions:

1.5

See also:

getPeerCertificates(), getLocalPrincipal()

15. Principal Getlocalprincipal () returns the body that is sent to the same body during the handshake.

Return:

Sent

to the body of the same body. Returns the X500principal of the final entity certificate based on the X509 cipher suite, as well as the kerberosprincipal of the Kerberos cipher suite. If no principal is sent, NULL is returned.

Start from the following versions:

1.5

See also:

getLocalCertificates(), getPeerPrincipal()

16. String Getciphersuite () returns the name of the SSL cipher suite used by all connections in the session.

This cipher suite defines the level of protection provided for the data sent on the connection, including the type of encryption used and most aspects of how it is validated.

17. String Getprotocol () returns the standard name of the protocol used by all connections in the session.

This method defines the protocol used in the connection.

18, String Getpeerhost () returns the host name of the same bit in this session.

For a server, the host is the host of the client, and for the client, it is the server's host. This name can be either a fully qualified host name or not a host name at all, because it can represent a string encoding of the sibling network address. If such a name is required, the name can be resolved by the name service based on the value returned by this method.

This value is not validated and therefore should not be relied upon. It is primarily used as SSLSession a hint for caching policies.

Return:

The host name of the peer host, or null if no information is available.

19, int getpeerport () returns the port number of the same bit in this session.

For a server, the port number is the port number of the client, and for the client it is the port number of the server.

This value is not validated and therefore should not be relied upon. It is primarily used as SSLSession a hint for caching policies.

20, int getpacketbuffersize () gets the current size of the maximum SSL/TLS package expected when this session is used.

The SSL/TLS package that uses this session SSLEngine can generate any size and include the value returned by this method. SSLEnginethe minimum size of all network buffers should be so large as to prevent out-of- wrap unwrap space problems when they occur.

Return:

the current maximum value of the expected network packet size

21, int getapplicationbuffersize () gets the current size of the maximum application data expected when using this session.

SSLEngineThe application data buffer must be large enough to accommodate the received application data from any inbound network application packet. Typically, the outbound app data buffer can be any size.

SSLsession in Java