All Packages  Class Hierarchy  This Package  Previous  Next  Index

Interface javax.net.ssl.SSLSession

public interface SSLSession

In SSL, sessions are used to describe an ongoing relationship between two entities. Each SSL connection involves one session at a time, but that session may be used on many connections between those entities, simultaneously or sequentially. The session used on a connection may also be replaced by a different session. Sessions are created, or rejoined, as part of the SSL handshaking protocol. Sessions may be invalidated due to policies affecting security or resource usage. Session management policies are typically used to tune performance.

In addition to the standard session attributes, SSL sessions expose these read-only attributes:

Peer Identity. Sessions are between a particular client and a particular server. The identity of the peer may have been established as part of session setup. Peers are identified by X.509 certificate chains.
Cipher Suite Name. Cipher suites describe the kind of cryptographic protection that's used by connections in a particular session.
Peer Host Address. All connections in a session are between the same two hosts. The address of the host on the other side of the connection is available.

Sessions may be explicitly invalidated. Invalidation may also be done implicitly, when faced with certain kinds of errors.

getCipherSuite(): Returns the name of the SSL cipher suite which is used for all connections in the session.
getCreationTime(): Returns the time at which this Session representation was created, in milliseconds since midnight, January 1, 1970 UTC.
getId(): Returns the identifier assigned to this Session.
getLastAccessedTime(): Returns the last time this Session representation was accessed by the session level infrastructure, in milliseconds since midnight, January 1, 1970 UTC.
getPeerCertificateChain(): Return the cert chain presented by the peer.
getPeerHost(): Returns the host name of the peer in this session.
getSessionContext(): Returns the context in which this session is bound.
getValue(String): Returns the object bound to the given name in the session's application layer data.
getValueNames(): Returns an array of the names of all the application layer data objects bound into the Session.
invalidate(): Invalidates the session.
putValue(String, Object): Binds the specified object into the session's application layer data with the given name.
removeValue(String): Removes the object bound to the given name in the session's application layer data.

getId

 public abstract byte[] getId()

Returns the identifier assigned to this Session.

getSessionContext

 public abstract SSLSessionContext getSessionContext()

Returns the context in which this session is bound. This context may be unavailable in some environments, in which case this method returns null.

getCreationTime

 public abstract long getCreationTime()

Returns the time at which this Session representation was created, in milliseconds since midnight, January 1, 1970 UTC.

getLastAccessedTime

 public abstract long getLastAccessedTime()

Returns the last time this Session representation was accessed by the session level infrastructure, in milliseconds since midnight, January 1, 1970 UTC. Access indicates a new connection being established using session data. Application level operations, such as getting or setting a value associated with the session, are not reflected in this access time.

This information is particularly useful in session management policies. For example, a session manager thread could leave all sessions in a given context which haven't been used in a long time; or, the sessions might be sorted according to age to optimize some task.

invalidate

 public abstract void invalidate()

Invalidates the session. Future connections will not be able to resume or join this session.

putValue

 public abstract void putValue(String name,
                               Object value)

Binds the specified object into the session's application layer data with the given name. Any existing binding with the same name is replaced. If the new (or existing) value implements the SSLSessionBindingListener interface, it is notified appropriately.

Parameters:: name - the name to which the data object will be bound. This may not be null.; value - the data object to be bound. This may not be null.

getValue

 public abstract Object getValue(String name)

Returns the object bound to the given name in the session's application layer data. Returns null if there is no such binding.

Parameters:: name - the name of the binding to find.
Returns:: the value bound to that name, or null if the binding does not exist.

removeValue

 public abstract void removeValue(String name)

Removes the object bound to the given name in the session's application layer data. Does nothing if there is no object bound to the given name. If the value implements the SessionBindingListener interface, it is notified appropriately.

Parameters:: name - the name of the object to remove

getValueNames

 public abstract String[] getValueNames()

Returns an array of the names of all the application layer data objects bound into the Session.

getPeerCertificateChain

 public abstract X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException

Return the cert chain presented by the peer.

Returns:: array of peer X.509 certs, with the peer's own cert first in the chain, and with the "root" CA last.

getCipherSuite

 public abstract String getCipherSuite()

Returns the name of the SSL cipher suite which is used for all connections in the session. This defines the level of protection provided to the data sent on the connection, including the kind of encryption used and most aspects of how authentication is done..

The cipher suite names are as defined in the SSL protocol definition, and include:

SSL_RSA_WITH_RC4_128_MD5 ... a non-exportable cipher suite supporting 128 bit RC4 encryption keys and full RSA key sizes.
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA ... a non-exportable cipher suite supporting 168 bit DES encryption keys. (The effective strength of this cipher is only 112 bits.)
SSL_RSA_EXPORT_WITH_RC4_40_MD5 ... an exportable cipher suite using weakened RC4 encryption and limited RSA key sizes.
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA ... an exportable cipher suite using weakened DES encryption, and which doesn't support authentication of servers.
SSL_RSA_WITH_NULL_MD5 ... an exportable cipher suite using no encryption and full RSA key sizes.

Returns:: the name of the session's cipher suite

getPeerHost

 public abstract String getPeerHost()

Returns the host name of the peer in this session. That is, for the server, this is the client's host, and for the client it is the server's host.

All Packages  Class Hierarchy  This Package  Previous  Next  Index