Interface SSLSession
- All Known Implementing Classes:
- ExtendedSSLSession
invalidate.
 Session management policies are typically used to tune performance.
 In addition to the standard session attributes, SSL sessions expose these read-only attributes:
- Peer Identity. Sessions are between a particular client and a particular server. The identity of the peer may have been established as part of session setup. Peers are generally identified by X.509 certificate chains.
- Cipher Suite Name. Cipher suites describe the kind of cryptographic protection that's used by connections in a particular session.
- Peer Host. All connections in a session are between the same two hosts. The address of the host on the other side of the connection is available.
Sessions may be explicitly invalidated. Invalidation may also be done implicitly, when faced with certain kinds of errors.
- Since:
- 1.4
- 
Method SummaryModifier and TypeMethodDescriptionintGets the current size of the largest application data that is expected when using this session.Returns the name of the SSL cipher suite which is used for all connections in the session.longReturns the time at which this Session representation was created, in milliseconds since midnight, January 1, 1970 UTC.byte[]getId()Returns the identifier assigned to this Session.longReturns the last time this Session representation was accessed by the session level infrastructure, in milliseconds since midnight, January 1, 1970 UTC.Returns the certificate(s) that were sent to the peer during handshaking.Returns the principal that was sent to the peer during handshaking.intGets the current size of the largest SSL/TLS/DTLS packet that is expected when using this session.default X509Certificate[]Deprecated, for removal: This API element is subject to removal in a future version.Returns the identity of the peer which was established as part of defining the session.Returns the host name of the peer in this session.intReturns the port number of the peer in this session.Returns the identity of the peer which was established as part of defining the session.Returns the standard name of the protocol used for all connections in the session.Returns the context in which this session is bound.Returns the object bound to the given name in the session's application layer data.String[]Returns an array of the names of all the application layer data objects bound into the Session.voidInvalidates the session.booleanisValid()Returns whether this session is valid and available for resuming or joining.voidBinds the specifiedvalueobject into the session's application layer data with the givenname.voidremoveValue(String name) Removes the object bound to the given name in the session's application layer data.
- 
Method Details- 
getIdbyte[] getId()Returns the identifier assigned to this Session.- Returns:
- the Session identifier
 
- 
getSessionContextSSLSessionContext getSessionContext()Returns the context in which this session is bound.This context may be unavailable in some environments, in which case this method returns null. - Returns:
- the session context used for this session, or null if the context is unavailable.
 
- 
getCreationTimelong getCreationTime()Returns the time at which this Session representation was created, in milliseconds since midnight, January 1, 1970 UTC.- Returns:
- the time this Session was created
 
- 
getLastAccessedTimelong getLastAccessedTime()Returns the last time this Session representation was accessed by the session level infrastructure, in milliseconds since midnight, January 1, 1970 UTC.Access indicates a new connection being established using session data. Application level operations, such as getting or setting a value associated with the session, are not reflected in this access time. This information is particularly useful in session management policies. For example, a session manager thread could leave all sessions in a given context which haven't been used in a long time; or, the sessions might be sorted according to age to optimize some task. - Returns:
- the last time this Session was accessed
 
- 
invalidatevoid invalidate()Invalidates the session.Future connections will not be able to resume or join this session. However, any existing connection using this session can continue to use the session until the connection is closed. - See Also:
 
- 
isValidboolean isValid()Returns whether this session is valid and available for resuming or joining.- Returns:
- true if this session may be rejoined.
- Since:
- 1.5
- See Also:
 
- 
putValueBinds the specifiedvalueobject into the session's application layer data with the givenname.Any existing binding using the same nameis replaced. If the new (or existing)valueimplements theSSLSessionBindingListenerinterface, the object represented byvalueis notified appropriately.- Parameters:
- name- the name to which the data object will be bound. This may not be null.
- value- the data object to be bound. This may not be null.
- Throws:
- IllegalArgumentException- if either argument is null.
 
- 
getValueReturns the object bound to the given name in the session's application layer data. Returns null if there is no such binding.- Parameters:
- name- the name of the binding to find.
- Returns:
- the value bound to that name, or null if the binding does not exist.
- Throws:
- IllegalArgumentException- if the argument is null.
 
- 
removeValueRemoves the object bound to the given name in the session's application layer data. Does nothing if there is no object bound to the given name. If the bound existing object implements theSSLSessionBindingListenerinterface, it is notified appropriately.- Parameters:
- name- the name of the object to remove
- Throws:
- IllegalArgumentException- if the argument is null.
 
- 
getValueNamesString[] getValueNames()Returns an array of the names of all the application layer data objects bound into the Session.- Returns:
- a non-null (possibly empty) array of names of the objects bound to this Session.
 
- 
getPeerCertificatesReturns the identity of the peer which was established as part of defining the session.Note: This method can be used only when using certificate-based cipher suites; using it with non-certificate-based cipher suites, such as Kerberos, will throw an SSLPeerUnverifiedException. Note: The returned value may not be a valid certificate chain and should not be relied on for trust decisions. - Returns:
- an ordered array of peer certificates, with the peer's own certificate first followed by any certificate authorities.
- Throws:
- SSLPeerUnverifiedException- if the peer's identity has not been verified
- See Also:
 
- 
getLocalCertificatesCertificate[] getLocalCertificates()Returns the certificate(s) that were sent to the peer during handshaking.Note: This method is useful only when using certificate-based cipher suites. When multiple certificates are available for use in a handshake, the implementation chooses what it considers the "best" certificate chain available, and transmits that to the other side. This method allows the caller to know which certificate chain was actually used. - Returns:
- an ordered array of certificates, with the local certificate first followed by any certificate authorities. If no certificates were sent, then null is returned.
- See Also:
 
- 
getPeerCertificateChain@Deprecated(since="9", forRemoval=true) default X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedExceptionDeprecated, for removal: This API element is subject to removal in a future version.ThegetPeerCertificates()method that returns an array ofjava.security.cert.Certificateshould be used instead.Returns the identity of the peer which was identified as part of defining the session.Note: This method can be used only when using certificate-based cipher suites; using it with non-certificate-based cipher suites, such as Kerberos, will throw an SSLPeerUnverifiedException. Note: The returned value may not be a valid certificate chain and should not be relied on for trust decisions. Note: this method exists for compatibility with previous releases. New applications should use getPeerCertificates()instead.- Implementation Requirements:
- This default implementation throws UnsupportedOperationException.
- Returns:
- an ordered array of peer X.509 certificates,
          with the peer's own certificate first followed by any
          certificate authorities.  (The certificates are in
          the original JSSE certificate
          X509Certificateformat.)
- Throws:
- SSLPeerUnverifiedException- if the peer's identity has not been verified.
- UnsupportedOperationException- if the underlying provider does not implement the operation.
- See Also:
 
- 
getPeerPrincipalReturns the identity of the peer which was established as part of defining the session.- Returns:
- the peer's principal. Returns an X500Principal of the end-entity certificate for X509-based cipher suites, and KerberosPrincipal for Kerberos cipher suites.
- Throws:
- SSLPeerUnverifiedException- if the peer's identity has not been verified
- Since:
- 1.5
- See Also:
 
- 
getLocalPrincipalPrincipal getLocalPrincipal()Returns the principal that was sent to the peer during handshaking.- Returns:
- the principal sent to the peer. Returns an X500Principal of the end-entity certificate for X509-based cipher suites, and KerberosPrincipal for Kerberos cipher suites. If no principal was sent, then null is returned.
- Since:
- 1.5
- See Also:
 
- 
getCipherSuiteString getCipherSuite()Returns the name of the SSL cipher suite which is used for all connections in the session.This defines the level of protection provided to the data sent on the connection, including the kind of encryption used and most aspects of how authentication is done. - Returns:
- the name of the session's cipher suite
 
- 
getProtocolString getProtocol()Returns the standard name of the protocol used for all connections in the session.This defines the protocol used in the connection. - Returns:
- the standard name of the protocol used for all connections in the session.
 
- 
getPeerHostString getPeerHost()Returns the host name of the peer in this session.For the server, this is the client's host; and for the client, it is the server's host. The name may not be a fully qualified host name or even a host name at all as it may represent a string encoding of the peer's network address. If such a name is desired, it might be resolved through a name service based on the value returned by this method. This value is not authenticated and should not be relied upon. It is mainly used as a hint for SSLSessioncaching strategies.- Returns:
- the host name of the peer host, or null if no information is available.
 
- 
getPeerPortint getPeerPort()Returns the port number of the peer in this session.For the server, this is the client's port number; and for the client, it is the server's port number. This value is not authenticated and should not be relied upon. It is mainly used as a hint for SSLSessioncaching strategies.- Returns:
- the port number of the peer host, or -1 if no information is available.
- Since:
- 1.5
 
- 
getPacketBufferSizeint getPacketBufferSize()Gets the current size of the largest SSL/TLS/DTLS packet that is expected when using this session.An SSLEngineusing this session may generate SSL/TLS/DTLS packets of any size up to and including the value returned by this method. AllSSLEnginenetwork buffers should be sized at least this large to avoid insufficient space problems when performingwrapandunwrapcalls.- Returns:
- the current maximum expected network packet size
- Since:
- 1.5
- See Also:
 
- 
getApplicationBufferSizeint getApplicationBufferSize()Gets the current size of the largest application data that is expected when using this session.SSLEngineapplication data buffers must be large enough to hold the application data from any inbound network application data packet received. Typically, outbound application data buffers can be of any size.- Returns:
- the current maximum expected application packet size
- Since:
- 1.5
- See Also:
 
 
- 
getPeerCertificates()method that returns an array ofjava.security.cert.Certificateshould be used instead.