/*
* Copyright (C) 2018 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef _DNS_DNSTLSSESSIONCACHE_H
#define _DNS_DNSTLSSESSIONCACHE_H
#include <mutex>
#include <deque>
#include <openssl/ssl.h>
#include <android-base/thread_annotations.h>
#include <android-base/unique_fd.h>
#include "dns/DnsTlsServer.h"
namespace android {
namespace net {
// Cache of recently seen SSL_SESSIONs. This is used to support session tickets.
// This class is thread-safe.
class DnsTlsSessionCache {
public:
// Prepare SSL objects to use this session cache. These methods must be called
// before making use of either object.
void prepareSslContext(SSL_CTX* _Nonnull ssl_ctx);
bool prepareSsl(SSL* _Nonnull ssl);
// Get the most recently discovered session. For TLS 1.3 compatibility and
// maximum privacy, each session will only be returned once, so the caller
// gains ownership of the session. (Here and throughout,
// bssl::UniquePtr<SSL_SESSION> is actually serving as a reference counted
// pointer.)
bssl::UniquePtr<SSL_SESSION> getSession() EXCLUDES(mLock);
private:
static constexpr size_t kMaxSize = 5;
static int newSessionCallback(SSL* _Nullable ssl, SSL_SESSION* _Nullable session);
std::mutex mLock;
void recordSession(SSL_SESSION* _Nullable session) EXCLUDES(mLock);
// Queue of sessions, from least recently added to most recently.
std::deque<bssl::UniquePtr<SSL_SESSION>> mSessions GUARDED_BY(mLock);
};
} // end of namespace net
} // end of namespace android
#endif // _DNS_DNSTLSSESSIONCACHE_H