BCJSSE: Keep original creation time across session lifetime

Author: peterdettman

tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLSession.java

@@ -17,9 +17,9 @@ class ProvSSLSession
     protected final JsseSessionParameters jsseSessionParameters;
 
     ProvSSLSession(ProvSSLSessionContext sslSessionContext, ConcurrentHashMap<String, Object> valueMap, String peerHost,
-        int peerPort, TlsSession tlsSession, JsseSessionParameters jsseSessionParameters)
+        int peerPort, long creationTime, TlsSession tlsSession, JsseSessionParameters jsseSessionParameters)
     {
-        super(sslSessionContext, valueMap, peerHost, peerPort);
+        super(sslSessionContext, valueMap, peerHost, peerPort, creationTime);
 
         this.tlsSession = tlsSession;
         this.sessionParameters = tlsSession == null ? null : tlsSession.exportSessionParameters();
@@ -110,6 +110,7 @@ public boolean isValid()
     static final ProvSSLSession createDummySession()
     {
         // NB: Allow session value binding on failed connections for SunJSSE compatibility 
-        return new ProvSSLSession(null, createValueMap(), null, -1, null, new JsseSessionParameters(null, null));
+        return new ProvSSLSession(null, createValueMap(), null, -1, createCreationTime(), null,
+            new JsseSessionParameters(null, null));
     }
 }

tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLSessionBase.java

@@ -36,15 +36,15 @@ abstract class ProvSSLSessionBase
     protected final AtomicLong lastAccessedTime;
 
     ProvSSLSessionBase(ProvSSLSessionContext sslSessionContext, ConcurrentHashMap<String, Object> valueMap,
-        String peerHost, int peerPort)
+        String peerHost, int peerPort, long creationTime)
     {
         this.sslSessionContext = new AtomicReference<ProvSSLSessionContext>(sslSessionContext);
         this.valueMap = valueMap;
         this.fipsMode = (null == sslSessionContext) ? false : sslSessionContext.getContextData().isFipsMode();
         this.crypto = (null == sslSessionContext) ? null : sslSessionContext.getContextData().getCrypto();
         this.peerHost = peerHost;
         this.peerPort = peerPort;
-        this.creationTime = System.currentTimeMillis();
+        this.creationTime = creationTime;
         this.exportSSLSession = SSLSessionUtil.exportSSLSession(this);
         this.lastAccessedTime = new AtomicLong(creationTime);
     }
@@ -358,6 +358,11 @@ private void implInvalidate(boolean removeFromSessionContext)
         invalidateTLS();
     }
 
+    protected static long createCreationTime()
+    {
+        return System.currentTimeMillis();
+    }
+
     protected static ConcurrentHashMap<String, Object> createValueMap()
     {
         return new ConcurrentHashMap<String, Object>();

tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLSessionContext.java

@@ -96,8 +96,8 @@ synchronized ProvSSLSession reportSession(ProvSSLSessionHandshake handshakeSessi
 
         if (!addToCache)
         {
-            return new ProvSSLSession(this, handshakeSession.getValueMap(), peerHost, peerPort, tlsSession,
-                jsseSessionParameters);
+            return new ProvSSLSession(this, handshakeSession.getValueMap(), peerHost, peerPort,
+                handshakeSession.getCreationTime(), tlsSession, jsseSessionParameters);
         }
 
         SessionID sessionID = makeSessionID(tlsSession.getSessionID());
@@ -106,8 +106,8 @@ synchronized ProvSSLSession reportSession(ProvSSLSessionHandshake handshakeSessi
         ProvSSLSession session = sessionEntry == null ? null : sessionEntry.get();
         if (null == session || session.getTlsSession() != tlsSession)
         {
-            session = new ProvSSLSession(this, handshakeSession.getValueMap(), peerHost, peerPort, tlsSession,
-                jsseSessionParameters);
+            session = new ProvSSLSession(this, handshakeSession.getValueMap(), peerHost, peerPort,
+                handshakeSession.getCreationTime(), tlsSession, jsseSessionParameters);
 
             if (null != sessionID)
             {

tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLSessionHandshake.java

@@ -20,14 +20,15 @@ class ProvSSLSessionHandshake
     ProvSSLSessionHandshake(ProvSSLSessionContext sslSessionContext, String peerHost, int peerPort,
         SecurityParameters securityParameters, JsseSecurityParameters jsseSecurityParameters)
     {
-        this(sslSessionContext, createValueMap(), peerHost, peerPort, securityParameters, jsseSecurityParameters);
+        this(sslSessionContext, createValueMap(), peerHost, peerPort, createCreationTime(), securityParameters,
+            jsseSecurityParameters);
     }
 
     protected ProvSSLSessionHandshake(ProvSSLSessionContext sslSessionContext,
-        ConcurrentHashMap<String, Object> valueMap, String peerHost, int peerPort,
+        ConcurrentHashMap<String, Object> valueMap, String peerHost, int peerPort, long creationTime,
         SecurityParameters securityParameters, JsseSecurityParameters jsseSecurityParameters)
     {
-        super(sslSessionContext, valueMap, peerHost, peerPort);
+        super(sslSessionContext, valueMap, peerHost, peerPort, creationTime);
 
         this.securityParameters = securityParameters;
         this.jsseSecurityParameters = jsseSecurityParameters;

tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLSessionResumed.java

@@ -16,8 +16,8 @@ class ProvSSLSessionResumed
         SecurityParameters securityParameters, JsseSecurityParameters jsseSecurityParameters,
         ProvSSLSession resumedSession)
     {
-        super(sslSessionContext, resumedSession.getValueMap(), peerHost, peerPort, securityParameters,
-            jsseSecurityParameters);
+        super(sslSessionContext, resumedSession.getValueMap(), peerHost, peerPort, resumedSession.getCreationTime(),
+            securityParameters, jsseSecurityParameters);
 
         this.tlsSession = resumedSession.getTlsSession();
         this.sessionParameters = tlsSession.exportSessionParameters();