diff --git a/scandium-core/src/main/java/org/eclipse/californium/scandium/DTLSConnector.java b/scandium-core/src/main/java/org/eclipse/californium/scandium/DTLSConnector.java index 63bc219893..d5d4b8b86e 100644 --- a/scandium-core/src/main/java/org/eclipse/californium/scandium/DTLSConnector.java +++ b/scandium-core/src/main/java/org/eclipse/californium/scandium/DTLSConnector.java @@ -2110,7 +2110,15 @@ private boolean isClientInControlOfSourceIpAddress(ClientHello clientHello, Reco connections.setConnectionBySessionId(sessionConnection); if (sessionConnection != null) { // found provided session. - return true; + SessionTicket ticket; + if (sessionConnection.hasEstablishedSession()) { + ticket = sessionConnection.getEstablishedSession().getSessionTicket(); + } else { + ticket = sessionConnection.getSessionTicket(); + } + if (verifySessionForResumption(clientHello, ticket)) { + return true; + } } } } @@ -2179,21 +2187,7 @@ private void resumeExistingSession(ClientHello clientHello, Record record, final } else { ticket = previousConnection.getSessionTicket(); } - boolean ok = true; - if (ticket != null && config.isSniEnabled()) { - ServerNames serverNames1 = ticket.getServerNames(); - ServerNames serverNames2 = null; - ServerNameExtension extension = clientHello.getServerNameExtension(); - if (extension != null) { - serverNames2 = extension.getServerNames(); - } - if (serverNames1 != null) { - ok = serverNames1.equals(serverNames2); - } else if (serverNames2 != null) { - // invalidate ticket, server names mismatch - ok = false; - } - } + boolean ok = verifySessionForResumption(clientHello, ticket); if (!ok && ticket != null) { SecretUtil.destroy(ticket); ticket = null; @@ -2243,6 +2237,25 @@ public void handshakeFailed(Handshaker handshaker, Throwable error) { startNewHandshake(clientHello, record, connection); } } + + private boolean verifySessionForResumption(ClientHello clientHello, SessionTicket ticket) { + boolean ok = true; + if (ticket != null && config.isSniEnabled()) { + ServerNames serverNames1 = ticket.getServerNames(); + ServerNames serverNames2 = null; + ServerNameExtension extension = clientHello.getServerNameExtension(); + if (extension != null) { + serverNames2 = extension.getServerNames(); + } + if (serverNames1 != null) { + ok = serverNames1.equals(serverNames2); + } else if (serverNames2 != null) { + // invalidate ticket, server names mismatch + ok = false; + } + } + return ok; + } private void sendHelloVerify(ClientHello clientHello, Record record, byte[] expectedCookie) throws GeneralSecurityException { // send CLIENT_HELLO_VERIFY with cookie in order to prevent diff --git a/scandium-core/src/test/java/org/eclipse/californium/scandium/DTLSConnectorResumeTest.java b/scandium-core/src/test/java/org/eclipse/californium/scandium/DTLSConnectorResumeTest.java index bb1cc147eb..10ce5b18f4 100644 --- a/scandium-core/src/test/java/org/eclipse/californium/scandium/DTLSConnectorResumeTest.java +++ b/scandium-core/src/test/java/org/eclipse/californium/scandium/DTLSConnectorResumeTest.java @@ -41,7 +41,6 @@ import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.HashMap; -import java.util.List; import java.util.Map; import java.util.concurrent.ExecutorService; import java.util.concurrent.TimeUnit; @@ -60,6 +59,7 @@ import org.eclipse.californium.elements.rule.ThreadsRule; import org.eclipse.californium.elements.util.ExecutorsUtil; import org.eclipse.californium.elements.util.SimpleMessageCallback; +import org.eclipse.californium.elements.util.TestConditionTools; import org.eclipse.californium.elements.util.TestScope; import org.eclipse.californium.elements.util.TestThreadFactory; import org.eclipse.californium.scandium.ConnectorHelper.BuilderSetup; @@ -73,7 +73,6 @@ import org.eclipse.californium.scandium.dtls.DtlsTestTools; import org.eclipse.californium.scandium.dtls.InMemoryClientSessionCache; import org.eclipse.californium.scandium.dtls.InMemoryConnectionStore; -import org.eclipse.californium.scandium.dtls.Record; import org.eclipse.californium.scandium.dtls.SessionId; import org.eclipse.californium.scandium.dtls.SessionTicket; import org.eclipse.californium.scandium.dtls.cipher.CipherSuite; @@ -138,8 +137,9 @@ public class DTLSConnectorResumeTest { Class clientPrincipalType; DTLSConnector client; InMemoryConnectionStore clientConnectionStore; - List lastReceivedFlight; + DtlsHealthLogger clientHealth; + public static interface TypedBuilderSetup extends BuilderSetup { Class getPrincipalType(); } @@ -448,10 +448,11 @@ public static void tearDown() { @Before public void setUp() throws Exception { clientConnectionStore = new InMemoryConnectionStore(CLIENT_CONNECTION_STORE_CAPACITY, 60); + clientHealth = new DtlsHealthLogger("client"); DtlsConnectorConfig.Builder builder = createClientConfigBuilder("client", null); + builder.setHealthHandler(clientHealth); DtlsConnectorConfig clientConfig = builder.build(); - client = new DTLSConnector(clientConfig, clientConnectionStore); client.setExecutor(executor); } @@ -461,7 +462,9 @@ public void cleanUp() { if (client != null) { client.destroy(); } - lastReceivedFlight = null; + if (clientHealth != null) { + clientHealth.reset(); + } serverHelper.cleanUpServer(); } @@ -924,6 +927,7 @@ public void testConnectorPerformsFullHandshakeWhenResumingWithDifferentSni() thr final String msg = "Hello Again"; clientRawDataChannel.setLatchCount(1); + clientHealth.reset(); // send message RawData data = RawData.outbound(msg.getBytes(), new AddressEndpointContext(serverHelper.serverEndpoint, SERVERNAME_ALT, null), null, false); client.send(data); @@ -933,6 +937,7 @@ public void testConnectorPerformsFullHandshakeWhenResumingWithDifferentSni() thr connection = clientConnectionStore.get(serverHelper.serverEndpoint); assertThat(connection.getEstablishedSession().getSessionIdentifier(), not(equalTo(sessionId))); assertClientIdentity(clientPrincipalType); + TestConditionTools.assertStatisticCounter(clientHealth, "received records", is(4L)); } @Test