9#include <botan/tls_session_manager.h>
11#include <botan/assert.h>
13#include <botan/tls_callbacks.h>
14#include <botan/tls_policy.h>
24 const std::optional<Session_ID>&
id,
25 bool tls12_no_ticket) {
34 store(session, handle);
46 if(!session.has_value()) {
51 const std::chrono::seconds policy_lifetime =
72 const auto ticket_age =
73 std::chrono::duration_cast<std::chrono::seconds>(callbacks.
tls_current_timestamp() - session->start_time());
74 const bool expired = ticket_age > policy_lifetime;
84std::vector<Session_with_Handle> Session_Manager::find_and_filter(
const Server_Information& info,
89 const std::chrono::seconds policy_lifetime =
97 constexpr unsigned int max_attempts = 10;
98 std::vector<Session_with_Handle> sessions_and_handles;
102 for(
unsigned int attempt = 0; attempt < max_attempts && sessions_and_handles.empty(); ++attempt) {
103 sessions_and_handles =
find_some(info, max_sessions_hint);
106 if(sessions_and_handles.empty()) {
110 std::erase_if(sessions_and_handles, [&](
const auto& session) {
111 const auto age = std::chrono::duration_cast<std::chrono::seconds>(now - session.session.start_time());
143 const auto session_lifetime_hint = session.session.lifetime_hint();
144 const bool expired = age > std::min(policy_lifetime, session_lifetime_hint);
154 return sessions_and_handles;
166 std::optional<lock_guard_type<recursive_mutex_type>> lk;
167 if(!allow_reusing_tickets) {
171 auto sessions_and_handles = find_and_filter(info, callbacks, policy);
176 while(session_limit > 0 && sessions_and_handles.size() > session_limit) {
177 sessions_and_handles.pop_back();
186 if(!allow_reusing_tickets) {
190 for(
const auto& [session, handle] : sessions_and_handles) {
191 if(!session.version().is_pre_tls_13() || !handle.is_id()) {
197 return sessions_and_handles;
200#if defined(BOTAN_HAS_TLS_13)
203 const std::vector<PskIdentity>& tickets,
204 std::string_view hash_function,
210 for(uint16_t i = 0;
const auto& ticket : tickets) {
212 if(session.has_value() && session->ciphersuite().prf_algo() == hash_function &&
213 session->version().is_tls_13_or_later()) {
214 return std::pair{std::move(session.value()), i};
#define BOTAN_ASSERT_NOMSG(expr)
#define BOTAN_ASSERT_NONNULL(ptr)
#define BOTAN_ASSERT(expr, assertion_made)
virtual std::chrono::system_clock::time_point tls_current_timestamp()
virtual bool reuse_session_tickets() const
virtual size_t maximum_session_tickets_per_client_hello() const
virtual std::chrono::seconds session_ticket_lifetime() const
Connection_Side side() const
Helper class to embody a session handle in all protocol versions.
virtual std::optional< std::pair< Session, uint16_t > > choose_from_offered_tickets(const std::vector< PskIdentity > &tickets, std::string_view hash_function, Callbacks &callbacks, const Policy &policy)
virtual size_t remove(const Session_Handle &handle)=0
virtual std::optional< Session > retrieve_one(const Session_Handle &handle)=0
Internal retrieval function for a single session.
virtual void store(const Session &session, const Session_Handle &handle)=0
Save a Session under a Session_Handle (TLS Client)
recursive_mutex_type & mutex()
BOTAN_FUTURE_EXPLICIT Session_Manager(const std::shared_ptr< RandomNumberGenerator > &rng)
virtual std::vector< Session_with_Handle > find_some(const Server_Information &info, size_t max_sessions_hint)=0
Internal retrieval function to find sessions to resume.
virtual std::optional< Session_Handle > establish(const Session &session, const std::optional< Session_ID > &id=std::nullopt, bool tls12_no_ticket=false)
Save a new Session and assign a Session_Handle (TLS Server)
virtual std::vector< Session_with_Handle > find(const Server_Information &info, Callbacks &callbacks, const Policy &policy)
Find all sessions that match a given server info.
std::shared_ptr< RandomNumberGenerator > m_rng
virtual std::optional< Session > retrieve(const Session_Handle &handle, Callbacks &callbacks, const Policy &policy)
Retrieves a specific session given a handle.
Strong< std::vector< uint8_t >, struct Session_ID_ > Session_ID
holds a TLS 1.2 session ID for stateful resumption
Strong< std::vector< uint8_t >, struct Opaque_Session_Handle_ > Opaque_Session_Handle
holds an opaque session handle as used in TLS 1.3 that could be either a ticket for stateless resumpt...