ticketKeys returns the ticketKeys for this connection. If configForClient has explicitly set keys, those will be returned. Otherwise, the keys on c will be used and may be rotated if auto-managed. During rotation, any expired session ticket keys are deleted from c.sessionTicketKeys. If the session t
(configForClient *Config)
| 1064 | // is not fresh, then a new session ticket key will be |
| 1065 | // created and prepended to c.sessionTicketKeys. |
| 1066 | func (c *Config) ticketKeys(configForClient *Config) []ticketKey { |
| 1067 | // If the ConfigForClient callback returned a Config with explicitly set |
| 1068 | // keys, use those, otherwise just use the original Config. |
| 1069 | if configForClient != nil { |
| 1070 | configForClient.mutex.RLock() |
| 1071 | if configForClient.SessionTicketsDisabled { |
| 1072 | configForClient.mutex.RUnlock() |
| 1073 | return nil |
| 1074 | } |
| 1075 | configForClient.initLegacySessionTicketKeyRLocked() |
| 1076 | if len(configForClient.sessionTicketKeys) != 0 { |
| 1077 | ret := configForClient.sessionTicketKeys |
| 1078 | configForClient.mutex.RUnlock() |
| 1079 | return ret |
| 1080 | } |
| 1081 | configForClient.mutex.RUnlock() |
| 1082 | } |
| 1083 | |
| 1084 | c.mutex.RLock() |
| 1085 | defer c.mutex.RUnlock() |
| 1086 | if c.SessionTicketsDisabled { |
| 1087 | return nil |
| 1088 | } |
| 1089 | c.initLegacySessionTicketKeyRLocked() |
| 1090 | if len(c.sessionTicketKeys) != 0 { |
| 1091 | return c.sessionTicketKeys |
| 1092 | } |
| 1093 | // Fast path for the common case where the key is fresh enough. |
| 1094 | if len(c.autoSessionTicketKeys) > 0 && c.time().Sub(c.autoSessionTicketKeys[0].created) < ticketKeyRotation { |
| 1095 | return c.autoSessionTicketKeys |
| 1096 | } |
| 1097 | |
| 1098 | // autoSessionTicketKeys are managed by auto-rotation. |
| 1099 | c.mutex.RUnlock() |
| 1100 | defer c.mutex.RLock() |
| 1101 | c.mutex.Lock() |
| 1102 | defer c.mutex.Unlock() |
| 1103 | // Re-check the condition in case it changed since obtaining the new lock. |
| 1104 | if len(c.autoSessionTicketKeys) == 0 || c.time().Sub(c.autoSessionTicketKeys[0].created) >= ticketKeyRotation { |
| 1105 | var newKey [32]byte |
| 1106 | if _, err := io.ReadFull(c.rand(), newKey[:]); err != nil { |
| 1107 | panic(fmt.Sprintf("unable to generate random session ticket key: %v", err)) |
| 1108 | } |
| 1109 | valid := make([]ticketKey, 0, len(c.autoSessionTicketKeys)+1) |
| 1110 | valid = append(valid, c.ticketKeyFromBytes(newKey)) |
| 1111 | for _, k := range c.autoSessionTicketKeys { |
| 1112 | // While rotating the current key, also remove any expired ones. |
| 1113 | if c.time().Sub(k.created) < ticketKeyLifetime { |
| 1114 | valid = append(valid, k) |
| 1115 | } |
| 1116 | } |
| 1117 | c.autoSessionTicketKeys = valid |
| 1118 | } |
| 1119 | return c.autoSessionTicketKeys |
| 1120 | } |
| 1121 | |
| 1122 | // SetSessionTicketKeys updates the session ticket keys for a server. |
| 1123 | // |
no test coverage detected