HelloCookieManager.java (was Re: Code Review Request: TLS 1.3 Implementation)
Xuelei Fan
xuelei.fan at oracle.com
Wed Jun 6 14:40:25 UTC 2018
On 6/5/2018 8:48 PM, Weijun Wang wrote:
>> On 6/5/2018 6:54 AM, Weijun Wang wrote:
>>> HelloCookieManager.java:
>>> 44 HelloCookieManager(SecureRandom secureRandom) {
>>> 45 this.secureRandom = secureRandom;
>>> 46 }
>>> 47
>>> 48 HelloCookieManager valueOf(ProtocolVersion protocolVersion) {
>>> Why not just create a static method and make HelloCookieManager abstract?
>>> static HelloCookieManager of(SecureRandom secureRandom, ProtocolVersion protocolVersion)
>>> I haven't seen "raw" HelloCookieManager used anywhere.
>> For every SSLContext, the SecureRandom may be different, so we need a different HelloCookieManager instance and cookie managers for each SSLContext instance:
>>
>> SSLContextImpl.java
>> -------------------
>> 253 helloCookieManager = new HelloCookieManager(secureRandom);
>
> So the main benefit of the current implementation is that once a HelloCookieManager is created you can reuse the 3 child HelloCookieManager objects inside it. Right?
>
Yes.
> If so, I'm OK with the current structure.
I see you concerns. The structure looks weird in some sense, although
it is easier for a package private class. Let me see if I can make an
update in the next changeset.
Thanks,
Xuelei
> My major concern is, since the "base" HelloCookieManager is never useful we should take great care not to create an instance of it. How about this?
>
> 1. Make HelloCookieManager abstract.
>
> 2. Create an non-abstract inner class HelloCookieManager$Builder and move the 3 real instances there.
>
> 3. Inside SSLContextImpl, store a field of HelloCookieManager$Builder, and in getHelloCookieManager(), call "builder.get(protocolVersion)" to return one of the 3 real instances.
>
>
> If the reuse of the 3 real instances is not a big benefit, you can just make HelloCookieManager abstract and create a new child instance in every getHelloCookieManager() call.
>
> Anyway, I feel uncomfortable that the base HelloCookieManager class can be instantiated.
>
> Thanks
> Max
>
>
>>>> On Jun 5, 2018, at 12:12 PM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>>>
>>>>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.01
>
More information about the security-dev
mailing list