1 /* 2 * Copyright (c) 2006, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.ssl; 27 28 import java.io.IOException; 29 import java.nio.ByteBuffer; 30 import java.util.AbstractMap.SimpleImmutableEntry; 31 import java.util.Map; 32 import javax.net.ssl.SSLException; 33 34 enum SSLHandshake implements SSLConsumer, HandshakeProducer { 35 @SuppressWarnings({"unchecked", "rawtypes"}) 36 HELLO_REQUEST ((byte)0x00, "hello_request", 37 (Map.Entry<SSLConsumer, ProtocolVersion[]>[])(new Map.Entry[] { 38 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 39 HelloRequest.handshakeConsumer, 40 ProtocolVersion.PROTOCOLS_TO_12 41 ) 42 }), 43 (Map.Entry<HandshakeProducer, ProtocolVersion[]>[])(new Map.Entry[] { 44 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 45 HelloRequest.handshakeProducer, 46 ProtocolVersion.PROTOCOLS_TO_12 47 ) 48 })), 49 50 @SuppressWarnings({"unchecked", "rawtypes"}) 51 CLIENT_HELLO ((byte)0x01, "client_hello", 52 (Map.Entry<SSLConsumer, ProtocolVersion[]>[])(new Map.Entry[] { 53 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 54 ClientHello.handshakeConsumer, 55 ProtocolVersion.PROTOCOLS_TO_13 56 ) 57 }), 58 (Map.Entry<HandshakeProducer, ProtocolVersion[]>[])(new Map.Entry[] { 59 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 60 ClientHello.handshakeProducer, 61 ProtocolVersion.PROTOCOLS_TO_13 62 ) 63 })), 64 65 @SuppressWarnings({"unchecked", "rawtypes"}) 66 SERVER_HELLO ((byte)0x02, "server_hello", 67 (Map.Entry<SSLConsumer, ProtocolVersion[]>[])(new Map.Entry[] { 68 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 69 ServerHello.handshakeConsumer, 70 ProtocolVersion.PROTOCOLS_TO_13 71 ) 72 }), 73 (Map.Entry<HandshakeProducer, ProtocolVersion[]>[])(new Map.Entry[] { 74 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 75 ServerHello.t12HandshakeProducer, 76 ProtocolVersion.PROTOCOLS_TO_12 77 ), 78 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 79 ServerHello.t13HandshakeProducer, 80 ProtocolVersion.PROTOCOLS_OF_13 81 ) 82 })), 83 84 @SuppressWarnings({"unchecked", "rawtypes"}) 85 HELLO_RETRY_REQUEST ((byte)0x02, "hello_retry_request", 86 (Map.Entry<SSLConsumer, ProtocolVersion[]>[])(new Map.Entry[] { 87 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 88 ServerHello.handshakeConsumer, // Use ServerHello consumer 89 ProtocolVersion.PROTOCOLS_TO_13 90 ) 91 }), 92 (Map.Entry<HandshakeProducer, ProtocolVersion[]>[])(new Map.Entry[] { 93 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 94 ServerHello.hrrHandshakeProducer, 95 ProtocolVersion.PROTOCOLS_OF_13 96 ) 97 })), 98 99 @SuppressWarnings({"unchecked", "rawtypes"}) 100 HELLO_VERIFY_REQUEST ((byte)0x03, "hello_verify_request", 101 (Map.Entry<SSLConsumer, ProtocolVersion[]>[])(new Map.Entry[] { 102 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 103 HelloVerifyRequest.handshakeConsumer, 104 ProtocolVersion.PROTOCOLS_TO_12 105 ) 106 }), 107 (Map.Entry<HandshakeProducer, ProtocolVersion[]>[])(new Map.Entry[] { 108 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 109 HelloVerifyRequest.handshakeProducer, 110 ProtocolVersion.PROTOCOLS_TO_12 111 ) 112 })), 113 114 @SuppressWarnings({"unchecked", "rawtypes"}) 115 NEW_SESSION_TICKET ((byte)0x04, "new_session_ticket", 116 (Map.Entry<SSLConsumer, ProtocolVersion[]>[])(new Map.Entry[] { 117 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 118 NewSessionTicket.handshakeConsumer, 119 ProtocolVersion.PROTOCOLS_OF_13 120 ) 121 }), 122 (Map.Entry<HandshakeProducer, ProtocolVersion[]>[])(new Map.Entry[] { 123 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 124 NewSessionTicket.handshakeProducer, 125 ProtocolVersion.PROTOCOLS_OF_13 126 ) 127 })), 128 END_OF_EARLY_DATA ((byte)0x05, "end_of_early_data"), 129 130 @SuppressWarnings({"unchecked", "rawtypes"}) 131 ENCRYPTED_EXTENSIONS ((byte)0x08, "encrypted_extensions", 132 (Map.Entry<SSLConsumer, ProtocolVersion[]>[])(new Map.Entry[] { 133 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 134 EncryptedExtensions.handshakeConsumer, 135 ProtocolVersion.PROTOCOLS_OF_13 136 ) 137 }), 138 (Map.Entry<HandshakeProducer, ProtocolVersion[]>[])(new Map.Entry[] { 139 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 140 EncryptedExtensions.handshakeProducer, 141 ProtocolVersion.PROTOCOLS_OF_13 142 ) 143 })), 144 145 @SuppressWarnings({"unchecked", "rawtypes"}) 146 CERTIFICATE ((byte)0x0B, "certificate", 147 (Map.Entry<SSLConsumer, ProtocolVersion[]>[])(new Map.Entry[] { 148 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 149 CertificateMessage.t12HandshakeConsumer, 150 ProtocolVersion.PROTOCOLS_TO_12 151 ), 152 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 153 CertificateMessage.t13HandshakeConsumer, 154 ProtocolVersion.PROTOCOLS_OF_13 155 ) 156 }), 157 (Map.Entry<HandshakeProducer, ProtocolVersion[]>[])(new Map.Entry[] { 158 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 159 CertificateMessage.t12HandshakeProducer, 160 ProtocolVersion.PROTOCOLS_TO_12 161 ), 162 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 163 CertificateMessage.t13HandshakeProducer, 164 ProtocolVersion.PROTOCOLS_OF_13 165 ) 166 })), 167 168 @SuppressWarnings({"unchecked", "rawtypes"}) 169 SERVER_KEY_EXCHANGE ((byte)0x0C, "server_key_exchange", 170 (Map.Entry<SSLConsumer, ProtocolVersion[]>[])(new Map.Entry[] { 171 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 172 ServerKeyExchange.handshakeConsumer, 173 ProtocolVersion.PROTOCOLS_TO_12 174 ) 175 }), 176 (Map.Entry<HandshakeProducer, ProtocolVersion[]>[])(new Map.Entry[] { 177 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 178 ServerKeyExchange.handshakeProducer, 179 ProtocolVersion.PROTOCOLS_TO_12 180 ) 181 })), 182 183 @SuppressWarnings({"unchecked", "rawtypes"}) 184 CERTIFICATE_REQUEST ((byte)0x0D, "certificate_request", 185 (Map.Entry<SSLConsumer, ProtocolVersion[]>[])(new Map.Entry[] { 186 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 187 CertificateRequest.t10HandshakeConsumer, 188 ProtocolVersion.PROTOCOLS_TO_11 189 ), 190 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 191 CertificateRequest.t12HandshakeConsumer, 192 ProtocolVersion.PROTOCOLS_OF_12 193 ), 194 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 195 CertificateRequest.t13HandshakeConsumer, 196 ProtocolVersion.PROTOCOLS_OF_13 197 ) 198 }), 199 (Map.Entry<HandshakeProducer, ProtocolVersion[]>[])(new Map.Entry[] { 200 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 201 CertificateRequest.t10HandshakeProducer, 202 ProtocolVersion.PROTOCOLS_TO_11 203 ), 204 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 205 CertificateRequest.t12HandshakeProducer, 206 ProtocolVersion.PROTOCOLS_OF_12 207 ), 208 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 209 CertificateRequest.t13HandshakeProducer, 210 ProtocolVersion.PROTOCOLS_OF_13 211 ) 212 })), 213 214 @SuppressWarnings({"unchecked", "rawtypes"}) 215 SERVER_HELLO_DONE ((byte)0x0E, "server_hello_done", 216 (Map.Entry<SSLConsumer, ProtocolVersion[]>[])(new Map.Entry[] { 217 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 218 ServerHelloDone.handshakeConsumer, 219 ProtocolVersion.PROTOCOLS_TO_12 220 ) 221 }), 222 (Map.Entry<HandshakeProducer, ProtocolVersion[]>[])(new Map.Entry[] { 223 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 224 ServerHelloDone.handshakeProducer, 225 ProtocolVersion.PROTOCOLS_TO_12 226 ) 227 })), 228 229 @SuppressWarnings({"unchecked", "rawtypes"}) 230 CERTIFICATE_VERIFY ((byte)0x0F, "certificate_verify", 231 (Map.Entry<SSLConsumer, ProtocolVersion[]>[])(new Map.Entry[] { 232 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 233 CertificateVerify.s30HandshakeConsumer, 234 ProtocolVersion.PROTOCOLS_OF_30 235 ), 236 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 237 CertificateVerify.t10HandshakeConsumer, 238 ProtocolVersion.PROTOCOLS_10_11 239 ), 240 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 241 CertificateVerify.t12HandshakeConsumer, 242 ProtocolVersion.PROTOCOLS_OF_12 243 ), 244 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 245 CertificateVerify.t13HandshakeConsumer, 246 ProtocolVersion.PROTOCOLS_OF_13 247 ) 248 }), 249 (Map.Entry<HandshakeProducer, ProtocolVersion[]>[])(new Map.Entry[] { 250 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 251 CertificateVerify.s30HandshakeProducer, 252 ProtocolVersion.PROTOCOLS_OF_30 253 ), 254 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 255 CertificateVerify.t10HandshakeProducer, 256 ProtocolVersion.PROTOCOLS_10_11 257 ), 258 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 259 CertificateVerify.t12HandshakeProducer, 260 ProtocolVersion.PROTOCOLS_OF_12 261 ), 262 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 263 CertificateVerify.t13HandshakeProducer, 264 ProtocolVersion.PROTOCOLS_OF_13 265 ) 266 })), 267 268 @SuppressWarnings({"unchecked", "rawtypes"}) 269 CLIENT_KEY_EXCHANGE ((byte)0x10, "client_key_exchange", 270 (Map.Entry<SSLConsumer, ProtocolVersion[]>[])(new Map.Entry[] { 271 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 272 ClientKeyExchange.handshakeConsumer, 273 ProtocolVersion.PROTOCOLS_TO_12 274 ) 275 }), 276 (Map.Entry<HandshakeProducer, ProtocolVersion[]>[])(new Map.Entry[] { 277 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 278 ClientKeyExchange.handshakeProducer, 279 ProtocolVersion.PROTOCOLS_TO_12 280 ) 281 })), 282 283 @SuppressWarnings({"unchecked", "rawtypes"}) 284 FINISHED ((byte)0x14, "finished", 285 (Map.Entry<SSLConsumer, ProtocolVersion[]>[])(new Map.Entry[] { 286 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 287 Finished.t12HandshakeConsumer, 288 ProtocolVersion.PROTOCOLS_TO_12 289 ), 290 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 291 Finished.t13HandshakeConsumer, 292 ProtocolVersion.PROTOCOLS_OF_13 293 ) 294 }), 295 (Map.Entry<HandshakeProducer, ProtocolVersion[]>[])(new Map.Entry[] { 296 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 297 Finished.t12HandshakeProducer, 298 ProtocolVersion.PROTOCOLS_TO_12 299 ), 300 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 301 Finished.t13HandshakeProducer, 302 ProtocolVersion.PROTOCOLS_OF_13 303 ) 304 })), 305 306 CERTIFICATE_URL ((byte)0x15, "certificate_url"), 307 308 @SuppressWarnings({"unchecked", "rawtypes"}) 309 CERTIFICATE_STATUS ((byte)0x16, "certificate_status", 310 (Map.Entry<SSLConsumer, ProtocolVersion[]>[])(new Map.Entry[] { 311 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 312 CertificateStatus.handshakeConsumer, 313 ProtocolVersion.PROTOCOLS_TO_12 314 ) 315 }), 316 (Map.Entry<HandshakeProducer, ProtocolVersion[]>[])(new Map.Entry[] { 317 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 318 CertificateStatus.handshakeProducer, 319 ProtocolVersion.PROTOCOLS_TO_12 320 ) 321 }), 322 (Map.Entry<HandshakeAbsence, ProtocolVersion[]>[])(new Map.Entry[] { 323 new SimpleImmutableEntry<HandshakeAbsence, ProtocolVersion[]>( 324 CertificateStatus.handshakeAbsence, 325 ProtocolVersion.PROTOCOLS_TO_12 326 ) 327 })), 328 329 SUPPLEMENTAL_DATA ((byte)0x17, "supplemental_data"), 330 331 @SuppressWarnings({"unchecked", "rawtypes"}) 332 KEY_UPDATE ((byte)0x18, "key_update", 333 (Map.Entry<SSLConsumer, ProtocolVersion[]>[])(new Map.Entry[] { 334 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 335 KeyUpdate.handshakeConsumer, 336 ProtocolVersion.PROTOCOLS_OF_13 337 ) 338 }), 339 (Map.Entry<HandshakeProducer, ProtocolVersion[]>[])(new Map.Entry[] { 340 new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 341 KeyUpdate.handshakeProducer, 342 ProtocolVersion.PROTOCOLS_OF_13 343 ) 344 })), 345 MESSAGE_HASH ((byte)0xFE, "message_hash"), 346 NOT_APPLICABLE ((byte)0xFF, "not_applicable"); 347 348 final byte id; 349 final String name; 350 final Map.Entry<SSLConsumer, ProtocolVersion[]>[] handshakeConsumers; 351 final Map.Entry<HandshakeProducer, ProtocolVersion[]>[] handshakeProducers; 352 final Map.Entry<HandshakeAbsence, ProtocolVersion[]>[] handshakeAbsences; 353 354 @SuppressWarnings({"unchecked", "rawtypes"}) 355 SSLHandshake(byte id, String name) { 356 this(id, name, 357 (Map.Entry<SSLConsumer, ProtocolVersion[]>[])( 358 new Map.Entry[0]), 359 (Map.Entry<HandshakeProducer, ProtocolVersion[]>[])( 360 new Map.Entry[0]), 361 (Map.Entry<HandshakeAbsence, ProtocolVersion[]>[])( 362 new Map.Entry[0])); 363 } 364 365 @SuppressWarnings({"unchecked", "rawtypes"}) 366 SSLHandshake(byte id, String name, 367 Map.Entry<SSLConsumer, ProtocolVersion[]>[] handshakeConsumers, 368 Map.Entry<HandshakeProducer, ProtocolVersion[]>[] handshakeProducers) { 369 this(id, name, handshakeConsumers, handshakeProducers, 370 (Map.Entry<HandshakeAbsence, ProtocolVersion[]>[])( 371 new Map.Entry[0])); 372 } 373 374 SSLHandshake(byte id, String name, 375 Map.Entry<SSLConsumer, ProtocolVersion[]>[] handshakeConsumers, 376 Map.Entry<HandshakeProducer, ProtocolVersion[]>[] handshakeProducers, 377 Map.Entry<HandshakeAbsence, ProtocolVersion[]>[] handshakeAbsence) { 378 this.id = id; 379 this.name = name; 380 this.handshakeConsumers = handshakeConsumers; 381 this.handshakeProducers = handshakeProducers; 382 this.handshakeAbsences = handshakeAbsence; 383 } 384 385 @Override 386 public void consume(ConnectionContext context, 387 ByteBuffer message) throws IOException { 388 SSLConsumer hc = getHandshakeConsumer(context); 389 if (hc != null) { 390 hc.consume(context, message); 391 } else { 392 throw new UnsupportedOperationException( 393 "Unsupported handshake consumer: " + this.name); 394 } 395 } 396 397 private SSLConsumer getHandshakeConsumer(ConnectionContext context) { 398 if (handshakeConsumers.length == 0) { 399 return null; 400 } 401 402 // The comsuming happens in handshake context only. 403 HandshakeContext hc = (HandshakeContext)context; 404 ProtocolVersion protocolVersion; 405 if ((hc.negotiatedProtocol == null) || 406 (hc.negotiatedProtocol == ProtocolVersion.NONE)) { 407 protocolVersion = hc.maximumActiveProtocol; 408 } else { 409 protocolVersion = hc.negotiatedProtocol; 410 } 411 412 for (Map.Entry<SSLConsumer, 413 ProtocolVersion[]> phe : handshakeConsumers) { 414 for (ProtocolVersion pv : phe.getValue()) { 415 if (protocolVersion == pv) { 416 return phe.getKey(); 417 } 418 } 419 } 420 421 return null; 422 } 423 424 @Override 425 public byte[] produce(ConnectionContext context, 426 HandshakeMessage message) throws IOException { 427 HandshakeProducer hp = getHandshakeProducer(context); 428 if (hp != null) { 429 return hp.produce(context, message); 430 } else { 431 throw new UnsupportedOperationException( 432 "Unsupported handshake producer: " + this.name); 433 } 434 } 435 436 private HandshakeProducer getHandshakeProducer( 437 ConnectionContext context) { 438 if (handshakeConsumers.length == 0) { 439 return null; 440 } 441 442 // The comsuming happens in handshake context only. 443 HandshakeContext hc = (HandshakeContext)context; 444 ProtocolVersion protocolVersion; 445 if ((hc.negotiatedProtocol == null) || 446 (hc.negotiatedProtocol == ProtocolVersion.NONE)) { 447 protocolVersion = hc.maximumActiveProtocol; 448 } else { 449 protocolVersion = hc.negotiatedProtocol; 450 } 451 452 for (Map.Entry<HandshakeProducer, 453 ProtocolVersion[]> phe : handshakeProducers) { 454 for (ProtocolVersion pv : phe.getValue()) { 455 if (protocolVersion == pv) { 456 return phe.getKey(); 457 } 458 } 459 } 460 461 return null; 462 } 463 464 @Override 465 public String toString() { 466 return name; 467 } 468 469 /* 470 static SSLHandshake valueOf(byte id) { 471 for (SSLHandshake hs : SSLHandshake.values()) { 472 if (hs.id == id) { 473 return hs; 474 } 475 } 476 477 return null; 478 } 479 */ 480 481 static String nameOf(byte id) { 482 // If two handshake message share the same handshake type, returns 483 // the first handshake message name. 484 // 485 // It is not a big issue at present as only ServerHello and 486 // HellRetryRequest share a handshake type. 487 for (SSLHandshake hs : SSLHandshake.values()) { 488 if (hs.id == id) { 489 return hs.name; 490 } 491 } 492 493 return "UNKNOWN-HANDSHAKE-MESSAGE(" + id + ")"; 494 } 495 496 static final void kickstart(HandshakeContext context) throws IOException { 497 if (context instanceof ClientHandshakeContext) { 498 // For initial handshaking, including session resumption, 499 // ClientHello message is used as the kickstart message. 500 // 501 // (D)TLS 1.2 and older protocols support renegotiation on existing 502 // connections. A ClientHello messages is used to kickstart the 503 // renegotiation. 504 // 505 // (D)TLS 1.3 forbids renegotiation. The post-handshake KeyUpdate 506 // message is used to update the sending cryptographic keys. 507 if (context.conContext.isNegotiated && 508 context.conContext.protocolVersion.useTLS13PlusSpec()) { 509 // Use KeyUpdate message for renegotiation. 510 KeyUpdate.kickstartProducer.produce(context); 511 } else { 512 // Using ClientHello message for the initial handshaking 513 // (including session resumption) or renegotiation. 514 // SSLHandshake.CLIENT_HELLO.produce(context); 515 ClientHello.kickstartProducer.produce(context); 516 } 517 } else { 518 // The server side can delivering kickstart message after the 519 // connection has established. 520 // 521 // (D)TLS 1.2 and older protocols use HelloRequest to begin a 522 // negotiation process anew. 523 // 524 // While (D)TLS 1.3 uses the post-handshake KeyUpdate message 525 // to update the sending cryptographic keys. 526 if (context.conContext.protocolVersion.useTLS13PlusSpec()) { 527 // Use KeyUpdate message for renegotiation. 528 KeyUpdate.kickstartProducer.produce(context); 529 } else { 530 // SSLHandshake.HELLO_REQUEST.produce(context); 531 HelloRequest.kickstartProducer.produce(context); 532 } 533 } 534 } 535 536 /** 537 * A (transparent) specification of handshake message. 538 */ 539 static abstract class HandshakeMessage { 540 final HandshakeContext handshakeContext; 541 542 HandshakeMessage(HandshakeContext handshakeContext) { 543 this.handshakeContext = handshakeContext; 544 } 545 546 abstract SSLHandshake handshakeType(); 547 abstract int messageLength(); 548 abstract void send(HandshakeOutStream hos) throws IOException; 549 550 void write(HandshakeOutStream hos) throws IOException { 551 int len = messageLength(); 552 if (len >= Record.OVERFLOW_OF_INT24) { 553 throw new SSLException("Handshake message is overflow" 554 + ", type = " + handshakeType() + ", len = " + len); 555 } 556 hos.write(handshakeType().id); 557 hos.putInt24(len); 558 send(hos); 559 hos.complete(); 560 } 561 } 562 }