src/java.base/share/classes/sun/security/ssl/PostHandshakeContext.java

rev 52896 : 8229733: TLS message handling improvements
Summary: Includes changes to TransportContext from JDK-8211018
Reviewed-by: andrew

*** 28,60 ****
  import java.io.IOException;
  import java.nio.BufferOverflowException;
  import java.nio.BufferUnderflowException;
  import java.nio.ByteBuffer;
  import java.util.ArrayList;
- import java.util.LinkedHashMap;
- import java.util.Map;
  
  /**
   * A compact implementation of HandshakeContext for post-handshake messages
   */
  final class PostHandshakeContext extends HandshakeContext {
-     private final static Map<Byte, SSLConsumer> consumers = Map.of(
-         SSLHandshake.KEY_UPDATE.id, SSLHandshake.KEY_UPDATE,
-         SSLHandshake.NEW_SESSION_TICKET.id, SSLHandshake.NEW_SESSION_TICKET);
- 
      PostHandshakeContext(TransportContext context) throws IOException {
          super(context);
  
          if (!negotiatedProtocol.useTLS13PlusSpec()) {
              throw conContext.fatal(Alert.UNEXPECTED_MESSAGE,
                  "Post-handshake not supported in " + negotiatedProtocol.name);
          }
  
!         this.localSupportedSignAlgs = new ArrayList<SignatureScheme>(
              context.conSession.getLocalSupportedSignatureSchemes());
  
!         handshakeConsumers = new LinkedHashMap<>(consumers);
          handshakeFinished = true;
      }
  
      @Override
      void kickstart() throws IOException {
--- 28,67 ----
  import java.io.IOException;
  import java.nio.BufferOverflowException;
  import java.nio.BufferUnderflowException;
  import java.nio.ByteBuffer;
  import java.util.ArrayList;
  
  /**
   * A compact implementation of HandshakeContext for post-handshake messages
   */
  final class PostHandshakeContext extends HandshakeContext {
      PostHandshakeContext(TransportContext context) throws IOException {
          super(context);
  
          if (!negotiatedProtocol.useTLS13PlusSpec()) {
              throw conContext.fatal(Alert.UNEXPECTED_MESSAGE,
                  "Post-handshake not supported in " + negotiatedProtocol.name);
          }
  
!         this.localSupportedSignAlgs = new ArrayList<>(
              context.conSession.getLocalSupportedSignatureSchemes());
  
!         // Add the potential post-handshake consumers.
!         if (context.sslConfig.isClientMode) {
!             handshakeConsumers.putIfAbsent(
!                     SSLHandshake.KEY_UPDATE.id,
!                     SSLHandshake.KEY_UPDATE);
!             handshakeConsumers.putIfAbsent(
!                     SSLHandshake.NEW_SESSION_TICKET.id,
!                     SSLHandshake.NEW_SESSION_TICKET);
!         } else {
!             handshakeConsumers.putIfAbsent(
!                     SSLHandshake.KEY_UPDATE.id,
!                     SSLHandshake.KEY_UPDATE);
!         }
! 
          handshakeFinished = true;
      }
  
      @Override
      void kickstart() throws IOException {
*** 80,85 ****
--- 87,109 ----
              throw conContext.fatal(Alert.DECODE_ERROR,
                      "Illegal handshake message: " +
                      SSLHandshake.nameOf(handshakeType), be);
          }
      }
+ 
+     static boolean isConsumable(TransportContext context, byte handshakeType) {
+         if (handshakeType == SSLHandshake.KEY_UPDATE.id) {
+             // The KeyUpdate handshake message does not apply to TLS 1.2 and
+             // previous protocols.
+             return context.protocolVersion.useTLS13PlusSpec();
+         }
+ 
+         if (handshakeType == SSLHandshake.NEW_SESSION_TICKET.id) {
+             // The new session ticket handshake message could be consumer in
+             // client side only.
+             return context.sslConfig.isClientMode;
+         }
+ 
+         // No more post-handshake message supported currently.
+         return false;
+     }
  }