< prev index next >
src/java.base/share/classes/sun/security/ssl/PostHandshakeContext.java
Print this page
rev 52896 : 8229733: TLS message handling improvements
Summary: Includes changes to TransportContext from JDK-8211018
Reviewed-by: andrew
*** 28,60 ****
import java.io.IOException;
import java.nio.BufferOverflowException;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.util.ArrayList;
- import java.util.LinkedHashMap;
- import java.util.Map;
/**
* A compact implementation of HandshakeContext for post-handshake messages
*/
final class PostHandshakeContext extends HandshakeContext {
- private final static Map<Byte, SSLConsumer> consumers = Map.of(
- SSLHandshake.KEY_UPDATE.id, SSLHandshake.KEY_UPDATE,
- SSLHandshake.NEW_SESSION_TICKET.id, SSLHandshake.NEW_SESSION_TICKET);
-
PostHandshakeContext(TransportContext context) throws IOException {
super(context);
if (!negotiatedProtocol.useTLS13PlusSpec()) {
throw conContext.fatal(Alert.UNEXPECTED_MESSAGE,
"Post-handshake not supported in " + negotiatedProtocol.name);
}
! this.localSupportedSignAlgs = new ArrayList<SignatureScheme>(
context.conSession.getLocalSupportedSignatureSchemes());
! handshakeConsumers = new LinkedHashMap<>(consumers);
handshakeFinished = true;
}
@Override
void kickstart() throws IOException {
--- 28,67 ----
import java.io.IOException;
import java.nio.BufferOverflowException;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.util.ArrayList;
/**
* A compact implementation of HandshakeContext for post-handshake messages
*/
final class PostHandshakeContext extends HandshakeContext {
PostHandshakeContext(TransportContext context) throws IOException {
super(context);
if (!negotiatedProtocol.useTLS13PlusSpec()) {
throw conContext.fatal(Alert.UNEXPECTED_MESSAGE,
"Post-handshake not supported in " + negotiatedProtocol.name);
}
! this.localSupportedSignAlgs = new ArrayList<>(
context.conSession.getLocalSupportedSignatureSchemes());
! // Add the potential post-handshake consumers.
! if (context.sslConfig.isClientMode) {
! handshakeConsumers.putIfAbsent(
! SSLHandshake.KEY_UPDATE.id,
! SSLHandshake.KEY_UPDATE);
! handshakeConsumers.putIfAbsent(
! SSLHandshake.NEW_SESSION_TICKET.id,
! SSLHandshake.NEW_SESSION_TICKET);
! } else {
! handshakeConsumers.putIfAbsent(
! SSLHandshake.KEY_UPDATE.id,
! SSLHandshake.KEY_UPDATE);
! }
!
handshakeFinished = true;
}
@Override
void kickstart() throws IOException {
*** 80,85 ****
--- 87,109 ----
throw conContext.fatal(Alert.DECODE_ERROR,
"Illegal handshake message: " +
SSLHandshake.nameOf(handshakeType), be);
}
}
+
+ static boolean isConsumable(TransportContext context, byte handshakeType) {
+ if (handshakeType == SSLHandshake.KEY_UPDATE.id) {
+ // The KeyUpdate handshake message does not apply to TLS 1.2 and
+ // previous protocols.
+ return context.protocolVersion.useTLS13PlusSpec();
+ }
+
+ if (handshakeType == SSLHandshake.NEW_SESSION_TICKET.id) {
+ // The new session ticket handshake message could be consumer in
+ // client side only.
+ return context.sslConfig.isClientMode;
+ }
+
+ // No more post-handshake message supported currently.
+ return false;
+ }
}
< prev index next >