< prev index next >
src/java.base/share/classes/sun/security/ssl/PostHandshakeContext.java
Print this page
rev 52896 : 8229733: TLS message handling improvements
Summary: Includes changes to TransportContext from JDK-8211018
Reviewed-by: andrew
@@ -28,33 +28,40 @@
import java.io.IOException;
import java.nio.BufferOverflowException;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.util.ArrayList;
-import java.util.LinkedHashMap;
-import java.util.Map;
/**
* A compact implementation of HandshakeContext for post-handshake messages
*/
final class PostHandshakeContext extends HandshakeContext {
- private final static Map<Byte, SSLConsumer> consumers = Map.of(
- SSLHandshake.KEY_UPDATE.id, SSLHandshake.KEY_UPDATE,
- SSLHandshake.NEW_SESSION_TICKET.id, SSLHandshake.NEW_SESSION_TICKET);
-
PostHandshakeContext(TransportContext context) throws IOException {
super(context);
if (!negotiatedProtocol.useTLS13PlusSpec()) {
throw conContext.fatal(Alert.UNEXPECTED_MESSAGE,
"Post-handshake not supported in " + negotiatedProtocol.name);
}
- this.localSupportedSignAlgs = new ArrayList<SignatureScheme>(
+ this.localSupportedSignAlgs = new ArrayList<>(
context.conSession.getLocalSupportedSignatureSchemes());
- handshakeConsumers = new LinkedHashMap<>(consumers);
+ // Add the potential post-handshake consumers.
+ if (context.sslConfig.isClientMode) {
+ handshakeConsumers.putIfAbsent(
+ SSLHandshake.KEY_UPDATE.id,
+ SSLHandshake.KEY_UPDATE);
+ handshakeConsumers.putIfAbsent(
+ SSLHandshake.NEW_SESSION_TICKET.id,
+ SSLHandshake.NEW_SESSION_TICKET);
+ } else {
+ handshakeConsumers.putIfAbsent(
+ SSLHandshake.KEY_UPDATE.id,
+ SSLHandshake.KEY_UPDATE);
+ }
+
handshakeFinished = true;
}
@Override
void kickstart() throws IOException {
@@ -80,6 +87,23 @@
throw conContext.fatal(Alert.DECODE_ERROR,
"Illegal handshake message: " +
SSLHandshake.nameOf(handshakeType), be);
}
}
+
+ static boolean isConsumable(TransportContext context, byte handshakeType) {
+ if (handshakeType == SSLHandshake.KEY_UPDATE.id) {
+ // The KeyUpdate handshake message does not apply to TLS 1.2 and
+ // previous protocols.
+ return context.protocolVersion.useTLS13PlusSpec();
+ }
+
+ if (handshakeType == SSLHandshake.NEW_SESSION_TICKET.id) {
+ // The new session ticket handshake message could be consumer in
+ // client side only.
+ return context.sslConfig.isClientMode;
+ }
+
+ // No more post-handshake message supported currently.
+ return false;
+ }
}
< prev index next >