8229733: TLS message handling improvements
Reviewed-by: jnimeh, rhalade, ahgross
This commit is contained in:
Xue-Lei Andrew Fan
parent
9efd3d7f20
commit
123febeb98
@ -209,7 +209,7 @@ abstract class HandshakeContext implements ConnectionContext {
|
|||||||
/**
|
/**
|
||||||
* Constructor for PostHandshakeContext
|
* Constructor for PostHandshakeContext
|
||||||
*/
|
*/
|
||||||
HandshakeContext(TransportContext conContext) {
|
protected HandshakeContext(TransportContext conContext) {
|
||||||
this.sslContext = conContext.sslContext;
|
this.sslContext = conContext.sslContext;
|
||||||
this.conContext = conContext;
|
this.conContext = conContext;
|
||||||
this.sslConfig = conContext.sslConfig;
|
this.sslConfig = conContext.sslConfig;
|
||||||
@ -219,6 +219,7 @@ abstract class HandshakeContext implements ConnectionContext {
|
|||||||
this.handshakeOutput = new HandshakeOutStream(conContext.outputRecord);
|
this.handshakeOutput = new HandshakeOutStream(conContext.outputRecord);
|
||||||
this.delegatedActions = new LinkedList<>();
|
this.delegatedActions = new LinkedList<>();
|
||||||
|
|
||||||
|
this.handshakeConsumers = new LinkedHashMap<>();
|
||||||
this.handshakeProducers = null;
|
this.handshakeProducers = null;
|
||||||
this.handshakeHash = null;
|
this.handshakeHash = null;
|
||||||
this.activeProtocols = null;
|
this.activeProtocols = null;
|
||||||
|
|||||||
@ -30,17 +30,11 @@ import java.nio.BufferOverflowException;
|
|||||||
import java.nio.BufferUnderflowException;
|
import java.nio.BufferUnderflowException;
|
||||||
import java.nio.ByteBuffer;
|
import java.nio.ByteBuffer;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.LinkedHashMap;
|
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A compact implementation of HandshakeContext for post-handshake messages
|
* A compact implementation of HandshakeContext for post-handshake messages
|
||||||
*/
|
*/
|
||||||
final class PostHandshakeContext extends HandshakeContext {
|
final class PostHandshakeContext extends HandshakeContext {
|
||||||
private final static Map<Byte, SSLConsumer> consumers = Map.of(
|
|
||||||
SSLHandshake.KEY_UPDATE.id, SSLHandshake.KEY_UPDATE,
|
|
||||||
SSLHandshake.NEW_SESSION_TICKET.id, SSLHandshake.NEW_SESSION_TICKET);
|
|
||||||
|
|
||||||
PostHandshakeContext(TransportContext context) throws IOException {
|
PostHandshakeContext(TransportContext context) throws IOException {
|
||||||
super(context);
|
super(context);
|
||||||
|
|
||||||
@ -49,10 +43,23 @@ final class PostHandshakeContext extends HandshakeContext {
|
|||||||
"Post-handshake not supported in " + negotiatedProtocol.name);
|
"Post-handshake not supported in " + negotiatedProtocol.name);
|
||||||
}
|
}
|
||||||
|
|
||||||
this.localSupportedSignAlgs = new ArrayList<SignatureScheme>(
|
this.localSupportedSignAlgs = new ArrayList<>(
|
||||||
context.conSession.getLocalSupportedSignatureSchemes());
|
context.conSession.getLocalSupportedSignatureSchemes());
|
||||||
|
|
||||||
handshakeConsumers = new LinkedHashMap<>(consumers);
|
// Add the potential post-handshake consumers.
|
||||||
|
if (context.sslConfig.isClientMode) {
|
||||||
|
handshakeConsumers.putIfAbsent(
|
||||||
|
SSLHandshake.KEY_UPDATE.id,
|
||||||
|
SSLHandshake.KEY_UPDATE);
|
||||||
|
handshakeConsumers.putIfAbsent(
|
||||||
|
SSLHandshake.NEW_SESSION_TICKET.id,
|
||||||
|
SSLHandshake.NEW_SESSION_TICKET);
|
||||||
|
} else {
|
||||||
|
handshakeConsumers.putIfAbsent(
|
||||||
|
SSLHandshake.KEY_UPDATE.id,
|
||||||
|
SSLHandshake.KEY_UPDATE);
|
||||||
|
}
|
||||||
|
|
||||||
handshakeFinished = true;
|
handshakeFinished = true;
|
||||||
handshakeSession = context.conSession;
|
handshakeSession = context.conSession;
|
||||||
}
|
}
|
||||||
@ -83,4 +90,21 @@ final class PostHandshakeContext extends HandshakeContext {
|
|||||||
SSLHandshake.nameOf(handshakeType), be);
|
SSLHandshake.nameOf(handshakeType), be);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static boolean isConsumable(TransportContext context, byte handshakeType) {
|
||||||
|
if (handshakeType == SSLHandshake.KEY_UPDATE.id) {
|
||||||
|
// The KeyUpdate handshake message does not apply to TLS 1.2 and
|
||||||
|
// previous protocols.
|
||||||
|
return context.protocolVersion.useTLS13PlusSpec();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (handshakeType == SSLHandshake.NEW_SESSION_TICKET.id) {
|
||||||
|
// The new session ticket handshake message could be consumer in
|
||||||
|
// client side only.
|
||||||
|
return context.sslConfig.isClientMode;
|
||||||
|
}
|
||||||
|
|
||||||
|
// No more post-handshake message supported currently.
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -164,12 +164,13 @@ final class TransportContext implements ConnectionContext {
|
|||||||
" message: " +
|
" message: " +
|
||||||
SSLHandshake.nameOf(type));
|
SSLHandshake.nameOf(type));
|
||||||
}
|
}
|
||||||
if (type == SSLHandshake.KEY_UPDATE.id &&
|
|
||||||
!protocolVersion.useTLS13PlusSpec()) {
|
if (!PostHandshakeContext.isConsumable(this, type)) {
|
||||||
throw fatal(Alert.UNEXPECTED_MESSAGE,
|
throw fatal(Alert.UNEXPECTED_MESSAGE,
|
||||||
"Unexpected post-handshake message: " +
|
"Unexpected post-handshake message: " +
|
||||||
SSLHandshake.nameOf(type));
|
SSLHandshake.nameOf(type));
|
||||||
}
|
}
|
||||||
|
|
||||||
handshakeContext = new PostHandshakeContext(this);
|
handshakeContext = new PostHandshakeContext(this);
|
||||||
} else {
|
} else {
|
||||||
handshakeContext = sslConfig.isClientMode ?
|
handshakeContext = sslConfig.isClientMode ?
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user