jdk-sandbox: comparison src/java.base/share/classes/sun/security/ssl/TransportContext.java

equal deleted inserted replaced

-:2d7e08d730b6
+:b152d06ed6a9
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-import javax.crypto.SecretKey;
 import javax.net.ssl.HandshakeCompletedEvent;
 import javax.net.ssl.HandshakeCompletedListener;
 import javax.net.ssl.SSLEngineResult.HandshakeStatus;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLSocket;
 final InputRecord               inputRecord;
 final OutputRecord              outputRecord;
 // connection status
 boolean                         isUnsureMode;
-boolean                         isNegotiated;
+boolean                         isNegotiated = false;
-boolean                         isBroken;
+boolean                         isBroken = false;
-boolean                         isInputCloseNotified;
+boolean                         isInputCloseNotified = false;
-boolean                         isOutputCloseNotified;
+boolean                         isOutputCloseNotified = false;
-Exception                       closeReason;
+Exception                       closeReason = null;
 // negotiated security parameters
 SSLSessionImpl                  conSession;
 ProtocolVersion                 protocolVersion;
-String                          applicationProtocol;
+String                          applicationProtocol= null;
 // handshake context
-HandshakeContext                handshakeContext;
+HandshakeContext                handshakeContext = null;
 // connection reserved status for handshake.
-boolean                         secureRenegotiation;
+boolean                         secureRenegotiation = false;
 byte[]                          clientVerifyData;
 byte[]                          serverVerifyData;
 // connection sensitive configuration
 List<NamedGroup>                serverRequestedNamedGroups;
-SecretKey baseWriteSecret, baseReadSecret;
 CipherSuite cipherSuite;
+private static final byte[] emptyByteArray = new byte[0];
 // Please never use the transport parameter other than storing a
 // reference to this object.
+// Called by SSLEngineImpl
 TransportContext(SSLContextImpl sslContext, SSLTransport transport,
 InputRecord inputRecord, OutputRecord outputRecord) {
+this(sslContext, transport, new SSLConfiguration(sslContext, true),
+inputRecord, outputRecord, true);
+}
+// Please never use the transport parameter other than storing a
+// reference to this object.
+// Called by SSLSocketImpl
+TransportContext(SSLContextImpl sslContext, SSLTransport transport,
+InputRecord inputRecord, OutputRecord outputRecord,
+boolean isClientMode) {
+this(sslContext, transport,
+new SSLConfiguration(sslContext, isClientMode),
+inputRecord, outputRecord,false);
+}
+// Please never use the transport parameter other than storing a
+// reference to this object.
+// Called by SSLSocketImpl with an existing SSLConfig
+TransportContext(SSLContextImpl sslContext, SSLTransport transport,
+SSLConfiguration sslConfig,
+InputRecord inputRecord, OutputRecord outputRecord) {
+this(sslContext, transport, (SSLConfiguration)sslConfig.clone(),
+inputRecord, outputRecord, false);
+}
+private TransportContext(SSLContextImpl sslContext, SSLTransport transport,
+SSLConfiguration sslConfig, InputRecord inputRecord,
+OutputRecord outputRecord, boolean isUnsureMode) {
 this.transport = transport;
 this.sslContext = sslContext;
 this.inputRecord = inputRecord;
 this.outputRecord = outputRecord;
-this.sslConfig = new SSLConfiguration(sslContext, true);
+this.sslConfig = sslConfig;
-this.sslConfig.maximumPacketSize = outputRecord.getMaxPacketSize();
-this.isUnsureMode = true;
-initialize();
-this.acc = AccessController.getContext();
-this.consumers = new HashMap<>();
-}
-// Please never use the transport parameter other than storing a
-// reference to this object.
-TransportContext(SSLContextImpl sslContext, SSLTransport transport,
-InputRecord inputRecord, OutputRecord outputRecord,
-boolean isClientMode) {
-this.transport = transport;
-this.sslContext = sslContext;
-this.inputRecord = inputRecord;
-this.outputRecord = outputRecord;
-this.sslConfig = new SSLConfiguration(sslContext, isClientMode);
-this.sslConfig.maximumPacketSize = outputRecord.getMaxPacketSize();
-this.isUnsureMode = false;
-initialize();
-this.acc = AccessController.getContext();
-this.consumers = new HashMap<>();
-}
-// Please never use the transport parameter other than storing a
-// reference to this object.
-TransportContext(SSLContextImpl sslContext, SSLTransport transport,
-SSLConfiguration sslConfig,
-InputRecord inputRecord, OutputRecord outputRecord) {
-this.transport = transport;
-this.sslContext = sslContext;
-this.inputRecord = inputRecord;
-this.outputRecord = outputRecord;
-this.sslConfig = (SSLConfiguration)sslConfig.clone();
 if (this.sslConfig.maximumPacketSize == 0) {
 this.sslConfig.maximumPacketSize = outputRecord.getMaxPacketSize();
 }
-this.isUnsureMode = false;
+this.isUnsureMode = isUnsureMode;
-initialize();
-this.acc = AccessController.getContext();
-this.consumers = new HashMap<>();
-}
-// Initialize the non-final class variables.
-private void initialize() {
 // initial security parameters
 this.conSession = SSLSessionImpl.nullSession;
 this.protocolVersion = this.sslConfig.maximumProtocolVersion;
-this.applicationProtocol = null;
+this.clientVerifyData = emptyByteArray;
+this.serverVerifyData = emptyByteArray;
-// initial handshake context
-this.handshakeContext = null;
+this.acc = AccessController.getContext();
+this.consumers = new HashMap<>();
-// initial security parameters for secure renegotiation
-this.secureRenegotiation = false;
-this.clientVerifyData = new byte[0];
-this.serverVerifyData = new byte[0];
-this.isNegotiated = false;
-this.isBroken = false;
-this.isInputCloseNotified = false;
-this.isOutputCloseNotified = false;
-this.closeReason = null;
 }
 // Dispatch plaintext to a specific consumer.
 void dispatch(Plaintext plaintext) throws IOException {
 if (plaintext == null) {
 if (cause instanceof SSLException) {
 throw (SSLException)cause;
 } else {    // unlikely, but just in case.
 if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
 SSLLogger.warning(
-"Closed transport, rethrowing (unexpected)", cause);
+"Closed transport, unexpected rethrowing", cause);
 }
 throw alert.createSSLException("Unexpected rethrowing", cause);
 }
 }
 // close outbound
 try {
 outputRecord.close();
 } catch (IOException ioe) {
 if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
-SSLLogger.warning("Fatal: ouput record closure failed", ioe);
+SSLLogger.warning("Fatal: output record closure failed", ioe);
 }
 }
 // terminal handshake context
 if (handshakeContext != null) {
 if (!isInboundDone()) {
 closeInbound();
 }
 }
-void closeInbound() throws SSLException {
+void closeInbound() {
 if (isInboundDone()) {
 return;
 }
 try {
 // receiving a close_notify alert or reaching end_of_file of the socket.
 private void passiveInboundClose() throws IOException {
 if (!isInboundDone()) {
 inputRecord.close();
 }
-// For TLS 1.3, output closure is independent from input closure.
-//      if (isNegotiated && protocolVersion.useTLS13PlusSpec()) {
-//          return;
-//      }
 // For TLS 1.2 and prior version, it is required to respond with
 // a close_notify alert of its own and close down the connection
 // immediately, discarding any pending writes.
 if (!isOutboundDone() && !isOutputCloseNotified) {
 // any data received after a closure alert is ignored.
 isOutputCloseNotified = true;
 outputRecord.close();
 }
 }
-// For TLS 1.3, output closure is independent from input closure.
-//
-//      if (isNegotiated && protocolVersion.useTLS13PlusSpec()) {
-//          return;
-//      }
-//
 // It is not required for the initiator of the close to wait for the
 // responding close_notify alert before closing the read side of the
 // connection.  However, if the application protocol using TLS
 // provides that any data may be carried over the underlying transport
 inputRecord.readCipher.baseSecret = handshakeContext.baseReadSecret;
 outputRecord.writeCipher.baseSecret = handshakeContext.baseWriteSecret;
 }
 handshakeContext = null;
-// inputRecord and outputRecord shares the same handshakeHash
-// inputRecord.handshakeHash.finish();
 outputRecord.handshakeHash.finish();
 inputRecord.finishHandshake();
 outputRecord.finishHandshake();
 isNegotiated = true;
 HandshakeStatus finishPostHandshake() {
 handshakeContext = null;
 // Note: May need trigger handshake completion even for post-handshake
-// authenticiation in the future.
+// authentication in the future.
 return HandshakeStatus.FINISHED;
 }
 // A separate thread is allocated to deliver handshake completion

branch	JDK-8145252-TLS13-branch
changeset 56715	b152d06ed6a9
parent 56660	66c803c3ce32
child 56718	da9979451b7a