--- a/src/java.base/share/classes/sun/security/ssl/TransportContext.java	Sat Jun 02 07:50:25 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/TransportContext.java	Sat Jun 02 21:23:02 2018 -0700
@@ -64,7 +64,7 @@
     boolean                         isBroken;
     boolean                         isInputCloseNotified;
     boolean                         isOutputCloseNotified;
-    Exception                       closeReason;    //SSLException or RuntimeException
+    Exception                       closeReason;
 
     // negotiated security parameters
     SSLSessionImpl                  conSession;
@@ -185,7 +185,14 @@
                 if (handshakeContext == null) {
                     if (type == SSLHandshake.KEY_UPDATE.id ||
                             type == SSLHandshake.NEW_SESSION_TICKET.id) {
-                        handshakeContext = new PostHandshakeContext(this);
+                        if (isNegotiated &&
+                                protocolVersion.useTLS13PlusSpec()) {
+                            handshakeContext = new PostHandshakeContext(this);
+                        } else {
+                            fatal(Alert.UNEXPECTED_MESSAGE,
+                                    "Unexpected post-handshake message: " +
+                                    SSLHandshake.nameOf(type));
+                        }
                     } else {
                         handshakeContext = sslConfig.isClientMode ?
                                 new ClientHandshakeContext(sslContext, this) :
@@ -251,25 +258,9 @@
         kickstart();
     }
 
-    final static byte PRE = 1;
-    final static byte POST = 2;
-
-    HandshakeContext getHandshakeContext(byte type) {
-        if (handshakeContext == null) {
-            return null;
-        }
-
-        if (type == PRE &&
-                (handshakeContext instanceof ClientHandshakeContext ||
-                        handshakeContext instanceof ServerHandshakeContext)) {
-            return handshakeContext;
-        }
-
-        if (type == POST && handshakeContext instanceof PostHandshakeContext) {
-            return handshakeContext;
-        }
-
-        return null;
+    boolean isPostHandshakeContext() {
+        return handshakeContext != null &&
+                (handshakeContext instanceof PostHandshakeContext);
     }
 
     // Note: close_notify is delivered as a warning alert.
@@ -614,7 +605,8 @@
     // Note; HandshakeStatus.FINISHED status is retrieved in other places.
     HandshakeStatus getHandshakeStatus() {
         if (!outputRecord.isEmpty()) {
-            // If no handshaking, special case to wrap alters.
+            // If no handshaking, special case to wrap alters or
+            // post-handshake messages.
             return HandshakeStatus.NEED_WRAP;
         } else if (handshakeContext != null) {
             if (!handshakeContext.delegatedActions.isEmpty()) {
@@ -647,6 +639,7 @@
             inputRecord.readCipher.baseSecret = handshakeContext.baseReadSecret;
             outputRecord.writeCipher.baseSecret = handshakeContext.baseWriteSecret;
         }
+
         handshakeContext = null;
         // inputRecord and outputRecord shares the same handshakeHash
         // inputRecord.handshakeHash.finish();
@@ -669,6 +662,16 @@
                 false);
             thread.start();
         }
+
+        return HandshakeStatus.FINISHED;
+    }
+
+    HandshakeStatus finishPostHandshake() {
+        handshakeContext = null;
+
+        // Note: May need trigger handshake completion even for post-handshake
+        // authenticiation in the future.
+
         return HandshakeStatus.FINISHED;
     }
branch	JDK-8145252-TLS13-branch
changeset 56660	66c803c3ce32
parent 56594	99e0f3f3f0e4
child 56715	b152d06ed6a9