8229733: TLS message handling improvements

Summary: Includes changes to TransportContext from JDK-8211018
Reviewed-by: andrew

src/java.base/share/classes/sun/security/ssl/HandshakeContext.java

@@ -208,7 +208,7 @@ abstract class HandshakeContext implements ConnectionContext {
     /**
      * Constructor for PostHandshakeContext
      */
-    HandshakeContext(TransportContext conContext) {
+    protected HandshakeContext(TransportContext conContext) {
         this.sslContext = conContext.sslContext;
         this.conContext = conContext;
         this.sslConfig = conContext.sslConfig;
@@ -218,6 +218,7 @@ abstract class HandshakeContext implements ConnectionContext {
         this.handshakeOutput = new HandshakeOutStream(conContext.outputRecord);
         this.delegatedActions = new LinkedList<>();
 
+        this.handshakeConsumers = new LinkedHashMap<>();
         this.handshakeProducers = null;
         this.handshakeHash = null;
         this.activeProtocols = null;

src/java.base/share/classes/sun/security/ssl/PostHandshakeContext.java

@@ -30,17 +30,11 @@ import java.nio.BufferOverflowException;
 import java.nio.BufferUnderflowException;
 import java.nio.ByteBuffer;
 import java.util.ArrayList;
-import java.util.LinkedHashMap;
-import java.util.Map;
 
 /**
  * A compact implementation of HandshakeContext for post-handshake messages
  */
 final class PostHandshakeContext extends HandshakeContext {
-    private final static Map<Byte, SSLConsumer> consumers = Map.of(
-        SSLHandshake.KEY_UPDATE.id, SSLHandshake.KEY_UPDATE,
-        SSLHandshake.NEW_SESSION_TICKET.id, SSLHandshake.NEW_SESSION_TICKET);
-
     PostHandshakeContext(TransportContext context) throws IOException {
         super(context);
 
@@ -49,10 +43,23 @@ final class PostHandshakeContext extends HandshakeContext {
                 "Post-handshake not supported in " + negotiatedProtocol.name);
         }
 
-        this.localSupportedSignAlgs = new ArrayList<SignatureScheme>(
+        this.localSupportedSignAlgs = new ArrayList<>(
             context.conSession.getLocalSupportedSignatureSchemes());
 
-        handshakeConsumers = new LinkedHashMap<>(consumers);
+        // Add the potential post-handshake consumers.
+        if (context.sslConfig.isClientMode) {
+            handshakeConsumers.putIfAbsent(
+                    SSLHandshake.KEY_UPDATE.id,
+                    SSLHandshake.KEY_UPDATE);
+            handshakeConsumers.putIfAbsent(
+                    SSLHandshake.NEW_SESSION_TICKET.id,
+                    SSLHandshake.NEW_SESSION_TICKET);
+        } else {
+            handshakeConsumers.putIfAbsent(
+                    SSLHandshake.KEY_UPDATE.id,
+                    SSLHandshake.KEY_UPDATE);
+        }
+
         handshakeFinished = true;
     }
 
@@ -82,4 +89,21 @@ final class PostHandshakeContext extends HandshakeContext {
                     SSLHandshake.nameOf(handshakeType), be);
         }
     }
+
+    static boolean isConsumable(TransportContext context, byte handshakeType) {
+        if (handshakeType == SSLHandshake.KEY_UPDATE.id) {
+            // The KeyUpdate handshake message does not apply to TLS 1.2 and
+            // previous protocols.
+            return context.protocolVersion.useTLS13PlusSpec();
+        }
+
+        if (handshakeType == SSLHandshake.NEW_SESSION_TICKET.id) {
+            // The new session ticket handshake message could be consumer in
+            // client side only.
+            return context.sslConfig.isClientMode;
+        }
+
+        // No more post-handshake message supported currently.
+        return false;
+    }
 }

src/java.base/share/classes/sun/security/ssl/TransportContext.java

@@ -159,14 +159,20 @@ class TransportContext implements ConnectionContext {
                 if (handshakeContext == null) {
                     if (type == SSLHandshake.KEY_UPDATE.id ||
                             type == SSLHandshake.NEW_SESSION_TICKET.id) {
-                        if (isNegotiated &&
-                                protocolVersion.useTLS13PlusSpec()) {
-                            handshakeContext = new PostHandshakeContext(this);
-                        } else {
+                        if (!isNegotiated) {
+                            throw fatal(Alert.UNEXPECTED_MESSAGE,
+                                    "Unexpected unnegotiated post-handshake" +
+                                            " message: " +
+                                            SSLHandshake.nameOf(type));
+                        }
+
+                        if (!PostHandshakeContext.isConsumable(this, type)) {
                             throw fatal(Alert.UNEXPECTED_MESSAGE,
                                     "Unexpected post-handshake message: " +
                                     SSLHandshake.nameOf(type));
                         }
+
+                        handshakeContext = new PostHandshakeContext(this);
                     } else {
                         handshakeContext = sslConfig.isClientMode ?
                                 new ClientHandshakeContext(sslContext, this) :