/* * On input, we hash messages one at a time since servers may need * to access an intermediate hash to validate a CertificateVerify * message. * * Note that many handshake messages can come in one record (and often * do, to reduce network resource utilization), and one message can also * require multiple records (e.g. very large Certificate messages). */ void processLoop() throws IOException { // need to read off 4 bytes at least to get the handshake // message type and length. while (input.available() >= 4) { byte messageType; int messageLen; /* * See if we can read the handshake message header, and * then the entire handshake message. If not, wait till * we can read and process an entire message. */ input.mark(4); messageType = (byte) input.getInt8(); messageLen = input.getInt24(); if (input.available() < messageLen) { input.reset(); return; } /* * Process the messsage. We require * that processMessage() consumes the entire message. In * lieu of explicit error checks (how?!) we assume that the * data will look like garbage on encoding/processing errors, * and that other protocol code will detect such errors. * * Note that digesting is normally deferred till after the * message has been processed, though to process at least the * client's Finished message (i.e. send the server's) we need * to acccelerate that digesting. * * Also, note that hello request messages are never hashed; * that includes the hello request header, too. */ if (messageType == HandshakeMessage.ht_hello_request) { input.reset(); processMessage(messageType, messageLen); input.ignore(4 + messageLen); } else { input.mark(messageLen); processMessage(messageType, messageLen); input.digestNow(); } } }
/* * This routine is fed SSL handshake records when they become available, * and processes messages found therein. */ void process_record(InputRecord r, boolean expectingFinished) throws IOException { checkThrown(); /* * Store the incoming handshake data, then see if we can * now process any completed handshake messages */ input.incomingRecord(r); /* * We don't need to create a separate delegatable task * for finished messages. */ if ((conn != null) || expectingFinished) { processLoop(); } else { delegateTask( new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { processLoop(); return null; } }); } }
RenegotiationInfoExtension(HandshakeInStream s, int len) throws IOException { super(ExtensionType.EXT_RENEGOTIATION_INFO); // check the extension length if (len < 1) { throw new SSLProtocolException("Invalid " + type + " extension"); } int renegoInfoDataLen = s.getInt8(); if (renegoInfoDataLen + 1 != len) { // + 1 = the byte we just read throw new SSLProtocolException("Invalid " + type + " extension"); } renegotiated_connection = new byte[renegoInfoDataLen]; if (renegoInfoDataLen != 0) { s.read(renegotiated_connection, 0, renegoInfoDataLen); } }