diff --git a/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java b/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java index bc6423945fa..144f7f62544 100644 --- a/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java +++ b/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java @@ -773,14 +773,6 @@ final class CertificateMessage { } } - T13CertificateMessage(HandshakeContext handshakeContext, - byte[] requestContext, List certificates) { - super(handshakeContext); - - this.requestContext = requestContext.clone(); - this.certEntries = certificates; - } - T13CertificateMessage(HandshakeContext handshakeContext, ByteBuffer m) throws IOException { super(handshakeContext); diff --git a/src/java.base/share/classes/sun/security/ssl/CompressedCertificate.java b/src/java.base/share/classes/sun/security/ssl/CompressedCertificate.java index d95dadcabde..633af558727 100644 --- a/src/java.base/share/classes/sun/security/ssl/CompressedCertificate.java +++ b/src/java.base/share/classes/sun/security/ssl/CompressedCertificate.java @@ -160,21 +160,22 @@ final class CompressedCertificate { HandshakeOutStream hos = new HandshakeOutStream(null); message.send(hos); byte[] certMsg = hos.toByteArray(); + byte[] compressedCertMsg; - Cache cache = - hc.sslContext.getCompCertCache(); - CompCertCacheKey key = new CompCertCacheKey( - new EqualByteArray(certMsg), hc.certDeflater.getKey()); - byte[] compressedCertMsg = cache.get(key); - - if (compressedCertMsg == null) { + // Don't use cache if certificate_request_context is present. + if (certMsg[0] != 0) { compressedCertMsg = hc.certDeflater.getValue().apply(certMsg); + } else { + Cache cache = + hc.sslContext.getCompCertCache(); + CompCertCacheKey key = new CompCertCacheKey( + new EqualByteArray(certMsg), hc.certDeflater.getKey()); + compressedCertMsg = cache.get(key); + + if (compressedCertMsg == null) { + compressedCertMsg = + hc.certDeflater.getValue().apply(certMsg); - // Don't cache when in PostHandshakeContext because - // certificate_request_context can be randomized (should only - // happen during post-handshake authentication and only on the - // client side). - if (!(hc instanceof PostHandshakeContext)) { if (SSLLogger.isOn() && SSLLogger.isOn("ssl,handshake")) { SSLLogger.fine("Caching CompressedCertificate message"); } diff --git a/test/jdk/sun/security/ssl/CertificateCompression/CompressedCertMsgCache.java b/test/jdk/sun/security/ssl/CertificateCompression/CompressedCertMsgCache.java index 6e0446301a8..e09d38c2e4a 100644 --- a/test/jdk/sun/security/ssl/CertificateCompression/CompressedCertMsgCache.java +++ b/test/jdk/sun/security/ssl/CertificateCompression/CompressedCertMsgCache.java @@ -67,39 +67,33 @@ public class CompressedCertMsgCache extends SSLSocketTemplate { public static void main(String[] args) throws Exception { - // Use 2 different SSLContext instances. - for (int i = 0; i < 2; i++) { + // Complete 3 handshakes with the same SSLContext. + String log = runAndGetLog(() -> { + try { + setupCertificates(); + serverSslContext = getSSLContext(trustedCert, serverCert, + serverKeys.getPrivate(), "TLSv1.3"); + clientSslContext = getSSLContext(trustedCert, clientCert, + clientKeys.getPrivate(), "TLSv1.3"); - // Complete 3 handshakes with the same SSLContext. - String log = runAndGetLog(() -> { - try { - setupCertificates(); - serverSslContext = getSSLContext( - trustedCert, serverCert, serverKeys.getPrivate(), - "TLSv1.3"); - clientSslContext = getSSLContext( - trustedCert, clientCert, clientKeys.getPrivate(), - "TLSv1.3"); + new CompressedCertMsgCache().run(); + new CompressedCertMsgCache().run(); + new CompressedCertMsgCache().run(); + } catch (Exception _) { + } + }); - new CompressedCertMsgCache().run(); - new CompressedCertMsgCache().run(); - new CompressedCertMsgCache().run(); - } catch (Exception _) { - } - }); + // The same CompressedCertificate message must be cached only once. + assertEquals(1, countSubstringOccurrences(log, + "Caching CompressedCertificate message")); - // The same CompressedCertificate message must be cached only once. - assertEquals(1, countSubstringOccurrences(log, - "Caching CompressedCertificate message")); + // Make sure CompressedCertificate message is produced 3 times. + assertEquals(3, countSubstringOccurrences(log, + "Produced CompressedCertificate handshake message")); - // Make sure CompressedCertificate message is produced 3 times. - assertEquals(3, countSubstringOccurrences(log, - "Produced CompressedCertificate handshake message")); - - // Make sure CompressedCertificate message is consumed 3 times. - assertEquals(3, countSubstringOccurrences(log, - "Consuming CompressedCertificate handshake message")); - } + // Make sure CompressedCertificate message is consumed 3 times. + assertEquals(3, countSubstringOccurrences(log, + "Consuming CompressedCertificate handshake message")); } @Override