1 files changed, 36 insertions, 12 deletions

diff --git a/src/components/protocol_handler/src/protocol_handler_impl.cc b/src/components/protocol_handler/src/protocol_handler_impl.cc
index 762b986782..e5bacdbf6f 100644
--- a/src/components/protocol_handler/src/protocol_handler_impl.cc
+++ b/src/components/protocol_handler/src/protocol_handler_impl.cc
@@ -149,6 +149,7 @@ ProtocolHandlerImpl::~ProtocolHandlerImpl() {
                  "Not all observers have unsubscribed"
                  " from ProtocolHandlerImpl");
   }
+  handshake_handlers_.clear();
 }
 
 void ProtocolHandlerImpl::AddProtocolObserver(ProtocolObserver* observer) {
@@ -839,6 +840,11 @@ void ProtocolHandlerImpl::OnConnectionClosed(
   multiframe_builder_.RemoveConnection(connection_id);
 }
 
+void ProtocolHandlerImpl::NotifyOnFailedHandshake() {
+  LOG4CXX_AUTO_TRACE(logger_);
+  security_manager_->NotifyListenersOnHandshakeFailed();
+}
+
 void ProtocolHandlerImpl::OnPTUFinished(const bool ptu_result) {
   LOG4CXX_AUTO_TRACE(logger_);
 
@@ -851,12 +857,14 @@ void ProtocolHandlerImpl::OnPTUFinished(const bool ptu_result) {
     return;
   }
 
-  const bool is_cert_expired = security_manager_->IsCertificateUpdateRequired();
   for (auto handler : ptu_pending_handlers_) {
+    const bool is_cert_expired = security_manager_->IsCertificateUpdateRequired(
+        handler->connection_key());
     security_manager::SSLContext* ssl_context =
-        is_cert_expired
-            ? NULL
-            : security_manager_->CreateSSLContext(handler->connection_key());
+        is_cert_expired ? NULL
+                        : security_manager_->CreateSSLContext(
+                              handler->connection_key(),
+                              security_manager::SecurityManager::kUseExisting);
 
     if (!ssl_context) {
       const std::string error("CreateSSLContext failed");
@@ -1286,7 +1294,8 @@ RESULT_CODE ProtocolHandlerImpl::HandleControlMessageStartSession(
         session_observer_.KeyFromPair(connection_id, session_id);
 
     security_manager::SSLContext* ssl_context =
-        security_manager_->CreateSSLContext(connection_key);
+        security_manager_->CreateSSLContext(
+            connection_key, security_manager::SecurityManager::kUseExisting);
     if (!ssl_context) {
       const std::string error("CreateSSLContext failed");
       LOG4CXX_ERROR(logger_, error);
@@ -1563,14 +1572,11 @@ void ProtocolHandlerImpl::NotifySessionStarted(
                                            context,
                                            packet->protocol_version(),
                                            bson_object_bytes);
+    handshake_handlers_.push_back(handler);
 
     const bool is_certificate_empty =
         security_manager_->IsPolicyCertificateDataEmpty();
 
-    const bool is_certificate_expired =
-        is_certificate_empty ||
-        security_manager_->IsCertificateUpdateRequired();
-
     if (context.is_ptu_required_ && is_certificate_empty) {
       LOG4CXX_DEBUG(logger_,
                     "PTU for StartSessionHandler "
@@ -1586,6 +1592,7 @@ void ProtocolHandlerImpl::NotifySessionStarted(
         ptu_pending_handlers_.push_back(handler);
         is_ptu_triggered_ = true;
         security_manager_->NotifyOnCertificateUpdateRequired();
+        security_manager_->PostponeHandshake(connection_key);
       } else {
         LOG4CXX_DEBUG(logger_, "PTU has been triggered. Added to pending.");
         ptu_pending_handlers_.push_back(handler);
@@ -1594,9 +1601,11 @@ void ProtocolHandlerImpl::NotifySessionStarted(
     }
 
     security_manager::SSLContext* ssl_context =
-        is_certificate_expired
+        is_certificate_empty
             ? NULL
-            : security_manager_->CreateSSLContext(connection_key);
+            : security_manager_->CreateSSLContext(
+                  connection_key,
+                  security_manager::SecurityManager::kUseExisting);
     if (!ssl_context) {
       const std::string error("CreateSSLContext failed");
       LOG4CXX_ERROR(logger_, error);
@@ -1630,12 +1639,27 @@ void ProtocolHandlerImpl::NotifySessionStarted(
                           *fullVersion,
                           *start_session_ack_params);
     } else {
-      security_manager_->AddListener(new HandshakeHandler(*handler));
+      LOG4CXX_DEBUG(logger_,
+                    "Adding Handshake handler to listeners: " << handler.get());
+      security_manager::SecurityManagerListener* listener =
+          new HandshakeHandler(*handler);
+      security_manager_->AddListener(listener);
+
       if (!ssl_context->IsHandshakePending()) {
         // Start handshake process
         security_manager_->StartHandshake(connection_key);
+
+        if (!security_manager_->IsSystemTimeProviderReady()) {
+          security_manager_->RemoveListener(listener);
+          SendStartSessionNAck(context.connection_id_,
+                               packet->session_id(),
+                               protocol_version,
+                               packet->service_type(),
+                               rejected_params);
+        }
       }
     }
+
     LOG4CXX_DEBUG(logger_,
                   "Protection establishing for connection "
                       << connection_key << " is in progress");