Package org.conscrypt
Interface NativeCrypto.SSLHandshakeCallbacks
-
- All Known Implementing Classes:
ConscryptEngine,ConscryptFileDescriptorSocket,Java8FileDescriptorSocket
- Enclosing class:
- NativeCrypto
static interface NativeCrypto.SSLHandshakeCallbacksA collection of callbacks from the native OpenSSL code that are related to the SSL handshake initiated by SSL_do_handshake.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description voidclientCertificateRequested(byte[] keyTypes, int[] signatureAlgs, byte[][] asn1DerEncodedX500Principals)Called on an SSL client when the server requests (or requires a certificate).intclientPSKKeyRequested(java.lang.String identityHint, byte[] identity, byte[] key)Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key exchange.voidonNewSessionEstablished(long sslSessionNativePtr)Called when a new session has been established and may be added to the session cache.voidonSSLStateChange(int type, int val)Called when SSL state changes.intselectApplicationProtocol(byte[] applicationProtocols)Called when acting as a server, the socket has anApplicationProtocolSelectorAdapterassociated with it, and the application protocol needs to be selected.voidserverCertificateRequested()Called when acting as a server during ClientHello processing before a decision to resume a session is made.intserverPSKKeyRequested(java.lang.String identityHint, java.lang.String identity, byte[] key)Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key exchange.longserverSessionRequested(byte[] id)Called for servers where TLS < 1.3 (TLS 1.3 uses session tickets rather than application session caches).voidverifyCertificateChain(byte[][] certificateChain, java.lang.String authMethod)Verify that the certificate chain is trusted.
-
-
-
Method Detail
-
verifyCertificateChain
void verifyCertificateChain(byte[][] certificateChain, java.lang.String authMethod) throws java.security.cert.CertificateExceptionVerify that the certificate chain is trusted.- Parameters:
certificateChain- chain of X.509 certificates in their encoded formauthMethod- auth algorithm name- Throws:
java.security.cert.CertificateException- if the certificate is untrusted
-
clientCertificateRequested
void clientCertificateRequested(byte[] keyTypes, int[] signatureAlgs, byte[][] asn1DerEncodedX500Principals) throws java.security.cert.CertificateEncodingException, javax.net.ssl.SSLExceptionCalled on an SSL client when the server requests (or requires a certificate). The client can respond by using SSL_use_certificate and SSL_use_PrivateKey to set a certificate if has an appropriate one available, similar to how the server provides its certificate.- Parameters:
keyTypes- key types supported by the server, convertible to strings with #keyTypeasn1DerEncodedX500Principals- CAs known to the server- Throws:
java.security.cert.CertificateEncodingExceptionjavax.net.ssl.SSLException
-
serverCertificateRequested
void serverCertificateRequested() throws java.io.IOExceptionCalled when acting as a server during ClientHello processing before a decision to resume a session is made. This allows the selection of the correct server certificate based on things like Server Name Indication (SNI).- Throws:
java.io.IOException- if there was an error during certificate selection.
-
clientPSKKeyRequested
int clientPSKKeyRequested(java.lang.String identityHint, byte[] identity, byte[] key)Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key exchange.- Parameters:
identityHint- PSK identity hint provided by the server ornullif no hint provided.identity- buffer to be populated with PSK identity (NULL-terminated modified UTF-8) by this method. This identity will be provided to the server.key- buffer to be populated with key material by this method.- Returns:
- number of bytes this method stored in the
keybuffer or0if an error occurred in which case the handshake will be aborted.
-
serverPSKKeyRequested
int serverPSKKeyRequested(java.lang.String identityHint, java.lang.String identity, byte[] key)Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key exchange.- Parameters:
identityHint- PSK identity hint provided by this server to the client ornullif no hint was provided.identity- PSK identity provided by the client.key- buffer to be populated with key material by this method.- Returns:
- number of bytes this method stored in the
keybuffer or0if an error occurred in which case the handshake will be aborted.
-
onSSLStateChange
void onSSLStateChange(int type, int val)Called when SSL state changes. This could be handshake completion.
-
onNewSessionEstablished
void onNewSessionEstablished(long sslSessionNativePtr)
Called when a new session has been established and may be added to the session cache. The callee is responsible for incrementing the reference count on the returned session.
-
serverSessionRequested
long serverSessionRequested(byte[] id)
Called for servers where TLS < 1.3 (TLS 1.3 uses session tickets rather than application session caches). Looks up the session by ID in the application's session cache. If a valid session is returned, this callback is responsible for incrementing the reference count (and any required synchronization).- Parameters:
id- the ID of the session to find.- Returns:
- the cached session or
0if no session was found matching the given ID.
-
selectApplicationProtocol
int selectApplicationProtocol(byte[] applicationProtocols)
Called when acting as a server, the socket has anApplicationProtocolSelectorAdapterassociated with it, and the application protocol needs to be selected.- Parameters:
applicationProtocols- list of application protocols in length-prefix format- Returns:
- the index offset of the selected protocol
-
-