Package org.conscrypt
Interface NativeCrypto.SSLHandshakeCallbacks
-
- All Known Implementing Classes:
ConscryptEngine
,ConscryptFileDescriptorSocket
,Java8FileDescriptorSocket
- Enclosing class:
- NativeCrypto
static interface NativeCrypto.SSLHandshakeCallbacks
A collection of callbacks from the native OpenSSL code that are related to the SSL handshake initiated by SSL_do_handshake.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
clientCertificateRequested(byte[] keyTypes, int[] signatureAlgs, byte[][] asn1DerEncodedX500Principals)
Called on an SSL client when the server requests (or requires a certificate).int
clientPSKKeyRequested(java.lang.String identityHint, byte[] identity, byte[] key)
Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key exchange.void
onNewSessionEstablished(long sslSessionNativePtr)
Called when a new session has been established and may be added to the session cache.void
onSSLStateChange(int type, int val)
Called when SSL state changes.int
selectApplicationProtocol(byte[] applicationProtocols)
Called when acting as a server, the socket has anApplicationProtocolSelectorAdapter
associated with it, and the application protocol needs to be selected.void
serverCertificateRequested()
Called when acting as a server during ClientHello processing before a decision to resume a session is made.int
serverPSKKeyRequested(java.lang.String identityHint, java.lang.String identity, byte[] key)
Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key exchange.long
serverSessionRequested(byte[] id)
Called for servers where TLS < 1.3 (TLS 1.3 uses session tickets rather than application session caches).void
verifyCertificateChain(byte[][] certificateChain, java.lang.String authMethod)
Verify that the certificate chain is trusted.
-
-
-
Method Detail
-
verifyCertificateChain
void verifyCertificateChain(byte[][] certificateChain, java.lang.String authMethod) throws java.security.cert.CertificateException
Verify that the certificate chain is trusted.- Parameters:
certificateChain
- chain of X.509 certificates in their encoded formauthMethod
- auth algorithm name- Throws:
java.security.cert.CertificateException
- if the certificate is untrusted
-
clientCertificateRequested
void clientCertificateRequested(byte[] keyTypes, int[] signatureAlgs, byte[][] asn1DerEncodedX500Principals) throws java.security.cert.CertificateEncodingException, javax.net.ssl.SSLException
Called on an SSL client when the server requests (or requires a certificate). The client can respond by using SSL_use_certificate and SSL_use_PrivateKey to set a certificate if has an appropriate one available, similar to how the server provides its certificate.- Parameters:
keyTypes
- key types supported by the server, convertible to strings with #keyTypeasn1DerEncodedX500Principals
- CAs known to the server- Throws:
java.security.cert.CertificateEncodingException
javax.net.ssl.SSLException
-
serverCertificateRequested
void serverCertificateRequested() throws java.io.IOException
Called when acting as a server during ClientHello processing before a decision to resume a session is made. This allows the selection of the correct server certificate based on things like Server Name Indication (SNI).- Throws:
java.io.IOException
- if there was an error during certificate selection.
-
clientPSKKeyRequested
int clientPSKKeyRequested(java.lang.String identityHint, byte[] identity, byte[] key)
Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key exchange.- Parameters:
identityHint
- PSK identity hint provided by the server ornull
if no hint provided.identity
- buffer to be populated with PSK identity (NULL-terminated modified UTF-8) by this method. This identity will be provided to the server.key
- buffer to be populated with key material by this method.- Returns:
- number of bytes this method stored in the
key
buffer or0
if an error occurred in which case the handshake will be aborted.
-
serverPSKKeyRequested
int serverPSKKeyRequested(java.lang.String identityHint, java.lang.String identity, byte[] key)
Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key exchange.- Parameters:
identityHint
- PSK identity hint provided by this server to the client ornull
if no hint was provided.identity
- PSK identity provided by the client.key
- buffer to be populated with key material by this method.- Returns:
- number of bytes this method stored in the
key
buffer or0
if an error occurred in which case the handshake will be aborted.
-
onSSLStateChange
void onSSLStateChange(int type, int val)
Called when SSL state changes. This could be handshake completion.
-
onNewSessionEstablished
void onNewSessionEstablished(long sslSessionNativePtr)
Called when a new session has been established and may be added to the session cache. The callee is responsible for incrementing the reference count on the returned session.
-
serverSessionRequested
long serverSessionRequested(byte[] id)
Called for servers where TLS < 1.3 (TLS 1.3 uses session tickets rather than application session caches). Looks up the session by ID in the application's session cache. If a valid session is returned, this callback is responsible for incrementing the reference count (and any required synchronization).- Parameters:
id
- the ID of the session to find.- Returns:
- the cached session or
0
if no session was found matching the given ID.
-
selectApplicationProtocol
int selectApplicationProtocol(byte[] applicationProtocols)
Called when acting as a server, the socket has anApplicationProtocolSelectorAdapter
associated with it, and the application protocol needs to be selected.- Parameters:
applicationProtocols
- list of application protocols in length-prefix format- Returns:
- the index offset of the selected protocol
-
-