Package org.conscrypt

Interface NativeCrypto.SSLHandshakeCallbacks

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      void clientCertificateRequested​(byte[] keyTypes, int[] signatureAlgs, byte[][] asn1DerEncodedX500Principals)
      Called on an SSL client when the server requests (or requires a certificate).
      int clientPSKKeyRequested​(java.lang.String identityHint, byte[] identity, byte[] key)
      Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key exchange.
      void onNewSessionEstablished​(long sslSessionNativePtr)
      Called when a new session has been established and may be added to the session cache.
      void onSSLStateChange​(int type, int val)
      Called when SSL state changes.
      int selectApplicationProtocol​(byte[] applicationProtocols)
      Called when acting as a server, the socket has an ApplicationProtocolSelectorAdapter associated with it, and the application protocol needs to be selected.
      void serverCertificateRequested()
      Called when acting as a server during ClientHello processing before a decision to resume a session is made.
      int serverPSKKeyRequested​(java.lang.String identityHint, java.lang.String identity, byte[] key)
      Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key exchange.
      long serverSessionRequested​(byte[] id)
      Called for servers where TLS < 1.3 (TLS 1.3 uses session tickets rather than application session caches).
      void verifyCertificateChain​(byte[][] certificateChain, java.lang.String authMethod)
      Verify that the certificate chain is trusted.
    • Method Detail

      • verifyCertificateChain

        void verifyCertificateChain​(byte[][] certificateChain,
                                    java.lang.String authMethod)
                             throws java.security.cert.CertificateException
        Verify that the certificate chain is trusted.
        Parameters:
        certificateChain - chain of X.509 certificates in their encoded form
        authMethod - auth algorithm name
        Throws:
        java.security.cert.CertificateException - if the certificate is untrusted
      • clientCertificateRequested

        void clientCertificateRequested​(byte[] keyTypes,
                                        int[] signatureAlgs,
                                        byte[][] asn1DerEncodedX500Principals)
                                 throws java.security.cert.CertificateEncodingException,
                                        javax.net.ssl.SSLException
        Called on an SSL client when the server requests (or requires a certificate). The client can respond by using SSL_use_certificate and SSL_use_PrivateKey to set a certificate if has an appropriate one available, similar to how the server provides its certificate.
        Parameters:
        keyTypes - key types supported by the server, convertible to strings with #keyType
        asn1DerEncodedX500Principals - CAs known to the server
        Throws:
        java.security.cert.CertificateEncodingException
        javax.net.ssl.SSLException
      • serverCertificateRequested

        void serverCertificateRequested()
                                 throws java.io.IOException
        Called when acting as a server during ClientHello processing before a decision to resume a session is made. This allows the selection of the correct server certificate based on things like Server Name Indication (SNI).
        Throws:
        java.io.IOException - if there was an error during certificate selection.
      • clientPSKKeyRequested

        int clientPSKKeyRequested​(java.lang.String identityHint,
                                  byte[] identity,
                                  byte[] key)
        Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key exchange.
        Parameters:
        identityHint - PSK identity hint provided by the server or null if no hint provided.
        identity - buffer to be populated with PSK identity (NULL-terminated modified UTF-8) by this method. This identity will be provided to the server.
        key - buffer to be populated with key material by this method.
        Returns:
        number of bytes this method stored in the key buffer or 0 if an error occurred in which case the handshake will be aborted.
      • serverPSKKeyRequested

        int serverPSKKeyRequested​(java.lang.String identityHint,
                                  java.lang.String identity,
                                  byte[] key)
        Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key exchange.
        Parameters:
        identityHint - PSK identity hint provided by this server to the client or null if no hint was provided.
        identity - PSK identity provided by the client.
        key - buffer to be populated with key material by this method.
        Returns:
        number of bytes this method stored in the key buffer or 0 if an error occurred in which case the handshake will be aborted.
      • onSSLStateChange

        void onSSLStateChange​(int type,
                              int val)
        Called when SSL state changes. This could be handshake completion.
      • onNewSessionEstablished

        void onNewSessionEstablished​(long sslSessionNativePtr)
        Called when a new session has been established and may be added to the session cache. The callee is responsible for incrementing the reference count on the returned session.
      • serverSessionRequested

        long serverSessionRequested​(byte[] id)
        Called for servers where TLS < 1.3 (TLS 1.3 uses session tickets rather than application session caches).

        Looks up the session by ID in the application's session cache. If a valid session is returned, this callback is responsible for incrementing the reference count (and any required synchronization).

        Parameters:
        id - the ID of the session to find.
        Returns:
        the cached session or 0 if no session was found matching the given ID.
      • selectApplicationProtocol

        int selectApplicationProtocol​(byte[] applicationProtocols)
        Called when acting as a server, the socket has an ApplicationProtocolSelectorAdapter associated with it, and the application protocol needs to be selected.
        Parameters:
        applicationProtocols - list of application protocols in length-prefix format
        Returns:
        the index offset of the selected protocol