Package org.conscrypt

Interface NativeCrypto.SSLHandshakeCallbacks

All Known Implementing Classes:
ConscryptEngine, ConscryptFileDescriptorSocket, Java8FileDescriptorSocket
Enclosing class:
NativeCrypto

static interface NativeCrypto.SSLHandshakeCallbacks
A collection of callbacks from the native OpenSSL code that are related to the SSL handshake initiated by SSL_do_handshake.
  • Method Summary

    Modifier and Type
    Method
    Description
    void
    clientCertificateRequested(byte[] keyTypes, int[] signatureAlgs, byte[][] asn1DerEncodedX500Principals)
    Called on an SSL client when the server requests (or requires a certificate).
    int
    clientPSKKeyRequested(String identityHint, byte[] identity, byte[] key)
    Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key exchange.
    void
    onNewSessionEstablished(long sslSessionNativePtr)
    Called when a new session has been established and may be added to the session cache.
    void
    onSSLStateChange(int type, int val)
    Called when SSL state changes.
    int
    selectApplicationProtocol(byte[] applicationProtocols)
    Called when acting as a server, the socket has an ApplicationProtocolSelectorAdapter associated with it, and the application protocol needs to be selected.
    void
    Called when acting as a server during ClientHello processing before a decision to resume a session is made.
    int
    serverPSKKeyRequested(String identityHint, String identity, byte[] key)
    Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key exchange.
    long
    Called for servers where TLS invalid input: '<' 1.3 (TLS 1.3 uses session tickets rather than application session caches).
    void
    verifyCertificateChain(byte[][] certificateChain, String authMethod)
    Verify that the certificate chain is trusted.
  • Method Details

    • verifyCertificateChain

      void verifyCertificateChain(byte[][] certificateChain, String authMethod) throws CertificateException
      Verify that the certificate chain is trusted.
      Parameters:
      certificateChain - chain of X.509 certificates in their encoded form
      authMethod - auth algorithm name
      Throws:
      CertificateException - if the certificate is untrusted
    • clientCertificateRequested

      void clientCertificateRequested(byte[] keyTypes, int[] signatureAlgs, byte[][] asn1DerEncodedX500Principals) throws CertificateEncodingException, SSLException
      Called on an SSL client when the server requests (or requires a certificate). The client can respond by using SSL_use_certificate and SSL_use_PrivateKey to set a certificate if has an appropriate one available, similar to how the server provides its certificate.
      Parameters:
      keyTypes - key types supported by the server, convertible to strings with #keyType
      asn1DerEncodedX500Principals - CAs known to the server
      Throws:
      CertificateEncodingException
      SSLException
    • serverCertificateRequested

      void serverCertificateRequested() throws IOException
      Called when acting as a server during ClientHello processing before a decision to resume a session is made. This allows the selection of the correct server certificate based on things like Server Name Indication (SNI).
      Throws:
      IOException - if there was an error during certificate selection.
    • clientPSKKeyRequested

      int clientPSKKeyRequested(String identityHint, byte[] identity, byte[] key)
      Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key exchange.
      Parameters:
      identityHint - PSK identity hint provided by the server or null if no hint provided.
      identity - buffer to be populated with PSK identity (NULL-terminated modified UTF-8) by this method. This identity will be provided to the server.
      key - buffer to be populated with key material by this method.
      Returns:
      number of bytes this method stored in the key buffer or 0 if an error occurred in which case the handshake will be aborted.
    • serverPSKKeyRequested

      int serverPSKKeyRequested(String identityHint, String identity, byte[] key)
      Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key exchange.
      Parameters:
      identityHint - PSK identity hint provided by this server to the client or null if no hint was provided.
      identity - PSK identity provided by the client.
      key - buffer to be populated with key material by this method.
      Returns:
      number of bytes this method stored in the key buffer or 0 if an error occurred in which case the handshake will be aborted.
    • onSSLStateChange

      void onSSLStateChange(int type, int val)
      Called when SSL state changes. This could be handshake completion.
    • onNewSessionEstablished

      void onNewSessionEstablished(long sslSessionNativePtr)
      Called when a new session has been established and may be added to the session cache. The callee is responsible for incrementing the reference count on the returned session.
    • serverSessionRequested

      long serverSessionRequested(byte[] id)
      Called for servers where TLS invalid input: '<' 1.3 (TLS 1.3 uses session tickets rather than application session caches).

      Looks up the session by ID in the application's session cache. If a valid session is returned, this callback is responsible for incrementing the reference count (and any required synchronization).

      Parameters:
      id - the ID of the session to find.
      Returns:
      the cached session or 0 if no session was found matching the given ID.
    • selectApplicationProtocol

      int selectApplicationProtocol(byte[] applicationProtocols)
      Called when acting as a server, the socket has an ApplicationProtocolSelectorAdapter associated with it, and the application protocol needs to be selected.
      Parameters:
      applicationProtocols - list of application protocols in length-prefix format
      Returns:
      the index offset of the selected protocol