org.conscrypt

Interface NativeCrypto.SSLHandshakeCallbacks

All Known Implementing Classes:

OpenSSLEngineImpl, OpenSSLEngineSocketImpl, OpenSSLSocketImpl, OpenSSLSocketImplWrapper

Enclosing class:

NativeCrypto

public static interface NativeCrypto.SSLHandshakeCallbacks

A collection of callbacks from the native OpenSSL code that are related to the SSL handshake initiated by SSL_do_handshake.

Method Summary

Modifier and Type	Method and Description
void	clientCertificateRequested(byte[] keyTypes, byte[][] asn1DerEncodedX500Principals) Called on an SSL client when the server requests (or requires a certificate).
int	clientPSKKeyRequested(String identityHint, byte[] identity, byte[] key) Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key exchange.
void	onSSLStateChange(int type, int val) Called when SSL state changes.
int	serverPSKKeyRequested(String identityHint, String identity, byte[] key) Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key exchange.
void	verifyCertificateChain(long[] certificateChainRefs, String authMethod) Verify that we trust the certificate chain is trusted.

Method Detail

verifyCertificateChain

void verifyCertificateChain(long[] certificateChainRefs,
                            String authMethod)
                     throws CertificateException

Verify that we trust the certificate chain is trusted.

Parameters:

certificateChainRefs - chain of X.509 certificate references

authMethod - auth algorithm name

Throws:

CertificateException - if the certificate is untrusted

clientCertificateRequested

void clientCertificateRequested(byte[] keyTypes,
                                byte[][] asn1DerEncodedX500Principals)
                         throws CertificateEncodingException,
                                SSLException

Called on an SSL client when the server requests (or requires a certificate). The client can respond by using SSL_use_certificate and SSL_use_PrivateKey to set a certificate if has an appropriate one available, similar to how the server provides its certificate.

Parameters:

keyTypes - key types supported by the server, convertible to strings with #keyType

asn1DerEncodedX500Principals - CAs known to the server

Throws:

CertificateEncodingException

SSLException

clientPSKKeyRequested

int clientPSKKeyRequested(String identityHint,
                          byte[] identity,
                          byte[] key)

Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key exchange.

Parameters:

identityHint - PSK identity hint provided by the server or null if no hint provided.

identity - buffer to be populated with PSK identity (NULL-terminated modified UTF-8) by this method. This identity will be provided to the server.

key - buffer to be populated with key material by this method.

Returns:

number of bytes this method stored in the key buffer or 0 if an error occurred in which case the handshake will be aborted.

serverPSKKeyRequested

int serverPSKKeyRequested(String identityHint,
                          String identity,
                          byte[] key)

Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key exchange.

Parameters:

identityHint - PSK identity hint provided by this server to the client or null if no hint was provided.

identity - PSK identity provided by the client.

key - buffer to be populated with key material by this method.

Returns:

number of bytes this method stored in the key buffer or 0 if an error occurred in which case the handshake will be aborted.

onSSLStateChange

void onSSLStateChange(int type,
                      int val)

Called when SSL state changes. This could be handshake completion.