Package org.mozilla.jss.nss
Class BadCertHandler
java.lang.Object
org.mozilla.jss.nss.BadCertHandler
- All Implemented Interfaces:
Runnable
- Direct Known Subclasses:
JSSEngineReferenceImpl.BypassBadHostname
BadAuthHandler interface enables arbitrary certificate authentication
from a NSS cert auth hook.
Notably, the return code from check should be a PRErrorCode, else 0.
This will be used by NSS to determine the alert to send when closing
the connection (in the event of an error).
The concern here is that, when this is invoked synchronously, we're
called from NSS as called by Java. Certain operations may or may not
succeed or work as expected (such as raising an exception, acquiring
locks already held, etc.).
-
Field Summary
FieldsModifier and TypeFieldDescriptionint
When invoked via run(), the error code to pass to the check operation.boolean
Whether or not the check operation has been executed yet, when invoked via run().int
When invoked via run(), the result of the check operation.private SSLFDProxy
SSLFDProxy instance. -
Constructor Summary
ConstructorsConstructorDescriptionBadCertHandler
(SSLFDProxy fd, int error) Constructor to store SSLFDProxy, error information. -
Method Summary
Modifier and TypeMethodDescriptionabstract int
check
(SSLFDProxy fd, int error) Returns the PRErrorCode the error validating certificate auth, else 0.void
run()
-
Field Details
-
error
public int errorWhen invoked via run(), the error code to pass to the check operation. -
result
public int resultWhen invoked via run(), the result of the check operation. -
finished
public boolean finishedWhether or not the check operation has been executed yet, when invoked via run(). -
ssl_fd
SSLFDProxy instance.
-
-
Constructor Details
-
BadCertHandler
Constructor to store SSLFDProxy, error information. This is useful for implementations which expect to be used via the Runnable interface, instead of called via the synchronous certificate authentication hook in NSS.
-
-
Method Details
-
check
Returns the PRErrorCode the error validating certificate auth, else 0. Note that it is up to the implementer to fetch the certificates (via SSL.PeerCertificateChain(ssl_fd)) and validate them properly. Note that returning 0 here means SECis returned -
run
public void run()
-