Class SSLPreliminaryChannelInfo

java.lang.Object
org.mozilla.jss.nss.SSLPreliminaryChannelInfo

public class SSLPreliminaryChannelInfo extends Object
Class representing the SSLPreliminaryChannelInfo struct from NSS's sslt.h. This class is a data class; it contains getters and no setters. It usually should be constructed via a call to org.mozilla.jss.nss.SSL.GetPreliminaryChannelInfo(SSLFDProxy inst) rather than directly constructing an instance. This class works regardless of handshake status; in particular, it will succeed when called early in the handshake. If a given set of fields are known, support will be indicated via the haveFIELD functions. If the value of this field isn't yet known, the function will return false. Field and getter names match that in the NSS equivalent struct. No fields have been omitted.
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    private int
    How many bits are in the authentication key.
    private boolean
    Whether or not early data can be sent.
    private SSLCipher
    Which cipher suite is used by this SSL socket.
    private boolean
    This field controls whether or not we have the zeroRttCipherSuite field.
    private boolean
    This field controls whether or not we have the following three fields: - peerDelegCred, - authKeyBits, and - signatureScheme.
    private long
    The maximum amount of early data that can be sent.
    private boolean
    Whether or not the peer has offered a delegated field.
    private SSLVersion
    Which protocol version is used by this SSL socket.
    Signature scheme used.
    private long
    Internal integer representing the fields with available data.
    private SSLCipher
    Which cipher suite is in use for 0RTT TLS 1.3 connections.
  • Constructor Summary

    Constructors
    Constructor
    Description
    SSLPreliminaryChannelInfo(long valuesSet, int protocolVersion, int cipherSuite, boolean canSendEarlyData, long maxEarlyDataSize, boolean haveNSS343, int zeroRttCipherSuite, boolean haveNSS348, boolean peerDelegCred, int authKeyBits, int signatureScheme)
    Constructor used by SSL.GetPreliminaryChannelInfo(...).
  • Method Summary

    Modifier and Type
    Method
    Description
    int
    Gets the value of authKeyBits; throws an exception when the value isn't yet available.
    Gets the value of cipherSuite; throws an exception when the value isn't yet available.
    boolean
    Gets the value of peerDelegCred; throws an exception when the value isn't yet available.
    Gets the value of protocolVersion; throws an exception when the value isn't yet available.
    Gets the value of signatureScheme; throws an exception when the value isn't yet available.
    Gets the value of zeroRttCipherSuite; throws an exception when the value isn't yet available.
    boolean
    Check this to see whether the value of cipherSuite can be used.
    private boolean
    haveField(long mask)
    Helper to check the valueSet bitmask for availability of the specified field.
    boolean
    Check this to see whether the value of the peerDelegCred, authKeyBits, and signatureScheme fields can be used.
    boolean
    Check this to see whether the value of protocolVersion can be used.
    boolean
    Check this to see whether the value of zeroRttCipherSuite can be used.
    Returns a string representation of the data in this data structure.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
  • Field Details

    • valuesSet

      private long valuesSet
      Internal integer representing the fields with available data.
    • protocolVersion

      private SSLVersion protocolVersion
      Which protocol version is used by this SSL socket.
    • cipherSuite

      private SSLCipher cipherSuite
      Which cipher suite is used by this SSL socket.
    • canSendEarlyData

      private boolean canSendEarlyData
      Whether or not early data can be sent. This field was added in NSS 3.29. NSS gives the following description about this field: |canSendEarlyData| is true when a 0-RTT is enabled. This can only be true after sending the ClientHello and before the handshake completes.
    • maxEarlyDataSize

      private long maxEarlyDataSize
      The maximum amount of early data that can be sent. This field was added in NSS 3.31. NSS gives the following description of this field: The number of early data octets that a client is permitted to send on this connection. The value will be zero if the connection was not resumed or early data is not permitted. For a client, this value only has meaning if |canSendEarlyData| is true. For a server, this indicates the value that was advertised in the session ticket that was used to resume this session.
    • haveNSS343

      private boolean haveNSS343
      This field controls whether or not we have the zeroRttCipherSuite field. When this field is true, zeroRttCipherSuite could be set with a value. Otherwise, its value should be ignored. Check the corresponding field function, haveZeroRttCipherSuite(), to see whether the handshake has progressed far enough for this field to have a value. Note that the corresponding field is present when the version NSS used to compile JSS and the runtime version of NSS match, and both have this field.
    • zeroRttCipherSuite

      private SSLCipher zeroRttCipherSuite
      Which cipher suite is in use for 0RTT TLS 1.3 connections. This field was added in NSS 3.43. NSS gives the following description of this field: This reports the cipher suite used for 0-RTT if it sent or accepted. For a client, this is set earlier than |cipherSuite|, and will match that value if 0-RTT is accepted by the server. The server only sets this after accepting 0-RTT, so this will contain the same value.
    • haveNSS348

      private boolean haveNSS348
      This field controls whether or not we have the following three fields: - peerDelegCred, - authKeyBits, and - signatureScheme. When this field is true, these fields could be set with a value. Otherwise, their values should be ignored. Check the corresponding field function, havePeerAuth(), to see whether the handshake has progressed far enough for this field to have a value. Note that the corresponding fields are present when the version NSS used to compile JSS and the runtime version of NSS match, and both have these fields.
    • peerDelegCred

      private boolean peerDelegCred
      Whether or not the peer has offered a delegated field. This field was added in NSS 3.48. NSS gives the following description of these three fields: These fields contain information about the key that will be used in the CertificateVerify message. If Delegated Credentials are being used, this is the DC-contained SPKI, else the EE-cert SPKI. These fields are valid only after the Certificate message is handled. This can be determined by checking the valuesSet field against |ssl_preinfo_peer_auth|.
    • authKeyBits

      private int authKeyBits
      How many bits are in the authentication key. This field was added in NSS 3.48. See also: peerDelegCred and SSLChannelInfo's authKeyBits field.
    • signatureScheme

      private SSLSignatureScheme signatureScheme
      Signature scheme used. This field was added in NSS 3.48. See also: peerDelegCred and SSLChannelInfo's signatureScheme field.
  • Constructor Details

    • SSLPreliminaryChannelInfo

      public SSLPreliminaryChannelInfo(long valuesSet, int protocolVersion, int cipherSuite, boolean canSendEarlyData, long maxEarlyDataSize, boolean haveNSS343, int zeroRttCipherSuite, boolean haveNSS348, boolean peerDelegCred, int authKeyBits, int signatureScheme)
      Constructor used by SSL.GetPreliminaryChannelInfo(...). This translates between ints and enum constants.
  • Method Details

    • haveField

      private boolean haveField(long mask)
      Helper to check the valueSet bitmask for availability of the specified field.
    • haveProtocolVersion

      public boolean haveProtocolVersion()
      Check this to see whether the value of protocolVersion can be used. Returns true if the handshake has progressed far enough for the value of the field to be determined.
    • haveCipherSuite

      public boolean haveCipherSuite()
      Check this to see whether the value of cipherSuite can be used. Returns true if the handshake has progressed far enough for the value of the field to be determined.
    • haveZeroRttCipherSuite

      public boolean haveZeroRttCipherSuite()
      Check this to see whether the value of zeroRttCipherSuite can be used. Returns true if the handshake has progressed far enough for the value of the field to be determined.
    • havePeerAuth

      public boolean havePeerAuth()
      Check this to see whether the value of the peerDelegCred, authKeyBits, and signatureScheme fields can be used. Returns true if the handshake has progressed far enough for the value of the fields to be determined.
    • getProtocolVersion

      public SSLVersion getProtocolVersion() throws ObjectNotFoundException
      Gets the value of protocolVersion; throws an exception when the value isn't yet available. See also: protocolVersion.
      Throws:
      ObjectNotFoundException
    • getCipherSuite

      public SSLCipher getCipherSuite() throws ObjectNotFoundException
      Gets the value of cipherSuite; throws an exception when the value isn't yet available. See also: cipherSuite.
      Throws:
      ObjectNotFoundException
    • getZeroRttCipherSuite

      public SSLCipher getZeroRttCipherSuite() throws ObjectNotFoundException
      Gets the value of zeroRttCipherSuite; throws an exception when the value isn't yet available. See also: zeroRttCipherSuite.
      Throws:
      ObjectNotFoundException
    • getPeerDelegCred

      public boolean getPeerDelegCred() throws ObjectNotFoundException
      Gets the value of peerDelegCred; throws an exception when the value isn't yet available. See also: peerDelegCred.
      Throws:
      ObjectNotFoundException
    • getAuthKeyBits

      public int getAuthKeyBits() throws ObjectNotFoundException
      Gets the value of authKeyBits; throws an exception when the value isn't yet available. See also: authKeyBits.
      Throws:
      ObjectNotFoundException
    • getSignatureScheme

      public SSLSignatureScheme getSignatureScheme() throws ObjectNotFoundException
      Gets the value of signatureScheme; throws an exception when the value isn't yet available. See also: signatureScheme.
      Throws:
      ObjectNotFoundException
    • toString

      public String toString()
      Returns a string representation of the data in this data structure.
      Overrides:
      toString in class Object