Class SSLChannelInfo

java.lang.Object
org.mozilla.jss.nss.SSLChannelInfo

public class SSLChannelInfo extends Object
Class representing the SSLChannelInfo struct from NSS's sslt.h. This class is a data class; it contains public getters and no setters. It usually should be constructed via a call to org.mozilla.jss.nss.SSL.GetChannelInfo(SSLFDProxy inst) rather than directly constructing an instance. Note that calling GetChannelInfo prior to the handshake completing on the socket usually won't work or will give incomplete or inconclusive results. Use SSL.GetPreliminaryChannelInfo instead and see the corresponding class, SSLPreliminaryChannelInfo. Field and getter names match that in the NSS equivalent struct. The only omitted field is sessionIDLength, since sessionID.length suffices and Java byte arrays are of fixed, known length.
  • Field Details

    • protocolVersion

      private SSLVersion protocolVersion
      Which protocol version is used by this SSL socket.
    • cipherSuite

      private SSLCipher cipherSuite
      Which cipher suite is used by this SSL socket.
    • authKeyBits

      private int authKeyBits
      How many bits are in the authentication key. NSS describes this as follows: The strength of the key used to authenticate the peer. Before interpreting this value, check authType, signatureScheme, and peerDelegCred, to determine the type of the key and how it was used. Typically, this is the length of the key from the peer's end-entity certificate. If delegated credentials are used (i.e., peerDelegCred is PR_TRUE), then this is the strength of the delegated credential key.
    • keaKeyBits

      private int keaKeyBits
      How many bits are in the key exchange key. NSS describes this as follows: key exchange algorithm info
    • creationTime

      private long creationTime
      When the session was created, in seconds since Jan 1, 1970.
    • lastAccessTime

      private long lastAccessTime
      When the session was last accessed, in seconds since Jan 1, 1970.
    • expirationTime

      private long expirationTime
      When the session expires, in seconds since Jan 1, 1970.
    • sessionID

      private byte[] sessionID
      Identifier for this session. Up to 32 bytes.
    • compressionMethod

      private SSLCompressionMethod compressionMethod
      Compression method used in this session. This field was added in NSS 3.12.5.
    • extendedMasterSecretUsed

      private boolean extendedMasterSecretUsed
      Whether or not an extended master secret was used for TLS versions less than 1.3. This field was added in NSS 3.21.
    • earlyDataAccepted

      private boolean earlyDataAccepted
      Whether or not early data was accepted. This field was added in NSS 3.25. NSS has this to say: This field only has meaning in TLS versions greater than or equal to 1.3, and indicates on the client side that the server accepted early (0-RTT) data.
    • keaType

      private SSLKEAType keaType
      Key exchange algorithm info. This field has the same meaning as in SSLCipherSuiteInfo. This field was added in NSS 3.28.
    • keaGroup

      private SSLNamedGroup keaGroup
      When keaType is an EC-based cipher, name of the group used in this cipher. This field has the same meaning as in SSLCipherSuiteInfo. This field was added in NSS 3.28.
    • symCipher

      private SSLCipherAlgorithm symCipher
      Symmetric cipher algorithm info. This field has the same meaning as in SSLCipherSuiteInfo. This field was added in NSS 3.28.
    • macAlgorithm

      private SSLMACAlgorithm macAlgorithm
      MAC algorithm info. This field has the same meaning as in SSLCipherSuiteInfo. This field was added in NSS 3.28. NSS gives the following description of this field in SSLCipherSuiteInfo: AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in bits of the authentication tag.
    • authType

      private SSLAuthType authType
      Authentication type for the cipher suite. This field has the same meaning as in SSLCipherSuiteInfo. This field was added in NSS 3.28. NSS gives the following description of this field in SSLCipherSuiteInfo: This reports the correct authentication type for the cipher suite, use this instead of |authAlgorithm|.
    • signatureScheme

      private SSLSignatureScheme signatureScheme
      Signature scheme used. This field was added in NSS 3.28.
    • haveNSS334

      private boolean haveNSS334
      This field controls whether or not we have the following two fields: - originalKeaGroup, and - resumed. When this field is true, the values of these fields can be trusted. Otherwise, their values should be ignored. The corresponding fields are present when the NSS version used to compile JSS and the runtime version of NSS match, and both have these fields.
    • originalKeaGroup

      private SSLNamedGroup originalKeaGroup
      This field holds the key exchange algorithm group during the initial handshake. This field was added in NSS 3.34. NSS has the following description of this field: When the session was resumed this holds the key exchange group of the original handshake.
    • resumed

      private boolean resumed
      Whether or not this session was resumed. This field was added in NSS 3.34.
    • haveNSS345

      private boolean haveNSS345
      This field controls whether or not we have the peerDelegCred field. When this field is true, the values of these fields can be trusted. Otherwise, their values should be ignored. The corresponding fields are present when the NSS version used to compile JSS and the runtime version of NSS match, and both have these fields.
    • peerDelegCred

      private boolean peerDelegCred
      Whether or not the peer used a delegated credential for authentication. This field was added in NSS 3.45.
  • Constructor Details

    • SSLChannelInfo

      public SSLChannelInfo(int protocolVersion, int cipherSuite, int authKeyBits, int keaKeyBits, long creationTime, long lastAccessTime, long expirationTime, byte[] sessionID, int compressionMethod, boolean extendedMasterSecretUsed, boolean earlyDataAccepted, int keaType, int keaGroup, int symCipher, int macAlgorithm, int authType, int signatureScheme, boolean haveNSS334, int originalKeaGroup, boolean resumed, boolean haveNSS345, boolean peerDelegCred)
      Constructor used by SSL.GetChannelInfo(...). This translates between ints and enum constants.
  • Method Details

    • getProtocolVersion

      public SSLVersion getProtocolVersion()
      Gets the value of protocolVersion. See also: protocolVersion
    • getCipherSuite

      public SSLCipher getCipherSuite()
      Gets the value of cipherSuite. See also: cipherSuite.
    • getAuthKeyBits

      public int getAuthKeyBits()
      Gets the value of authKeyBits. See also: authKeyBits.
    • getKeaKeyBits

      public int getKeaKeyBits()
      Gets the value of keaKeyBits. See also: keaKeyBits.
    • getCreationTime

      public long getCreationTime()
      Gets the value of creationTime. See also: creationTime.
    • getLastAccessTime

      public long getLastAccessTime()
      Gets the value of lastAccessTime. See also: lastAccessTime.
    • getExpirationTime

      public long getExpirationTime()
      Gets the value of expirationTime. See also: expirationTime.
    • getSessionID

      public byte[] getSessionID()
      Gets the value of sessionID. See also: sessionID.
    • getCompressionMethod

      public SSLCompressionMethod getCompressionMethod()
      Gets the value of compressionMethod. See also: compressionMethod.
    • getExtendedMasterSecretUsed

      public boolean getExtendedMasterSecretUsed()
      Gets the value of extendedMasterSecretUsed. See also: extendedMasterSecretUsed.
    • getEarlyDataAccepted

      public boolean getEarlyDataAccepted()
      Gets the value of earlyDataAccepted. See also: earlyDataAccepted.
    • getKeaType

      public SSLKEAType getKeaType()
      Gets the value of keaType. See also: keaType.
    • getKeaGroup

      public SSLNamedGroup getKeaGroup()
      Gets the value of keaGroup. See also: keaGroup.
    • getSymCipher

      public SSLCipherAlgorithm getSymCipher()
      Gets the value of symCipher. See also: symCipher.
    • getMacAlgorithm

      public SSLMACAlgorithm getMacAlgorithm()
      Gets the value of macAlgorithm. See also: macAlgorithm.
    • getAuthType

      public SSLAuthType getAuthType()
      Gets the value of authType. See also: authType.
    • getSignatureScheme

      public SSLSignatureScheme getSignatureScheme()
      Gets the value of signatureScheme. See also: signatureScheme.
    • getOriginalKeaGroup

      public SSLNamedGroup getOriginalKeaGroup() throws ObjectNotFoundException
      Gets the value of originalKeaGroup; throws an exception when the field isn't available from NSS. See also: originalKeaGroup.
      Throws:
      ObjectNotFoundException
    • getResumed

      public boolean getResumed() throws ObjectNotFoundException
      Gets the value of resumed; throws an exception when the field isn't available from NSS. See also: resumed.
      Throws:
      ObjectNotFoundException
    • getPeerDelegCred

      public boolean getPeerDelegCred() throws ObjectNotFoundException
      Gets the value of peerDelegCred; throws an exception when the field isn't available from NSS. See also: peerDelegCred.
      Throws:
      ObjectNotFoundException
    • toString

      public String toString()
      Returns a string representation of the data in this data structure.
      Overrides:
      toString in class Object