Package org.mozilla.jss.nss
Class SSLPreliminaryChannelInfo
java.lang.Object
org.mozilla.jss.nss.SSLPreliminaryChannelInfo
Class representing the SSLPreliminaryChannelInfo struct from NSS's sslt.h.
This class is a data class; it contains getters and no setters. It usually
should be constructed via a call to
org.mozilla.jss.nss.SSL.GetPreliminaryChannelInfo(SSLFDProxy inst) rather
than directly constructing an instance.
This class works regardless of handshake status; in particular, it will
succeed when called early in the handshake. If a given set of fields are
known, support will be indicated via the haveFIELD functions. If the value
of this field isn't yet known, the function will return false.
Field and getter names match that in the NSS equivalent struct. No fields
have been omitted.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate int
How many bits are in the authentication key.private boolean
Whether or not early data can be sent.private SSLCipher
Which cipher suite is used by this SSL socket.private boolean
This field controls whether or not we have the zeroRttCipherSuite field.private boolean
This field controls whether or not we have the following three fields: - peerDelegCred, - authKeyBits, and - signatureScheme.private long
The maximum amount of early data that can be sent.private boolean
Whether or not the peer has offered a delegated field.private SSLVersion
Which protocol version is used by this SSL socket.private SSLSignatureScheme
Signature scheme used.private long
Internal integer representing the fields with available data.private SSLCipher
Which cipher suite is in use for 0RTT TLS 1.3 connections. -
Constructor Summary
ConstructorsConstructorDescriptionSSLPreliminaryChannelInfo
(long valuesSet, int protocolVersion, int cipherSuite, boolean canSendEarlyData, long maxEarlyDataSize, boolean haveNSS343, int zeroRttCipherSuite, boolean haveNSS348, boolean peerDelegCred, int authKeyBits, int signatureScheme) Constructor used by SSL.GetPreliminaryChannelInfo(...). -
Method Summary
Modifier and TypeMethodDescriptionint
Gets the value of authKeyBits; throws an exception when the value isn't yet available.Gets the value of cipherSuite; throws an exception when the value isn't yet available.boolean
Gets the value of peerDelegCred; throws an exception when the value isn't yet available.Gets the value of protocolVersion; throws an exception when the value isn't yet available.Gets the value of signatureScheme; throws an exception when the value isn't yet available.Gets the value of zeroRttCipherSuite; throws an exception when the value isn't yet available.boolean
Check this to see whether the value of cipherSuite can be used.private boolean
haveField
(long mask) Helper to check the valueSet bitmask for availability of the specified field.boolean
Check this to see whether the value of the peerDelegCred, authKeyBits, and signatureScheme fields can be used.boolean
Check this to see whether the value of protocolVersion can be used.boolean
Check this to see whether the value of zeroRttCipherSuite can be used.toString()
Returns a string representation of the data in this data structure.
-
Field Details
-
valuesSet
private long valuesSetInternal integer representing the fields with available data. -
protocolVersion
Which protocol version is used by this SSL socket. -
cipherSuite
Which cipher suite is used by this SSL socket. -
canSendEarlyData
private boolean canSendEarlyDataWhether or not early data can be sent. This field was added in NSS 3.29. NSS gives the following description about this field: |canSendEarlyData| is true when a 0-RTT is enabled. This can only be true after sending the ClientHello and before the handshake completes. -
maxEarlyDataSize
private long maxEarlyDataSizeThe maximum amount of early data that can be sent. This field was added in NSS 3.31. NSS gives the following description of this field: The number of early data octets that a client is permitted to send on this connection. The value will be zero if the connection was not resumed or early data is not permitted. For a client, this value only has meaning if |canSendEarlyData| is true. For a server, this indicates the value that was advertised in the session ticket that was used to resume this session. -
haveNSS343
private boolean haveNSS343This field controls whether or not we have the zeroRttCipherSuite field. When this field is true, zeroRttCipherSuite could be set with a value. Otherwise, its value should be ignored. Check the corresponding field function, haveZeroRttCipherSuite(), to see whether the handshake has progressed far enough for this field to have a value. Note that the corresponding field is present when the version NSS used to compile JSS and the runtime version of NSS match, and both have this field. -
zeroRttCipherSuite
Which cipher suite is in use for 0RTT TLS 1.3 connections. This field was added in NSS 3.43. NSS gives the following description of this field: This reports the cipher suite used for 0-RTT if it sent or accepted. For a client, this is set earlier than |cipherSuite|, and will match that value if 0-RTT is accepted by the server. The server only sets this after accepting 0-RTT, so this will contain the same value. -
haveNSS348
private boolean haveNSS348This field controls whether or not we have the following three fields: - peerDelegCred, - authKeyBits, and - signatureScheme. When this field is true, these fields could be set with a value. Otherwise, their values should be ignored. Check the corresponding field function, havePeerAuth(), to see whether the handshake has progressed far enough for this field to have a value. Note that the corresponding fields are present when the version NSS used to compile JSS and the runtime version of NSS match, and both have these fields. -
peerDelegCred
private boolean peerDelegCredWhether or not the peer has offered a delegated field. This field was added in NSS 3.48. NSS gives the following description of these three fields: These fields contain information about the key that will be used in the CertificateVerify message. If Delegated Credentials are being used, this is the DC-contained SPKI, else the EE-cert SPKI. These fields are valid only after the Certificate message is handled. This can be determined by checking the valuesSet field against |ssl_preinfo_peer_auth|. -
authKeyBits
private int authKeyBitsHow many bits are in the authentication key. This field was added in NSS 3.48. See also: peerDelegCred and SSLChannelInfo's authKeyBits field. -
signatureScheme
Signature scheme used. This field was added in NSS 3.48. See also: peerDelegCred and SSLChannelInfo's signatureScheme field.
-
-
Constructor Details
-
SSLPreliminaryChannelInfo
public SSLPreliminaryChannelInfo(long valuesSet, int protocolVersion, int cipherSuite, boolean canSendEarlyData, long maxEarlyDataSize, boolean haveNSS343, int zeroRttCipherSuite, boolean haveNSS348, boolean peerDelegCred, int authKeyBits, int signatureScheme) Constructor used by SSL.GetPreliminaryChannelInfo(...). This translates between ints and enum constants.
-
-
Method Details
-
haveField
private boolean haveField(long mask) Helper to check the valueSet bitmask for availability of the specified field. -
haveProtocolVersion
public boolean haveProtocolVersion()Check this to see whether the value of protocolVersion can be used. Returns true if the handshake has progressed far enough for the value of the field to be determined. -
haveCipherSuite
public boolean haveCipherSuite()Check this to see whether the value of cipherSuite can be used. Returns true if the handshake has progressed far enough for the value of the field to be determined. -
haveZeroRttCipherSuite
public boolean haveZeroRttCipherSuite()Check this to see whether the value of zeroRttCipherSuite can be used. Returns true if the handshake has progressed far enough for the value of the field to be determined. -
havePeerAuth
public boolean havePeerAuth()Check this to see whether the value of the peerDelegCred, authKeyBits, and signatureScheme fields can be used. Returns true if the handshake has progressed far enough for the value of the fields to be determined. -
getProtocolVersion
Gets the value of protocolVersion; throws an exception when the value isn't yet available. See also: protocolVersion.- Throws:
ObjectNotFoundException
-
getCipherSuite
Gets the value of cipherSuite; throws an exception when the value isn't yet available. See also: cipherSuite.- Throws:
ObjectNotFoundException
-
getZeroRttCipherSuite
Gets the value of zeroRttCipherSuite; throws an exception when the value isn't yet available. See also: zeroRttCipherSuite.- Throws:
ObjectNotFoundException
-
getPeerDelegCred
Gets the value of peerDelegCred; throws an exception when the value isn't yet available. See also: peerDelegCred.- Throws:
ObjectNotFoundException
-
getAuthKeyBits
Gets the value of authKeyBits; throws an exception when the value isn't yet available. See also: authKeyBits.- Throws:
ObjectNotFoundException
-
getSignatureScheme
Gets the value of signatureScheme; throws an exception when the value isn't yet available. See also: signatureScheme.- Throws:
ObjectNotFoundException
-
toString
Returns a string representation of the data in this data structure.
-