Package org.mozilla.jss.nss
Class SSLChannelInfo
java.lang.Object
org.mozilla.jss.nss.SSLChannelInfo
Class representing the SSLChannelInfo struct from NSS's sslt.h.
This class is a data class; it contains public getters and no
setters. It usually should be constructed via a call to
org.mozilla.jss.nss.SSL.GetChannelInfo(SSLFDProxy inst) rather than
directly constructing an instance.
Note that calling GetChannelInfo prior to the handshake completing on
the socket usually won't work or will give incomplete or inconclusive
results. Use SSL.GetPreliminaryChannelInfo instead and see the
corresponding class, SSLPreliminaryChannelInfo.
Field and getter names match that in the NSS equivalent struct. The only
omitted field is sessionIDLength, since sessionID.length suffices and Java
byte arrays are of fixed, known length.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate int
How many bits are in the authentication key.private SSLAuthType
Authentication type for the cipher suite.private SSLCipher
Which cipher suite is used by this SSL socket.private SSLCompressionMethod
Compression method used in this session.private long
When the session was created, in seconds since Jan 1, 1970.private boolean
Whether or not early data was accepted.private long
When the session expires, in seconds since Jan 1, 1970.private boolean
Whether or not an extended master secret was used for TLS versions less than 1.3.private boolean
This field controls whether or not we have the following two fields: - originalKeaGroup, and - resumed.private boolean
This field controls whether or not we have the peerDelegCred field.private SSLNamedGroup
When keaType is an EC-based cipher, name of the group used in this cipher.private int
How many bits are in the key exchange key.private SSLKEAType
Key exchange algorithm info.private long
When the session was last accessed, in seconds since Jan 1, 1970.private SSLMACAlgorithm
MAC algorithm info.private SSLNamedGroup
This field holds the key exchange algorithm group during the initial handshake.private boolean
Whether or not the peer used a delegated credential for authentication.private SSLVersion
Which protocol version is used by this SSL socket.private boolean
Whether or not this session was resumed.private byte[]
Identifier for this session.private SSLSignatureScheme
Signature scheme used.private SSLCipherAlgorithm
Symmetric cipher algorithm info. -
Constructor Summary
ConstructorsConstructorDescriptionSSLChannelInfo
(int protocolVersion, int cipherSuite, int authKeyBits, int keaKeyBits, long creationTime, long lastAccessTime, long expirationTime, byte[] sessionID, int compressionMethod, boolean extendedMasterSecretUsed, boolean earlyDataAccepted, int keaType, int keaGroup, int symCipher, int macAlgorithm, int authType, int signatureScheme, boolean haveNSS334, int originalKeaGroup, boolean resumed, boolean haveNSS345, boolean peerDelegCred) Constructor used by SSL.GetChannelInfo(...). -
Method Summary
Modifier and TypeMethodDescriptionint
Gets the value of authKeyBits.Gets the value of authType.Gets the value of cipherSuite.Gets the value of compressionMethod.long
Gets the value of creationTime.boolean
Gets the value of earlyDataAccepted.long
Gets the value of expirationTime.boolean
Gets the value of extendedMasterSecretUsed.Gets the value of keaGroup.int
Gets the value of keaKeyBits.Gets the value of keaType.long
Gets the value of lastAccessTime.Gets the value of macAlgorithm.Gets the value of originalKeaGroup; throws an exception when the field isn't available from NSS.boolean
Gets the value of peerDelegCred; throws an exception when the field isn't available from NSS.Gets the value of protocolVersion.boolean
Gets the value of resumed; throws an exception when the field isn't available from NSS.byte[]
Gets the value of sessionID.Gets the value of signatureScheme.Gets the value of symCipher.toString()
Returns a string representation of the data in this data structure.
-
Field Details
-
protocolVersion
Which protocol version is used by this SSL socket. -
cipherSuite
Which cipher suite is used by this SSL socket. -
authKeyBits
private int authKeyBitsHow many bits are in the authentication key. NSS describes this as follows: The strength of the key used to authenticate the peer. Before interpreting this value, check authType, signatureScheme, and peerDelegCred, to determine the type of the key and how it was used. Typically, this is the length of the key from the peer's end-entity certificate. If delegated credentials are used (i.e., peerDelegCred is PR_TRUE), then this is the strength of the delegated credential key. -
keaKeyBits
private int keaKeyBitsHow many bits are in the key exchange key. NSS describes this as follows: key exchange algorithm info -
creationTime
private long creationTimeWhen the session was created, in seconds since Jan 1, 1970. -
lastAccessTime
private long lastAccessTimeWhen the session was last accessed, in seconds since Jan 1, 1970. -
expirationTime
private long expirationTimeWhen the session expires, in seconds since Jan 1, 1970. -
sessionID
private byte[] sessionIDIdentifier for this session. Up to 32 bytes. -
compressionMethod
Compression method used in this session. This field was added in NSS 3.12.5. -
extendedMasterSecretUsed
private boolean extendedMasterSecretUsedWhether or not an extended master secret was used for TLS versions less than 1.3. This field was added in NSS 3.21. -
earlyDataAccepted
private boolean earlyDataAcceptedWhether or not early data was accepted. This field was added in NSS 3.25. NSS has this to say: This field only has meaning in TLS versions greater than or equal to 1.3, and indicates on the client side that the server accepted early (0-RTT) data. -
keaType
Key exchange algorithm info. This field has the same meaning as in SSLCipherSuiteInfo. This field was added in NSS 3.28. -
keaGroup
When keaType is an EC-based cipher, name of the group used in this cipher. This field has the same meaning as in SSLCipherSuiteInfo. This field was added in NSS 3.28. -
symCipher
Symmetric cipher algorithm info. This field has the same meaning as in SSLCipherSuiteInfo. This field was added in NSS 3.28. -
macAlgorithm
MAC algorithm info. This field has the same meaning as in SSLCipherSuiteInfo. This field was added in NSS 3.28. NSS gives the following description of this field in SSLCipherSuiteInfo: AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in bits of the authentication tag. -
authType
Authentication type for the cipher suite. This field has the same meaning as in SSLCipherSuiteInfo. This field was added in NSS 3.28. NSS gives the following description of this field in SSLCipherSuiteInfo: This reports the correct authentication type for the cipher suite, use this instead of |authAlgorithm|. -
signatureScheme
Signature scheme used. This field was added in NSS 3.28. -
haveNSS334
private boolean haveNSS334This field controls whether or not we have the following two fields: - originalKeaGroup, and - resumed. When this field is true, the values of these fields can be trusted. Otherwise, their values should be ignored. The corresponding fields are present when the NSS version used to compile JSS and the runtime version of NSS match, and both have these fields. -
originalKeaGroup
This field holds the key exchange algorithm group during the initial handshake. This field was added in NSS 3.34. NSS has the following description of this field: When the session was resumed this holds the key exchange group of the original handshake. -
resumed
private boolean resumedWhether or not this session was resumed. This field was added in NSS 3.34. -
haveNSS345
private boolean haveNSS345This field controls whether or not we have the peerDelegCred field. When this field is true, the values of these fields can be trusted. Otherwise, their values should be ignored. The corresponding fields are present when the NSS version used to compile JSS and the runtime version of NSS match, and both have these fields. -
peerDelegCred
private boolean peerDelegCredWhether or not the peer used a delegated credential for authentication. This field was added in NSS 3.45.
-
-
Constructor Details
-
SSLChannelInfo
public SSLChannelInfo(int protocolVersion, int cipherSuite, int authKeyBits, int keaKeyBits, long creationTime, long lastAccessTime, long expirationTime, byte[] sessionID, int compressionMethod, boolean extendedMasterSecretUsed, boolean earlyDataAccepted, int keaType, int keaGroup, int symCipher, int macAlgorithm, int authType, int signatureScheme, boolean haveNSS334, int originalKeaGroup, boolean resumed, boolean haveNSS345, boolean peerDelegCred) Constructor used by SSL.GetChannelInfo(...). This translates between ints and enum constants.
-
-
Method Details
-
getProtocolVersion
Gets the value of protocolVersion. See also: protocolVersion -
getCipherSuite
Gets the value of cipherSuite. See also: cipherSuite. -
getAuthKeyBits
public int getAuthKeyBits()Gets the value of authKeyBits. See also: authKeyBits. -
getKeaKeyBits
public int getKeaKeyBits()Gets the value of keaKeyBits. See also: keaKeyBits. -
getCreationTime
public long getCreationTime()Gets the value of creationTime. See also: creationTime. -
getLastAccessTime
public long getLastAccessTime()Gets the value of lastAccessTime. See also: lastAccessTime. -
getExpirationTime
public long getExpirationTime()Gets the value of expirationTime. See also: expirationTime. -
getSessionID
public byte[] getSessionID()Gets the value of sessionID. See also: sessionID. -
getCompressionMethod
Gets the value of compressionMethod. See also: compressionMethod. -
getExtendedMasterSecretUsed
public boolean getExtendedMasterSecretUsed()Gets the value of extendedMasterSecretUsed. See also: extendedMasterSecretUsed. -
getEarlyDataAccepted
public boolean getEarlyDataAccepted()Gets the value of earlyDataAccepted. See also: earlyDataAccepted. -
getKeaType
Gets the value of keaType. See also: keaType. -
getKeaGroup
Gets the value of keaGroup. See also: keaGroup. -
getSymCipher
Gets the value of symCipher. See also: symCipher. -
getMacAlgorithm
Gets the value of macAlgorithm. See also: macAlgorithm. -
getAuthType
Gets the value of authType. See also: authType. -
getSignatureScheme
Gets the value of signatureScheme. See also: signatureScheme. -
getOriginalKeaGroup
Gets the value of originalKeaGroup; throws an exception when the field isn't available from NSS. See also: originalKeaGroup.- Throws:
ObjectNotFoundException
-
getResumed
Gets the value of resumed; throws an exception when the field isn't available from NSS. See also: resumed.- Throws:
ObjectNotFoundException
-
getPeerDelegCred
Gets the value of peerDelegCred; throws an exception when the field isn't available from NSS. See also: peerDelegCred.- Throws:
ObjectNotFoundException
-
toString
Returns a string representation of the data in this data structure.
-