Class CertAuthHandler

java.lang.Object
org.mozilla.jss.nss.CertAuthHandler
All Implemented Interfaces:
Runnable
Direct Known Subclasses:
JSSEngineReferenceImpl.CertValidationTask

public abstract class CertAuthHandler extends Object implements Runnable
CertAuthHandler interface enables arbitrary certificate authentication from a NSS cert auth hook. Notably, the return code from check should be a PRErrorCode, else 0. This will be used by NSS to determine the alert to send when closing the connection (in the event of an error). The concern here is that, when this is invoked synchronously, we're called from NSS as called by Java. Certain operations may or may not succeed or work as expected (such as raising an exception, acquiring locks already held, etc.).
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    boolean
    Whether or not the check operation has been executed yet, when invoked via run().
    int
    When invoked via run(), the result of the check operation.
    private SSLFDProxy
    SSLFDProxy instance.
  • Constructor Summary

    Constructors
    Constructor
    Description
    Constructor to store SSLFDProxy information.
  • Method Summary

    Modifier and Type
    Method
    Description
    abstract int
    Returns the PRErrorCode the error validating certificate auth, else 0.
    void
    run()
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Field Details

    • result

      public int result
      When invoked via run(), the result of the check operation.
    • finished

      public boolean finished
      Whether or not the check operation has been executed yet, when invoked via run().
    • ssl_fd

      private SSLFDProxy ssl_fd
      SSLFDProxy instance.
  • Constructor Details

    • CertAuthHandler

      public CertAuthHandler(SSLFDProxy fd)
      Constructor to store SSLFDProxy information. This is useful for implementations which expect to be used via the Runnable interface, instead of called via the synchronous certificate authentication hook in NSS.
  • Method Details

    • check

      public abstract int check(SSLFDProxy fd)
      Returns the PRErrorCode the error validating certificate auth, else 0. Note that it is up to the implementer to fetch the certificates (via SSL.PeerCertificateChain(ssl_fd)) and validate them properly.
    • run

      public void run()
      Specified by:
      run in interface Runnable