Date: Mon, 27 Apr 1998 04:56:20 -0700
From: Jeff.Nisewanger@Eng (Jeff Nisewanger)
Message-Id: <199804271156.EAA03527@puuoo.eng.sun.com>
To: java-security@web1.javasoft.com, teppic@hotmail.com
Subject: Re: What's an SSLSessionBinding event?
> What's an SSLSessionBinding event for?
>
> What sort of object would want to implement SSLSessionBinding
> Listener?
>
> What are an SSLSession's getValue(), putValue() and getValueNames()
> methods uses for?
These can be used by an application to annotate an SSLSession
with application-specific data. The listener can be used to receive
notification when application data is added, removed or changed. There is
need to use this api in order to use SSL. It was intended as a
convenient way of associating application session state and SSL session state.
>
> Oh... and one more: Does the verify() method of the new Certificate
> (javax.security.cert) throw an InvalidKeyException or a
> SignatureException when it fails to verify the signature. I mean; does
> InvalidKeyException signal that the wrong key was passed in, or that
> the wrong type of key was passed.
SignatureException means that the certificate was not signed
with the private key that matches the public key that was passed in -- in
other words the signature did not verify as in
java.security.Signature.verify(). InvalidKeyException means that the public
key passed does not match the algorithm used to sign the certificate.
Jeff