| package org.bouncycastle.crypto.tls; |
| |
| import java.io.IOException; |
| import java.util.Hashtable; |
| import java.util.Vector; |
| |
| /** |
| * Interface describing a TLS server endpoint. |
| */ |
| public interface TlsServer |
| extends TlsPeer |
| { |
| void init(TlsServerContext context); |
| |
| void notifyClientVersion(ProtocolVersion clientVersion) throws IOException; |
| |
| void notifyFallback(boolean isFallback) throws IOException; |
| |
| void notifyOfferedCipherSuites(int[] offeredCipherSuites) |
| throws IOException; |
| |
| void notifyOfferedCompressionMethods(short[] offeredCompressionMethods) |
| throws IOException; |
| |
| // Hashtable is (Integer -> byte[]) |
| void processClientExtensions(Hashtable clientExtensions) |
| throws IOException; |
| |
| ProtocolVersion getServerVersion() |
| throws IOException; |
| |
| int getSelectedCipherSuite() |
| throws IOException; |
| |
| short getSelectedCompressionMethod() |
| throws IOException; |
| |
| // Hashtable is (Integer -> byte[]) |
| Hashtable getServerExtensions() |
| throws IOException; |
| |
| // Vector is (SupplementalDataEntry) |
| Vector getServerSupplementalData() |
| throws IOException; |
| |
| TlsCredentials getCredentials() |
| throws IOException; |
| |
| /** |
| * This method will be called (only) if the server included an extension of type |
| * "status_request" with empty "extension_data" in the extended server hello. See <i>RFC 3546 |
| * 3.6. Certificate Status Request</i>. If a non-null {@link CertificateStatus} is returned, it |
| * is sent to the client as a handshake message of type "certificate_status". |
| * |
| * @return A {@link CertificateStatus} to be sent to the client (or null for none). |
| * @throws IOException |
| */ |
| CertificateStatus getCertificateStatus() |
| throws IOException; |
| |
| TlsKeyExchange getKeyExchange() |
| throws IOException; |
| |
| CertificateRequest getCertificateRequest() |
| throws IOException; |
| |
| // Vector is (SupplementalDataEntry) |
| void processClientSupplementalData(Vector clientSupplementalData) |
| throws IOException; |
| |
| /** |
| * Called by the protocol handler to report the client certificate, only if |
| * {@link #getCertificateRequest()} returned non-null. |
| * |
| * Note: this method is responsible for certificate verification and validation. |
| * |
| * @param clientCertificate |
| * the effective client certificate (may be an empty chain). |
| * @throws IOException |
| */ |
| void notifyClientCertificate(Certificate clientCertificate) |
| throws IOException; |
| |
| /** |
| * RFC 5077 3.3. NewSessionTicket Handshake Message. |
| * <p> |
| * This method will be called (only) if a NewSessionTicket extension was sent by the server. See |
| * <i>RFC 5077 4. Recommended Ticket Construction</i> for recommended format and protection. |
| * |
| * @return The ticket. |
| * @throws IOException |
| */ |
| NewSessionTicket getNewSessionTicket() |
| throws IOException; |
| } |