Package org.bouncycastle.tls
Interface TlsServer
-
- All Superinterfaces:
TlsPeer
- All Known Implementing Classes:
AbstractTlsServer
,DefaultTlsServer
,PSKTlsServer
,SRPTlsServer
public interface TlsServer extends TlsPeer
Interface describing a TLS server endpoint.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description CertificateRequest
getCertificateRequest()
CertificateStatus
getCertificateStatus()
This method will be called (only) if the server included an extension of type "status_request" with empty "extension_data" in the extended server hello.TlsCredentials
getCredentials()
Return server credentials to use.TlsDHConfig
getDHConfig()
TlsECConfig
getECDHConfig()
TlsPSKExternal
getExternalPSK(java.util.Vector identities)
WARNING: EXPERIMENTAL FEATURE, UNSTABLE API Return theexternal PSK
to select from the ClientHello.byte[]
getNewSessionID()
NewSessionTicket
getNewSessionTicket()
RFC 5077 3.3.TlsPSKIdentityManager
getPSKIdentityManager()
int
getSelectedCipherSuite()
java.util.Hashtable
getServerExtensions()
void
getServerExtensionsForConnection(java.util.Hashtable serverExtensions)
java.util.Vector
getServerSupplementalData()
ProtocolVersion
getServerVersion()
TlsSession
getSessionToResume(byte[] sessionID)
Return the specified session, if available.TlsSRPLoginParameters
getSRPLoginParameters()
int[]
getSupportedGroups()
void
init(TlsServerContext context)
void
notifyClientCertificate(Certificate clientCertificate)
Called by the protocol handler to report the client certificate, only ifgetCertificateRequest()
returned non-null.void
notifyClientVersion(ProtocolVersion clientVersion)
void
notifyFallback(boolean isFallback)
void
notifyOfferedCipherSuites(int[] offeredCipherSuites)
void
notifySession(TlsSession session)
boolean
preferLocalSupportedGroups()
void
processClientExtensions(java.util.Hashtable clientExtensions)
void
processClientSupplementalData(java.util.Vector clientSupplementalData)
-
Methods inherited from interface org.bouncycastle.tls.TlsPeer
allowLegacyResumption, cancel, getCipherSuites, getCrypto, getHandshakeResendTimeMillis, getHandshakeTimeoutMillis, getHeartbeat, getHeartbeatPolicy, getKeyExchangeFactory, getMaxCertificateChainLength, getMaxHandshakeMessageSize, getProtocolVersions, getPskKeyExchangeModes, getRenegotiationPolicy, notifyAlertRaised, notifyAlertReceived, notifyCloseHandle, notifyConnectionClosed, notifyHandshakeBeginning, notifyHandshakeComplete, notifySecureRenegotiation, requiresCloseNotify, requiresExtendedMasterSecret, shouldCheckSigAlgOfPeerCerts, shouldUseExtendedMasterSecret, shouldUseExtendedPadding, shouldUseGMTUnixTime
-
-
-
-
Method Detail
-
preferLocalSupportedGroups
boolean preferLocalSupportedGroups()
-
init
void init(TlsServerContext context)
-
getSessionToResume
TlsSession getSessionToResume(byte[] sessionID)
Return the specified session, if available. Note that the peer's certificate chain for the session (if any) may need to be periodically revalidated.- Parameters:
sessionID
- the ID of the session to resume.- Returns:
- A
TlsSession
with the specified session ID, or null. - See Also:
SessionParameters.getPeerCertificate()
-
getNewSessionID
byte[] getNewSessionID()
-
getExternalPSK
TlsPSKExternal getExternalPSK(java.util.Vector identities)
WARNING: EXPERIMENTAL FEATURE, UNSTABLE API Return theexternal PSK
to select from the ClientHello. Note that this will only be called when TLS 1.3 or higher is amongst the offered protocol versions, and one or more PSKs are actually offered.- Parameters:
identities
- aVector
ofPskIdentity
instances.- Returns:
- the
TlsPSKExternal
corresponding to the selected identity, or null to not select any.
-
notifySession
void notifySession(TlsSession session)
-
notifyClientVersion
void notifyClientVersion(ProtocolVersion clientVersion) throws java.io.IOException
- Throws:
java.io.IOException
-
notifyFallback
void notifyFallback(boolean isFallback) throws java.io.IOException
- Throws:
java.io.IOException
-
notifyOfferedCipherSuites
void notifyOfferedCipherSuites(int[] offeredCipherSuites) throws java.io.IOException
- Throws:
java.io.IOException
-
processClientExtensions
void processClientExtensions(java.util.Hashtable clientExtensions) throws java.io.IOException
- Throws:
java.io.IOException
-
getServerVersion
ProtocolVersion getServerVersion() throws java.io.IOException
- Throws:
java.io.IOException
-
getSupportedGroups
int[] getSupportedGroups() throws java.io.IOException
- Throws:
java.io.IOException
-
getSelectedCipherSuite
int getSelectedCipherSuite() throws java.io.IOException
- Throws:
java.io.IOException
-
getServerExtensions
java.util.Hashtable getServerExtensions() throws java.io.IOException
- Throws:
java.io.IOException
-
getServerExtensionsForConnection
void getServerExtensionsForConnection(java.util.Hashtable serverExtensions) throws java.io.IOException
- Throws:
java.io.IOException
-
getServerSupplementalData
java.util.Vector getServerSupplementalData() throws java.io.IOException
- Throws:
java.io.IOException
-
getCredentials
TlsCredentials getCredentials() throws java.io.IOException
Return server credentials to use. The returned value may be null, or else it MUST implement exactly one ofTlsCredentialedAgreement
,TlsCredentialedDecryptor
, orTlsCredentialedSigner
, depending on the key exchange that was negotiated.- Returns:
- a TlsCredentials object or null for anonymous key exchanges
- Throws:
java.io.IOException
-
getCertificateStatus
CertificateStatus getCertificateStatus() throws java.io.IOException
This method will be called (only) if the server included an extension of type "status_request" with empty "extension_data" in the extended server hello. See RFC 3546 3.6. Certificate Status Request. If a non-nullCertificateStatus
is returned, it is sent to the client as a handshake message of type "certificate_status".- Returns:
- A
CertificateStatus
to be sent to the client (or null for none). - Throws:
java.io.IOException
-
getCertificateRequest
CertificateRequest getCertificateRequest() throws java.io.IOException
- Throws:
java.io.IOException
-
getPSKIdentityManager
TlsPSKIdentityManager getPSKIdentityManager() throws java.io.IOException
- Throws:
java.io.IOException
-
getSRPLoginParameters
TlsSRPLoginParameters getSRPLoginParameters() throws java.io.IOException
- Throws:
java.io.IOException
-
getDHConfig
TlsDHConfig getDHConfig() throws java.io.IOException
- Throws:
java.io.IOException
-
getECDHConfig
TlsECConfig getECDHConfig() throws java.io.IOException
- Throws:
java.io.IOException
-
processClientSupplementalData
void processClientSupplementalData(java.util.Vector clientSupplementalData) throws java.io.IOException
- Throws:
java.io.IOException
-
notifyClientCertificate
void notifyClientCertificate(Certificate clientCertificate) throws java.io.IOException
Called by the protocol handler to report the client certificate, only ifgetCertificateRequest()
returned non-null. Note: this method is responsible for certificate verification and validation.- Parameters:
clientCertificate
- the effective client certificate (may be an empty chain).- Throws:
java.io.IOException
-
getNewSessionTicket
NewSessionTicket getNewSessionTicket() throws java.io.IOException
RFC 5077 3.3. NewSessionTicket Handshake Message.This method will be called (only) if a NewSessionTicket extension was sent by the server. See RFC 5077 4. Recommended Ticket Construction for recommended format and protection.
- Returns:
- The ticket.
- Throws:
java.io.IOException
-
-