Package org.bouncycastle.tls
Interface TlsServer
- All Superinterfaces:
TlsPeer
- All Known Implementing Classes:
AbstractTlsServer,DefaultTlsServer,PSKTlsServer,SRPTlsServer
Interface describing a TLS server endpoint.
-
Method Summary
Modifier and TypeMethodDescriptionThis method will be called (only) if the server included an extension of type "status_request" with empty "extension_data" in the extended server hello.Return server credentials to use.getExternalPSK(Vector identities) WARNING: EXPERIMENTAL FEATURE, UNSTABLE API Return theexternal PSKto select from the ClientHello.byte[]RFC 5077 3.3.intvoidgetServerExtensionsForConnection(Hashtable serverExtensions) getSessionToResume(byte[] sessionID) Return the specified session, if available.int[]voidinit(TlsServerContext context) voidnotifyClientCertificate(Certificate clientCertificate) Called by the protocol handler to report the client certificate, only ifgetCertificateRequest()returned non-null.voidnotifyClientVersion(ProtocolVersion clientVersion) voidnotifyFallback(boolean isFallback) voidnotifyOfferedCipherSuites(int[] offeredCipherSuites) voidnotifySession(TlsSession session) voidprocessClientExtensions(Hashtable clientExtensions) voidprocessClientSupplementalData(Vector clientSupplementalData) Methods inherited from interface org.bouncycastle.tls.TlsPeer
allowLegacyResumption, cancel, getCipherSuites, getCrypto, getHandshakeResendTimeMillis, getHandshakeTimeoutMillis, getHeartbeat, getHeartbeatPolicy, getKeyExchangeFactory, getMaxCertificateChainLength, getMaxHandshakeMessageSize, getProtocolVersions, getPskKeyExchangeModes, getRenegotiationPolicy, notifyAlertRaised, notifyAlertReceived, notifyCloseHandle, notifyConnectionClosed, notifyHandshakeBeginning, notifyHandshakeComplete, notifySecureRenegotiation, requiresCloseNotify, requiresExtendedMasterSecret, shouldCheckSigAlgOfPeerCerts, shouldUseExtendedMasterSecret, shouldUseExtendedPadding, shouldUseGMTUnixTime
-
Method Details
-
init
-
getSessionToResume
Return the specified session, if available. Note that the peer's certificate chain for the session (if any) may need to be periodically revalidated.- Parameters:
sessionID- the ID of the session to resume.- Returns:
- A
TlsSessionwith the specified session ID, or null. - See Also:
-
getNewSessionID
byte[] getNewSessionID() -
getExternalPSK
WARNING: EXPERIMENTAL FEATURE, UNSTABLE API Return theexternal PSKto select from the ClientHello. Note that this will only be called when TLS 1.3 or higher is amongst the offered protocol versions, and one or more PSKs are actually offered.- Parameters:
identities- aVectorofPskIdentityinstances.- Returns:
- the
TlsPSKExternalcorresponding to the selected identity, or null to not select any.
-
notifySession
-
notifyClientVersion
- Throws:
IOException
-
notifyFallback
- Throws:
IOException
-
notifyOfferedCipherSuites
- Throws:
IOException
-
processClientExtensions
- Throws:
IOException
-
getServerVersion
- Throws:
IOException
-
getSupportedGroups
- Throws:
IOException
-
getSelectedCipherSuite
- Throws:
IOException
-
getServerExtensions
- Throws:
IOException
-
getServerExtensionsForConnection
- Throws:
IOException
-
getServerSupplementalData
- Throws:
IOException
-
getCredentials
Return server credentials to use. The returned value may be null, or else it MUST implement exactly one ofTlsCredentialedAgreement,TlsCredentialedDecryptor, orTlsCredentialedSigner, depending on the key exchange that was negotiated.- Returns:
- a TlsCredentials object or null for anonymous key exchanges
- Throws:
IOException
-
getCertificateStatus
This method will be called (only) if the server included an extension of type "status_request" with empty "extension_data" in the extended server hello. See RFC 3546 3.6. Certificate Status Request. If a non-nullCertificateStatusis returned, it is sent to the client as a handshake message of type "certificate_status".- Returns:
- A
CertificateStatusto be sent to the client (or null for none). - Throws:
IOException
-
getCertificateRequest
- Throws:
IOException
-
getPSKIdentityManager
- Throws:
IOException
-
getSRPLoginParameters
- Throws:
IOException
-
getDHConfig
- Throws:
IOException
-
getECDHConfig
- Throws:
IOException
-
processClientSupplementalData
- Throws:
IOException
-
notifyClientCertificate
Called by the protocol handler to report the client certificate, only ifgetCertificateRequest()returned non-null. Note: this method is responsible for certificate verification and validation.- Parameters:
clientCertificate- the effective client certificate (may be an empty chain).- Throws:
IOException
-
getNewSessionTicket
RFC 5077 3.3. NewSessionTicket Handshake Message.This method will be called (only) if a NewSessionTicket extension was sent by the server. See RFC 5077 4. Recommended Ticket Construction for recommended format and protection.
- Returns:
- The ticket.
- Throws:
IOException
-