package org.bouncycastle.crypto.tls; import java.io.IOException; import java.util.Hashtable; import java.util.Vector; public interface TlsServer extends TlsPeer { void init(TlsServerContext context); void notifyClientVersion(ProtocolVersion clientVersion) throws IOException; void notifyFallback(boolean isFallback) throws IOException; void notifyOfferedCipherSuites(int[] offeredCipherSuites) throws IOException; void notifyOfferedCompressionMethods(short[] offeredCompressionMethods) throws IOException; // Hashtable is (Integer -> byte[]) void processClientExtensions(Hashtable clientExtensions) throws IOException; ProtocolVersion getServerVersion() throws IOException; int getSelectedCipherSuite() throws IOException; short getSelectedCompressionMethod() throws IOException; // Hashtable is (Integer -> byte[]) Hashtable getServerExtensions() throws IOException; // Vector is (SupplementalDataEntry) Vector getServerSupplementalData() throws IOException; TlsCredentials getCredentials() throws IOException; /** * This method will be called (only) if the server included an extension of type * "status_request" with empty "extension_data" in the extended server hello. See <i>RFC 3546 * 3.6. Certificate Status Request</i>. If a non-null {@link CertificateStatus} is returned, it * is sent to the client as a handshake message of type "certificate_status". * * @return A {@link CertificateStatus} to be sent to the client (or null for none). * @throws IOException */ CertificateStatus getCertificateStatus() throws IOException; TlsKeyExchange getKeyExchange() throws IOException; CertificateRequest getCertificateRequest() throws IOException; // Vector is (SupplementalDataEntry) void processClientSupplementalData(Vector clientSupplementalData) throws IOException; /** * Called by the protocol handler to report the client certificate, only if * {@link #getCertificateRequest()} returned non-null. * * Note: this method is responsible for certificate verification and validation. * * @param clientCertificate * the effective client certificate (may be an empty chain). * @throws IOException */ void notifyClientCertificate(Certificate clientCertificate) throws IOException; /** * RFC 5077 3.3. NewSessionTicket Handshake Message. * <p> * This method will be called (only) if a NewSessionTicket extension was sent by the server. See * <i>RFC 5077 4. Recommended Ticket Construction</i> for recommended format and protection. * * @return The ticket. * @throws IOException */ NewSessionTicket getNewSessionTicket() throws IOException; }