using System;
using System.IO;
using Org.BouncyCastle.Tls.Crypto;
namespace Org.BouncyCastle.Tls
{
/// Base interface for a (D)TLS endpoint.
public interface TlsPeer
{
TlsCrypto Crypto { get; }
void NotifyCloseHandle(TlsCloseable closehandle);
///
void Cancel();
ProtocolVersion[] GetProtocolVersions();
int[] GetCipherSuites();
/// Notifies the peer that a new handshake is about to begin.
///
void NotifyHandshakeBeginning();
/// Specify the timeout, in milliseconds, to use for the complete handshake process.
///
/// NOTE: Currently only respected by DTLS protocols. Negative values are not allowed. A timeout of zero means
/// an infinite timeout (i.e.the handshake will never time out).
///
/// the handshake timeout, in milliseconds.
int GetHandshakeTimeoutMillis();
// TODO[api]
/*
/// Specify the time, in milliseconds, after which a handshake packet is resent.
///
/// NOTE: Currently only respected by DTLS protocols.
///
/// the handshake resend time, in milliseconds.
int GetHandshakeResendTimeMillis();
*/
bool AllowLegacyResumption();
int GetMaxCertificateChainLength();
int GetMaxHandshakeMessageSize();
short[] GetPskKeyExchangeModes();
///
/// This option is provided as a last resort for interoperability with TLS peers that fail to correctly send a
/// close_notify alert at end of stream. Implementations SHOULD return true; caution is advised if returning
/// false without a full understanding of the implications.
///
bool RequiresCloseNotify();
/// This implementation supports RFC 7627 and will always negotiate the extended_master_secret
/// extension where possible. When connecting to a peer that does not offer/accept this extension, it is
/// recommended to abort the handshake.This option is provided for interoperability with legacy peers, although
/// some TLS features will be disabled in that case (see RFC 7627 5.4).
///
/// true if the handshake should be aborted when the peer does not negotiate the
/// extended_master_secret extension, or false to support legacy interoperability.
bool RequiresExtendedMasterSecret();
bool ShouldUseExtendedMasterSecret();
/// See RFC 5246 6.2.3.2. Controls whether block cipher encryption may randomly add extra padding
/// beyond the minimum.
///
/// Note that in configurations where this is known to be potential security risk this setting will be ignored
/// (and extended padding disabled). Extra padding is always supported when decrypting received records.
///
/// true if random extra padding should be added during block cipher encryption, or
/// false to always use the minimum amount of required padding.
bool ShouldUseExtendedPadding();
/// draft-mathewson-no-gmtunixtime-00 2. "If existing users of a TLS implementation may rely on
/// gmt_unix_time containing the current time, we recommend that implementors MAY provide the ability to set
/// gmt_unix_time as an option only, off by default.".
///
/// NOTE: For a server that has negotiated TLS 1.3 (or later), or a client that has offered TLS 1.3 (or later),
/// this is not called and gmt_unix_time is not used.
///
/// true if the current time should be used in the gmt_unix_time field of Random, or
/// false if gmt_unix_time should contain a cryptographically random value.
bool ShouldUseGmtUnixTime();
/// RFC 5746 3.4/3.6. In case this is false, peers may want to terminate the handshake instead of
/// continuing; see Section 4.1/4.3 for discussion.
///
/// NOTE: TLS 1.3 forbids renegotiation, so this is never called when TLS 1.3 (or later) was negotiated.
///
///
void NotifySecureRenegotiation(bool secureRenegotiation);
///
TlsKeyExchangeFactory GetKeyExchangeFactory();
/// This method will be called when an alert is raised by the protocol.
///
///
/// A human-readable message explaining what caused this alert. May be null.
/// The that caused this alert to be raised. May be null.
void NotifyAlertRaised(short alertLevel, short alertDescription, string message, Exception cause);
/// This method will be called when an alert is received from the remote peer.
///
///
void NotifyAlertReceived(short alertLevel, short alertDescription);
// TODO[api]
/*
/// Notifies the peer that the connection has been closed.
void NotifyConnectionClosed();
*/
/// Notifies the peer that the handshake has been successfully completed.
///
void NotifyHandshakeComplete();
/// Return a instance that will control the generation of heartbeats
/// locally (if permitted by the remote peer), or null to not generate heartbeats. Heartbeats are described in
/// RFC 6520.
/// an instance of .
///
TlsHeartbeat GetHeartbeat();
/// Return the heartbeat mode applicable to the remote peer. Heartbeats are described in RFC 6520.
///
///
/// See enumeration class for appropriate return values.
///
/// the value.
short GetHeartbeatPolicy();
// TODO[api] Remove this and treat it as default 'true'
/// Indicates whether a DTLS connection should ignore corrupt records (bad_record_mac) instead of
/// failing the connection.
/// Called only once at the start of a connection and applies throughout.
/// The value true to ignore corrupt DTLS records, or false to fail the connection.
///
bool IgnoreCorruptDtlsRecords { get; }
}
}