using System;
using System.Collections.Generic;
using System.IO;
using Org.BouncyCastle.Tls.Crypto;
namespace Org.BouncyCastle.Tls
{
/// Interface describing a TLS server endpoint.
public interface TlsServer
: TlsPeer
{
void Init(TlsServerContext context);
/// Return the specified session, if available.
///
/// Note that the peer's certificate chain for the session (if any) may need to be periodically revalidated.
///
/// the ID of the session to resume.
/// A with the specified session ID, or null.
///
TlsSession GetSessionToResume(byte[] sessionID);
byte[] GetNewSessionID();
/// Return the external PSK to select from the ClientHello.
///
/// WARNING: EXPERIMENTAL FEATURE, UNSTABLE API
/// Note that this will only be called when TLS 1.3 or higher is amongst the offered protocol versions, and one
/// or more PSKs are actually offered.
///
/// an of instances.
/// The corresponding to the selected identity, or null to not select
/// any.
TlsPskExternal GetExternalPsk(IList identities);
void NotifySession(TlsSession session);
///
void NotifyClientVersion(ProtocolVersion clientVersion);
///
void NotifyFallback(bool isFallback);
///
void NotifyOfferedCipherSuites(int[] offeredCipherSuites);
/// (Int32 -> byte[])
///
void ProcessClientExtensions(IDictionary clientExtensions);
///
ProtocolVersion GetServerVersion();
///
int[] GetSupportedGroups();
///
int GetSelectedCipherSuite();
/// (Int32 -> byte[])
///
IDictionary GetServerExtensions();
/// (Int32 -> byte[])
///
void GetServerExtensionsForConnection(IDictionary serverExtensions);
/// (SupplementalDataEntry)
///
IList GetServerSupplementalData();
/// Return server credentials to use.
///
/// The returned value may be null, or else it MUST implement exactly one of
/// , , or
/// , depending on the key exchange that was negotiated.
///
/// a object or null for anonymous key exchanges.
///
TlsCredentials GetCredentials();
///
/// This method will be called (only) if the server included an extension of type "status_request" with empty
/// "extension_data" in the extended server hello. See RFC 3546 3.6. Certificate Status Request. If a
/// non-null is returned, it is sent to the client as a handshake message of
/// type "certificate_status".
///
/// A to be sent to the client (or null for none).
///
CertificateStatus GetCertificateStatus();
///
CertificateRequest GetCertificateRequest();
///
TlsPskIdentityManager GetPskIdentityManager();
///
TlsSrpLoginParameters GetSrpLoginParameters();
///
TlsDHConfig GetDHConfig();
///
TlsECConfig GetECDHConfig();
/// (SupplementalDataEntry)
///
void ProcessClientSupplementalData(IList clientSupplementalData);
/// Called by the protocol handler to report the client certificate, only if
/// returned non-null.
///
/// Note: this method is responsible for certificate verification and validation.
///
/// the effective client certificate (may be an empty chain).
///
void NotifyClientCertificate(Certificate clientCertificate);
/// RFC 5077 3.3. NewSessionTicket Handshake Message.
///
/// This method will be called (only) if a NewSessionTicket extension was sent by the server. See RFC 5077
/// 4. Recommended Ticket Construction for recommended format and protection.
///
/// The ticket.
///
NewSessionTicket GetNewSessionTicket();
}
}