using System; using System.Collections; using System.IO; using Org.BouncyCastle.Tls.Crypto; namespace Org.BouncyCastle.Tls { /// Interface describing a TLS server endpoint. public interface TlsServer : TlsPeer { void Init(TlsServerContext context); /// Return the specified session, if available. /// /// Note that the peer's certificate chain for the session (if any) may need to be periodically revalidated. /// /// the ID of the session to resume. /// A with the specified session ID, or null. /// TlsSession GetSessionToResume(byte[] sessionID); byte[] GetNewSessionID(); /// Return the external PSK to select from the ClientHello. /// /// WARNING: EXPERIMENTAL FEATURE, UNSTABLE API /// Note that this will only be called when TLS 1.3 or higher is amongst the offered protocol versions, and one /// or more PSKs are actually offered. /// /// an of instances. /// The corresponding to the selected identity, or null to not select /// any. TlsPskExternal GetExternalPsk(IList identities); void NotifySession(TlsSession session); /// void NotifyClientVersion(ProtocolVersion clientVersion); /// void NotifyFallback(bool isFallback); /// void NotifyOfferedCipherSuites(int[] offeredCipherSuites); /// (Int32 -> byte[]) /// void ProcessClientExtensions(IDictionary clientExtensions); /// ProtocolVersion GetServerVersion(); /// int[] GetSupportedGroups(); /// int GetSelectedCipherSuite(); /// (Int32 -> byte[]) /// IDictionary GetServerExtensions(); /// (Int32 -> byte[]) /// void GetServerExtensionsForConnection(IDictionary serverExtensions); /// (SupplementalDataEntry) /// IList GetServerSupplementalData(); /// Return server credentials to use. /// /// The returned value may be null, or else it MUST implement exactly one of /// , , or /// , depending on the key exchange that was negotiated. /// /// a object or null for anonymous key exchanges. /// TlsCredentials GetCredentials(); /// /// This method will be called (only) if the server included an extension of type "status_request" with empty /// "extension_data" in the extended server hello. See RFC 3546 3.6. Certificate Status Request. If a /// non-null is returned, it is sent to the client as a handshake message of /// type "certificate_status". /// /// A to be sent to the client (or null for none). /// CertificateStatus GetCertificateStatus(); /// CertificateRequest GetCertificateRequest(); /// TlsPskIdentityManager GetPskIdentityManager(); /// TlsSrpLoginParameters GetSrpLoginParameters(); /// TlsDHConfig GetDHConfig(); /// TlsECConfig GetECDHConfig(); /// (SupplementalDataEntry) /// void ProcessClientSupplementalData(IList clientSupplementalData); /// Called by the protocol handler to report the client certificate, only if /// returned non-null. /// /// Note: this method is responsible for certificate verification and validation. /// /// the effective client certificate (may be an empty chain). /// void NotifyClientCertificate(Certificate clientCertificate); /// RFC 5077 3.3. NewSessionTicket Handshake Message. /// /// This method will be called (only) if a NewSessionTicket extension was sent by the server. See RFC 5077 /// 4. Recommended Ticket Construction for recommended format and protection. /// /// The ticket. /// NewSessionTicket GetNewSessionTicket(); } }