using System;
using System.Collections;
using System.IO;

using Org.BouncyCastle.Tls.Crypto;

namespace Org.BouncyCastle.Tls
{
    /// <summary>Interface describing a TLS server endpoint.</summary>
    public interface TlsServer
        : TlsPeer
    {
        void Init(TlsServerContext context);

        /// <summary>Return the specified session, if available.</summary>
        /// <remarks>
        /// Note that the peer's certificate chain for the session (if any) may need to be periodically revalidated.
        /// </remarks>
        /// <param name="sessionID">the ID of the session to resume.</param>
        /// <returns>A <see cref="TlsSession"/> with the specified session ID, or null.</returns>
        /// <seealso cref="SessionParameters.PeerCertificate"/>
        TlsSession GetSessionToResume(byte[] sessionID);

        byte[] GetNewSessionID();

        void NotifySession(TlsSession session);

        /// <exception cref="IOException"/>
        void NotifyClientVersion(ProtocolVersion clientVersion);

        /// <exception cref="IOException"/>
        void NotifyFallback(bool isFallback);

        /// <exception cref="IOException"/>
        void NotifyOfferedCipherSuites(int[] offeredCipherSuites);

        /// <param name="clientExtensions">(Int32 -> byte[])</param>
        /// <exception cref="IOException"/>
        void ProcessClientExtensions(IDictionary clientExtensions);

        /// <exception cref="IOException"/>
        ProtocolVersion GetServerVersion();

        /// <exception cref="IOException"/>
        int[] GetSupportedGroups();

        /// <exception cref="IOException"/>
        int GetSelectedCipherSuite();

        /// <returns>(Int32 -> byte[])</returns>
        /// <exception cref="IOException"/>
        IDictionary GetServerExtensions();

        /// <param name="serverExtensions">(Int32 -> byte[])</param>
        /// <exception cref="IOException"/>
        void GetServerExtensionsForConnection(IDictionary serverExtensions);

        /// <returns>(SupplementalDataEntry)</returns>
        /// <exception cref="IOException"/>
        IList GetServerSupplementalData();

        /// <summary>Return server credentials to use.</summary>
        /// <remarks>
        /// The returned value may be null, or else it MUST implement <em>exactly one</em> of
        /// <see cref="TlsCredentialedAgreement"/>, <see cref="TlsCredentialedDecryptor"/>, or
        /// <see cref = "TlsCredentialedSigner"/>, depending on the key exchange that was negotiated.
        /// </remarks>
        /// <returns>a <see cref="TlsCredentials"/> object or null for anonymous key exchanges.</returns>
        /// <exception cref="IOException"/>
        TlsCredentials GetCredentials();

        /// <remarks>
        /// This method will be called (only) if the server included an extension of type "status_request" with empty
        /// "extension_data" in the extended server hello. See <i>RFC 3546 3.6. Certificate Status Request</i>. If a
        /// non-null <see cref="CertificateStatus"/> is returned, it is sent to the client as a handshake message of
        /// type "certificate_status".
        /// </remarks>
        /// <returns>A <see cref="CertificateStatus"/> to be sent to the client (or null for none).</returns>
        /// <exception cref="IOException"/>
        CertificateStatus GetCertificateStatus();

        /// <exception cref="IOException"/>
        CertificateRequest GetCertificateRequest();

        /// <exception cref="IOException"/>
        TlsPskIdentityManager GetPskIdentityManager();

        /// <exception cref="IOException"/>
        TlsSrpLoginParameters GetSrpLoginParameters();

        /// <exception cref="IOException"/>
        TlsDHConfig GetDHConfig();

        /// <exception cref="IOException"/>
        TlsECConfig GetECDHConfig();

        /// <param name="clientSupplementalData">(SupplementalDataEntry)</param>
        /// <exception cref="IOException"/>
        void ProcessClientSupplementalData(IList clientSupplementalData);

        /// <summary>Called by the protocol handler to report the client certificate, only if
        /// <see cref="GetCertificateRequest"/> returned non-null.</summary>
        /// <remarks>
        /// Note: this method is responsible for certificate verification and validation.
        /// </remarks>
        /// <param name="clientCertificate">the effective client certificate (may be an empty chain).</param>
        /// <exception cref="IOException"/>
        void NotifyClientCertificate(Certificate clientCertificate);

        /// <summary>RFC 5077 3.3. NewSessionTicket Handshake Message.</summary>
        /// <remarks>
        /// This method will be called (only) if a NewSessionTicket extension was sent by the server. See <i>RFC 5077
        /// 4. Recommended Ticket Construction</i> for recommended format and protection.
        /// </remarks>
        /// <returns>The ticket.</returns>
        /// <exception cref="IOException"/>
        NewSessionTicket GetNewSessionTicket();
    }
}