crypto/src/tls/TlsClient.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

using System;
using System.Collections.Generic;
using System.IO;

namespace Org.BouncyCastle.Tls
{
    public interface TlsClient
        : TlsPeer
    {
        void Init(TlsClientContext context);

        /// <summary>Return the session this client wants to resume, if any.</summary>
        /// <remarks>
        /// Note that the peer's certificate chain for the session (if any) may need to be periodically revalidated.
        /// </remarks>
        /// <returns>A <see cref="TlsSession"/> representing the resumable session to be used for this connection, or
        /// null to use a new session.</returns>
        /// <seealso cref="SessionParameters.PeerCertificate"/>
        TlsSession GetSessionToResume();

        /// <summary>Return the <see cref="TlsPskExternal">external PSKs</see> to offer in the ClientHello.</summary>
        /// <remarks>This will only be called when TLS 1.3 or higher is amongst the offered protocol versions.</remarks>
        /// <returns>an <see cref="IList{T}"/> of <see cref="TlsPskExternal"/> instances, or null if none should be
        /// offered.</returns>
        IList<TlsPskExternal> GetExternalPsks();

        bool IsFallback();

        /// <returns>(Int32 -> byte[])</returns>
        /// <exception cref="IOException"/>
        IDictionary<int, byte[]> GetClientExtensions();

        /// <summary>If this client is offering TLS 1.3 or higher, this method may be called to determine for which
        /// groups a key share should be included in the initial ClientHello.</summary>
        /// <remarks>
        /// Groups that were not included in the supported_groups extension (by <see cref="GetClientExtensions"/> will
        /// be ignored. The protocol will then add a suitable key_share extension to the ClientHello extensions.
        /// </remarks>
        /// <returns>an <see cref="IList{T}"/> of <see cref="NamedGroup">named group</see> values, possibly empty or
        /// null.
        /// </returns>
        IList<int> GetEarlyKeyShareGroups();

        // TODO[api]
        //bool ShouldUseCompatibilityMode();

        /// <exception cref="IOException"/>
        void NotifyServerVersion(ProtocolVersion selectedVersion);

        /// <summary>Notifies the client of the session that will be offered in ClientHello for resumption, if any.
        /// </summary>
        /// <remarks>
        /// This will be either the session returned from {@link #getSessionToResume()} or null if that session was
        /// unusable. NOTE: the actual negotiated session_id is notified by <see cref="NotifySessionID(byte[])"/>.
        /// </remarks>
        /// <param name="session">The <see cref="TlsSession"/> representing the resumable session to be offered for
        /// this connection, or null if there is none.</param>
        /// <seealso cref="NotifySessionID(byte[])"/>
        void NotifySessionToResume(TlsSession session);

        /// <summary>Notifies the client of the session_id sent in the ServerHello.</summary>
        /// <param name="sessionID"/>
        /// <seealso cref="TlsContext.Session"/>
        void NotifySessionID(byte[] sessionID);

        void NotifySelectedCipherSuite(int selectedCipherSuite);

        /// <exception cref="IOException"/>
        void NotifySelectedPsk(TlsPsk selectedPsk);

        /// <summary>The protocol implementation validates that any server extensions received correspond to client
        /// extensions sent.</summary>
        /// <remarks>
        /// If further processing of the server extensions is needed, it can be done in this callback. NOTE: This is
        /// not called for session resumption handshakes.
        /// </remarks>
        /// <param name="serverExtensions">(Int32 -> byte[])</param>
        /// <exception cref="IOException"/>
        void ProcessServerExtensions(IDictionary<int, byte[]> serverExtensions);

        /// <param name="serverSupplementalData">(SupplementalDataEntry)</param>
        /// <exception cref="IOException"/>
        void ProcessServerSupplementalData(IList<SupplementalDataEntry> serverSupplementalData);

        /// <exception cref="IOException"/>
        TlsPskIdentity GetPskIdentity();

        /// <exception cref="IOException"/>
        TlsSrpIdentity GetSrpIdentity();

        /// <exception cref="IOException"/>
        TlsDHGroupVerifier GetDHGroupVerifier();

        /// <exception cref="IOException"/>
        TlsSrpConfigVerifier GetSrpConfigVerifier();

        /// <exception cref="IOException"/>
        TlsAuthentication GetAuthentication();

        /// <returns>(SupplementalDataEntry)</returns>
        /// <exception cref="IOException"/>
        IList<SupplementalDataEntry> GetClientSupplementalData();

        /// <summary>RFC 5077 3.3. NewSessionTicket Handshake Message</summary>
        /// <remarks>
        /// This method will be called (only) when a NewSessionTicket handshake message is received. The ticket is
        /// opaque to the client and clients MUST NOT examine the ticket under the assumption that it complies with e.g.
        /// RFC 5077 4. "Recommended Ticket Construction".
        /// </remarks>
        /// <param name="newSessionTicket">The ticket.</param>
        /// <exception cref="IOException"/>
        void NotifyNewSessionTicket(NewSessionTicket newSessionTicket);
    }
}