All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.bouncycastle.tls.TlsClient Maven / Gradle / Ivy

There is a newer version: 1.0.7
Show newest version
package org.bouncycastle.tls;

import java.io.IOException;
import java.util.Map;
import java.util.Vector;

/**
 * Interface describing a TLS client endpoint.
 */
public interface TlsClient
    extends TlsPeer
{
    void init(TlsClientContext context);

    /**
     * Return the session this client wants to resume, if any. Note that the peer's certificate
     * chain for the session (if any) may need to be periodically revalidated.
     * 
     * @return A {@link TlsSession} representing the resumable session to be used for this
     *         connection, or null to use a new session.
     * @see SessionParameters#getPeerCertificate()
     */
    TlsSession getSessionToResume();

    /**
     * Return the {@link TlsPSKExternal external PSKs} to offer in the ClientHello.
     * Note that this will only be called when TLS 1.3 or higher is amongst the
     * offered protocol versions.
     * 
     * @return a {@link Vector} of {@link TlsPSKExternal} instances, or null if none
     *         should be offered.
     */
    Vector getExternalPSKs();

    boolean isFallback();

    // Hashtable is (Integer -> byte[])
    Map getClientExtensions()
        throws IOException;

    /**
     * If this client is offering TLS 1.3 or higher, this method may be called to determine for which
     * groups a key share should be included in the initial ClientHello. Groups that were not included
     * in the supported_groups extension (by {@link #getClientExtensions()} will be ignored. The protocol
     * will then add a suitable key_share extension to the ClientHello extensions. 
     * 
     * @return a {@link Vector} of {@link NamedGroup named group} values, possibly empty or null. 
     */
    Vector getEarlyKeyShareGroups();

    boolean shouldUseCompatibilityMode();

    void notifyServerVersion(ProtocolVersion selectedVersion)
        throws IOException;

    /**
     * Notifies the client of the session that will be offered in ClientHello for resumption, if any.
     * This will be either the session returned from {@link #getSessionToResume()} or null if that
     * session was unusable.
     * 
     * NOTE: the actual negotiated session_id is notified by {@link #notifySessionID(byte[])}.
     *
     * @param session The {@link TlsSession} representing the resumable session to
     *                be offered for this connection, or null if there is none.
     * @see #notifySessionID(byte[])
     */
    void notifySessionToResume(TlsSession session);

    /**
     * Notifies the client of the session_id sent in the ServerHello.
     *
     * @param sessionID
     * @see TlsContext#getSession()
     */
    void notifySessionID(byte[] sessionID);

    void notifySelectedCipherSuite(int selectedCipherSuite);

    void notifySelectedPSK(TlsPSK selectedPSK) throws IOException;

    /**
     * The TlsClientProtocol implementation validates that any server extensions received correspond
     * to client extensions sent. If further processing of the server extensions is needed, it can
     * be done in this callback.
     * 
     * NOTE: This is not called for session resumption handshakes.
     *
     * @param serverExtensions
     *            (Integer -> byte[])
     * @throws IOException
     */
    void processServerExtensions(Map serverExtensions)
        throws IOException;

    // Vector is (SupplementalDataEntry)
    void processServerSupplementalData(Vector serverSupplementalData)
        throws IOException;

    TlsPSKIdentity getPSKIdentity() throws IOException;

    TlsSRPIdentity getSRPIdentity() throws IOException;

    TlsDHGroupVerifier getDHGroupVerifier() throws IOException;

    TlsSRPConfigVerifier getSRPConfigVerifier() throws IOException;

    TlsAuthentication getAuthentication()
        throws IOException;

    // Vector is (SupplementalDataEntry)
    Vector getClientSupplementalData()
        throws IOException;

    /**
     * RFC 5077 3.3. NewSessionTicket Handshake Message
     * 

* This method will be called (only) when a NewSessionTicket handshake message is received. The * ticket is opaque to the client and clients MUST NOT examine the ticket under the assumption * that it complies with e.g. RFC 5077 4. Recommended Ticket Construction. * * @param newSessionTicket The ticket. * @throws IOException */ void notifyNewSessionTicket(NewSessionTicket newSessionTicket) throws IOException; }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy