/* * Copyright (c) 2010, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package javax.net.ssl; import java.util.List; /** * Extends the {@code SSLSession} interface to support additional * session attributes. * * @since 1.7 */ public abstract class ExtendedSSLSession implements SSLSession { /** * Obtains an array of supported signature algorithms that the local side * is willing to use. *

* Note: this method is used to indicate to the peer which signature * algorithms may be used for digital signatures in TLS/DTLS 1.2. It is * not meaningful for TLS/DTLS versions prior to 1.2. *

* The signature algorithm name must be a standard Java Security * name (such as "SHA1withRSA", "SHA256withECDSA", and so on). * See the * Java Security Standard Algorithm Names document * for information about standard algorithm names. *

* Note: the local supported signature algorithms should conform to * the algorithm constraints specified by * {@link SSLParameters#getAlgorithmConstraints getAlgorithmConstraints()} * method in {@code SSLParameters}. * * @return An array of supported signature algorithms, in descending * order of preference. The return value is an empty array if * no signature algorithm is supported. * * @see SSLParameters#getAlgorithmConstraints */ public abstract String[] getLocalSupportedSignatureAlgorithms(); /** * Obtains an array of supported signature algorithms that the peer is * able to use. *

* Note: this method is used to indicate to the local side which signature * algorithms may be used for digital signatures in TLS/DTLS 1.2. It is * not meaningful for TLS/DTLS versions prior to 1.2. *

* The signature algorithm name must be a standard Java Security * name (such as "SHA1withRSA", "SHA256withECDSA", and so on). * See the * Java Security Standard Algorithm Names document * for information about standard algorithm names. * * @return An array of supported signature algorithms, in descending * order of preference. The return value is an empty array if * the peer has not sent the supported signature algorithms. * * @see X509KeyManager * @see X509ExtendedKeyManager */ public abstract String[] getPeerSupportedSignatureAlgorithms(); /** * Obtains an array of {@link CertificateAuthority} objects * representing certificate authority indications sent by either * a Client or a Server within a TLS session. *

* A Client may optionally send this information as part of a * {@code ClientHello} message, during the TLS handshake. A * Server may optionally send this information as part of a * {@code CertificateRequest} message, during the TLS handshake. *

* If certificate authorities indications are available on a TLS * session, the Client or Server certificate selection is expected * to be based on it. *

* This is part of Certificate Authorities TLS extension (TLS 1.3). * See further information in * TLS 1.3. * * @see CertificateAuthority * * @return an array of CertificateAuthority objects with certificate * authorities indications for this TLS session. * Returns {@code null} if no information regarding * certificate authorities is available. * @throws UnsupportedOperationException if the underlying provider * does not implement the operation */ public CertificateAuthority[] getCertificateAuthorities() { throw new UnsupportedOperationException(); } /** * Obtains a {@link List} containing all {@link SNIServerName}s * of the requested Server Name Indication (SNI) extension. *

* In server mode, unless the return {@link List} is empty, * the server should use the requested server names to guide its * selection of an appropriate authentication certificate, and/or * other aspects of security policy. *

* In client mode, unless the return {@link List} is empty, * the client should use the requested server names to guide its * endpoint identification of the peer's identity, and/or * other aspects of security policy. * * @return a non-null immutable list of {@link SNIServerName}s of the * requested server name indications. The returned list may be * empty if no server name indications were requested. * @throws UnsupportedOperationException if the underlying provider * does not implement the operation * * @see SNIServerName * @see X509ExtendedTrustManager * @see X509ExtendedKeyManager * * @since 1.8 */ public List getRequestedServerNames() { throw new UnsupportedOperationException(); } /** * Returns a {@link List} containing DER-encoded OCSP responses * (using the ASN.1 type OCSPResponse defined in RFC 6960) for * the client to verify status of the server's certificate during * handshaking. * *

* This method only applies to certificate-based server * authentication. An {@link X509ExtendedTrustManager} will use the * returned value for server certificate validation. * * @implSpec This method throws UnsupportedOperationException by default. * Classes derived from ExtendedSSLSession must implement * this method. * * @return a non-null unmodifiable list of byte arrays, each entry * containing a DER-encoded OCSP response (using the * ASN.1 type OCSPResponse defined in RFC 6960). The order * of the responses must match the order of the certificates * presented by the server in its Certificate message (See * {@link SSLSession#getLocalCertificates()} for server mode, * and {@link SSLSession#getPeerCertificates()} for client mode). * It is possible that fewer response entries may be returned than * the number of presented certificates. If an entry in the list * is a zero-length byte array, it should be treated by the * caller as if the OCSP entry for the corresponding certificate * is missing. The returned list may be empty if no OCSP responses * were presented during handshaking or if OCSP stapling is not * supported by either endpoint for this handshake. * * @throws UnsupportedOperationException if the underlying provider * does not implement the operation * * @see X509ExtendedTrustManager * * @since 9 */ public List getStatusResponses() { throw new UnsupportedOperationException(); } }