Class AbstractTlsServer

Namespace: Org.BouncyCastle.Tls

Assembly: BouncyCastle.Cryptography.dll

Base class for a TLS server.

public abstract class AbstractTlsServer : AbstractTlsPeer, TlsServer, TlsPeer

Inheritance: object

AbstractTlsPeer

AbstractTlsServer

Implements: TlsServer

TlsPeer

Derived: DefaultTlsServer

PskTlsServer

SrpTlsServer

Inherited Members: AbstractTlsPeer.GetSupportedVersions()

AbstractTlsPeer.GetSupportedCipherSuites()

AbstractTlsPeer.Cancel()

AbstractTlsPeer.Crypto

AbstractTlsPeer.NotifyCloseHandle(TlsCloseable)

AbstractTlsPeer.GetHandshakeTimeoutMillis()

AbstractTlsPeer.GetHandshakeResendTimeMillis()

AbstractTlsPeer.AllowLegacyResumption()

AbstractTlsPeer.GetMaxCertificateChainLength()

AbstractTlsPeer.GetMaxHandshakeMessageSize()

AbstractTlsPeer.GetPskKeyExchangeModes()

AbstractTlsPeer.RequiresCloseNotify()

AbstractTlsPeer.RequiresExtendedMasterSecret()

AbstractTlsPeer.ShouldCheckSigAlgOfPeerCerts()

AbstractTlsPeer.ShouldUseExtendedMasterSecret()

AbstractTlsPeer.ShouldUseExtendedPadding()

AbstractTlsPeer.ShouldUseGmtUnixTime()

AbstractTlsPeer.NotifySecureRenegotiation(bool)

AbstractTlsPeer.GetKeyExchangeFactory()

AbstractTlsPeer.NotifyAlertRaised(short, short, string, Exception)

AbstractTlsPeer.NotifyAlertReceived(short, short)

AbstractTlsPeer.NotifyConnectionClosed()

AbstractTlsPeer.NotifyHandshakeComplete()

AbstractTlsPeer.GetHeartbeat()

AbstractTlsPeer.GetHeartbeatPolicy()

AbstractTlsPeer.IgnoreCorruptDtlsRecords

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Constructors

AbstractTlsServer(TlsCrypto)

public AbstractTlsServer(TlsCrypto crypto)

Parameters

crypto TlsCrypto

Fields

m_certificateStatusRequest

protected CertificateStatusRequest m_certificateStatusRequest

Field Value

CertificateStatusRequest

m_cipherSuites

protected int[] m_cipherSuites

Field Value

int[]

m_clientExtensions

protected IDictionary<int, byte[]> m_clientExtensions

Field Value

IDictionary<int, byte[]>

m_clientProtocolNames

protected IList<ProtocolName> m_clientProtocolNames

Field Value

IList<ProtocolName>

m_clientSentECPointFormats

protected bool m_clientSentECPointFormats

Field Value

bool

m_context

protected TlsServerContext m_context

Field Value

TlsServerContext

m_encryptThenMACOffered

protected bool m_encryptThenMACOffered

Field Value

bool

m_maxFragmentLengthOffered

protected short m_maxFragmentLengthOffered

Field Value

short

m_offeredCipherSuites

protected int[] m_offeredCipherSuites

Field Value

int[]

m_protocolVersions

protected ProtocolVersion[] m_protocolVersions

Field Value

ProtocolVersion[]

m_selectedCipherSuite

protected int m_selectedCipherSuite

Field Value

int

m_selectedProtocolName

protected ProtocolName m_selectedProtocolName

Field Value

ProtocolName

m_serverExtensions

protected readonly IDictionary<int, byte[]> m_serverExtensions

Field Value

IDictionary<int, byte[]>

m_statusRequestV2

protected IList<CertificateStatusRequestItemV2> m_statusRequestV2

Field Value

IList<CertificateStatusRequestItemV2>

m_truncatedHMacOffered

protected bool m_truncatedHMacOffered

Field Value

bool

m_trustedCAKeys

protected IList<TrustedAuthority> m_trustedCAKeys

Field Value

IList<TrustedAuthority>

Methods

AllowCertificateStatus()

protected virtual bool AllowCertificateStatus()

Returns

bool

AllowEncryptThenMac()

protected virtual bool AllowEncryptThenMac()

Returns

bool

AllowMultiCertStatus()

protected virtual bool AllowMultiCertStatus()

Returns

bool

AllowTruncatedHmac()

protected virtual bool AllowTruncatedHmac()

Returns

bool

AllowTrustedCAIndication()

protected virtual bool AllowTrustedCAIndication()

Returns

bool

GetAllowedClientCertificateTypes()

protected virtual short[] GetAllowedClientCertificateTypes()

Returns

short[]

GetCertificateRequest()

public virtual CertificateRequest GetCertificateRequest()

Returns

CertificateRequest

Exceptions

IOException

GetCertificateStatus()

public virtual CertificateStatus GetCertificateStatus()

Returns

CertificateStatus: A CertificateStatus to be sent to the client (or null for none).

Remarks

This method will be called (only) if the server included an extension of type "status_request" with empty "extension_data" in the extended server hello. See RFC 3546 3.6. Certificate Status Request. If a non-null CertificateStatus is returned, it is sent to the client as a handshake message of type "certificate_status".

Exceptions

IOException

GetCipherSuites()

public override int[] GetCipherSuites()

Returns

int[]

GetCredentials()

Return server credentials to use.

public abstract TlsCredentials GetCredentials()

Returns

TlsCredentials: a TlsCredentials object or null for anonymous key exchanges.

Remarks

The returned value may be null, or else it MUST implement exactly one of TlsCredentialedAgreement, TlsCredentialedDecryptor, or TlsCredentialedSigner, depending on the key exchange that was negotiated.

Exceptions

IOException

GetDHConfig()

public virtual TlsDHConfig GetDHConfig()

Returns

TlsDHConfig

Exceptions

IOException

GetDetailMessageNoCipherSuite()

protected virtual string GetDetailMessageNoCipherSuite()

Returns

string

GetECDHConfig()

public virtual TlsECConfig GetECDHConfig()

Returns

TlsECConfig

Exceptions

IOException

GetExternalPsk(IList<PskIdentity>)

Return the external PSK to select from the ClientHello.

public virtual TlsPskExternal GetExternalPsk(IList<PskIdentity> identities)

Parameters

identities IList<PskIdentity>: an IList<T> of PskIdentity instances.

Returns

TlsPskExternal: The TlsPskExternal corresponding to the selected identity, or null to not select any.

Remarks

WARNING: EXPERIMENTAL FEATURE, UNSTABLE API Note that this will only be called when TLS 1.3 or higher is amongst the offered protocol versions, and one or more PSKs are actually offered.

GetMaximumDefaultCurveBits()

protected virtual int GetMaximumDefaultCurveBits()

Returns

int

GetMaximumDefaultFiniteFieldBits()

protected virtual int GetMaximumDefaultFiniteFieldBits()

Returns

int

GetMaximumNegotiableCurveBits()

protected virtual int GetMaximumNegotiableCurveBits()

Returns

int

GetMaximumNegotiableFiniteFieldBits()

protected virtual int GetMaximumNegotiableFiniteFieldBits()

Returns

int

GetNewConnectionID()

RFC 9146 DTLS connection ID.

protected virtual byte[] GetNewConnectionID()

Returns

byte[]: The connection ID to use.

Remarks

This method will be called if a connection_id extension was sent by the client. If the return value is non-null, the server will send this connection ID to the client to use in future packets. As future communication doesn't include the connection IDs length, this should either be fixed-length or include the connection ID's length. (see explanation in RFC 9146 4. "cid:")

GetNewSessionID()

public virtual byte[] GetNewSessionID()

Returns

byte[]

GetNewSessionTicket()

RFC 5077 3.3. NewSessionTicket Handshake Message.

public virtual NewSessionTicket GetNewSessionTicket()

Returns

NewSessionTicket: The ticket.

Remarks

This method will be called (only) if a NewSessionTicket extension was sent by the server. See RFC 5077 4. Recommended Ticket Construction for recommended format and protection.

Exceptions

IOException

GetProtocolNames()

protected virtual IList<ProtocolName> GetProtocolNames()

Returns

IList<ProtocolName>

GetProtocolVersions()

public override ProtocolVersion[] GetProtocolVersions()

Returns

ProtocolVersion[]

GetPskIdentityManager()

public virtual TlsPskIdentityManager GetPskIdentityManager()

Returns

TlsPskIdentityManager

Exceptions

IOException

GetSelectedCipherSuite()

public virtual int GetSelectedCipherSuite()

Returns

int

Exceptions

IOException

GetServerExtensions()

public virtual IDictionary<int, byte[]> GetServerExtensions()

Returns

IDictionary<int, byte[]>: (Int32 -> byte[])

Exceptions

IOException

GetServerExtensionsForConnection(IDictionary<int, byte[]>)

public virtual void GetServerExtensionsForConnection(IDictionary<int, byte[]> serverExtensions)

Parameters

serverExtensions IDictionary<int, byte[]>: (Int32 -> byte[])

Exceptions

IOException

GetServerSupplementalData()

public virtual IList<SupplementalDataEntry> GetServerSupplementalData()

Returns

IList<SupplementalDataEntry>: (SupplementalDataEntry)

Exceptions

IOException

GetServerVersion()

public virtual ProtocolVersion GetServerVersion()

Returns

ProtocolVersion

Exceptions

IOException

GetSessionToResume(byte[])

Return the specified session, if available.

public virtual TlsSession GetSessionToResume(byte[] sessionID)

Parameters

sessionID byte[]: the ID of the session to resume.

Returns

TlsSession: A TlsSession with the specified session ID, or null.

Remarks

Note that the peer's certificate chain for the session (if any) may need to be periodically revalidated.

See Also: PeerCertificate

GetSrpLoginParameters()

public virtual TlsSrpLoginParameters GetSrpLoginParameters()

Returns

TlsSrpLoginParameters

Exceptions

IOException

GetSupportedGroups()

public virtual int[] GetSupportedGroups()

Returns

int[]

Exceptions

IOException

Init(TlsServerContext)

public virtual void Init(TlsServerContext context)

Parameters

context TlsServerContext

IsSelectableCipherSuite(int, int, int, IList<short>)

protected virtual bool IsSelectableCipherSuite(int cipherSuite, int availCurveBits, int availFiniteFieldBits, IList<short> sigAlgs)

Parameters

cipherSuite int
availCurveBits int
availFiniteFieldBits int
sigAlgs IList<short>

Returns

bool

NotifyClientCertificate(Certificate)

Called by the protocol handler to report the client certificate, only if GetCertificateRequest() returned non-null.

public virtual void NotifyClientCertificate(Certificate clientCertificate)

Parameters

clientCertificate Certificate: the effective client certificate (may be an empty chain).

Remarks

Note: this method is responsible for certificate verification and validation.

Exceptions

IOException

NotifyClientVersion(ProtocolVersion)

public virtual void NotifyClientVersion(ProtocolVersion clientVersion)

Parameters

clientVersion ProtocolVersion

Exceptions

IOException

NotifyFallback(bool)

public virtual void NotifyFallback(bool isFallback)

Parameters

isFallback bool

Exceptions

IOException

NotifyHandshakeBeginning()

public override void NotifyHandshakeBeginning()

Exceptions

IOException

NotifyOfferedCipherSuites(int[])

public virtual void NotifyOfferedCipherSuites(int[] offeredCipherSuites)

Parameters

offeredCipherSuites int[]

Exceptions

IOException

NotifySession(TlsSession)

public virtual void NotifySession(TlsSession session)

Parameters

session TlsSession

PreferLocalCipherSuites()

protected virtual bool PreferLocalCipherSuites()

Returns

bool

PreferLocalClientCertificateTypes()

protected virtual bool PreferLocalClientCertificateTypes()

Returns

bool

ProcessClientExtensions(IDictionary<int, byte[]>)

public virtual void ProcessClientExtensions(IDictionary<int, byte[]> clientExtensions)

Parameters

clientExtensions IDictionary<int, byte[]>: (Int32 -> byte[])

Exceptions

IOException

ProcessClientSupplementalData(IList<SupplementalDataEntry>)

public virtual void ProcessClientSupplementalData(IList<SupplementalDataEntry> clientSupplementalData)

Parameters

clientSupplementalData IList<SupplementalDataEntry>: (SupplementalDataEntry)

Exceptions

IOException

SelectCipherSuite(int)

protected virtual bool SelectCipherSuite(int cipherSuite)

Parameters

cipherSuite int

Returns

bool

Exceptions

IOException

SelectDH(int)

protected virtual int SelectDH(int minimumFiniteFieldBits)

Parameters

minimumFiniteFieldBits int

Returns

int

SelectDHDefault(int)

protected virtual int SelectDHDefault(int minimumFiniteFieldBits)

Parameters

minimumFiniteFieldBits int

Returns

int

SelectECDH(int)

protected virtual int SelectECDH(int minimumCurveBits)

Parameters

minimumCurveBits int

Returns

int

SelectECDHDefault(int)

protected virtual int SelectECDHDefault(int minimumCurveBits)

Parameters

minimumCurveBits int

Returns

int

SelectProtocolName()

protected virtual ProtocolName SelectProtocolName()

Returns

ProtocolName

SelectProtocolName(IList<ProtocolName>, IList<ProtocolName>)

protected virtual ProtocolName SelectProtocolName(IList<ProtocolName> clientProtocolNames, IList<ProtocolName> serverProtocolNames)

Parameters

clientProtocolNames IList<ProtocolName>
serverProtocolNames IList<ProtocolName>

Returns

ProtocolName

ShouldSelectProtocolNameEarly()

protected virtual bool ShouldSelectProtocolNameEarly()

Returns

bool

Table of Contents

Class AbstractTlsServer

Constructors

AbstractTlsServer(TlsCrypto)

Parameters

Fields

m_certificateStatusRequest

Field Value

m_cipherSuites

Field Value

m_clientExtensions

Field Value

m_clientProtocolNames

Field Value

m_clientSentECPointFormats

Field Value

m_context

Field Value

m_encryptThenMACOffered

Field Value

m_maxFragmentLengthOffered

Field Value

m_offeredCipherSuites

Field Value

m_protocolVersions

Field Value

m_selectedCipherSuite

Field Value

m_selectedProtocolName

Field Value

m_serverExtensions

Field Value

m_statusRequestV2

Field Value

m_truncatedHMacOffered

Field Value

m_trustedCAKeys

Field Value

Methods

AllowCertificateStatus()

Returns

AllowEncryptThenMac()

Returns

AllowMultiCertStatus()

Returns

AllowTruncatedHmac()

Returns

AllowTrustedCAIndication()

Returns

GetAllowedClientCertificateTypes()

Returns

GetCertificateRequest()

Returns

Exceptions

GetCertificateStatus()

Returns

Remarks

Exceptions

GetCipherSuites()

Returns

GetCredentials()

Returns

Remarks

Exceptions

GetDHConfig()

Returns

Exceptions

GetDetailMessageNoCipherSuite()

Returns

GetECDHConfig()

Returns

Exceptions

GetExternalPsk(IList<PskIdentity>)

Parameters

Returns

Remarks

GetMaximumDefaultCurveBits()

Returns

GetMaximumDefaultFiniteFieldBits()

Returns