Back to index... 
/*
 
 * Copyright (c) 2010, 2017, Oracle and/or its affiliates. All rights reserved.
 
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 
 *
 
 * This code is free software; you can redistribute it and/or modify it
 
 * under the terms of the GNU General Public License version 2 only, as
 
 * published by the Free Software Foundation.  Oracle designates this
 
 * particular file as subject to the "Classpath" exception as provided
 
 * by Oracle in the LICENSE file that accompanied this code.
 
 *
 
 * This code is distributed in the hope that it will be useful, but WITHOUT
 
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 
 * version 2 for more details (a copy is included in the LICENSE file that
 
 * accompanied this code).
 
 *
 
 * You should have received a copy of the GNU General Public License version
 
 * 2 along with this work; if not, write to the Free Software Foundation,
 
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 
 *
 
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 
 * or visit www.oracle.com if you need additional information or have any
 
 * questions.
 
 */
 







package javax.net.ssl;














import java.util.List;














/**







 * Extends the {@code SSLSession} interface to support additional







 * session attributes.







 *







 * @since 1.7







 */







public abstract class ExtendedSSLSession implements SSLSession {







    /**







     * Obtains an array of supported signature algorithms that the local side







     * is willing to use.







     * <p>







     * Note: this method is used to indicate to the peer which signature







     * algorithms may be used for digital signatures in TLS/DTLS 1.2. It is







     * not meaningful for TLS/DTLS versions prior to 1.2.







     * <p>







     * The signature algorithm name must be a standard Java Security







     * name (such as "SHA1withRSA", "SHA256withECDSA", and so on).







     * See the <a href=







     * "{@docRoot}/../specs/security/standard-names.html">







     * Java Security Standard Algorithm Names</a> document







     * for information about standard algorithm names.







     * <p>







     * Note: the local supported signature algorithms should conform to







     * the algorithm constraints specified by







     * {@link SSLParameters#getAlgorithmConstraints getAlgorithmConstraints()}







     * method in {@code SSLParameters}.







     *







     * @return An array of supported signature algorithms, in descending







     *     order of preference.  The return value is an empty array if







     *     no signature algorithm is supported.







     *







     * @see SSLParameters#getAlgorithmConstraints







     */







    public abstract String[] getLocalSupportedSignatureAlgorithms();














    /**







     * Obtains an array of supported signature algorithms that the peer is







     * able to use.







     * <p>







     * Note: this method is used to indicate to the local side which signature







     * algorithms may be used for digital signatures in TLS/DTLS 1.2. It is







     * not meaningful for TLS/DTLS versions prior to 1.2.







     * <p>







     * The signature algorithm name must be a standard Java Security







     * name (such as "SHA1withRSA", "SHA256withECDSA", and so on).







     * See the <a href=







     * "{@docRoot}/../specs/security/standard-names.html">







     * Java Security Standard Algorithm Names</a> document







     * for information about standard algorithm names.







     *







     * @return An array of supported signature algorithms, in descending







     *     order of preference.  The return value is an empty array if







     *     the peer has not sent the supported signature algorithms.







     *







     * @see X509KeyManager







     * @see X509ExtendedKeyManager







     */







    public abstract String[] getPeerSupportedSignatureAlgorithms();














    /**







     * Obtains a {@link List} containing all {@link SNIServerName}s







     * of the requested Server Name Indication (SNI) extension.







     * <P>







     * In server mode, unless the return {@link List} is empty,







     * the server should use the requested server names to guide its







     * selection of an appropriate authentication certificate, and/or







     * other aspects of security policy.







     * <P>







     * In client mode, unless the return {@link List} is empty,







     * the client should use the requested server names to guide its







     * endpoint identification of the peer's identity, and/or







     * other aspects of security policy.







     *







     * @return a non-null immutable list of {@link SNIServerName}s of the







     *         requested server name indications. The returned list may be







     *         empty if no server name indications were requested.







     * @throws UnsupportedOperationException if the underlying provider







     *         does not implement the operation







     *







     * @see SNIServerName







     * @see X509ExtendedTrustManager







     * @see X509ExtendedKeyManager







     *







     * @since 1.8







     */







    public List<SNIServerName> getRequestedServerNames() {







        throw new UnsupportedOperationException();







    }














    /**







     * Returns a {@link List} containing DER-encoded OCSP responses







     * (using the ASN.1 type OCSPResponse defined in RFC 6960) for







     * the client to verify status of the server's certificate during







     * handshaking.







     *







     * <P>







     * This method only applies to certificate-based server







     * authentication.  An {@link X509ExtendedTrustManager} will use the







     * returned value for server certificate validation.







     *







     * @implSpec This method throws UnsupportedOperationException by default.







     *         Classes derived from ExtendedSSLSession must implement







     *         this method.







     *







     * @return a non-null unmodifiable list of byte arrays, each entry







     *         containing a DER-encoded OCSP response (using the







     *         ASN.1 type OCSPResponse defined in RFC 6960).  The order







     *         of the responses must match the order of the certificates







     *         presented by the server in its Certificate message (See







     *         {@link SSLSession#getLocalCertificates()} for server mode,







     *         and {@link SSLSession#getPeerCertificates()} for client mode).







     *         It is possible that fewer response entries may be returned than







     *         the number of presented certificates.  If an entry in the list







     *         is a zero-length byte array, it should be treated by the







     *         caller as if the OCSP entry for the corresponding certificate







     *         is missing.  The returned list may be empty if no OCSP responses







     *         were presented during handshaking or if OCSP stapling is not







     *         supported by either endpoint for this handshake.







     *







     * @throws UnsupportedOperationException if the underlying provider







     *         does not implement the operation







     *







     * @see X509ExtendedTrustManager







     *







     * @since 9







     */







    public List<byte[]> getStatusResponses() {







        throw new UnsupportedOperationException();







    }







}






Back to index...