1/* 2 * Copyright (c) 2010, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26package javax.net.ssl; 27 28import java.util.List; 29 30/** 31 * Extends the {@code SSLSession} interface to support additional 32 * session attributes. 33 * 34 * @since 1.7 35 */ 36public abstract class ExtendedSSLSession implements SSLSession { 37 /** 38 * Obtains an array of supported signature algorithms that the local side 39 * is willing to use. 40 * <p> 41 * Note: this method is used to indicate to the peer which signature 42 * algorithms may be used for digital signatures in TLS/DTLS 1.2. It is 43 * not meaningful for TLS/DTLS versions prior to 1.2. 44 * <p> 45 * The signature algorithm name must be a standard Java Security 46 * name (such as "SHA1withRSA", "SHA256withECDSA", and so on). 47 * See the <a href= 48 * "{@docRoot}/../specs/security/standard-names.html"> 49 * Java Security Standard Algorithm Names</a> document 50 * for information about standard algorithm names. 51 * <p> 52 * Note: the local supported signature algorithms should conform to 53 * the algorithm constraints specified by 54 * {@link SSLParameters#getAlgorithmConstraints getAlgorithmConstraints()} 55 * method in {@code SSLParameters}. 56 * 57 * @return An array of supported signature algorithms, in descending 58 * order of preference. The return value is an empty array if 59 * no signature algorithm is supported. 60 * 61 * @see SSLParameters#getAlgorithmConstraints 62 */ 63 public abstract String[] getLocalSupportedSignatureAlgorithms(); 64 65 /** 66 * Obtains an array of supported signature algorithms that the peer is 67 * able to use. 68 * <p> 69 * Note: this method is used to indicate to the local side which signature 70 * algorithms may be used for digital signatures in TLS/DTLS 1.2. It is 71 * not meaningful for TLS/DTLS versions prior to 1.2. 72 * <p> 73 * The signature algorithm name must be a standard Java Security 74 * name (such as "SHA1withRSA", "SHA256withECDSA", and so on). 75 * See the <a href= 76 * "{@docRoot}/../specs/security/standard-names.html"> 77 * Java Security Standard Algorithm Names</a> document 78 * for information about standard algorithm names. 79 * 80 * @return An array of supported signature algorithms, in descending 81 * order of preference. The return value is an empty array if 82 * the peer has not sent the supported signature algorithms. 83 * 84 * @see X509KeyManager 85 * @see X509ExtendedKeyManager 86 */ 87 public abstract String[] getPeerSupportedSignatureAlgorithms(); 88 89 /** 90 * Obtains a {@link List} containing all {@link SNIServerName}s 91 * of the requested Server Name Indication (SNI) extension. 92 * <P> 93 * In server mode, unless the return {@link List} is empty, 94 * the server should use the requested server names to guide its 95 * selection of an appropriate authentication certificate, and/or 96 * other aspects of security policy. 97 * <P> 98 * In client mode, unless the return {@link List} is empty, 99 * the client should use the requested server names to guide its 100 * endpoint identification of the peer's identity, and/or 101 * other aspects of security policy. 102 * 103 * @return a non-null immutable list of {@link SNIServerName}s of the 104 * requested server name indications. The returned list may be 105 * empty if no server name indications were requested. 106 * @throws UnsupportedOperationException if the underlying provider 107 * does not implement the operation 108 * 109 * @see SNIServerName 110 * @see X509ExtendedTrustManager 111 * @see X509ExtendedKeyManager 112 * 113 * @since 1.8 114 */ 115 public List<SNIServerName> getRequestedServerNames() { 116 throw new UnsupportedOperationException(); 117 } 118 119 /** 120 * Returns a {@link List} containing DER-encoded OCSP responses 121 * (using the ASN.1 type OCSPResponse defined in RFC 6960) for 122 * the client to verify status of the server's certificate during 123 * handshaking. 124 * 125 * <P> 126 * This method only applies to certificate-based server 127 * authentication. An {@link X509ExtendedTrustManager} will use the 128 * returned value for server certificate validation. 129 * 130 * @implSpec This method throws UnsupportedOperationException by default. 131 * Classes derived from ExtendedSSLSession must implement 132 * this method. 133 * 134 * @return a non-null unmodifiable list of byte arrays, each entry 135 * containing a DER-encoded OCSP response (using the 136 * ASN.1 type OCSPResponse defined in RFC 6960). The order 137 * of the responses must match the order of the certificates 138 * presented by the server in its Certificate message (See 139 * {@link SSLSession#getLocalCertificates()} for server mode, 140 * and {@link SSLSession#getPeerCertificates()} for client mode). 141 * It is possible that fewer response entries may be returned than 142 * the number of presented certificates. If an entry in the list 143 * is a zero-length byte array, it should be treated by the 144 * caller as if the OCSP entry for the corresponding certificate 145 * is missing. The returned list may be empty if no OCSP responses 146 * were presented during handshaking or if OCSP stapling is not 147 * supported by either endpoint for this handshake. 148 * 149 * @throws UnsupportedOperationException if the underlying provider 150 * does not implement the operation 151 * 152 * @see X509ExtendedTrustManager 153 * 154 * @since 9 155 */ 156 public List<byte[]> getStatusResponses() { 157 throw new UnsupportedOperationException(); 158 } 159} 160