Added in API level 24

Summary: Ctors | Methods | Inherited Methods

ExtendedSSLSession

public abstract class ExtendedSSLSession
extends Object implements SSLSession

java.lang.Object
↳	javax.net.ssl.ExtendedSSLSession

Extends the SSLSession interface to support additional session attributes.

Summary

Public constructors
`ExtendedSSLSession()` Constructor for subclasses to call.

Public methods
`abstract String[]`	`getLocalSupportedSignatureAlgorithms()` Obtains an array of supported signature algorithms that the local side is willing to use.
`abstract String[]`	`getPeerSupportedSignatureAlgorithms()` Obtains an array of supported signature algorithms that the peer is able to use.
`List<SNIServerName>`	`getRequestedServerNames()` Obtains a `List` containing all `SNIServerName`s of the requested Server Name Indication (SNI) extension.
`List<byte[]>`	`getStatusResponses()` Returns a `List` containing DER-encoded OCSP responses (using the ASN.1 type OCSPResponse defined in RFC 6960) for the client to verify status of the server's certificate during handshaking.

Inherited methods

From class


        
          java.lang.Object

`Object`	`clone()` Creates and returns a copy of this object.
`boolean`	`equals(Object obj)` Indicates whether some other object is "equal to" this one.
`void`	`finalize()` Called by the garbage collector on an object when garbage collection determines that there are no more references to the object.
`final Class<?>`	`getClass()` Returns the runtime class of this `Object`.
`int`	`hashCode()` Returns a hash code value for the object.
`final void`	`notify()` Wakes up a single thread that is waiting on this object's monitor.
`final void`	`notifyAll()` Wakes up all threads that are waiting on this object's monitor.
`String`	`toString()` Returns a string representation of the object.
`final void`	`wait(long timeoutMillis, int nanos)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait(long timeoutMillis)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait()` Causes the current thread to wait until it is awakened, typically by being notified or interrupted.

From interface


        
          javax.net.ssl.SSLSession

`abstract int`	`getApplicationBufferSize()` Gets the current size of the largest application data that is expected when using this session.
`abstract String`	`getCipherSuite()` Returns the name of the SSL cipher suite which is used for all connections in the session.
`abstract long`	`getCreationTime()` Returns the time at which this Session representation was created, in milliseconds since midnight, January 1, 1970 UTC.
`abstract byte[]`	`getId()` Returns the identifier assigned to this Session.
`abstract long`	`getLastAccessedTime()` Returns the last time this Session representation was accessed by the session level infrastructure, in milliseconds since midnight, January 1, 1970 UTC.
`abstract Certificate[]`	`getLocalCertificates()` Returns the certificate(s) that were sent to the peer during handshaking.
`abstract Principal`	`getLocalPrincipal()` Returns the principal that was sent to the peer during handshaking.
`abstract int`	`getPacketBufferSize()` Gets the current size of the largest SSL/TLS packet that is expected when using this session.
`abstract X509Certificate[]`	`getPeerCertificateChain()` Returns the identity of the peer which was identified as part of defining the session.
`abstract Certificate[]`	`getPeerCertificates()` Returns the identity of the peer which was established as part of defining the session.
`abstract String`	`getPeerHost()` Returns the host name of the peer in this session.
`abstract int`	`getPeerPort()` Returns the port number of the peer in this session.
`abstract Principal`	`getPeerPrincipal()` Returns the identity of the peer which was established as part of defining the session.
`abstract String`	`getProtocol()` Returns the standard name of the protocol used for all connections in the session.
`abstract SSLSessionContext`	`getSessionContext()` Returns the context in which this session is bound.
`abstract Object`	`getValue(String name)` Returns the object bound to the given name in the session's application layer data.
`abstract String[]`	`getValueNames()` Returns an array of the names of all the application layer data objects bound into the Session.
`abstract void`	`invalidate()` Invalidates the session.
`abstract boolean`	`isValid()` Returns whether this session is valid and available for resuming or joining.
`abstract void`	`putValue(String name, Object value)` Binds the specified `value` object into the session's application layer data with the given `name`.
`abstract void`	`removeValue(String name)` Removes the object bound to the given name in the session's application layer data.

Public constructors

ExtendedSSLSession

Added in API level 24

public ExtendedSSLSession ()

Constructor for subclasses to call.

Public methods

getLocalSupportedSignatureAlgorithms

Added in API level 24

public abstract String[] getLocalSupportedSignatureAlgorithms ()

Obtains an array of supported signature algorithms that the local side is willing to use.

Note: this method is used to indicate to the peer which signature algorithms may be used for digital signatures in TLS/DTLS 1.2. It is not meaningful for TLS/DTLS versions prior to 1.2.

The signature algorithm name must be a standard Java Security name (such as "SHA1withRSA", "SHA256withECDSA", and so on). See the Java Security Standard Algorithm Names document for information about standard algorithm names.

Note: the local supported signature algorithms should conform to the algorithm constraints specified by getAlgorithmConstraints() method in SSLParameters.

Returns
`String[]`	An array of supported signature algorithms, in descending order of preference. The return value is an empty array if no signature algorithm is supported.

See also:

SSLParameters.getAlgorithmConstraints

getPeerSupportedSignatureAlgorithms

Added in API level 24

public abstract String[] getPeerSupportedSignatureAlgorithms ()

Obtains an array of supported signature algorithms that the peer is able to use.

Note: this method is used to indicate to the local side which signature algorithms may be used for digital signatures in TLS/DTLS 1.2. It is not meaningful for TLS/DTLS versions prior to 1.2.

Returns
`String[]`	An array of supported signature algorithms, in descending order of preference. The return value is an empty array if the peer has not sent the supported signature algorithms.

See also:

getRequestedServerNames

Added in API level 24

public List<SNIServerName> getRequestedServerNames ()

Obtains a List containing all SNIServerNames of the requested Server Name Indication (SNI) extension.

In server mode, unless the return List is empty, the server should use the requested server names to guide its selection of an appropriate authentication certificate, and/or other aspects of security policy.

In client mode, unless the return List is empty, the client should use the requested server names to guide its endpoint identification of the peer's identity, and/or other aspects of security policy.

Returns
`List<SNIServerName>`	a non-null immutable list of `SNIServerName`s of the requested server name indications. The returned list may be empty if no server name indications were requested.

Throws
`UnsupportedOperationException`	if the underlying provider does not implement the operation

See also:

getStatusResponses

Added in API level 37

public List<byte[]> getStatusResponses ()

Returns a List containing DER-encoded OCSP responses (using the ASN.1 type OCSPResponse defined in RFC 6960) for the client to verify status of the server's certificate during handshaking.

This method only applies to certificate-based server authentication. An X509ExtendedTrustManager will use the returned value for server certificate validation.

Implementation Requirements:

This method throws UnsupportedOperationException by default. Classes derived from ExtendedSSLSession must implement this method.

Returns

Returns
`List<byte[]>`	a non-null unmodifiable list of byte arrays, each entry containing a DER-encoded OCSP response (using the ASN.1 type OCSPResponse defined in RFC 6960). The order of the responses must match the order of the certificates presented by the server in its Certificate message (See `SSLSession.getLocalCertificates()` for server mode, and `SSLSession.getPeerCertificates()` for client mode). It is possible that fewer response entries may be returned than the number of presented certificates. If an entry in the list is a zero-length byte array, it should be treated by the caller as if the OCSP entry for the corresponding certificate is missing. The returned list may be empty if no OCSP responses were presented during handshaking or if OCSP stapling is not supported by either endpoint for this handshake.

List<byte[]>

a non-null unmodifiable list of byte arrays, each entry containing a DER-encoded OCSP response (using the ASN.1 type OCSPResponse defined in RFC 6960). The order of the responses must match the order of the certificates presented by the server in its Certificate message (See SSLSession.getLocalCertificates() for server mode, and SSLSession.getPeerCertificates() for client mode). It is possible that fewer response entries may be returned than the number of presented certificates. If an entry in the list is a zero-length byte array, it should be treated by the caller as if the OCSP entry for the corresponding certificate is missing. The returned list may be empty if no OCSP responses were presented during handshaking or if OCSP stapling is not supported by either endpoint for this handshake.

Throws
`UnsupportedOperationException`	if the underlying provider does not implement the operation

See also:

X509ExtendedTrustManager