java.io.Closeable
, java.lang.AutoCloseable
, TlsTransportMappingConfig<java.security.cert.X509Certificate>
, X509TlsTransportMappingConfig
, TransportMapping<java.security.cert.X509Certificate>
public class DTLSTM extends DefaultUdpTransportMapping implements X509TlsTransportMappingConfig
DTLSTM
implements the Datagram Transport Layer Security
Transport Mapping (TLS-TM) as defined by RFC 5953
with the new IO API and SSLEngine
.
It uses a single thread for processing incoming and outgoing messages.
The thread is started when the listen
method is called, or
when an outgoing request is sent using the sendMessage
method.
Modifier and Type | Class | Description |
---|---|---|
protected class |
DTLSTM.DefaultSSLEngineConfiguration |
|
protected class |
DTLSTM.TlsTrustManager |
Modifier and Type | Field | Description |
---|---|---|
static int |
DEFAULT_CONNECTION_TIMEOUT |
|
static java.lang.String |
DEFAULT_DTLSTM_PROTOCOLS |
|
static int |
DEFAULT_HANDSHAKE_TIMEOUT |
|
static int |
DEFAULT_SOCKET_TIMEOUT |
|
static int |
MAX_HANDSHAKE_LOOPS |
|
static int |
MAX_TLS_PAYLOAD_SIZE |
asyncMsgProcessingSupported, maxInboundMessageSize, transportListener
listener, listenerThread, socket
udpAddress
Constructor | Description |
---|---|
DTLSTM() |
Creates a default UDP transport mapping with the server for incoming
messages disabled.
|
DTLSTM(UdpAddress address) |
Creates a TLS transport mapping with the server for incoming
messages bind to the given address.
|
DTLSTM(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback,
UdpAddress serverAddress) |
Creates a DTLS transport mapping that binds to the given address
(interface) on the local host.
|
DTLSTM(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback,
UdpAddress serverAddress,
CounterSupport counterSupport) |
Creates a TLS transport mapping that binds to the given address
(interface) on the local host.
|
Modifier and Type | Method | Description |
---|---|---|
boolean |
close(UdpAddress remoteAddress) |
Closes a connection to the supplied remote address, if it is open.
|
protected java.net.DatagramPacket |
createHandshakePacket(byte[] buf,
java.net.SocketAddress socketAddr) |
|
long |
getConnectionTimeout() |
Gets the connection timeout.
|
CounterSupport |
getCounterSupport() |
|
int |
getHandshakeTimeout() |
Gets the maximum number of milliseconds to wait for the DTLS handshake operation to succeed.
|
java.lang.String |
getKeyStore() |
|
java.lang.String |
getKeyStorePassword() |
|
java.lang.String |
getLocalCertificateAlias() |
|
int |
getMaxInboundMessageSize() |
Gets the inbound buffer size for incoming requests.
|
java.lang.String |
getProtocolVersionPropertyName() |
Returns the property name that is used by this transport mapping to determine the protocol versions
from system properties.
|
java.lang.String[] |
getProtocolVersions() |
Return the (D)TLS protocol versions used by this transport mapping.
|
TlsTmSecurityCallback<java.security.cert.X509Certificate> |
getSecurityCallback() |
Gets the
TlsTmSecurityCallback associated with this TransportMapping hook which is
called by the transport mapping to lookup TLS security parameters from external configuration. |
java.lang.Class<? extends Address> |
getSupportedAddressClass() |
Gets the
Address class that is supported by this transport mapping. |
TLSTMTrustManagerFactory |
getTrustManagerFactory() |
|
java.lang.String |
getTrustStore() |
|
java.lang.String |
getTrustStorePassword() |
|
protected void |
handshake(javax.net.ssl.SSLEngine engine,
java.net.DatagramSocket socket,
java.net.SocketAddress peerAddr,
java.net.DatagramPacket receivedPacket) |
|
boolean |
isServerEnabled() |
Checks whether a server for incoming requests is enabled.
|
protected java.util.List<java.net.DatagramPacket> |
onReceiveTimeout(javax.net.ssl.SSLEngine engine,
java.net.SocketAddress socketAddr) |
|
protected java.nio.ByteBuffer |
prepareInPacket(java.net.DatagramPacket packet,
byte[] buf,
TransportStateReference tmStateReference) |
Prepare an network packet for the application.
|
protected java.util.List<java.net.DatagramPacket> |
prepareOutPackets(UdpAddress targetAddress,
byte[] message,
TransportStateReference tmStateReference,
java.net.DatagramSocket socket) |
Prepare an application message for sending over the network to the specified target address.
|
protected java.util.List<java.net.DatagramPacket> |
produceHandshakePackets(javax.net.ssl.SSLEngine sslEngine,
java.net.SocketAddress socketAddress) |
|
void |
setConnectionTimeout(long connectionTimeout) |
Sets the connection timeout.
|
void |
setHandshakeTimeout(int handshakeTimeout) |
Sets the maximum number of milliseconds to wait for the DTLS handshake operation to succeed.
|
void |
setKeyStore(java.lang.String keyStore) |
|
void |
setKeyStorePassword(java.lang.String keyStorePassword) |
|
void |
setLocalCertificateAlias(java.lang.String localCertificateAlias) |
Sets the certificate alias used for client and server authentication
by this TLSTM.
|
void |
setMaxInboundMessageSize(int maxInboundMessageSize) |
Sets the maximum buffer size for incoming requests.
|
void |
setProtocolVersions(java.lang.String[] dtlsProtocols) |
Sets the DTLS protocols/versions that DTLSTM should use during handshake.
|
void |
setSecurityCallback(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback) |
Sets the
TlsTmSecurityCallback associated with this TransportMapping hook. |
void |
setServerEnabled(boolean serverEnabled) |
Sets whether a server for incoming requests should be created when
the transport is set into listen state.
|
protected void |
setSocketOptions(ServerSocketEntry serverSocket) |
Sets optional server socket options.
|
void |
setTrustManagerFactory(TLSTMTrustManagerFactory trustManagerFactory) |
Set the TLSTM trust manager factory.
|
void |
setTrustStore(java.lang.String trustStore) |
|
void |
setTrustStorePassword(java.lang.String trustStorePassword) |
addTransportListener, fireProcessMessage, isAsyncMsgProcessingSupported, removeTransportListener, setAsyncMsgProcessingSupported
close, ensureSocket, getListenAddress, getPriority, getReceiveBufferSize, getSocketTimeout, getThreadName, isListening, listen, renewSocketAfterException, sendMessage, setPriority, setReceiveBufferSize, setSocketTimeout, setThreadName
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getAddress
public static final int MAX_HANDSHAKE_LOOPS
public static final int DEFAULT_SOCKET_TIMEOUT
public static final int DEFAULT_HANDSHAKE_TIMEOUT
public static final int DEFAULT_CONNECTION_TIMEOUT
public static final java.lang.String DEFAULT_DTLSTM_PROTOCOLS
public static final int MAX_TLS_PAYLOAD_SIZE
public DTLSTM() throws java.io.IOException
java.net.UnknownHostException
- if the local host cannot be determined.java.io.IOException
public DTLSTM(UdpAddress address) throws java.io.IOException
securityCallback
needs to be specified before DefaultUdpTransportMapping.listen()
is called.address
- server address to bind.java.io.IOException
- on failure of binding a local port.public DTLSTM(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback, UdpAddress serverAddress) throws java.io.IOException
securityCallback
- a security name callback to resolve X509 certificates to tmSecurityNames.serverAddress
- the UdpAddress instance that describes the server address to listen
on incoming connection requests.java.io.IOException
- if the given address cannot be bound.public DTLSTM(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback, UdpAddress serverAddress, CounterSupport counterSupport) throws java.io.IOException
securityCallback
- a security name callback to resolve X509 certificates to tmSecurityNames.serverAddress
- the UdpAddress instance that describes the server address to listen
on incoming connection requests.counterSupport
- The CounterSupport instance to be used to count events created by this
TLSTM instance. To get a default instance, use
CounterSupport.getInstance()
.java.io.IOException
- if the given address cannot be bound.public java.lang.String getLocalCertificateAlias()
public java.lang.String[] getProtocolVersions()
TlsTransportMappingConfig
getProtocolVersions
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
public java.lang.String getProtocolVersionPropertyName()
getProtocolVersionPropertyName
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
SnmpConfigurator.P_TLS_VERSION
or
SnmpConfigurator.P_DTLS_VERSION
.public void setProtocolVersions(java.lang.String[] dtlsProtocols)
DEFAULT_DTLSTM_PROTOCOLS
.setProtocolVersions
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
dtlsProtocols
- an array of TLS protocol (version) names supported by the SunJSSE provider.
The order in the array defines which protocol is tried during handshake
first.public java.lang.String getKeyStore()
getKeyStore
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
public void setKeyStore(java.lang.String keyStore)
setKeyStore
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
public java.lang.String getKeyStorePassword()
getKeyStorePassword
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
public void setKeyStorePassword(java.lang.String keyStorePassword)
setKeyStorePassword
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
public java.lang.String getTrustStore()
getTrustStore
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
public void setTrustStore(java.lang.String trustStore)
setTrustStore
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
public java.lang.String getTrustStorePassword()
getTrustStorePassword
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
public void setTrustStorePassword(java.lang.String trustStorePassword)
setTrustStorePassword
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
public void setLocalCertificateAlias(java.lang.String localCertificateAlias)
null
filters out any certificates which are not in the chain of the given
alias.setLocalCertificateAlias
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
localCertificateAlias
- a certificate alias which filters a single certification chain from
the javax.net.ssl.keyStore
key store to be used to
authenticate this TLS transport mapping. If null
no
filtering appears, which could lead to more than a single chain
available for authentication by the peer, which would violate the
TLSTM standard requirements.public CounterSupport getCounterSupport()
public java.lang.Class<? extends Address> getSupportedAddressClass()
TransportMapping
Address
class that is supported by this transport mapping.getSupportedAddressClass
in interface TransportMapping<java.security.cert.X509Certificate>
getSupportedAddressClass
in class UdpTransportMapping
Address
.public TlsTmSecurityCallback<java.security.cert.X509Certificate> getSecurityCallback()
TlsTransportMappingConfig
TlsTmSecurityCallback
associated with this TransportMapping
hook which is
called by the transport mapping to lookup TLS security parameters from external configuration.getSecurityCallback
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
TlsTmSecurityCallback
instance.public void setSecurityCallback(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback)
TlsTransportMappingConfig
TlsTmSecurityCallback
associated with this TransportMapping
hook. This hook
will be called to lookup the security name based on the TLS peer certificate, for example.
See TlsTmSecurityCallback
for details.setSecurityCallback
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
securityCallback
- a TlsTmSecurityCallback
instance. Setting this hook to null
will disable incoming request
processing because these request will be rejected due to an authorization error (no mathing SNMPv3 view).public TLSTMTrustManagerFactory getTrustManagerFactory()
public void setTrustManagerFactory(TLSTMTrustManagerFactory trustManagerFactory)
trustManagerFactory
- a X.509 trust manager factory implementing the interface
TLSTMTrustManagerFactory
.public boolean close(UdpAddress remoteAddress) throws java.io.IOException
remoteAddress
- the address of the peer socket.true
if the connection has been closed and
false
if there was nothing to close.java.io.IOException
- if the remote address cannot be closed due to an IO exception.public long getConnectionTimeout()
public void setConnectionTimeout(long connectionTimeout)
connectionTimeout
- the idle timeout in milliseconds. A zero or negative value will disable
any timeout and connections opened by this transport mapping will stay
opened until they are explicitly closed.public boolean isServerEnabled()
public void setServerEnabled(boolean serverEnabled)
DefaultUdpTransportMapping.listen()
method is called (if the transport is already
listening, DefaultUdpTransportMapping.close()
has to be called before).serverEnabled
- if true
if the transport will listens for incoming
requests after DefaultUdpTransportMapping.listen()
has been called.public int getMaxInboundMessageSize()
getMaxInboundMessageSize
in interface TransportMapping<java.security.cert.X509Certificate>
getMaxInboundMessageSize
in class AbstractTransportMapping<UdpAddress>
public void setMaxInboundMessageSize(int maxInboundMessageSize)
setMaxInboundMessageSize
in class DefaultUdpTransportMapping
maxInboundMessageSize
- the length of the inbound buffer in bytes.public int getHandshakeTimeout()
public void setHandshakeTimeout(int handshakeTimeout)
handshakeTimeout
- the new handshake timeout millis.protected void setSocketOptions(ServerSocketEntry serverSocket)
serverSocket
- the ServerSocketEntry
to apply additional non-default options.protected java.util.List<java.net.DatagramPacket> prepareOutPackets(UdpAddress targetAddress, byte[] message, TransportStateReference tmStateReference, java.net.DatagramSocket socket) throws java.io.IOException
DefaultUdpTransportMapping
prepareOutPackets
in class DefaultUdpTransportMapping
targetAddress
- the UDP address the message will be sent to.message
- the application message to send.tmStateReference
- the transport state reference associated with this message.socket
- the socket that will send the message over the network. @return
an ByteBuffer that contains the network representation of the message (i.e. encrypted).DatagramPacket
instances. By default this is a singleton list.java.io.IOException
- if the preparation of the network message fails (e.g. because the encryption handshake fails).protected java.util.List<java.net.DatagramPacket> onReceiveTimeout(javax.net.ssl.SSLEngine engine, java.net.SocketAddress socketAddr) throws java.io.IOException
java.io.IOException
protected void handshake(javax.net.ssl.SSLEngine engine, java.net.DatagramSocket socket, java.net.SocketAddress peerAddr, java.net.DatagramPacket receivedPacket) throws java.io.IOException
java.io.IOException
protected java.nio.ByteBuffer prepareInPacket(java.net.DatagramPacket packet, byte[] buf, TransportStateReference tmStateReference) throws java.io.IOException
DefaultUdpTransportMapping
prepareInPacket
in class DefaultUdpTransportMapping
packet
- the incoming network datagram packet.buf
- the buffer of the packet.tmStateReference
- the transport state reference.java.io.IOException
- if there occurs an IO exception during preparation.protected java.util.List<java.net.DatagramPacket> produceHandshakePackets(javax.net.ssl.SSLEngine sslEngine, java.net.SocketAddress socketAddress) throws java.io.IOException
java.io.IOException
protected java.net.DatagramPacket createHandshakePacket(byte[] buf, java.net.SocketAddress socketAddr)
Copyright © 2018 SNMP4J.org. All rights reserved.