java.io.Closeable
, java.lang.AutoCloseable
, ConnectionOrientedTransportMapping<TcpAddress>
, TlsTransportMappingConfig<java.security.cert.X509Certificate>
, X509TlsTransportMappingConfig
, TransportMapping<TcpAddress>
public class TLSTM extends TcpTransportMapping implements X509TlsTransportMappingConfig
TLSTM
implements the Transport Layer Security
Transport Mapping (TLS-TM) as defined by RFC 5953
with the new IO API and SSLEngine
.
It uses a single thread for processing incoming and outgoing messages.
The thread is started when the listen
method is called, or
when an outgoing request is sent using the sendMessage
method.
Modifier and Type | Class | Description |
---|---|---|
protected class |
TLSTM.DefaultSSLEngineConfiguration |
Modifier and Type | Field | Description |
---|---|---|
static java.lang.String |
DEFAULT_TLSTM_PROTOCOLS |
|
static int |
MAX_TLS_PAYLOAD_SIZE |
asyncMsgProcessingSupported, maxInboundMessageSize, transportListener
sockets, tcpAddress
Constructor | Description |
---|---|
TLSTM() |
Creates a default TCP transport mapping with the server for incoming
messages disabled.
|
TLSTM(TlsAddress address) |
Creates a TLS transport mapping with the server for incoming
messages bind to the given address.
|
TLSTM(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback,
TlsAddress serverAddress) |
Creates a TLS transport mapping that binds to the given address
(interface) on the local host.
|
TLSTM(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback,
TlsAddress serverAddress,
CounterSupport counterSupport) |
Creates a TLS transport mapping that binds to the given address
(interface) on the local host.
|
Modifier and Type | Method | Description |
---|---|---|
void |
close() |
Closes all open sockets and stops the internal server thread that
processes messages.
|
long |
getConnectionTimeout() |
Gets the connection timeout.
|
CounterSupport |
getCounterSupport() |
|
java.lang.String |
getKeyStore() |
|
java.lang.String |
getKeyStorePassword() |
|
TcpAddress |
getListenAddress() |
Returns the address that represents the actual incoming address this transport
mapping uses to listen for incoming packets.
|
java.lang.String |
getLocalCertificateAlias() |
|
int |
getMaxInboundMessageSize() |
Gets the inbound buffer size for incoming requests.
|
MessageLengthDecoder |
getMessageLengthDecoder() |
Returns the
MessageLengthDecoder used by this transport
mapping. |
java.lang.String |
getProtocolVersionPropertyName() |
Returns the property name that is used by this transport mapping to determine the protocol versions
from system properties.
|
java.lang.String[] |
getProtocolVersions() |
Return the (D)TLS protocol versions used by this transport mapping.
|
TlsTmSecurityCallback<java.security.cert.X509Certificate> |
getSecurityCallback() |
Gets the
TlsTmSecurityCallback associated with this TransportMapping hook which is
called by the transport mapping to lookup TLS security parameters from external configuration. |
java.lang.Class<? extends Address> |
getSupportedAddressClass() |
Gets the
Address class that is supported by this transport mapping. |
java.lang.String |
getThreadName() |
Returns the name of the listen thread.
|
java.lang.String[] |
getTlsProtocols() |
Deprecated.
Use
getProtocolVersions() instead. |
TLSTMTrustManagerFactory |
getTrustManagerFactory() |
|
java.lang.String |
getTrustStore() |
|
java.lang.String |
getTrustStorePassword() |
|
boolean |
isListening() |
Returns
true if the transport mapping is listening for
incoming messages. |
boolean |
isServerEnabled() |
Checks whether a server for incoming requests is enabled.
|
void |
listen() |
Listen for incoming and outgoing requests.
|
void |
sendMessage(TcpAddress address,
byte[] message,
TransportStateReference tmStateReference,
long timeoutMillis,
int maxRetries) |
Sends a SNMP message to the supplied address.
|
void |
setConnectionTimeout(long connectionTimeout) |
Sets the connection timeout.
|
void |
setKeyStore(java.lang.String keyStore) |
|
void |
setKeyStorePassword(java.lang.String keyStorePassword) |
|
void |
setLocalCertificateAlias(java.lang.String localCertificateAlias) |
Sets the certificate alias used for client and server authentication
by this TLSTM.
|
void |
setMaxInboundMessageSize(int maxInboundMessageSize) |
Sets the maximum buffer size for incoming requests.
|
void |
setMessageLengthDecoder(MessageLengthDecoder messageLengthDecoder) |
Sets the
MessageLengthDecoder that decodes the total
message length from the header of a message. |
void |
setProtocolVersions(java.lang.String[] protocolVersions) |
Sets the TLS protocols/versions that TLSTM should use during handshake.
|
void |
setSecurityCallback(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback) |
Sets the
TlsTmSecurityCallback associated with this TransportMapping hook. |
void |
setServerEnabled(boolean serverEnabled) |
Sets whether a server for incoming requests should be created when
the transport is set into listen state.
|
void |
setThreadName(java.lang.String name) |
Sets the name of the listen thread for this UDP transport mapping.
|
void |
setTlsProtocols(java.lang.String[] tlsProtocols) |
Deprecated.
Use
setProtocolVersions(String[]) instead. |
void |
setTrustManagerFactory(TLSTMTrustManagerFactory trustManagerFactory) |
Set the TLSTM trust manager factory.
|
void |
setTrustStore(java.lang.String trustStore) |
|
void |
setTrustStorePassword(java.lang.String trustStorePassword) |
addTransportListener, fireProcessMessage, isAsyncMsgProcessingSupported, removeTransportListener, setAsyncMsgProcessingSupported
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
addTransportStateListener, close, closeSockets, fireConnectionStateChanged, getAddress, getServer, removeTransportStateListener, setSocketOptions, timeoutSocket
addTransportListener, removeTransportListener
public static final java.lang.String DEFAULT_TLSTM_PROTOCOLS
public static final int MAX_TLS_PAYLOAD_SIZE
public TLSTM() throws java.net.UnknownHostException
java.net.UnknownHostException
- if the local host cannot be determined.public TLSTM(TlsAddress address) throws java.io.IOException
securityCallback
needs to be specified before listen()
is called.address
- the address to bind for incoming requests.java.io.IOException
- on failure of binding a local port.public TLSTM(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback, TlsAddress serverAddress) throws java.io.IOException
securityCallback
- a security name callback to resolve X509 certificates to tmSecurityNames.serverAddress
- the TcpAddress instance that describes the server address to listen
on incoming connection requests.java.io.IOException
- if the given address cannot be bound.public TLSTM(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback, TlsAddress serverAddress, CounterSupport counterSupport) throws java.io.IOException
securityCallback
- a security name callback to resolve X509 certificates to tmSecurityNames.serverAddress
- the TcpAddress instance that describes the server address to listen
on incoming connection requests.counterSupport
- The CounterSupport instance to be used to count events created by this
TLSTM instance. To get a default instance, use
CounterSupport.getInstance()
.java.io.IOException
- if the given address cannot be bound.public java.lang.String getLocalCertificateAlias()
@Deprecated public java.lang.String[] getTlsProtocols()
getProtocolVersions()
instead.@Deprecated public void setTlsProtocols(java.lang.String[] tlsProtocols)
setProtocolVersions(String[])
instead.DEFAULT_TLSTM_PROTOCOLS
.tlsProtocols
- an array of TLS protocol (version) names supported by the SunJSSE provider.
The order in the array defines which protocol is tried during handshake
first.public void setProtocolVersions(java.lang.String[] protocolVersions)
DEFAULT_TLSTM_PROTOCOLS
.setProtocolVersions
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
protocolVersions
- an array of TLS protocol (version) names supported by the SunJSSE provider.
The order in the array defines which protocol is tried during handshake
first.public java.lang.String[] getProtocolVersions()
TlsTransportMappingConfig
getProtocolVersions
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
public java.lang.String getProtocolVersionPropertyName()
getProtocolVersionPropertyName
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
SnmpConfigurator.P_TLS_VERSION
or
SnmpConfigurator.P_DTLS_VERSION
.public java.lang.String getKeyStore()
getKeyStore
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
public void setKeyStore(java.lang.String keyStore)
setKeyStore
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
public java.lang.String getKeyStorePassword()
getKeyStorePassword
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
public void setKeyStorePassword(java.lang.String keyStorePassword)
setKeyStorePassword
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
public java.lang.String getTrustStore()
getTrustStore
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
public void setTrustStore(java.lang.String trustStore)
setTrustStore
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
public java.lang.String getTrustStorePassword()
getTrustStorePassword
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
public void setTrustStorePassword(java.lang.String trustStorePassword)
setTrustStorePassword
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
public void setLocalCertificateAlias(java.lang.String localCertificateAlias)
null
filters out any certificates which are not in the chain of the given
alias.setLocalCertificateAlias
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
localCertificateAlias
- a certificate alias which filters a single certification chain from
the javax.net.ssl.keyStore
key store to be used to
authenticate this TLS transport mapping. If null
no
filtering appears, which could lead to more than a single chain
available for authentication by the peer, which would violate the
TLSTM standard requirements.public CounterSupport getCounterSupport()
public java.lang.Class<? extends Address> getSupportedAddressClass()
TransportMapping
Address
class that is supported by this transport mapping.getSupportedAddressClass
in interface TransportMapping<TcpAddress>
getSupportedAddressClass
in class TcpTransportMapping
Address
.public TlsTmSecurityCallback<java.security.cert.X509Certificate> getSecurityCallback()
TlsTransportMappingConfig
TlsTmSecurityCallback
associated with this TransportMapping
hook which is
called by the transport mapping to lookup TLS security parameters from external configuration.getSecurityCallback
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
TlsTmSecurityCallback
instance.public void setSecurityCallback(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback)
TlsTransportMappingConfig
TlsTmSecurityCallback
associated with this TransportMapping
hook. This hook
will be called to lookup the security name based on the TLS peer certificate, for example.
See TlsTmSecurityCallback
for details.setSecurityCallback
in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
securityCallback
- a TlsTmSecurityCallback
instance. Setting this hook to null
will disable incoming request
processing because these request will be rejected due to an authorization error (no mathing SNMPv3 view).public TLSTMTrustManagerFactory getTrustManagerFactory()
public void setTrustManagerFactory(TLSTMTrustManagerFactory trustManagerFactory)
trustManagerFactory
- a X.509 trust manager factory implementing the interface TLSTMTrustManagerFactory
.public void listen() throws java.io.IOException
serverEnabled
member is false
the server for incoming requests is not
started. This starts the internal server thread that processes messages.listen
in interface TransportMapping<TcpAddress>
listen
in class TcpTransportMapping
java.net.SocketException
- when the transport is already listening for incoming/outgoing messages.java.io.IOException
- if the listen port could not be bound to the server thread.public void setThreadName(java.lang.String name)
listen()
has been
called for this transport mapping.name
- the new thread name.public java.lang.String getThreadName()
null
.public void close()
close
in interface java.lang.AutoCloseable
close
in interface java.io.Closeable
close
in interface TransportMapping<TcpAddress>
close
in class TcpTransportMapping
public void sendMessage(TcpAddress address, byte[] message, TransportStateReference tmStateReference, long timeoutMillis, int maxRetries) throws java.io.IOException
sendMessage
in interface TransportMapping<TcpAddress>
sendMessage
in class TcpTransportMapping
address
- an TcpAddress
. A ClassCastException
is thrown
if address
is not a TcpAddress
instance.message
- byte[]
the message to sent.tmStateReference
- the (optional) transport model state reference as defined by
RFC 5590 section 6.1.timeoutMillis
- maximum number of milli seconds the connection creation might take (if connection based).maxRetries
- maximum retries during connection creation.java.io.IOException
- if an IO exception occurs while trying to send the message.public long getConnectionTimeout()
getConnectionTimeout
in class TcpTransportMapping
public void setConnectionTimeout(long connectionTimeout)
setConnectionTimeout
in interface ConnectionOrientedTransportMapping<TcpAddress>
setConnectionTimeout
in class TcpTransportMapping
connectionTimeout
- the idle timeout in milliseconds. A zero or negative value will disable
any timeout and connections opened by this transport mapping will stay
opened until they are explicitly closed.public boolean isServerEnabled()
public MessageLengthDecoder getMessageLengthDecoder()
TcpTransportMapping
MessageLengthDecoder
used by this transport
mapping.getMessageLengthDecoder
in interface ConnectionOrientedTransportMapping<TcpAddress>
getMessageLengthDecoder
in class TcpTransportMapping
public void setServerEnabled(boolean serverEnabled)
listen()
method is called (if the transport is already
listening, close()
has to be called before).serverEnabled
- if true
if the transport will listens for incoming
requests after listen()
has been called.public void setMessageLengthDecoder(MessageLengthDecoder messageLengthDecoder)
TcpTransportMapping
MessageLengthDecoder
that decodes the total
message length from the header of a message.setMessageLengthDecoder
in interface ConnectionOrientedTransportMapping<TcpAddress>
setMessageLengthDecoder
in class TcpTransportMapping
messageLengthDecoder
- a MessageLengthDecoder instance.public int getMaxInboundMessageSize()
getMaxInboundMessageSize
in interface TransportMapping<TcpAddress>
getMaxInboundMessageSize
in class AbstractTransportMapping<TcpAddress>
public void setMaxInboundMessageSize(int maxInboundMessageSize)
maxInboundMessageSize
- the length of the inbound buffer in bytes.public boolean isListening()
TransportMapping
true
if the transport mapping is listening for
incoming messages. For connection oriented transport mappings this
is a prerequisite to be able to send SNMP messages. For connectionless
transport mappings it is a prerequisite to be able to receive responses.isListening
in interface TransportMapping<TcpAddress>
true
if this transport mapping is listening for messages.public TcpAddress getListenAddress()
TransportMapping
getListenAddress
in interface TransportMapping<TcpAddress>
getListenAddress
in class TcpTransportMapping
null
this transport
mapping is not configured to listen for incoming packets.Copyright © 2018 SNMP4J.org. All rights reserved.