Module org.snmp4j

Class DTLSTM

    • Field Detail

      • DEFAULT_HANDSHAKE_TIMEOUT

        public static final int DEFAULT_HANDSHAKE_TIMEOUT
        See Also:
        Constant Field Values
      • DEFAULT_CONNECTION_TIMEOUT

        public static final int DEFAULT_CONNECTION_TIMEOUT
        See Also:
        Constant Field Values
      • DEFAULT_DTLS_HANDSHAKE_THREADPOOL_SIZE

        private static final int DEFAULT_DTLS_HANDSHAKE_THREADPOOL_SIZE
        See Also:
        Constant Field Values
      • nextSessionID

        private long nextSessionID
      • sockets

        private final java.util.Map<java.net.InetSocketAddress,​DTLSTM.SocketEntry> sockets
      • connectionTimeout

        private long connectionTimeout
      • handshakeTimeout

        private int handshakeTimeout
      • DEFAULT_DTLSTM_PROTOCOLS

        public static final java.lang.String DEFAULT_DTLSTM_PROTOCOLS
        See Also:
        Constant Field Values
      • localCertificateAlias

        private java.lang.String localCertificateAlias
      • keyStore

        private java.lang.String keyStore
      • keyStorePassword

        private java.lang.String keyStorePassword
      • trustStore

        private java.lang.String trustStore
      • trustStorePassword

        private java.lang.String trustStorePassword
      • dtlsProtocols

        private java.lang.String[] dtlsProtocols
      • pkixRevocationChecker

        private java.security.cert.PKIXRevocationChecker pkixRevocationChecker
      • x509CertificateRevocationListURI

        private java.lang.String x509CertificateRevocationListURI
      • dtlsHandshakeThreadPool

        private ThreadPool dtlsHandshakeThreadPool
      • dtlsHandshakeThreadPoolSize

        private int dtlsHandshakeThreadPoolSize
      • serverEnabled

        private boolean serverEnabled
    • Constructor Detail

      • DTLSTM

        public DTLSTM()
               throws java.io.IOException
        Creates a default UDP transport mapping with the server for incoming messages disabled.
        Throws:
        java.net.UnknownHostException - if the local host cannot be determined.
        java.io.IOException
      • DTLSTM

        public DTLSTM​(DtlsAddress address)
               throws java.io.IOException
        Creates a TLS transport mapping with the server for incoming messages bind to the given DTLS address. The securityCallback needs to be specified before listen() is called.
        Parameters:
        address - server address to bind.
        Throws:
        java.io.IOException - on failure of binding a local port.
        Since:
        3.3.2
      • DTLSTM

        public DTLSTM​(DtlsAddress address,
                      boolean serverEnabled)
               throws java.io.IOException
        Creates a TLS transport mapping with the server for incoming messages bind to the given address. The securityCallback needs to be specified before listen() is called.
        Parameters:
        address - server address to bind.
        serverEnabled - defines the role of the underlying SSLEngine. Setting this to false enables the SSLEngine.setUseClientMode(boolean).
        Throws:
        java.io.IOException - on failure of binding a local port.
        Since:
        3.2.0
      • DTLSTM

        public DTLSTM​(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback,
                      DtlsAddress serverAddress)
               throws java.io.IOException
        Creates a DTLS transport mapping that binds to the given address (interface) on the local host.
        Parameters:
        securityCallback - a security name callback to resolve X509 certificates to tmSecurityNames.
        serverAddress - the UdpAddress instance that describes the server address to listen on incoming connection requests.
        Throws:
        java.io.IOException - if the given address cannot be bound.
      • DTLSTM

        public DTLSTM​(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback,
                      DtlsAddress serverAddress,
                      CounterSupport counterSupport)
               throws java.io.IOException
        Creates a TLS transport mapping that binds to the given address (interface) on the local host and runs as a server.
        Parameters:
        securityCallback - a security name callback to resolve X509 certificates to tmSecurityNames.
        serverAddress - the UdpAddress instance that describes the server address to listen on incoming connection requests.
        counterSupport - The CounterSupport instance to be used to count events created by this TLSTM instance. To get a default instance, use CounterSupport.getInstance().
        Throws:
        java.io.IOException - if the given address cannot be bound.
      • DTLSTM

        public DTLSTM​(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback,
                      DtlsAddress serverAddress,
                      CounterSupport counterSupport,
                      boolean serverEnabled)
               throws java.io.IOException
        Creates a TLS transport mapping that binds to the given address (interface) on the local host.
        Parameters:
        securityCallback - a security name callback to resolve X509 certificates to tmSecurityNames.
        serverAddress - the UdpAddress instance that describes the server address to listen on incoming connection requests.
        counterSupport - The CounterSupport instance to be used to count events created by this TLSTM instance. To get a default instance, use CounterSupport.getInstance().
        serverEnabled - defines the role of the underlying SSLEngine. Setting this to false enables the SSLEngine.setUseClientMode(boolean).
        Throws:
        java.io.IOException - if the given address cannot be bound.
        Since:
        3.2.0
    • Method Detail

      • listen

        public void listen()
                    throws java.io.IOException
        Starts the listener thread that accepts incoming messages. The thread is started in daemon mode and thus it will not block application terminated. Nevertheless, the close() method should be called to stop the listen thread gracefully and free associated ressources.
        Specified by:
        listen in interface TransportMapping<UdpAddress>
        Overrides:
        listen in class DefaultUdpTransportMapping
        Throws:
        java.io.IOException - if the listen port could not be bound to the server thread.
      • getDtlsHandshakeThreadPoolSize

        public int getDtlsHandshakeThreadPoolSize()
      • setDtlsHandshakeThreadPoolSize

        public void setDtlsHandshakeThreadPoolSize​(int dtlsHandshakeThreadPoolSize)
        Sets the maximum number of threads reserved for DTLS inbound connection handshake processing.
        Parameters:
        dtlsHandshakeThreadPoolSize - the thread pool size that gets effective when listen() is called. Default is DEFAULT_DTLS_HANDSHAKE_THREADPOOL_SIZE.
      • getProtocolVersions

        public java.lang.String[] getProtocolVersions()
        Description copied from interface: TlsTransportMappingConfig
        Return the (D)TLS protocol versions used by this transport mapping.
        Specified by:
        getProtocolVersions in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
        Returns:
        an array of SunJSSE TLS/DTLS provider (depending on the transport mapping type).
      • setProtocolVersions

        public void setProtocolVersions​(java.lang.String[] dtlsProtocols)
        Sets the DTLS protocols/versions that DTLSTM should use during handshake. The default is defined by DEFAULT_DTLSTM_PROTOCOLS.
        Specified by:
        setProtocolVersions in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
        Parameters:
        dtlsProtocols - an array of TLS protocol (version) names supported by the SunJSSE provider. The order in the array defines which protocol is tried during handshake first.
        Since:
        3.0
      • setLocalCertificateAlias

        public void setLocalCertificateAlias​(java.lang.String localCertificateAlias)
        Sets the certificate alias used for client and server authentication by this TLSTM. Setting this property to a value other than null filters out any certificates which are not in the chain of the given alias.
        Specified by:
        setLocalCertificateAlias in interface TlsTransportMappingConfig<java.security.cert.X509Certificate>
        Parameters:
        localCertificateAlias - a certificate alias which filters a single certification chain from the javax.net.ssl.keyStore key store to be used to authenticate this TLS transport mapping. If null no filtering appears, which could lead to more than a single chain available for authentication by the peer, which would violate the TLSTM standard requirements.
      • setTrustManagerFactory

        public void setTrustManagerFactory​(TLSTMTrustManagerFactory trustManagerFactory)
        Set the TLSTM trust manager factory. Using a trust manager factory other than the default allows to add support for Java 1.7 X509ExtendedTrustManager.
        Parameters:
        trustManagerFactory - a X.509 trust manager factory implementing the interface TLSTMTrustManagerFactory.
        Since:
        3.0.0
      • close

        public boolean close​(UdpAddress remoteAddress)
                      throws java.io.IOException
        Closes a connection to the supplied remote address, if it is open. This method is particularly useful when not using a timeout for remote connections.
        Specified by:
        close in interface ConnectionOrientedTransportMapping<UdpAddress>
        Parameters:
        remoteAddress - the address of the peer socket.
        Returns:
        true if the connection has been closed and false if there was nothing to close.
        Throws:
        java.io.IOException - if the remote address cannot be closed due to an IO exception.
      • setConnectionTimeout

        public void setConnectionTimeout​(long connectionTimeout)
        Sets the connection timeout. This timeout specifies the time a connection may be idle before it is closed.
        Specified by:
        setConnectionTimeout in interface ConnectionOrientedTransportMapping<UdpAddress>
        Parameters:
        connectionTimeout - the idle timeout in milliseconds. A zero or negative value will disable any timeout and connections opened by this transport mapping will stay opened until they are explicitly closed.
      • setServerEnabled

        public void setServerEnabled​(boolean serverEnabled)
        Sets whether a server for incoming requests should be created when the transport is set into listen state. Setting this value has no effect until the listen() method is called (if the transport is already listening, close() has to be called before).
        Specified by:
        setServerEnabled in interface ConnectionOrientedTransportMapping<UdpAddress>
        Parameters:
        serverEnabled - if true if the transport will listens for incoming requests after listen() has been called.
      • setMaxInboundMessageSize

        public void setMaxInboundMessageSize​(int maxInboundMessageSize)
        Sets the maximum buffer size for incoming requests. When SNMP packets are received that are longer than this maximum size, the messages will be silently dropped and the connection will be closed.
        Overrides:
        setMaxInboundMessageSize in class DefaultUdpTransportMapping
        Parameters:
        maxInboundMessageSize - the length of the inbound buffer in bytes.
      • getHandshakeTimeout

        public int getHandshakeTimeout()
        Gets the maximum number of milliseconds to wait for the DTLS handshake operation to succeed.
        Returns:
        the handshake timeout millis.
      • setHandshakeTimeout

        public void setHandshakeTimeout​(int handshakeTimeout)
        Sets the maximum number of milliseconds to wait for the DTLS handshake operation to succeed.
        Parameters:
        handshakeTimeout - the new handshake timeout millis.
      • fireConnectionStateChanged

        protected void fireConnectionStateChanged​(TransportStateEvent change)
      • prepareOutPackets

        protected java.util.List<java.net.DatagramPacket> prepareOutPackets​(UdpAddress targetAddress,
                                                                            byte[] message,
                                                                            TransportStateReference tmStateReference,
                                                                            java.net.DatagramSocket socket,
                                                                            long timeoutMillis,
                                                                            int maxRetries)
                                                                     throws java.io.IOException
        Description copied from class: DefaultUdpTransportMapping
        Prepare an application message for sending over the network to the specified target address.
        Overrides:
        prepareOutPackets in class DefaultUdpTransportMapping
        Parameters:
        targetAddress - the UDP address the message will be sent to.
        message - the application message to send.
        tmStateReference - the transport state reference associated with this message.
        socket - the socket that will send the message over the network. @return an ByteBuffer that contains the network representation of the message (i.e. encrypted).
        timeoutMillis - maximum number of milli seconds the connection creation might take (if connection based). Use 0 for responses or transport mappings that do not require connection establishment.
        maxRetries - maximum retries during connection creation. Use 0 for responses.
        Returns:
        a list of prepared DatagramPacket instances. By default this is a singleton list.
        Throws:
        java.io.IOException - if the preparation of the network message fails (e.g. because the encryption handshake fails).
      • onReceiveTimeout

        protected java.util.List<java.net.DatagramPacket> onReceiveTimeout​(javax.net.ssl.SSLEngine engine,
                                                                           java.net.SocketAddress socketAddr)
                                                                    throws java.io.IOException
        Throws:
        java.io.IOException
      • getPKIXRevocationChecker

        public java.security.cert.PKIXRevocationChecker getPKIXRevocationChecker()
        Description copied from interface: X509TlsTransportMappingConfig
        Gets the (optional and possibly null) revocation checker for the cert path validation of X509 certificates.
        Specified by:
        getPKIXRevocationChecker in interface X509TlsTransportMappingConfig
        Returns:
        null to disable cert path validation with CLR checking or a properly configured cert path checker instance.
      • setPKIXRevocationChecker

        public void setPKIXRevocationChecker​(java.security.cert.PKIXRevocationChecker pkixRevocationChecker)
        Description copied from interface: X509TlsTransportMappingConfig
        Sets the (optional and possibly null) revocation checker for the cert path validation of X509 certificates.
        Specified by:
        setPKIXRevocationChecker in interface X509TlsTransportMappingConfig
        Parameters:
        pkixRevocationChecker - null to disable cert path validation with CLR checking or a properly configured cert path checker instance.
      • prepareInPacket

        protected java.nio.ByteBuffer prepareInPacket​(java.net.DatagramPacket packet,
                                                      byte[] buf,
                                                      TransportStateReference tmStateReference)
                                               throws java.io.IOException
        Description copied from class: DefaultUdpTransportMapping
        Prepare an network packet for the application.
        Overrides:
        prepareInPacket in class DefaultUdpTransportMapping
        Parameters:
        packet - the incoming network datagram packet.
        buf - the buffer of the packet.
        tmStateReference - the transport state reference.
        Returns:
        a byte buffer with the application data of the packet.
        Throws:
        java.io.IOException - if there occurs an IO exception during preparation.
      • runDelegatedTasks

        boolean runDelegatedTasks​(javax.net.ssl.SSLEngine engine)
        If the result indicates that we have outstanding tasks to do, go ahead and run them in this thread.
        Parameters:
        engine - the SSLEngine wrap/unwrap result.
        Returns:
        true if processing of delegated tasks has been finished, false otherwise.
      • produceHandshakePackets

        protected java.util.List<java.net.DatagramPacket> produceHandshakePackets​(javax.net.ssl.SSLEngine sslEngine,
                                                                                  java.net.SocketAddress socketAddress)
                                                                           throws java.io.IOException
        Throws:
        java.io.IOException
      • createHandshakePacket

        protected java.net.DatagramPacket createHandshakePacket​(byte[] buf,
                                                                java.net.SocketAddress socketAddr)
      • setSslEngineConfigurator

        public void setSslEngineConfigurator​(SSLEngineConfigurator sslEngineConfigurator)