- java.lang.Object
-
- org.snmp4j.transport.AbstractTransportMapping<TcpAddress>
-
- org.snmp4j.transport.TcpTransportMapping<TLSTM.SocketEntry>
-
- org.snmp4j.transport.TLSTM
-
- All Implemented Interfaces:
java.io.Closeable
,java.lang.AutoCloseable
,ConnectionOrientedTransportMapping<TcpAddress>
,TlsTransportMappingConfig<java.security.cert.X509Certificate>
,X509TlsTransportMappingConfig
,TransportMapping<TcpAddress>
public class TLSTM extends TcpTransportMapping<TLSTM.SocketEntry> implements X509TlsTransportMappingConfig
TheTLSTM
implements the Transport Layer Security Transport Mapping (TLS-TM) as defined by RFC 5953 with the new IO API andSSLEngine
.It uses a single thread for processing incoming and outgoing messages. The thread is started when the
listen
method is called, or when an outgoing request is sent using thesendMessage
method.- Since:
- 2.0
- Version:
- 3.5.0
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private class
TLSTM.DefaultTLSTMTrustManagerFactory
(package private) class
TLSTM.ServerThread
(package private) class
TLSTM.SocketEntry
-
Field Summary
Fields Modifier and Type Field Description private long
connectionTimeout
private CounterSupport
counterSupport
static java.lang.String
DEFAULT_TLSTM_PROTOCOLS
The default supported TLS protocol versions.private java.lang.String
keyStore
private java.lang.String
keyStorePassword
private java.lang.String
localCertificateAlias
private static LogAdapter
logger
static int
MAX_TLS_PAYLOAD_SIZE
private long
nextSessionID
private java.security.cert.PKIXRevocationChecker
pkixRevocationChecker
By default no revocation checksprivate TlsTmSecurityCallbackProxy<java.security.cert.X509Certificate>
securityCallback
private WorkerTask
server
private TLSTM.ServerThread
serverThread
private CommonTimer
socketCleaner
private SSLEngineConfigurator
sslEngineConfigurator
static int
TLS_MAX_FRAGMENT_SIZE
private int
tlsMaxFragmentSize
private java.lang.String[]
tlsProtocols
private TLSTMTrustManagerFactory
trustManagerFactory
private java.lang.String
trustStore
private java.lang.String
trustStorePassword
private java.lang.String
x509CertificateRevocationListURI
-
Fields inherited from class org.snmp4j.transport.TcpTransportMapping
openSocketOnSending, serverEnabled, sockets, tcpAddress
-
Fields inherited from class org.snmp4j.transport.AbstractTransportMapping
asyncMsgProcessingSupported, listenWorkerTask, maxInboundMessageSize, suspendedAddresses, transportListener
-
-
Constructor Summary
Constructors Constructor Description TLSTM()
Creates a default TCP transport mapping with the server for incoming messages disabled.TLSTM(TlsAddress address)
Creates a TLS transport mapping with the server for incoming messages bind to the given address.TLSTM(TlsAddress address, boolean serverEnabled)
Creates a TLS transport mapping with the server for incoming messages bind to the given address.TLSTM(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback, TlsAddress serverAddress)
Creates a TLS transport mapping that binds to the given address (interface) on the local host.TLSTM(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback, TlsAddress serverAddress, CounterSupport counterSupport)
Creates a TLS transport mapping that binds to the given address (interface) on the local host.TLSTM(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback, TlsAddress serverAddress, CounterSupport counterSupport, boolean serverEnabled)
Creates a TLS transport mapping that binds to the given address (interface) on the local host.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description private void
adjustInNetBuffer(TLSTM.SocketEntry entry, javax.net.ssl.SSLEngineResult result)
void
close()
Closes all open sockets and stops the internal server thread that processes messages.protected TlsAddress
createIncomingAddress(java.net.Socket s)
protected SSLEngineConfigurator
ensureSslEngineConfigurator()
Returns the configuredsetSslEngineConfigurator(SSLEngineConfigurator)
or theDefaultSSLEngineConfiguration
which will then become the configured SSL engine configurator.long
getConnectionTimeout()
Gets the connection timeout.CounterSupport
getCounterSupport()
java.lang.String
getKeyStore()
java.lang.String
getKeyStorePassword()
TcpAddress
getListenAddress()
Returns the address that represents the actual incoming address this transport mapping uses to listen for incoming packets.protected WorkerTask
getListenerWorkerTask()
Gets theWorkerTask
that is responsible for receiving new messages.java.lang.String
getLocalCertificateAlias()
Gets the certificate alias used for client and server authentication.int
getMaxInboundMessageSize()
Gets the inbound buffer size for incoming requests.MessageLengthDecoder
getMessageLengthDecoder()
Returns theMessageLengthDecoder
used by this transport mapping.java.security.cert.PKIXRevocationChecker
getPKIXRevocationChecker()
Gets the (optional and possiblynull
) revocation checker for the cert path validation of X509 certificates.java.lang.String
getProtocolVersionPropertyName()
Returns the property name that is used by this transport mapping to determine the protocol versions from system properties.java.lang.String[]
getProtocolVersions()
Return the (D)TLS protocol versions used by this transport mapping.TlsTmSecurityCallback<java.security.cert.X509Certificate>
getSecurityCallback()
Gets theTlsTmSecurityCallback
associated with thisTransportMapping
hook which is called by the transport mapping to lookup TLS security parameters from external configuration.CommonTimer
getSocketCleaner()
Gets theCommonTimer
that controls socket cleanup operations.SSLEngineConfigurator
getSslEngineConfigurator()
java.lang.Class<? extends Address>
getSupportedAddressClass()
Gets the primaryAddress
class that is supported by this transport mapping.TransportType
getSupportedTransportType()
Gets theTransportType
thisTransportMapping
supports depending onTcpTransportMapping.isServerEnabled()
.int
getTlsMaxFragmentSize()
Gets the maximum fragment size of supported for this transport mapping when acting as TLS server.java.lang.String[]
getTlsProtocols()
Deprecated.UsegetProtocolVersions()
instead.TLSTMTrustManagerFactory
getTrustManagerFactory()
java.lang.String
getTrustStore()
java.lang.String
getTrustStorePassword()
java.lang.String
getX509CertificateRevocationListURI()
Gets the X509 certificate revocation list (CRL) URI, if defined.protected static boolean
isEngineClosed(javax.net.ssl.SSLEngine engine)
Check if aSSLEngine
is fully closed.boolean
isListening()
Returnstrue
if the transport mapping is listening for incoming messages.void
listen()
Listen for incoming and outgoing requests.private boolean
matchingStateReferences(TransportStateReference tmStateReferenceNew, TransportStateReference tmStateReferenceExisting)
void
sendMessage(TcpAddress address, byte[] message, TransportStateReference tmStateReference, long timeoutMillis, int maxRetries)
Sends an SNMP message to the supplied address.private javax.net.ssl.SSLEngineResult
sendNetMessage(TLSTM.SocketEntry entry)
void
setConnectionTimeout(long connectionTimeout)
Sets the connection timeout.void
setKeyStore(java.lang.String keyStore)
void
setKeyStorePassword(java.lang.String keyStorePassword)
void
setLocalCertificateAlias(java.lang.String localCertificateAlias)
Sets the certificate alias used for client and server authentication by this TLSTM.void
setMaxInboundMessageSize(int maxInboundMessageSize)
Sets the maximum buffer size for incoming requests.void
setMessageLengthDecoder(MessageLengthDecoder messageLengthDecoder)
Sets theMessageLengthDecoder
that decodes the total message length from the header of a message.void
setPKIXRevocationChecker(java.security.cert.PKIXRevocationChecker pkixRevocationChecker)
Sets the (optional and possiblynull
) revocation checker for the cert path validation of X509 certificates.void
setProtocolVersions(java.lang.String[] protocolVersions)
Sets the TLS protocols/versions that TLSTM should use during handshake.void
setSecurityCallback(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback)
Sets theTlsTmSecurityCallback
associated with thisTransportMapping
hook.void
setSslEngineConfigurator(SSLEngineConfigurator sslEngineConfigurator)
Sets the configurator for theSSLEngine
internally used to run the TLS communication.void
setTlsMaxFragmentSize(int tlsMaxFragmentSize)
Sets the maximum TLS fragment size that this transport mapping should support as server.void
setTlsProtocols(java.lang.String[] tlsProtocols)
Deprecated.UsesetProtocolVersions(String[])
instead.void
setTrustManagerFactory(TLSTMTrustManagerFactory trustManagerFactory)
Set the TLSTM trust manager factory.void
setTrustStore(java.lang.String trustStore)
void
setTrustStorePassword(java.lang.String trustStorePassword)
private void
setupTrustManagerFactory()
void
setX09CertificateRevocationListURI(java.lang.String crlURI)
Sets the X509 certificate revocation list (CRL) URI, to enable CRL checking.private void
timeoutSocket(TLSTM.SocketEntry entry)
(package private) void
writeNetBuffer(TLSTM.SocketEntry entry, java.nio.channels.SocketChannel sc)
-
Methods inherited from class org.snmp4j.transport.TcpTransportMapping
addTransportStateListener, cancelNonServerSelectionKey, close, closeSockets, fireConnectionStateChanged, getAddress, getListenWorkerTask, isOpenSocketOnSending, isServerEnabled, removeTransportStateListener, setOpenSocketOnSending, setServerEnabled, setSocketOptions, timeoutSocket
-
Methods inherited from class org.snmp4j.transport.AbstractTransportMapping
addTransportListener, fireProcessMessage, getPriority, getThreadName, handleDroppedMessageToSend, isAsyncMsgProcessingSupported, removeAllTransportListeners, removeTransportListener, resumeAddress, setAsyncMsgProcessingSupported, setPriority, setThreadName, suspendAddress
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.snmp4j.transport.ConnectionOrientedTransportMapping
resumeAddress, suspendAddress
-
Methods inherited from interface org.snmp4j.TransportMapping
addTransportListener, getSupportedAddressClasses, isAddressSupported, isAddressSupported, removeTransportListener
-
-
-
-
Field Detail
-
logger
private static final LogAdapter logger
-
TLS_MAX_FRAGMENT_SIZE
public static final int TLS_MAX_FRAGMENT_SIZE
- See Also:
- Constant Field Values
-
server
private WorkerTask server
-
serverThread
private TLSTM.ServerThread serverThread
-
socketCleaner
private CommonTimer socketCleaner
-
connectionTimeout
private long connectionTimeout
-
nextSessionID
private long nextSessionID
-
sslEngineConfigurator
private SSLEngineConfigurator sslEngineConfigurator
-
securityCallback
private final TlsTmSecurityCallbackProxy<java.security.cert.X509Certificate> securityCallback
-
counterSupport
private CounterSupport counterSupport
-
DEFAULT_TLSTM_PROTOCOLS
public static final java.lang.String DEFAULT_TLSTM_PROTOCOLS
The default supported TLS protocol versions.- See Also:
- Constant Field Values
-
MAX_TLS_PAYLOAD_SIZE
public static final int MAX_TLS_PAYLOAD_SIZE
- See Also:
- Constant Field Values
-
localCertificateAlias
private java.lang.String localCertificateAlias
-
keyStore
private java.lang.String keyStore
-
keyStorePassword
private java.lang.String keyStorePassword
-
trustStore
private java.lang.String trustStore
-
trustStorePassword
private java.lang.String trustStorePassword
-
tlsProtocols
private java.lang.String[] tlsProtocols
-
trustManagerFactory
private TLSTMTrustManagerFactory trustManagerFactory
-
tlsMaxFragmentSize
private int tlsMaxFragmentSize
-
pkixRevocationChecker
private java.security.cert.PKIXRevocationChecker pkixRevocationChecker
By default no revocation checks
-
x509CertificateRevocationListURI
private java.lang.String x509CertificateRevocationListURI
-
-
Constructor Detail
-
TLSTM
public TLSTM() throws java.net.UnknownHostException
Creates a default TCP transport mapping with the server for incoming messages disabled.- Throws:
java.net.UnknownHostException
- if the local host cannot be determined.
-
TLSTM
public TLSTM(TlsAddress address) throws java.io.IOException
Creates a TLS transport mapping with the server for incoming messages bind to the given address. ThesecurityCallback
needs to be specified beforelisten()
is called.- Parameters:
address
- the address to bind for incoming requests.- Throws:
java.io.IOException
- on failure of binding a local port.
-
TLSTM
public TLSTM(TlsAddress address, boolean serverEnabled) throws java.io.IOException
Creates a TLS transport mapping with the server for incoming messages bind to the given address. ThesecurityCallback
needs to be specified beforelisten()
is called.- Parameters:
address
- the address to bind for incoming requests.serverEnabled
- defines the role of the underlyingSSLEngine
. Setting this tofalse
enables theSSLEngine.setUseClientMode(boolean)
.- Throws:
java.io.IOException
- on failure of binding a local port.- Since:
- 3.2.0
-
TLSTM
public TLSTM(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback, TlsAddress serverAddress) throws java.io.IOException
Creates a TLS transport mapping that binds to the given address (interface) on the local host.- Parameters:
securityCallback
- a security name callback to resolve X509 certificates to tmSecurityNames.serverAddress
- the TcpAddress instance that describes the server address to listen on incoming connection requests.- Throws:
java.io.IOException
- if the given address cannot be bound.
-
TLSTM
public TLSTM(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback, TlsAddress serverAddress, CounterSupport counterSupport) throws java.io.IOException
Creates a TLS transport mapping that binds to the given address (interface) on the local host.- Parameters:
securityCallback
- a security name callback to resolve X509 certificates to tmSecurityNames.serverAddress
- the TcpAddress instance that describes the server address to listen on incoming connection requests.counterSupport
- The CounterSupport instance to be used to count events created by this TLSTM instance. To get a default instance, useCounterSupport.getInstance()
.- Throws:
java.io.IOException
- if the given address cannot be bound.
-
TLSTM
public TLSTM(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback, TlsAddress serverAddress, CounterSupport counterSupport, boolean serverEnabled) throws java.io.IOException
Creates a TLS transport mapping that binds to the given address (interface) on the local host.- Parameters:
securityCallback
- a security name callback to resolve X509 certificates to tmSecurityNames.serverAddress
- the TcpAddress instance that describes the server address to listen on incoming connection requests.counterSupport
- The CounterSupport instance to be used to count events created by this TLSTM instance. To get a default instance, useCounterSupport.getInstance()
.serverEnabled
- defines the role of the underlyingSSLEngine
. Setting this tofalse
enables theSSLEngine.setUseClientMode(boolean)
.- Throws:
java.io.IOException
- if the given address cannot be bound.- Since:
- 3.2.0
-
-
Method Detail
-
setupTrustManagerFactory
private void setupTrustManagerFactory() throws java.io.IOException
- Throws:
java.io.IOException
-
getLocalCertificateAlias
public java.lang.String getLocalCertificateAlias()
Description copied from interface:TlsTransportMappingConfig
Gets the certificate alias used for client and server authentication. See alsoTlsTransportMappingConfig.setLocalCertificateAlias(java.lang.String)
- Specified by:
getLocalCertificateAlias
in interfaceTlsTransportMappingConfig<java.security.cert.X509Certificate>
- Returns:
- the certificate alias selecting the local certificate.
-
getSupportedTransportType
public TransportType getSupportedTransportType()
Gets theTransportType
thisTransportMapping
supports depending onTcpTransportMapping.isServerEnabled()
.- Specified by:
getSupportedTransportType
in interfaceTransportMapping<TcpAddress>
- Returns:
TransportType.any
ifTcpTransportMapping.isServerEnabled()
istrue
andTransportType.sender
otherwise.- Since:
- 3.2.0
-
getTlsMaxFragmentSize
public int getTlsMaxFragmentSize()
Gets the maximum fragment size of supported for this transport mapping when acting as TLS server.- Returns:
- the maximum TLS fragment size as defined by RFC 6066 section 4.
-
setTlsMaxFragmentSize
public void setTlsMaxFragmentSize(int tlsMaxFragmentSize)
Sets the maximum TLS fragment size that this transport mapping should support as server. There is no need to change that from the defaultTLS_MAX_FRAGMENT_SIZE
unless, a new Java version allows to set the maximum fragment size to a lower value.- Parameters:
tlsMaxFragmentSize
- a value as defined by RFC 6066 section 4.- Since:
- 3.0.5
-
getTlsProtocols
@Deprecated public java.lang.String[] getTlsProtocols()
Deprecated.UsegetProtocolVersions()
instead.Gets the TLS protocols supported by this transport mapping.- Returns:
- an array of TLS protocol (version) names supported by the SunJSSE provider.
-
setTlsProtocols
@Deprecated public void setTlsProtocols(java.lang.String[] tlsProtocols)
Deprecated.UsesetProtocolVersions(String[])
instead.Sets the TLS protocols/versions that TLSTM should use during handshake. The default is defined byDEFAULT_TLSTM_PROTOCOLS
.- Parameters:
tlsProtocols
- an array of TLS protocol (version) names supported by the SunJSSE provider. The order in the array defines which protocol is tried during handshake first.- Since:
- 2.0.3
-
setProtocolVersions
public void setProtocolVersions(java.lang.String[] protocolVersions)
Sets the TLS protocols/versions that TLSTM should use during handshake. The default is defined byDEFAULT_TLSTM_PROTOCOLS
.- Specified by:
setProtocolVersions
in interfaceTlsTransportMappingConfig<java.security.cert.X509Certificate>
- Parameters:
protocolVersions
- an array of TLS protocol (version) names supported by the SunJSSE provider. The order in the array defines which protocol is tried during handshake first.- Since:
- 3.0
-
getProtocolVersions
public java.lang.String[] getProtocolVersions()
Description copied from interface:TlsTransportMappingConfig
Return the (D)TLS protocol versions used by this transport mapping.- Specified by:
getProtocolVersions
in interfaceTlsTransportMappingConfig<java.security.cert.X509Certificate>
- Returns:
- an array of SunJSSE TLS/DTLS provider (depending on the transport mapping type).
-
getProtocolVersionPropertyName
public java.lang.String getProtocolVersionPropertyName()
Returns the property name that is used by this transport mapping to determine the protocol versions from system properties.- Specified by:
getProtocolVersionPropertyName
in interfaceTlsTransportMappingConfig<java.security.cert.X509Certificate>
- Returns:
- a property name like
SnmpConfigurator.P_TLS_VERSION
orSnmpConfigurator.P_DTLS_VERSION
. - Since:
- 3.0
-
getKeyStore
public java.lang.String getKeyStore()
- Specified by:
getKeyStore
in interfaceTlsTransportMappingConfig<java.security.cert.X509Certificate>
-
setKeyStore
public void setKeyStore(java.lang.String keyStore)
- Specified by:
setKeyStore
in interfaceTlsTransportMappingConfig<java.security.cert.X509Certificate>
-
getKeyStorePassword
public java.lang.String getKeyStorePassword()
- Specified by:
getKeyStorePassword
in interfaceTlsTransportMappingConfig<java.security.cert.X509Certificate>
-
setKeyStorePassword
public void setKeyStorePassword(java.lang.String keyStorePassword)
- Specified by:
setKeyStorePassword
in interfaceTlsTransportMappingConfig<java.security.cert.X509Certificate>
-
getTrustStore
public java.lang.String getTrustStore()
- Specified by:
getTrustStore
in interfaceTlsTransportMappingConfig<java.security.cert.X509Certificate>
-
setTrustStore
public void setTrustStore(java.lang.String trustStore)
- Specified by:
setTrustStore
in interfaceTlsTransportMappingConfig<java.security.cert.X509Certificate>
-
getTrustStorePassword
public java.lang.String getTrustStorePassword()
- Specified by:
getTrustStorePassword
in interfaceTlsTransportMappingConfig<java.security.cert.X509Certificate>
-
setTrustStorePassword
public void setTrustStorePassword(java.lang.String trustStorePassword)
- Specified by:
setTrustStorePassword
in interfaceTlsTransportMappingConfig<java.security.cert.X509Certificate>
-
setLocalCertificateAlias
public void setLocalCertificateAlias(java.lang.String localCertificateAlias)
Sets the certificate alias used for client and server authentication by this TLSTM. Setting this property to a value other thannull
filters out any certificates which are not in the chain of the given alias.- Specified by:
setLocalCertificateAlias
in interfaceTlsTransportMappingConfig<java.security.cert.X509Certificate>
- Parameters:
localCertificateAlias
- a certificate alias which filters a single certification chain from thejavax.net.ssl.keyStore
key store to be used to authenticate this TLS transport mapping. Ifnull
no filtering appears, which could lead to more than a single chain available for authentication by the peer, which would violate the TLSTM standard requirements.
-
getCounterSupport
public CounterSupport getCounterSupport()
-
getSupportedAddressClass
public java.lang.Class<? extends Address> getSupportedAddressClass()
Description copied from interface:TransportMapping
Gets the primaryAddress
class that is supported by this transport mapping.- Specified by:
getSupportedAddressClass
in interfaceTransportMapping<TcpAddress>
- Overrides:
getSupportedAddressClass
in classTcpTransportMapping<TLSTM.SocketEntry>
- Returns:
- a subclass of
Address
.
-
getSecurityCallback
public TlsTmSecurityCallback<java.security.cert.X509Certificate> getSecurityCallback()
Description copied from interface:TlsTransportMappingConfig
Gets theTlsTmSecurityCallback
associated with thisTransportMapping
hook which is called by the transport mapping to lookup TLS security parameters from external configuration.- Specified by:
getSecurityCallback
in interfaceTlsTransportMappingConfig<java.security.cert.X509Certificate>
- Returns:
- a
TlsTmSecurityCallback
instance.
-
setSecurityCallback
public void setSecurityCallback(TlsTmSecurityCallback<java.security.cert.X509Certificate> securityCallback)
Description copied from interface:TlsTransportMappingConfig
Sets theTlsTmSecurityCallback
associated with thisTransportMapping
hook. This hook will be called to lookup the security name based on the TLS peer certificate, for example. SeeTlsTmSecurityCallback
for details.- Specified by:
setSecurityCallback
in interfaceTlsTransportMappingConfig<java.security.cert.X509Certificate>
- Parameters:
securityCallback
- aTlsTmSecurityCallback
instance. Setting this hook tonull
will disable incoming request processing because these request will be rejected due to an authorization error (no mathing SNMPv3 view).
-
getSslEngineConfigurator
public SSLEngineConfigurator getSslEngineConfigurator()
-
setSslEngineConfigurator
public void setSslEngineConfigurator(SSLEngineConfigurator sslEngineConfigurator)
Sets the configurator for theSSLEngine
internally used to run the TLS communication. This method should be called before any new connection is established that should use this configurator/configuration.- Parameters:
sslEngineConfigurator
- aSSLEngineConfigurator
instance likeDefaultSSLEngineConfiguration
.- Since:
- 3.0.5
-
getTrustManagerFactory
public TLSTMTrustManagerFactory getTrustManagerFactory()
-
setTrustManagerFactory
public void setTrustManagerFactory(TLSTMTrustManagerFactory trustManagerFactory)
Set the TLSTM trust manager factory. Using a trust manager factory other than the default allows to add support for Java 1.7 X509ExtendedTrustManager.- Parameters:
trustManagerFactory
- a X.509 trust manager factory implementing the interfaceTLSTMTrustManagerFactory
.- Since:
- 2.0.3
-
listen
public void listen() throws java.io.IOException
Listen for incoming and outgoing requests. If theserverEnabled
member isfalse
the server for incoming requests is not started. This starts the internal server thread that processes messages.- Specified by:
listen
in interfaceTransportMapping<TcpAddress>
- Specified by:
listen
in classTcpTransportMapping<TLSTM.SocketEntry>
- Throws:
java.net.SocketException
- when the transport is already listening for incoming/outgoing messages.java.io.IOException
- if the listen port could not be bound to the server thread.
-
getListenerWorkerTask
protected WorkerTask getListenerWorkerTask()
Description copied from class:AbstractTransportMapping
Gets theWorkerTask
that is responsible for receiving new messages.- Specified by:
getListenerWorkerTask
in classAbstractTransportMapping<TcpAddress>
- Returns:
- a
WorkerTask
instance which is most likely aDefaultThreadFactory.WorkerThread
.
-
close
public void close()
Closes all open sockets and stops the internal server thread that processes messages.- Specified by:
close
in interfacejava.lang.AutoCloseable
- Specified by:
close
in interfacejava.io.Closeable
- Specified by:
close
in interfaceTransportMapping<TcpAddress>
- Specified by:
close
in classTcpTransportMapping<TLSTM.SocketEntry>
-
sendMessage
public void sendMessage(TcpAddress address, byte[] message, TransportStateReference tmStateReference, long timeoutMillis, int maxRetries) throws java.io.IOException
Sends an SNMP message to the supplied address.- Specified by:
sendMessage
in interfaceTransportMapping<TcpAddress>
- Specified by:
sendMessage
in classTcpTransportMapping<TLSTM.SocketEntry>
- Parameters:
address
- anTcpAddress
. AClassCastException
is thrown ifaddress
is not aTcpAddress
instance.message
- byte[] the message to sent.tmStateReference
- the (optional) transport model state reference as defined by RFC 5590 section 6.1.timeoutMillis
- maximum number of milli seconds the connection creation might take (if connection based).maxRetries
- maximum retries during connection creation.- Throws:
java.io.IOException
- if an IO exception occurs while trying to send the message.
-
getConnectionTimeout
public long getConnectionTimeout()
Gets the connection timeout. This timeout specifies the time a connection may be idle before it is closed.- Specified by:
getConnectionTimeout
in interfaceConnectionOrientedTransportMapping<TcpAddress>
- Overrides:
getConnectionTimeout
in classTcpTransportMapping<TLSTM.SocketEntry>
- Returns:
- long the idle timeout in milliseconds.
-
setConnectionTimeout
public void setConnectionTimeout(long connectionTimeout)
Sets the connection timeout. This timeout specifies the time a connection may be idle before it is closed.- Specified by:
setConnectionTimeout
in interfaceConnectionOrientedTransportMapping<TcpAddress>
- Overrides:
setConnectionTimeout
in classTcpTransportMapping<TLSTM.SocketEntry>
- Parameters:
connectionTimeout
- the idle timeout in milliseconds. A zero or negative value will disable any timeout and connections opened by this transport mapping will stay opened until they are explicitly closed.
-
getSocketCleaner
public CommonTimer getSocketCleaner()
Gets theCommonTimer
that controls socket cleanup operations.- Specified by:
getSocketCleaner
in interfaceConnectionOrientedTransportMapping<TcpAddress>
- Returns:
- a socket cleaner timer.
- Since:
- 3.0
-
getMessageLengthDecoder
public MessageLengthDecoder getMessageLengthDecoder()
Description copied from class:TcpTransportMapping
Returns theMessageLengthDecoder
used by this transport mapping.- Specified by:
getMessageLengthDecoder
in interfaceConnectionOrientedTransportMapping<TcpAddress>
- Specified by:
getMessageLengthDecoder
in classTcpTransportMapping<TLSTM.SocketEntry>
- Returns:
- a MessageLengthDecoder instance.
-
setMessageLengthDecoder
public void setMessageLengthDecoder(MessageLengthDecoder messageLengthDecoder)
Description copied from class:TcpTransportMapping
Sets theMessageLengthDecoder
that decodes the total message length from the header of a message.- Specified by:
setMessageLengthDecoder
in interfaceConnectionOrientedTransportMapping<TcpAddress>
- Specified by:
setMessageLengthDecoder
in classTcpTransportMapping<TLSTM.SocketEntry>
- Parameters:
messageLengthDecoder
- a MessageLengthDecoder instance.
-
getMaxInboundMessageSize
public int getMaxInboundMessageSize()
Gets the inbound buffer size for incoming requests. When SNMP packets are received that are longer than this maximum size, the messages will be silently dropped and the connection will be closed.- Specified by:
getMaxInboundMessageSize
in interfaceTransportMapping<TcpAddress>
- Overrides:
getMaxInboundMessageSize
in classAbstractTransportMapping<TcpAddress>
- Returns:
- the maximum inbound buffer size in bytes.
-
setMaxInboundMessageSize
public void setMaxInboundMessageSize(int maxInboundMessageSize)
Sets the maximum buffer size for incoming requests. When SNMP packets are received that are longer than this maximum size, the messages will be silently dropped and the connection will be closed.- Parameters:
maxInboundMessageSize
- the length of the inbound buffer in bytes.
-
getPKIXRevocationChecker
public java.security.cert.PKIXRevocationChecker getPKIXRevocationChecker()
Description copied from interface:X509TlsTransportMappingConfig
Gets the (optional and possiblynull
) revocation checker for the cert path validation of X509 certificates.- Specified by:
getPKIXRevocationChecker
in interfaceX509TlsTransportMappingConfig
- Returns:
null
to disable cert path validation with CLR checking or a properly configured cert path checker instance.
-
setPKIXRevocationChecker
public void setPKIXRevocationChecker(java.security.cert.PKIXRevocationChecker pkixRevocationChecker)
Description copied from interface:X509TlsTransportMappingConfig
Sets the (optional and possiblynull
) revocation checker for the cert path validation of X509 certificates.- Specified by:
setPKIXRevocationChecker
in interfaceX509TlsTransportMappingConfig
- Parameters:
pkixRevocationChecker
-null
to disable cert path validation with CLR checking or a properly configured cert path checker instance.
-
getX509CertificateRevocationListURI
public java.lang.String getX509CertificateRevocationListURI()
Description copied from interface:X509TlsTransportMappingConfig
Gets the X509 certificate revocation list (CRL) URI, if defined.- Specified by:
getX509CertificateRevocationListURI
in interfaceX509TlsTransportMappingConfig
- Returns:
null
if there is no CRL available/necessary or a URI string that points to a CRL file.
-
setX09CertificateRevocationListURI
public void setX09CertificateRevocationListURI(java.lang.String crlURI)
Description copied from interface:X509TlsTransportMappingConfig
Sets the X509 certificate revocation list (CRL) URI, to enable CRL checking.- Specified by:
setX09CertificateRevocationListURI
in interfaceX509TlsTransportMappingConfig
- Parameters:
crlURI
-null
if there is no CRL available/necessary or a URI string that points to a CRL file.
-
timeoutSocket
private void timeoutSocket(TLSTM.SocketEntry entry)
-
isListening
public boolean isListening()
Description copied from interface:TransportMapping
Returnstrue
if the transport mapping is listening for incoming messages. For connection oriented transport mappings this is a prerequisite to be able to send SNMP messages. For connectionless transport mappings it is a prerequisite to be able to receive responses.- Specified by:
isListening
in interfaceTransportMapping<TcpAddress>
- Overrides:
isListening
in classAbstractTransportMapping<TcpAddress>
- Returns:
true
if this transport mapping is listening for messages.
-
createIncomingAddress
protected TlsAddress createIncomingAddress(java.net.Socket s)
-
getListenAddress
public TcpAddress getListenAddress()
Description copied from interface:TransportMapping
Returns the address that represents the actual incoming address this transport mapping uses to listen for incoming packets.- Specified by:
getListenAddress
in interfaceTransportMapping<TcpAddress>
- Overrides:
getListenAddress
in classTcpTransportMapping<TLSTM.SocketEntry>
- Returns:
- the address for incoming packets or
null
this transport mapping is not configured to listen for incoming packets.
-
isEngineClosed
protected static boolean isEngineClosed(javax.net.ssl.SSLEngine engine)
Check if aSSLEngine
is fully closed.- Parameters:
engine
- an SSL engine.- Returns:
true
if inbound and outbound is done and .
-
ensureSslEngineConfigurator
protected SSLEngineConfigurator ensureSslEngineConfigurator()
Returns the configuredsetSslEngineConfigurator(SSLEngineConfigurator)
or theDefaultSSLEngineConfiguration
which will then become the configured SSL engine configurator. This method is not synchronized against concurrent execution ofsetSslEngineConfigurator(SSLEngineConfigurator)
.- Returns:
- a non-null
SSLEngineConfigurator
. - Since:
- 3.0.5
-
writeNetBuffer
void writeNetBuffer(TLSTM.SocketEntry entry, java.nio.channels.SocketChannel sc) throws java.io.IOException
- Throws:
java.io.IOException
-
matchingStateReferences
private boolean matchingStateReferences(TransportStateReference tmStateReferenceNew, TransportStateReference tmStateReferenceExisting)
-
sendNetMessage
private javax.net.ssl.SSLEngineResult sendNetMessage(TLSTM.SocketEntry entry) throws java.io.IOException
- Throws:
java.io.IOException
-
adjustInNetBuffer
private void adjustInNetBuffer(TLSTM.SocketEntry entry, javax.net.ssl.SSLEngineResult result)
-
-