Package org.snmp4j.transport

Class TLSTM

java.lang.Object
org.snmp4j.transport.AbstractTransportMapping<TcpAddress>
org.snmp4j.transport.TcpTransportMapping
org.snmp4j.transport.TLSTM
All Implemented Interfaces:
ConnectionOrientedTransportMapping<TcpAddress>, TransportMapping<TcpAddress>
public class TLSTM extends TcpTransportMapping
The TLSTM implements the Transport Layer Security Transport Mapping (TLS-TM) as defined by RFC 5953 with the new IO API and SSLEngine.

It uses a single thread for processing incoming and outgoing messages. The thread is started when the listen method is called, or when an outgoing request is sent using the sendMessage method.

Since:
2.0
Version:
2.6.4
Author:
Frank Fock

  • Field Details

  • Constructor Details

    • TLSTM

      public TLSTM() throws UnknownHostException
      Creates a default TCP transport mapping with the server for incoming messages disabled.
      Throws:
      UnknownHostException - if the local host cannot be determined.

    • TLSTM

      public TLSTM(TlsAddress address) throws IOException
      Creates a TLS transport mapping with the server for incoming messages bind to the given address. The securityCallback needs to be specified before listen() is called.
      Parameters:
      address - the address to bind for incoming requests.
      Throws:
      IOException - on failure of binding a local port.

    • TLSTM

      public TLSTM(TlsTmSecurityCallback<X509Certificate> securityCallback, TlsAddress serverAddress) throws IOException
      Creates a TLS transport mapping that binds to the given address (interface) on the local host.
      Parameters:
      securityCallback - a security name callback to resolve X509 certificates to tmSecurityNames.
      serverAddress - the TcpAddress instance that describes the server address to listen on incoming connection requests.
      Throws:
      IOException - if the given address cannot be bound.

    • TLSTM

      public TLSTM(TlsTmSecurityCallback<X509Certificate> securityCallback, TlsAddress serverAddress, CounterSupport counterSupport) throws IOException
      Creates a TLS transport mapping that binds to the given address (interface) on the local host.
      Parameters:
      securityCallback - a security name callback to resolve X509 certificates to tmSecurityNames.
      serverAddress - the TcpAddress instance that describes the server address to listen on incoming connection requests.
      counterSupport - The CounterSupport instance to be used to count events created by this TLSTM instance. To get a default instance, use CounterSupport.getInstance().
      Throws:
      IOException - if the given address cannot be bound.

  • Method Details

    • getLocalCertificateAlias

      public String getLocalCertificateAlias()

    • getTlsProtocols

      public String[] getTlsProtocols()

    • setTlsProtocols

      public void setTlsProtocols(String[] tlsProtocols)
      Sets the TLS protocols/versions that TLSTM should use during handshake. The default is defined by DEFAULT_TLSTM_PROTOCOLS.
      Parameters:
      tlsProtocols - an array of TLS protocol (version) names supported by the SunJSSE provider. The order in the array defines which protocol is tried during handshake first.
      Since:
      2.0.3

    • getKeyStore

      public String getKeyStore()

    • setKeyStore

      public void setKeyStore(String keyStore)

    • getKeyStorePassword

      public String getKeyStorePassword()

    • setKeyStorePassword

      public void setKeyStorePassword(String keyStorePassword)

    • setLocalCertificateAlias

      public void setLocalCertificateAlias(String localCertificateAlias)
      Sets the certificate alias used for client and server authentication by this TLSTM. Setting this property to a value other than null filters out any certificates which are not in the chain of the given alias.
      Parameters:
      localCertificateAlias - a certificate alias which filters a single certification chain from the javax.net.ssl.keyStore key store to be used to authenticate this TLS transport mapping. If null no filtering appears, which could lead to more than a single chain available for authentication by the peer, which would violate the TLSTM standard requirements.

    • getCounterSupport

      public CounterSupport getCounterSupport()

    • getSupportedAddressClass

      public Class<? extends Address> getSupportedAddressClass()
      Description copied from interface: TransportMapping
      Gets the Address class that is supported by this transport mapping.
      Specified by:
      getSupportedAddressClass in interface TransportMapping<TcpAddress>
      Overrides:
      getSupportedAddressClass in class TcpTransportMapping
      Returns:
      a subclass of Address.

    • getSecurityCallback

      public TlsTmSecurityCallback<X509Certificate> getSecurityCallback()

    • setSecurityCallback

      public void setSecurityCallback(TlsTmSecurityCallback<X509Certificate> securityCallback)

    • getTrustManagerFactory

      public TLSTM.TLSTMTrustManagerFactory getTrustManagerFactory()

    • setTrustManagerFactory

      public void setTrustManagerFactory(TLSTM.TLSTMTrustManagerFactory trustManagerFactory)
      Set the TLSTM trust manager factory. Using a trust manager factory other than the default allows to add support for Java 1.7 X509ExtendedTrustManager.
      Parameters:
      trustManagerFactory - a X.509 trust manager factory implementing the interface TLSTM.TLSTMTrustManagerFactory.
      Since:
      2.0.3

    • listen

      public void listen() throws IOException
      Listen for incoming and outgoing requests. If the serverEnabled member is false the server for incoming requests is not started. This starts the internal server thread that processes messages.
      Specified by:
      listen in interface TransportMapping<TcpAddress>
      Specified by:
      listen in class TcpTransportMapping
      Throws:
      SocketException - when the transport is already listening for incoming/outgoing messages.
      IOException - if the listen port could not be bound to the server thread.

    • setThreadName

      public void setThreadName(String name)
      Sets the name of the listen thread for this UDP transport mapping. This method has no effect, if called before listen() has been called for this transport mapping.
      Parameters:
      name - the new thread name.
      Since:
      1.6

    • getThreadName

      public String getThreadName()
      Returns the name of the listen thread.
      Returns:
      the thread name if in listening mode, otherwise null.
      Since:
      1.6

    • close

      public void close()
      Closes all open sockets and stops the internal server thread that processes messages.
      Specified by:
      close in interface TransportMapping<TcpAddress>
      Specified by:
      close in class TcpTransportMapping

    • close

      public boolean close(TcpAddress remoteAddress) throws IOException
      Closes a connection to the supplied remote address, if it is open. This method is particularly useful when not using a timeout for remote connections.
      Parameters:
      remoteAddress - the address of the peer socket.
      Returns:
      true if the connection has been closed and false if there was nothing to close.
      Throws:
      IOException - if the remote address cannot be closed due to an IO exception.
      Since:
      1.7.1

    • removeSocketEntry

      protected Object removeSocketEntry(TcpAddress remoteAddress)

    • sendMessage

      public void sendMessage(TcpAddress address, byte[] message, TransportStateReference tmStateReference) throws IOException
      Sends a SNMP message to the supplied address.
      Specified by:
      sendMessage in interface TransportMapping<TcpAddress>
      Specified by:
      sendMessage in class TcpTransportMapping
      Parameters:
      address - an TcpAddress. A ClassCastException is thrown if address is not a TcpAddress instance.
      message - byte[] the message to sent.
      tmStateReference - the (optional) transport model state reference as defined by RFC 5590 section 6.1.
      Throws:
      IOException - if an IO exception occurs while trying to send the message.

    • getConnectionTimeout

      public long getConnectionTimeout()
      Gets the connection timeout. This timeout specifies the time a connection may be idle before it is closed.
      Returns:
      long the idle timeout in milliseconds.

    • setConnectionTimeout

      public void setConnectionTimeout(long connectionTimeout)
      Sets the connection timeout. This timeout specifies the time a connection may be idle before it is closed.
      Specified by:
      setConnectionTimeout in interface ConnectionOrientedTransportMapping<TcpAddress>
      Specified by:
      setConnectionTimeout in class TcpTransportMapping
      Parameters:
      connectionTimeout - the idle timeout in milliseconds. A zero or negative value will disable any timeout and connections opened by this transport mapping will stay opened until they are explicitly closed.

    • isServerEnabled

      public boolean isServerEnabled()
      Checks whether a server for incoming requests is enabled.
      Returns:
      boolean

    • getMessageLengthDecoder

      public MessageLengthDecoder getMessageLengthDecoder()
      Description copied from class: TcpTransportMapping
      Returns the MessageLengthDecoder used by this transport mapping.
      Specified by:
      getMessageLengthDecoder in interface ConnectionOrientedTransportMapping<TcpAddress>
      Specified by:
      getMessageLengthDecoder in class TcpTransportMapping
      Returns:
      a MessageLengthDecoder instance.

    • setServerEnabled

      public void setServerEnabled(boolean serverEnabled)
      Sets whether a server for incoming requests should be created when the transport is set into listen state. Setting this value has no effect until the listen() method is called (if the transport is already listening, close() has to be called before).
      Parameters:
      serverEnabled - if true if the transport will listens for incoming requests after listen() has been called.

    • setMessageLengthDecoder

      public void setMessageLengthDecoder(MessageLengthDecoder messageLengthDecoder)
      Description copied from class: TcpTransportMapping
      Sets the MessageLengthDecoder that decodes the total message length from the header of a message.
      Specified by:
      setMessageLengthDecoder in interface ConnectionOrientedTransportMapping<TcpAddress>
      Specified by:
      setMessageLengthDecoder in class TcpTransportMapping
      Parameters:
      messageLengthDecoder - a MessageLengthDecoder instance.

    • getMaxInboundMessageSize

      public int getMaxInboundMessageSize()
      Gets the inbound buffer size for incoming requests. When SNMP packets are received that are longer than this maximum size, the messages will be silently dropped and the connection will be closed.
      Specified by:
      getMaxInboundMessageSize in interface TransportMapping<TcpAddress>
      Overrides:
      getMaxInboundMessageSize in class AbstractTransportMapping<TcpAddress>
      Returns:
      the maximum inbound buffer size in bytes.

    • setMaxInboundMessageSize

      public void setMaxInboundMessageSize(int maxInboundMessageSize)
      Sets the maximum buffer size for incoming requests. When SNMP packets are received that are longer than this maximum size, the messages will be silently dropped and the connection will be closed.
      Parameters:
      maxInboundMessageSize - the length of the inbound buffer in bytes.

    • isListening

      public boolean isListening()
      Description copied from interface: TransportMapping
      Returns true if the transport mapping is listening for incoming messages. For connection oriented transport mappings this is a prerequisite to be able to send SNMP messages. For connectionless transport mappings it is a prerequisite to be able to receive responses.
      Returns:
      true if this transport mapping is listening for messages.

    • getFingerprint

      public static OctetString getFingerprint(X509Certificate cert)

    • getSubjAltName

      public static Object getSubjAltName(Collection<List<?>> subjAltNames, int type)

    • getListenAddress

      public TcpAddress getListenAddress()
      Description copied from interface: TransportMapping
      Returns the address that represents the actual incoming address this transport mapping uses to listen for incoming packets.
      Specified by:
      getListenAddress in interface TransportMapping<TcpAddress>
      Overrides:
      getListenAddress in class TcpTransportMapping
      Returns:
      the address for incoming packets or null this transport mapping is not configured to listen for incoming packets.

    • setSocketOptions

      protected void setSocketOptions(ServerSocket serverSocket)
      Sets optional server socket options. The default implementation does nothing.
      Parameters:
      serverSocket - the ServerSocket to apply additional non-default options.

    • isEngineClosed

      protected static boolean isEngineClosed(SSLEngine engine)
      Check if a SSLEngine is fully closed.
      Parameters:
      engine - an SSL engine.
      Returns:
      true if inbound and outbound is done.

    • getTrustStore

      public String getTrustStore()

    • setTrustStore

      public void setTrustStore(String trustStore)

    • getTrustStorePassword

      public String getTrustStorePassword()

    • setTrustStorePassword

      public void setTrustStorePassword(String trustStorePassword)