Module org.snmp4j

Package org.snmp4j.transport

Class TLSTM

java.lang.Object

org.snmp4j.transport.AbstractTransportMapping<TcpAddress>

org.snmp4j.transport.AbstractConnectionOrientedTransportMapping<TcpAddress,org.snmp4j.transport.TLSTM.SocketEntry>

org.snmp4j.transport.TcpTransportMapping<org.snmp4j.transport.TLSTM.SocketEntry>

org.snmp4j.transport.TLSTM

All Implemented Interfaces:

Closeable, AutoCloseable, ConnectionOrientedTransportMapping<TcpAddress>, TlsTransportMappingConfig<X509Certificate>, X509TlsTransportMappingConfig, TransportMapping<TcpAddress>

public class TLSTM
extends TcpTransportMapping<org.snmp4j.transport.TLSTM.SocketEntry>
implements X509TlsTransportMappingConfig

The TLSTM implements the Transport Layer Security Transport Mapping (TLS-TM) as defined by RFC 5953 with the new IO API and SSLEngine.

It uses a single thread for processing incoming and outgoing messages. The thread is started when the listen method is called, or when an outgoing request is sent using the sendMessage method.

Since:

2.0

Version:

3.5.0

Author:

Frank Fock

Field Summary

Fields

Modifier and Type	Field	Description
static final String	DEFAULT_TLSTM_PROTOCOLS	The default supported TLS protocol versions.
static final int	MAX_TLS_PAYLOAD_SIZE
static final int	TLS_MAX_FRAGMENT_SIZE

Fields inherited from class org.snmp4j.transport.TcpTransportMapping

openSocketOnSending, tcpAddress

Fields inherited from class org.snmp4j.transport.AbstractConnectionOrientedTransportMapping

serverEnabled, sockets

Fields inherited from class org.snmp4j.transport.AbstractTransportMapping

asyncMsgProcessingSupported, connectionTimeout, listenWorkerTask, maxInboundMessageSize, socketCleaner, suspendedAddresses, transportListener, transportStateListeners

Constructor Summary

Constructors

Constructor	Description
TLSTM()	Creates a default TCP transport mapping with the server for incoming messages disabled.
TLSTM(TlsAddress address)	Creates a TLS transport mapping with the server for incoming messages bind to the given address.
TLSTM(TlsAddress address, boolean serverEnabled)	Creates a TLS transport mapping with the server for incoming messages bind to the given address.
TLSTM(TlsTmSecurityCallback<X509Certificate> securityCallback, TlsAddress serverAddress)	Creates a TLS transport mapping that binds to the given address (interface) on the local host.
TLSTM(TlsTmSecurityCallback<X509Certificate> securityCallback, TlsAddress serverAddress, CounterSupport counterSupport)	Creates a TLS transport mapping that binds to the given address (interface) on the local host.
TLSTM(TlsTmSecurityCallback<X509Certificate> securityCallback, TlsAddress serverAddress, CounterSupport counterSupport, boolean serverEnabled)	Creates a TLS transport mapping that binds to the given address (interface) on the local host.

Method Summary

Modifier and Type	Method	Description
protected SSLEngineConfigurator	ensureSslEngineConfigurator()	Returns the configured setSslEngineConfigurator(SSLEngineConfigurator) or the DefaultSSLEngineConfiguration which will then become the configured SSL engine configurator.
long	getConnectionTimeout()	Gets the connection timeout.
CounterSupport	getCounterSupport()
String	getKeyStore()
String	getKeyStorePassword()
TcpAddress	getListenAddress()	Returns the address that represents the actual incoming address this transport mapping uses to listen for incoming packets.
WorkerTask	getListenWorkerTask()	Gets the WorkerTask that is responsible for receiving new messages.
String	getLocalCertificateAlias()	Gets the certificate alias used for client and server authentication.
MessageLengthDecoder	getMessageLengthDecoder()	Returns the MessageLengthDecoder used by this transport mapping.
PKIXRevocationChecker	getPKIXRevocationChecker()	Gets the (optional and possibly null) revocation checker for the cert path validation of X509 certificates.
String	getProtocolVersionPropertyName()	Returns the property name that is used by this transport mapping to determine the protocol versions from system properties.
String[]	getProtocolVersions()	Return the (D)TLS protocol versions used by this transport mapping.
TlsTmSecurityCallback<X509Certificate>	getSecurityCallback()	Gets the TlsTmSecurityCallback associated with this TransportMapping hook which is called by the transport mapping to lookup TLS security parameters from external configuration.
SSLEngineConfigurator	getSslEngineConfigurator()
Class<? extends Address>	getSupportedAddressClass()	Gets the primary Address class that is supported by this transport mapping.
TransportType	getSupportedTransportType()	Gets the TransportType this TransportMapping supports depending on AbstractConnectionOrientedTransportMapping.isServerEnabled().
int	getTlsMaxFragmentSize()	Gets the maximum fragment size of supported for this transport mapping when acting as TLS server.
String[]	getTlsProtocols()	Deprecated. Use getProtocolVersions() instead.
TLSTMTrustManagerFactory	getTrustManagerFactory()
String	getTrustStore()
String	getTrustStorePassword()
String	getX509CertificateRevocationListURI()	Gets the X509 certificate revocation list (CRL) URI, if defined.
protected static boolean	isEngineClosed(SSLEngine engine)	Check if a SSLEngine is fully closed.
boolean	isListening()	Returns true if the transport mapping is listening for incoming messages.
void	listen()	Listen for incoming and outgoing requests.
void	sendMessage(TcpAddress address, byte[] message, TransportStateReference tmStateReference, long timeoutMillis, int maxRetries)	Sends an SNMP message to the supplied address.
void	setConnectionTimeout(long connectionTimeout)	Sets the connection timeout.
void	setKeyStore(String keyStore)
void	setKeyStorePassword(String keyStorePassword)
void	setLocalCertificateAlias(String localCertificateAlias)	Sets the certificate alias used for client and server authentication by this TLSTM.
void	setMaxInboundMessageSize(int maxInboundMessageSize)	Sets the maximum buffer size for incoming requests.
void	setMessageLengthDecoder(MessageLengthDecoder messageLengthDecoder)	Sets the MessageLengthDecoder that decodes the total message length from the header of a message.
void	setPKIXRevocationChecker(PKIXRevocationChecker pkixRevocationChecker)	Sets the (optional and possibly null) revocation checker for the cert path validation of X509 certificates.
void	setProtocolVersions(String[] protocolVersions)	Sets the TLS protocols/versions that TLSTM should use during handshake.
void	setSecurityCallback(TlsTmSecurityCallback<X509Certificate> securityCallback)	Sets the TlsTmSecurityCallback associated with this TransportMapping hook.
void	setSslEngineConfigurator(SSLEngineConfigurator sslEngineConfigurator)	Sets the configurator for the SSLEngine internally used to run the TLS communication.
void	setTlsMaxFragmentSize(int tlsMaxFragmentSize)	Sets the maximum TLS fragment size that this transport mapping should support as server.
void	setTlsProtocols(String[] tlsProtocols)	Deprecated. Use setProtocolVersions(String[]) instead.
void	setTrustManagerFactory(TLSTMTrustManagerFactory trustManagerFactory)	Set the TLSTM trust manager factory.
void	setTrustStore(String trustStore)
void	setTrustStorePassword(String trustStorePassword)
void	setX09CertificateRevocationListURI(String crlURI)	Sets the X509 certificate revocation list (CRL) URI, to enable CRL checking.
void	wakeupServerSelector()

Methods inherited from class org.snmp4j.transport.TcpTransportMapping

getAddress, isOpenSocketOnSending, setOpenSocketOnSending

Methods inherited from class org.snmp4j.transport.AbstractConnectionOrientedTransportMapping

cancelNonServerSelectionKey, close, close, closeSockets, getMaxBusyLoops, getSockets, isServerEnabled, setMaxBusyLoops, setServerEnabled, setSocketOptions, timeoutSocket

Methods inherited from class org.snmp4j.transport.AbstractTransportMapping

addTransportListener, addTransportStateListener, fireConnectionStateChanged, fireProcessMessage, getMaxInboundMessageSize, getPriority, getSocketCleaner, getSuspendedAddresses, getThreadName, handleDroppedMessageToSend, isAsyncMsgProcessingSupported, removeAllTransportListeners, removeTransportListener, removeTransportStateListener, resumeAddress, setAsyncMsgProcessingSupported, setPriority, setThreadName, suspendAddress

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.snmp4j.transport.ConnectionOrientedTransportMapping

addTransportStateListener, close, getSocketCleaner, isServerEnabled, removeTransportStateListener, resumeAddress, setServerEnabled, suspendAddress

Methods inherited from interface org.snmp4j.TransportMapping

addTransportListener, close, getMaxInboundMessageSize, getMaxOutboundMessageSize, getSupportedAddressClasses, isAddressSupported, isAddressSupported, removeTransportListener

Field Details

TLS_MAX_FRAGMENT_SIZE

public static final int TLS_MAX_FRAGMENT_SIZE

See Also:

• Constant Field Values

DEFAULT_TLSTM_PROTOCOLS

public static final String DEFAULT_TLSTM_PROTOCOLS

The default supported TLS protocol versions.

See Also:

• Constant Field Values

MAX_TLS_PAYLOAD_SIZE

public static final int MAX_TLS_PAYLOAD_SIZE

See Also:

• Constant Field Values

Constructor Details

TLSTM

public TLSTM()
      throws UnknownHostException

Creates a default TCP transport mapping with the server for incoming messages disabled.

Throws:

UnknownHostException - if the local host cannot be determined.

TLSTM

public TLSTM(TlsAddress address)
      throws IOException

Creates a TLS transport mapping with the server for incoming messages bind to the given address. The securityCallback needs to be specified before listen() is called.

Parameters:

address - the address to bind for incoming requests.

Throws:

IOException - on failure of binding a local port.

TLSTM

public TLSTM(TlsAddress address,
 boolean serverEnabled)
      throws IOException

Creates a TLS transport mapping with the server for incoming messages bind to the given address. The securityCallback needs to be specified before listen() is called.

Parameters:

address - the address to bind for incoming requests.

serverEnabled - defines the role of the underlying SSLEngine. Setting this to false enables the SSLEngine.setUseClientMode(boolean).

Throws:

IOException - on failure of binding a local port.

Since:

3.2.0

TLSTM

public TLSTM(TlsTmSecurityCallback<X509Certificate> securityCallback,
 TlsAddress serverAddress)
      throws IOException

Creates a TLS transport mapping that binds to the given address (interface) on the local host.

Parameters:

securityCallback - a security name callback to resolve X509 certificates to tmSecurityNames.

serverAddress - the TcpAddress instance that describes the server address to listen on incoming connection requests.

Throws:

IOException - if the given address cannot be bound.

TLSTM

public TLSTM(TlsTmSecurityCallback<X509Certificate> securityCallback,
 TlsAddress serverAddress,
 CounterSupport counterSupport)
      throws IOException

Creates a TLS transport mapping that binds to the given address (interface) on the local host.

Parameters:

securityCallback - a security name callback to resolve X509 certificates to tmSecurityNames.

serverAddress - the TcpAddress instance that describes the server address to listen on incoming connection requests.

counterSupport - The CounterSupport instance to be used to count events created by this TLSTM instance. To get a default instance, use CounterSupport.getInstance().

Throws:

IOException - if the given address cannot be bound.

TLSTM

public TLSTM(TlsTmSecurityCallback<X509Certificate> securityCallback,
 TlsAddress serverAddress,
 CounterSupport counterSupport,
 boolean serverEnabled)
      throws IOException

Creates a TLS transport mapping that binds to the given address (interface) on the local host.

Parameters:

securityCallback - a security name callback to resolve X509 certificates to tmSecurityNames.

serverAddress - the TcpAddress instance that describes the server address to listen on incoming connection requests.

counterSupport - The CounterSupport instance to be used to count events created by this TLSTM instance. To get a default instance, use CounterSupport.getInstance().

serverEnabled - defines the role of the underlying SSLEngine. Setting this to false enables the SSLEngine.setUseClientMode(boolean).

Throws:

IOException - if the given address cannot be bound.

Since:

3.2.0

Method Details

getLocalCertificateAlias

public String getLocalCertificateAlias()

Description copied from interface: TlsTransportMappingConfig

Gets the certificate alias used for client and server authentication. See also TlsTransportMappingConfig.setLocalCertificateAlias(java.lang.String)

Specified by:

getLocalCertificateAlias in interface TlsTransportMappingConfig<X509Certificate>

Returns:

the certificate alias selecting the local certificate.

getSupportedTransportType

public TransportType getSupportedTransportType()

Gets the TransportType this TransportMapping supports depending on AbstractConnectionOrientedTransportMapping.isServerEnabled().

Specified by:

getSupportedTransportType in interface TransportMapping<TcpAddress>

Returns:

TransportType.any if AbstractConnectionOrientedTransportMapping.isServerEnabled() is true and TransportType.sender otherwise.

Since:

3.2.0

getTlsMaxFragmentSize

public int getTlsMaxFragmentSize()

Gets the maximum fragment size of supported for this transport mapping when acting as TLS server.

Returns:

the maximum TLS fragment size as defined by RFC 6066 section 4.

setTlsMaxFragmentSize

public void setTlsMaxFragmentSize(int tlsMaxFragmentSize)

Sets the maximum TLS fragment size that this transport mapping should support as server. There is no need to change that from the default TLS_MAX_FRAGMENT_SIZE unless, a new Java version allows to set the maximum fragment size to a lower value.

Parameters:

tlsMaxFragmentSize - a value as defined by RFC 6066 section 4.

Since:

3.0.5

getTlsProtocols

@Deprecated
public String[] getTlsProtocols()

Deprecated.

Use getProtocolVersions() instead.

Gets the TLS protocols supported by this transport mapping.

Returns:

an array of TLS protocol (version) names supported by the SunJSSE provider.

setTlsProtocols

@Deprecated
public void setTlsProtocols(String[] tlsProtocols)

Deprecated.

Use setProtocolVersions(String[]) instead.

Sets the TLS protocols/versions that TLSTM should use during handshake. The default is defined by DEFAULT_TLSTM_PROTOCOLS.

Parameters:

tlsProtocols - an array of TLS protocol (version) names supported by the SunJSSE provider. The order in the array defines which protocol is tried during handshake first.

Since:

2.0.3

setProtocolVersions

public void setProtocolVersions(String[] protocolVersions)

Sets the TLS protocols/versions that TLSTM should use during handshake. The default is defined by DEFAULT_TLSTM_PROTOCOLS.

Specified by:

setProtocolVersions in interface TlsTransportMappingConfig<X509Certificate>

Parameters:

protocolVersions - an array of TLS protocol (version) names supported by the SunJSSE provider. The order in the array defines which protocol is tried during handshake first.

Since:

3.0

getProtocolVersions

public String[] getProtocolVersions()

Description copied from interface: TlsTransportMappingConfig

Return the (D)TLS protocol versions used by this transport mapping.

Specified by:

getProtocolVersions in interface TlsTransportMappingConfig<X509Certificate>

Returns:

an array of SunJSSE TLS/DTLS provider (depending on the transport mapping type).

getProtocolVersionPropertyName

public String getProtocolVersionPropertyName()

Returns the property name that is used by this transport mapping to determine the protocol versions from system properties.

Specified by:

getProtocolVersionPropertyName in interface TlsTransportMappingConfig<X509Certificate>

Returns:

a property name like SnmpConfigurator.P_TLS_VERSION or SnmpConfigurator.P_DTLS_VERSION.

Since:

3.0

getKeyStore

public String getKeyStore()

Specified by:

getKeyStore in interface TlsTransportMappingConfig<X509Certificate>

setKeyStore

public void setKeyStore(String keyStore)

Specified by:

setKeyStore in interface TlsTransportMappingConfig<X509Certificate>

getKeyStorePassword

public String getKeyStorePassword()

Specified by:

getKeyStorePassword in interface TlsTransportMappingConfig<X509Certificate>

setKeyStorePassword

public void setKeyStorePassword(String keyStorePassword)

Specified by:

setKeyStorePassword in interface TlsTransportMappingConfig<X509Certificate>

getTrustStore

public String getTrustStore()

Specified by:

getTrustStore in interface TlsTransportMappingConfig<X509Certificate>

setTrustStore

public void setTrustStore(String trustStore)

Specified by:

setTrustStore in interface TlsTransportMappingConfig<X509Certificate>

getTrustStorePassword

public String getTrustStorePassword()

Specified by:

getTrustStorePassword in interface TlsTransportMappingConfig<X509Certificate>

setTrustStorePassword

public void setTrustStorePassword(String trustStorePassword)

Specified by:

setTrustStorePassword in interface TlsTransportMappingConfig<X509Certificate>

setLocalCertificateAlias

public void setLocalCertificateAlias(String localCertificateAlias)

Sets the certificate alias used for client and server authentication by this TLSTM. Setting this property to a value other than null filters out any certificates which are not in the chain of the given alias.

Specified by:

setLocalCertificateAlias in interface TlsTransportMappingConfig<X509Certificate>

Parameters:

localCertificateAlias - a certificate alias which filters a single certification chain from the javax.net.ssl.keyStore key store to be used to authenticate this TLS transport mapping. If null no filtering appears, which could lead to more than a single chain available for authentication by the peer, which would violate the TLSTM standard requirements.

getCounterSupport

public CounterSupport getCounterSupport()

getSupportedAddressClass

public Class<? extends Address> getSupportedAddressClass()

Description copied from interface: TransportMapping

Gets the primary Address class that is supported by this transport mapping.

Specified by:

getSupportedAddressClass in interface TransportMapping<TcpAddress>

Overrides:

getSupportedAddressClass in class TcpTransportMapping<org.snmp4j.transport.TLSTM.SocketEntry>

Returns:

a subclass of Address.

getSecurityCallback

public TlsTmSecurityCallback<X509Certificate> getSecurityCallback()

Description copied from interface: TlsTransportMappingConfig

Gets the TlsTmSecurityCallback associated with this TransportMapping hook which is called by the transport mapping to lookup TLS security parameters from external configuration.

Specified by:

getSecurityCallback in interface TlsTransportMappingConfig<X509Certificate>

Returns:

a TlsTmSecurityCallback instance.

setSecurityCallback

public void setSecurityCallback(TlsTmSecurityCallback<X509Certificate> securityCallback)

Description copied from interface: TlsTransportMappingConfig

Sets the TlsTmSecurityCallback associated with this TransportMapping hook. This hook will be called to lookup the security name based on the TLS peer certificate, for example. See TlsTmSecurityCallback for details.

Specified by:

setSecurityCallback in interface TlsTransportMappingConfig<X509Certificate>

Parameters:

securityCallback - a TlsTmSecurityCallback instance. Setting this hook to null will disable incoming request processing because these request will be rejected due to an authorization error (no mathing SNMPv3 view).

getSslEngineConfigurator

public SSLEngineConfigurator getSslEngineConfigurator()

setSslEngineConfigurator

public void setSslEngineConfigurator(SSLEngineConfigurator sslEngineConfigurator)

Sets the configurator for the SSLEngine internally used to run the TLS communication. This method should be called before any new connection is established that should use this configurator/configuration.

Parameters:

sslEngineConfigurator - a SSLEngineConfigurator instance like DefaultSSLEngineConfiguration.

Since:

3.0.5

getTrustManagerFactory

public TLSTMTrustManagerFactory getTrustManagerFactory()

setTrustManagerFactory

public void setTrustManagerFactory(TLSTMTrustManagerFactory trustManagerFactory)

Set the TLSTM trust manager factory. Using a trust manager factory other than the default allows to add support for Java 1.7 X509ExtendedTrustManager.

Parameters:

trustManagerFactory - a X.509 trust manager factory implementing the interface TLSTMTrustManagerFactory.

Since:

2.0.3

listen

public void listen()
            throws IOException

Listen for incoming and outgoing requests. If the serverEnabled member is false the server for incoming requests is not started. This starts the internal server thread that processes messages.

Specified by:

listen in interface TransportMapping<TcpAddress>

Specified by:

listen in class TcpTransportMapping<org.snmp4j.transport.TLSTM.SocketEntry>

Throws:

SocketException - when the transport is already listening for incoming/outgoing messages.

IOException - if the listen port could not be bound to the server thread.

getListenWorkerTask

public WorkerTask getListenWorkerTask()

Description copied from class: AbstractTransportMapping

Gets the WorkerTask that is responsible for receiving new messages.

Overrides:

getListenWorkerTask in class AbstractTransportMapping<TcpAddress>

Returns:

a WorkerTask instance which is most likely a DefaultThreadFactory.WorkerThread.

sendMessage

public void sendMessage(TcpAddress address,
 byte[] message,
 TransportStateReference tmStateReference,
 long timeoutMillis,
 int maxRetries)
                 throws IOException

Sends an SNMP message to the supplied address.

Specified by:

sendMessage in interface TransportMapping<TcpAddress>

Specified by:

sendMessage in class TcpTransportMapping<org.snmp4j.transport.TLSTM.SocketEntry>

Parameters:

address - an TcpAddress. A ClassCastException is thrown if address is not a TcpAddress instance.

message - byte[] the message to sent.

tmStateReference - the (optional) transport model state reference as defined by RFC 5590 section 6.1.

timeoutMillis - maximum number of milli seconds the connection creation might take (if connection based).

maxRetries - maximum retries during connection creation.

Throws:

IOException - if an IO exception occurs while trying to send the message.

getConnectionTimeout

public long getConnectionTimeout()

Gets the connection timeout. This timeout specifies the time a connection may be idle before it is closed.

Specified by:

getConnectionTimeout in interface ConnectionOrientedTransportMapping<TcpAddress>

Overrides:

getConnectionTimeout in class AbstractConnectionOrientedTransportMapping<TcpAddress,org.snmp4j.transport.TLSTM.SocketEntry>

Returns:

long the idle timeout in milliseconds.

setConnectionTimeout

public void setConnectionTimeout(long connectionTimeout)

Sets the connection timeout. This timeout specifies the time a connection may be idle before it is closed.

Specified by:

setConnectionTimeout in interface ConnectionOrientedTransportMapping<TcpAddress>

Overrides:

setConnectionTimeout in class AbstractConnectionOrientedTransportMapping<TcpAddress,org.snmp4j.transport.TLSTM.SocketEntry>

Parameters:

connectionTimeout - the idle timeout in milliseconds. A zero or negative value will disable any timeout and connections opened by this transport mapping will stay opened until they are explicitly closed.

wakeupServerSelector

public void wakeupServerSelector()

Specified by:

wakeupServerSelector in class AbstractConnectionOrientedTransportMapping<TcpAddress,org.snmp4j.transport.TLSTM.SocketEntry>

getMessageLengthDecoder

public MessageLengthDecoder getMessageLengthDecoder()

Description copied from class: TcpTransportMapping

Returns the MessageLengthDecoder used by this transport mapping.

Specified by:

getMessageLengthDecoder in interface ConnectionOrientedTransportMapping<TcpAddress>

Specified by:

getMessageLengthDecoder in class TcpTransportMapping<org.snmp4j.transport.TLSTM.SocketEntry>

Returns:

a MessageLengthDecoder instance.

setMessageLengthDecoder

public void setMessageLengthDecoder(MessageLengthDecoder messageLengthDecoder)

Description copied from class: TcpTransportMapping

Sets the MessageLengthDecoder that decodes the total message length from the header of a message.

Specified by:

setMessageLengthDecoder in interface ConnectionOrientedTransportMapping<TcpAddress>

Specified by:

setMessageLengthDecoder in class TcpTransportMapping<org.snmp4j.transport.TLSTM.SocketEntry>

Parameters:

messageLengthDecoder - a MessageLengthDecoder instance.

setMaxInboundMessageSize

public void setMaxInboundMessageSize(int maxInboundMessageSize)

Sets the maximum buffer size for incoming requests. When SNMP packets are received that are longer than this maximum size, the messages will be silently dropped and the connection will be closed.

Parameters:

maxInboundMessageSize - the length of the inbound buffer in bytes.

getPKIXRevocationChecker

public PKIXRevocationChecker getPKIXRevocationChecker()

Description copied from interface: X509TlsTransportMappingConfig

Gets the (optional and possibly null) revocation checker for the cert path validation of X509 certificates.

Specified by:

getPKIXRevocationChecker in interface X509TlsTransportMappingConfig

Returns:

null to disable cert path validation with CLR checking or a properly configured cert path checker instance.

setPKIXRevocationChecker

public void setPKIXRevocationChecker(PKIXRevocationChecker pkixRevocationChecker)

Description copied from interface: X509TlsTransportMappingConfig

Sets the (optional and possibly null) revocation checker for the cert path validation of X509 certificates.

Specified by:

setPKIXRevocationChecker in interface X509TlsTransportMappingConfig

Parameters:

pkixRevocationChecker - null to disable cert path validation with CLR checking or a properly configured cert path checker instance.

getX509CertificateRevocationListURI

public String getX509CertificateRevocationListURI()

Description copied from interface: X509TlsTransportMappingConfig

Gets the X509 certificate revocation list (CRL) URI, if defined.

Specified by:

getX509CertificateRevocationListURI in interface X509TlsTransportMappingConfig

Returns:

null if there is no CRL available/necessary or a URI string that points to a CRL file.

setX09CertificateRevocationListURI

public void setX09CertificateRevocationListURI(String crlURI)

Description copied from interface: X509TlsTransportMappingConfig

Sets the X509 certificate revocation list (CRL) URI, to enable CRL checking.

Specified by:

setX09CertificateRevocationListURI in interface X509TlsTransportMappingConfig

Parameters:

crlURI - null if there is no CRL available/necessary or a URI string that points to a CRL file.

isListening

public boolean isListening()

Description copied from interface: TransportMapping

Returns true if the transport mapping is listening for incoming messages. For connection oriented transport mappings this is a prerequisite to be able to send SNMP messages. For connectionless transport mappings it is a prerequisite to be able to receive responses.

Specified by:

isListening in interface TransportMapping<TcpAddress>

Overrides:

isListening in class AbstractTransportMapping<TcpAddress>

Returns:

true if this transport mapping is listening for messages.

getListenAddress

public TcpAddress getListenAddress()

Description copied from interface: TransportMapping

Returns the address that represents the actual incoming address this transport mapping uses to listen for incoming packets.

Specified by:

getListenAddress in interface TransportMapping<TcpAddress>

Overrides:

getListenAddress in class TcpTransportMapping<org.snmp4j.transport.TLSTM.SocketEntry>

Returns:

the address for incoming packets or null this transport mapping is not configured to listen for incoming packets.

isEngineClosed

protected static boolean isEngineClosed(SSLEngine engine)

Check if a SSLEngine is fully closed.

Parameters:

engine - an SSL engine.

Returns:

true if inbound and outbound is done and .

ensureSslEngineConfigurator

protected SSLEngineConfigurator ensureSslEngineConfigurator()

Returns the configured setSslEngineConfigurator(SSLEngineConfigurator) or the DefaultSSLEngineConfiguration which will then become the configured SSL engine configurator. This method is not synchronized against concurrent execution of setSslEngineConfigurator(SSLEngineConfigurator).

Returns:

a non-null SSLEngineConfigurator.

Since:

3.0.5