# Print output for @column tags ?>
public
final
class
IkeSessionParams
extends Object
java.lang.Object | |
↳ | android.net.ipsec.ike.IkeSessionParams |
IkeSessionParams contains all user provided configurations for negotiating an IkeSession
.
Note that all negotiated configurations will be reused during rekey including SA Proposal and lifetime.
Nested classes | |
---|---|
class |
IkeSessionParams.Builder
This class can be used to incrementally construct a |
class |
IkeSessionParams.IkeAuthConfig
This class contains common information of an IKEv2 authentication configuration. |
class |
IkeSessionParams.IkeAuthDigitalSignLocalConfig
This class represents the configuration to support IKEv2 public-key-signature-based authentication of the local side. |
class |
IkeSessionParams.IkeAuthDigitalSignRemoteConfig
This class represents the configuration to support IKEv2 public-key-signature-based authentication of the remote side. |
class |
IkeSessionParams.IkeAuthEapConfig
This class represents the configuration to support EAP authentication of the local side. |
class |
IkeSessionParams.IkeAuthPskConfig
This class represents the configuration to support IKEv2 pre-shared-key-based authentication of local or remote side. |
Constants | |
---|---|
int |
IKE_OPTION_ACCEPT_ANY_REMOTE_ID
If set, the IKE library will accept any remote (server) identity, even if it does not match the configured remote identity |
int |
IKE_OPTION_EAP_ONLY_AUTH
If set, and EAP has been configured as the authentication method, the IKE library will request that the remote (also) use an EAP-only authentication flow. |
int |
IKE_OPTION_FORCE_PORT_4500
Configures the IKE session to always send to port 4500. |
int |
IKE_OPTION_MOBIKE
If set, the IKE library will be able to handle network and address changes. |
Public methods | |
---|---|
int
|
getDpdDelaySeconds()
Retrieves the Dead Peer Detection(DPD) delay in seconds |
int
|
getHardLifetimeSeconds()
Retrieves hard lifetime in seconds |
List<IkeSaProposal>
|
getIkeSaProposals()
Retrieves all IkeSaProposals configured |
IkeSessionParams.IkeAuthConfig
|
getLocalAuthConfig()
Retrieves the local (client) authentication configuration |
IkeIdentification
|
getLocalIdentification()
Retrieves the local (client) identity |
int
|
getNattKeepAliveDelaySeconds()
Retrieves the Network Address Translation Traversal (NATT) keepalive delay in seconds |
Network
|
getNetwork()
Retrieves the configured |
IkeSessionParams.IkeAuthConfig
|
getRemoteAuthConfig()
Retrieves the remote (server) authentication configuration |
IkeIdentification
|
getRemoteIdentification()
Retrieves the required remote (server) identity |
int[]
|
getRetransmissionTimeoutsMillis()
Retrieves the relative retransmission timeout list in milliseconds |
String
|
getServerHostname()
Retrieves the configured server hostname The configured server hostname will be resolved during IKE Session creation. |
int
|
getSoftLifetimeSeconds()
Retrieves soft lifetime in seconds |
boolean
|
hasIkeOption(int ikeOption)
Checks if the given IKE Session negotiation option is set |
Inherited methods | |
---|---|
public static final int IKE_OPTION_ACCEPT_ANY_REMOTE_ID
If set, the IKE library will accept any remote (server) identity, even if it does not match the configured remote identity
See Builder#setRemoteIdentification(IkeIdentification)
Constant Value: 0 (0x00000000)
public static final int IKE_OPTION_EAP_ONLY_AUTH
If set, and EAP has been configured as the authentication method, the IKE library will request that the remote (also) use an EAP-only authentication flow.
@see Builder#setAuthEap(X509Certificate, EapSessionConfig)
Constant Value: 1 (0x00000001)
public static final int IKE_OPTION_FORCE_PORT_4500
Configures the IKE session to always send to port 4500.
If set, the IKE Session will be initiated and maintained exclusively using destination port 4500, regardless of the presence of NAT. Otherwise, the IKE Session will be initiated on destination port 500; then, if either a NAT is detected or both MOBIKE and NAT-T are supported by the peer, it will proceed on port 4500.
Constant Value: 3 (0x00000003)
public static final int IKE_OPTION_MOBIKE
If set, the IKE library will be able to handle network and address changes.
The IKE library will first attempt to enable MOBIKE to handle the changes of underlying network and addresses. If the server does not support MOBIKE, the IKE library will handle the changes by rekeying all the underlying Child SAs.
If this option is set for an IKE Session, Transport-mode SAs will not be allowed in that Session.
Checking if MOBIKE is supported by both the IKE library and the server in an IKE Session
is done via IkeSessionConfiguration#isIkeExtensionEnabled(int)
.
Constant Value: 2 (0x00000002)
public int getDpdDelaySeconds ()
Retrieves the Dead Peer Detection(DPD) delay in seconds
Returns | |
---|---|
int |
Value is between IKE_DPD_DELAY_SEC_MIN and IKE_DPD_DELAY_SEC_MAX inclusive |
public int getHardLifetimeSeconds ()
Retrieves hard lifetime in seconds
Returns | |
---|---|
int |
Value is between IKE_HARD_LIFETIME_SEC_MINIMUM and IKE_HARD_LIFETIME_SEC_MAXIMUM inclusive |
public List<IkeSaProposal> getIkeSaProposals ()
Retrieves all IkeSaProposals configured
Returns | |
---|---|
List<IkeSaProposal> |
This value cannot be null . |
public IkeSessionParams.IkeAuthConfig getLocalAuthConfig ()
Retrieves the local (client) authentication configuration
Returns | |
---|---|
IkeSessionParams.IkeAuthConfig |
This value cannot be null . |
public IkeIdentification getLocalIdentification ()
Retrieves the local (client) identity
Returns | |
---|---|
IkeIdentification |
This value cannot be null . |
public int getNattKeepAliveDelaySeconds ()
Retrieves the Network Address Translation Traversal (NATT) keepalive delay in seconds
Returns | |
---|---|
int |
Value is between IKE_NATT_KEEPALIVE_DELAY_SEC_MIN and IKE_NATT_KEEPALIVE_DELAY_SEC_MAX inclusive |
public Network getNetwork ()
Retrieves the configured Network
, or null if was not set.
@see Builder#setNetwork(Network)
Returns | |
---|---|
Network |
public IkeSessionParams.IkeAuthConfig getRemoteAuthConfig ()
Retrieves the remote (server) authentication configuration
Returns | |
---|---|
IkeSessionParams.IkeAuthConfig |
This value cannot be null . |
public IkeIdentification getRemoteIdentification ()
Retrieves the required remote (server) identity
Returns | |
---|---|
IkeIdentification |
This value cannot be null . |
public int[] getRetransmissionTimeoutsMillis ()
Retrieves the relative retransmission timeout list in milliseconds
@see Builder#setRetransmissionTimeoutsMillis(int[])
Returns | |
---|---|
int[] |
This value cannot be null . |
public String getServerHostname ()
Retrieves the configured server hostname
The configured server hostname will be resolved during IKE Session creation.
Returns | |
---|---|
String |
This value cannot be null . |
public int getSoftLifetimeSeconds ()
Retrieves soft lifetime in seconds
Returns | |
---|---|
int |
Value is between IKE_SOFT_LIFETIME_SEC_MINIMUM and IKE_HARD_LIFETIME_SEC_MAXIMUM inclusive |
public boolean hasIkeOption (int ikeOption)
Checks if the given IKE Session negotiation option is set
Parameters | |
---|---|
ikeOption |
int : Value is IKE_OPTION_ACCEPT_ANY_REMOTE_ID , IKE_OPTION_EAP_ONLY_AUTH , or IKE_OPTION_MOBIKE |
Returns | |
---|---|
boolean |