Package org.jivesoftware.openfire.spi

Class ConnectionConfiguration

java.lang.Object
org.jivesoftware.openfire.spi.ConnectionConfiguration
public class ConnectionConfiguration extends Object
Configuration for a socket connection. Instances of this class are thread-safe, with the exception of the internal state of the #bindAddress property.
Author:
Guus der Kinderen, guus.der.kinderen@gmail.com

  • Constructor Details

    • ConnectionConfiguration

      public ConnectionConfiguration(ConnectionType type, boolean enabled, int maxThreadPoolSize, int maxBufferSize, Connection.ClientAuth clientAuth, InetAddress bindAddress, int port, Connection.TLSPolicy tlsPolicy, CertificateStoreConfiguration identityStoreConfiguration, CertificateStoreConfiguration trustStoreConfiguration, boolean acceptSelfSignedCertificates, boolean verifyCertificateValidity, boolean verifyCertificateRevocation, Set<String> encryptionProtocols, Set<String> encryptionCipherSuites, Connection.CompressionPolicy compressionPolicy, boolean strictCertificateValidation)
      Parameters:
      type - the connection type
      enabled - is the connection enabled or disabled
      maxThreadPoolSize - The maximum number of threads that are to be used to processing network activity. Must be equal to or larger than one.
      maxBufferSize - The maximum amount of bytes of the read buffer that I/O processor allocates per each read, or a non-positive value to configure no maximum.
      clientAuth - specification if peers should be authenticated ('mutual authentication') (cannot be null).
      bindAddress - The network address on which connections are accepted, or null when any local address can be used.
      port - The TCP port number on which connections are accepted (must be a valid TCP port number).
      tlsPolicy - The TLS policy that is applied to connections (cannot be null).
      identityStoreConfiguration - the certificates the server identify as
      trustStoreConfiguration - the certificates the server trusts
      acceptSelfSignedCertificates - true to accept self-signed certificates, otherwise false
      verifyCertificateValidity - true to verify validity of certificates (based on their 'notBefore' and 'notAfter' property values), otherwise false
      verifyCertificateRevocation - true to check certificate revocation status, otherwise false
      encryptionProtocols - the set of protocols supported
      encryptionCipherSuites - the set of ciphers supported
      compressionPolicy - the compression policy
      strictCertificateValidation - true to abort connections if certificate validation fails, otherwise false

  • Method Details

    • getTlsPolicy

      public Connection.TLSPolicy getTlsPolicy()

    • getCompressionPolicy

      public Connection.CompressionPolicy getCompressionPolicy()

    • getType

      public ConnectionType getType()

    • getMaxThreadPoolSize

      public int getMaxThreadPoolSize()

    • getMaxBufferSize

      public int getMaxBufferSize()

    • getClientAuth

      public Connection.ClientAuth getClientAuth()

    • getBindAddress

      public InetAddress getBindAddress()

    • getPort

      public int getPort()

    • getIdentityStoreConfiguration

      public CertificateStoreConfiguration getIdentityStoreConfiguration()

    • getTrustStoreConfiguration

      public CertificateStoreConfiguration getTrustStoreConfiguration()

    • isAcceptSelfSignedCertificates

      public boolean isAcceptSelfSignedCertificates()
      A boolean that indicates if self-signed peer certificates can be used to establish an encrypted connection.
      Returns:
      true when self-signed certificates are accepted, otherwise false.

    • isVerifyCertificateValidity

      public boolean isVerifyCertificateValidity()
      A boolean that indicates if the current validity of certificates (based on their 'notBefore' and 'notAfter' property values) is used when they are used to establish an encrypted connection.
      Returns:
      true when certificates are required to be valid to establish an encrypted connection, otherwise false.

    • isVerifyCertificateRevocation

      public boolean isVerifyCertificateRevocation()
      A boolean that indicates if the revocation status of certificates is checked when they are used to establish an encrypted connection.
      Returns:
      true when the revocation status of certificates is checked, otherwise false.

    • getEncryptionProtocols

      public Set<String> getEncryptionProtocols()
      A collection of protocol names that can be used for encryption of connections. When non-empty, the list is intended to specify those protocols (from a larger collection of implementation- supported protocols) that can be used to establish encryption. The order over which values are iterated in the result is equal to the order of values in the comma-separated configuration string. This can, but is not guaranteed to, indicate preference.
      Returns:
      An (ordered) set of protocols, never null but possibly empty.

    • getEncryptionCipherSuites

      public Set<String> getEncryptionCipherSuites()
      A collection of cipher suite names that can be used for encryption of connections. When non-empty, the list is intended to specify those cipher suites (from a larger collection of implementation- supported cipher suites) that can be used to establish encryption. The order over which values are iterated in the result is equal to the order of values in the comma-separated configuration string. This can, but is not guaranteed to, indicate preference.
      Returns:
      An (ordered) set of cipher suites, never null but possibly empty.

    • getIdentityStore

      public IdentityStore getIdentityStore()

    • getTrustStore

      public TrustStore getTrustStore()

    • isOcspEnabled

      public boolean isOcspEnabled()
      Indicates if client-driven Online Certificate Status Protocol (OCSP) is enabled. This is a prerequisite to enable client-driven OCSP, it has no effect unless revocation checking is also enabled.
      Returns:
      true if client-driven OCSP is enabled, otherwise false.

    • isEnabled

      public boolean isEnabled()

    • isStrictCertificateValidation

      public boolean isStrictCertificateValidation()
      A boolean that indicates if the connection should be aborted if certificate validation fails. When true Openfire strictly follows RFC 6120, section 13.7.2
      Returns:
      true when connections are aborted if certificate validation fails, otherwise false.