Package org.jivesoftware.openfire.spi
Class ConnectionConfiguration
java.lang.Object
org.jivesoftware.openfire.spi.ConnectionConfiguration
Configuration for a socket connection.
Instances of this class are thread-safe, with the exception of the internal state of the #bindAddress property.
- Author:
- Guus der Kinderen, guus.der.kinderen@gmail.com
-
Constructor Summary
ConstructorsConstructorDescriptionConnectionConfiguration
(ConnectionType type, boolean enabled, int maxThreadPoolSize, int maxBufferSize, Connection.ClientAuth clientAuth, InetAddress bindAddress, int port, Connection.TLSPolicy tlsPolicy, CertificateStoreConfiguration identityStoreConfiguration, CertificateStoreConfiguration trustStoreConfiguration, boolean acceptSelfSignedCertificates, boolean verifyCertificateValidity, boolean verifyCertificateRevocation, Set<String> encryptionProtocols, Set<String> encryptionCipherSuites, Connection.CompressionPolicy compressionPolicy, boolean strictCertificateValidation) -
Method Summary
Modifier and TypeMethodDescriptionA collection of cipher suite names that can be used for encryption of connections.A collection of protocol names that can be used for encryption of connections.int
int
int
getPort()
getType()
boolean
A boolean that indicates if self-signed peer certificates can be used to establish an encrypted connection.boolean
boolean
Indicates if client-driven Online Certificate Status Protocol (OCSP) is enabled.boolean
A boolean that indicates if the connection should be aborted if certificate validation fails.boolean
A boolean that indicates if the revocation status of certificates is checked when they are used to establish an encrypted connection.boolean
A boolean that indicates if the current validity of certificates (based on their 'notBefore' and 'notAfter' property values) is used when they are used to establish an encrypted connection.
-
Constructor Details
-
ConnectionConfiguration
public ConnectionConfiguration(ConnectionType type, boolean enabled, int maxThreadPoolSize, int maxBufferSize, Connection.ClientAuth clientAuth, InetAddress bindAddress, int port, Connection.TLSPolicy tlsPolicy, CertificateStoreConfiguration identityStoreConfiguration, CertificateStoreConfiguration trustStoreConfiguration, boolean acceptSelfSignedCertificates, boolean verifyCertificateValidity, boolean verifyCertificateRevocation, Set<String> encryptionProtocols, Set<String> encryptionCipherSuites, Connection.CompressionPolicy compressionPolicy, boolean strictCertificateValidation) - Parameters:
type
- the connection typeenabled
- is the connection enabled or disabledmaxThreadPoolSize
- The maximum number of threads that are to be used to processing network activity. Must be equal to or larger than one.maxBufferSize
- The maximum amount of bytes of the read buffer that I/O processor allocates per each read, or a non-positive value to configure no maximum.clientAuth
- specification if peers should be authenticated ('mutual authentication') (cannot be null).bindAddress
- The network address on which connections are accepted, or null when any local address can be used.port
- The TCP port number on which connections are accepted (must be a valid TCP port number).tlsPolicy
- The TLS policy that is applied to connections (cannot be null).identityStoreConfiguration
- the certificates the server identify astrustStoreConfiguration
- the certificates the server trustsacceptSelfSignedCertificates
-true
to accept self-signed certificates, otherwisefalse
verifyCertificateValidity
-true
to verify validity of certificates (based on their 'notBefore' and 'notAfter' property values), otherwisefalse
verifyCertificateRevocation
-true
to check certificate revocation status, otherwisefalse
encryptionProtocols
- the set of protocols supportedencryptionCipherSuites
- the set of ciphers supportedcompressionPolicy
- the compression policystrictCertificateValidation
-true
to abort connections if certificate validation fails, otherwisefalse
-
-
Method Details
-
getTlsPolicy
-
getCompressionPolicy
-
getType
-
getMaxThreadPoolSize
public int getMaxThreadPoolSize() -
getMaxBufferSize
public int getMaxBufferSize() -
getClientAuth
-
getBindAddress
-
getPort
public int getPort() -
getIdentityStoreConfiguration
-
getTrustStoreConfiguration
-
isAcceptSelfSignedCertificates
public boolean isAcceptSelfSignedCertificates()A boolean that indicates if self-signed peer certificates can be used to establish an encrypted connection.- Returns:
- true when self-signed certificates are accepted, otherwise false.
-
isVerifyCertificateValidity
public boolean isVerifyCertificateValidity()A boolean that indicates if the current validity of certificates (based on their 'notBefore' and 'notAfter' property values) is used when they are used to establish an encrypted connection.- Returns:
- true when certificates are required to be valid to establish an encrypted connection, otherwise false.
-
isVerifyCertificateRevocation
public boolean isVerifyCertificateRevocation()A boolean that indicates if the revocation status of certificates is checked when they are used to establish an encrypted connection.- Returns:
- true when the revocation status of certificates is checked, otherwise false.
-
getEncryptionProtocols
A collection of protocol names that can be used for encryption of connections. When non-empty, the list is intended to specify those protocols (from a larger collection of implementation- supported protocols) that can be used to establish encryption. The order over which values are iterated in the result is equal to the order of values in the comma-separated configuration string. This can, but is not guaranteed to, indicate preference.- Returns:
- An (ordered) set of protocols, never null but possibly empty.
-
getEncryptionCipherSuites
A collection of cipher suite names that can be used for encryption of connections. When non-empty, the list is intended to specify those cipher suites (from a larger collection of implementation- supported cipher suites) that can be used to establish encryption. The order over which values are iterated in the result is equal to the order of values in the comma-separated configuration string. This can, but is not guaranteed to, indicate preference.- Returns:
- An (ordered) set of cipher suites, never null but possibly empty.
-
getIdentityStore
-
getTrustStore
-
isOcspEnabled
public boolean isOcspEnabled()Indicates if client-driven Online Certificate Status Protocol (OCSP) is enabled. This is a prerequisite to enable client-driven OCSP, it has no effect unless revocation checking is also enabled.- Returns:
- true if client-driven OCSP is enabled, otherwise false.
-
isEnabled
public boolean isEnabled() -
isStrictCertificateValidation
public boolean isStrictCertificateValidation()A boolean that indicates if the connection should be aborted if certificate validation fails. When true Openfire strictly follows RFC 6120, section 13.7.2- Returns:
- true when connections are aborted if certificate validation fails, otherwise false.
-