diff options
Diffstat (limited to 'src/java/android/net/ipsec/ike/ChildSessionOptions.java')
-rw-r--r-- | src/java/android/net/ipsec/ike/ChildSessionOptions.java | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/src/java/android/net/ipsec/ike/ChildSessionOptions.java b/src/java/android/net/ipsec/ike/ChildSessionOptions.java new file mode 100644 index 00000000..90a30053 --- /dev/null +++ b/src/java/android/net/ipsec/ike/ChildSessionOptions.java @@ -0,0 +1,119 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.net.ipsec.ike; + +import libcore.net.InetAddressUtils; + +import java.net.InetAddress; +import java.util.LinkedList; +import java.util.List; + +/** + * This abstract class is the superclass of all classes representing a set of user configurations + * for Child Session negotiation. + */ +public abstract class ChildSessionOptions { + private static final IkeTrafficSelector DEFAULT_TRAFFIC_SELECTOR_IPV4; + // TODO: b/130765172 Add TRAFFIC_SELECTOR_IPV6 and instantiate it. + + static { + DEFAULT_TRAFFIC_SELECTOR_IPV4 = + buildDefaultTrafficSelector( + IkeTrafficSelector.TRAFFIC_SELECTOR_TYPE_IPV4_ADDR_RANGE); + } + + private final IkeTrafficSelector[] mLocalTrafficSelectors; + private final IkeTrafficSelector[] mRemoteTrafficSelectors; + private final ChildSaProposal[] mSaProposals; + private final boolean mIsTransport; + + protected ChildSessionOptions( + IkeTrafficSelector[] localTs, + IkeTrafficSelector[] remoteTs, + ChildSaProposal[] proposals, + boolean isTransport) { + mLocalTrafficSelectors = localTs; + mRemoteTrafficSelectors = remoteTs; + mSaProposals = proposals; + mIsTransport = isTransport; + } + + public IkeTrafficSelector[] getLocalTrafficSelectors() { + return mLocalTrafficSelectors; + } + + public IkeTrafficSelector[] getRemoteTrafficSelectors() { + return mRemoteTrafficSelectors; + } + + public ChildSaProposal[] getSaProposals() { + return mSaProposals; + } + + public boolean isTransportMode() { + return mIsTransport; + } + + /** This class represents common information for Child Sesison Options Builders. */ + protected abstract static class Builder { + protected final List<IkeTrafficSelector> mLocalTsList = new LinkedList<>(); + protected final List<IkeTrafficSelector> mRemoteTsList = new LinkedList<>(); + protected final List<SaProposal> mSaProposalList = new LinkedList<>(); + + protected Builder() { + // Currently IKE library only accepts setting up Child SA that all ports and all + // addresses are allowed on both sides. The protected traffic range is determined by the + // socket or interface that the {@link IpSecTransform} is applied to. + // TODO: b/130756765 Validate the current TS negotiation strategy. + mLocalTsList.add(DEFAULT_TRAFFIC_SELECTOR_IPV4); + mRemoteTsList.add(DEFAULT_TRAFFIC_SELECTOR_IPV4); + // TODO: add IPv6 TS to ChildSessionOptions. + } + + protected void validateAndAddSaProposal(ChildSaProposal proposal) { + mSaProposalList.add(proposal); + } + + protected void validateOrThrow() { + if (mSaProposalList.isEmpty()) { + throw new IllegalArgumentException( + "ChildSessionOptions requires at least one Child SA proposal."); + } + } + } + + private static IkeTrafficSelector buildDefaultTrafficSelector( + @IkeTrafficSelector.TrafficSelectorType int tsType) { + int startPort = IkeTrafficSelector.PORT_NUMBER_MIN; + int endPort = IkeTrafficSelector.PORT_NUMBER_MAX; + InetAddress startAddress = null; + InetAddress endAddress = null; + switch (tsType) { + case IkeTrafficSelector.TRAFFIC_SELECTOR_TYPE_IPV4_ADDR_RANGE: + startAddress = InetAddressUtils.parseNumericAddress("0.0.0.0"); + endAddress = InetAddressUtils.parseNumericAddress("255.255.255.255"); + break; + case IkeTrafficSelector.TRAFFIC_SELECTOR_TYPE_IPV6_ADDR_RANGE: + // TODO: Support it. + throw new UnsupportedOperationException("Do not support IPv6."); + default: + throw new IllegalArgumentException("Invalid Traffic Selector type: " + tsType); + } + + return new IkeTrafficSelector(tsType, startPort, endPort, startAddress, endAddress); + } +} |