IPSecConnection

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.openuat.channel
Class IPSecConnection_Windows

java.lang.Object
  org.openuat.channel.IPSecConnection_Windows

All Implemented Interfaces:: IPSecConnection, SecureChannel

public class IPSecConnection_Windows
extends java.lang.Object
implements IPSecConnection
extends java.lang.Object
implements IPSecConnection

This is an implementation of a secure channel using the Windows 2000/XP implementation. It is accessed via the ipsec2k library, which provides an API for creating the appropriate registry entries.

Version:: 1.0
Author:: Rene Mayrhofer

Constructor Summary
`IPSecConnection_Windows()`

Method Summary
`protected static boolean`	`activatePolicy(java.lang.String id)`
`protected static boolean`	`addPolicyCA(long handle, byte[] fromAddress, byte[] fromMask, byte[] toAddress, byte[] toMask, byte[] fromGateway, byte[] toGateway, int cipher, int mac, boolean pfs, java.lang.String caDn)`
`protected static boolean`	`addPolicyPsk(long handle, byte[] fromAddress, byte[] fromMask, byte[] toAddress, byte[] toMask, byte[] fromGateway, byte[] toGateway, int cipher, int mac, boolean pfs, java.lang.String psk)`
`protected java.lang.String`	`convertCidrMaskToAddressStyle(int cidrMask)` This is a small helper method to convert from the CIDR style network mask to the address style network mask formet, e.g. from 24 to "255.255.255.0".
`protected static long`	`createPolicyHandle(int cipher, int mac, int dhgroup, int lifetime)`
`protected static boolean`	`deactivatePolicy(java.lang.String id)`
`int`	`importCertificate(java.lang.String file, java.lang.String password, boolean overwriteExisting)` Implementation based on nativeImportCertificate.
`boolean`	`init(java.lang.String remoteHost, boolean useAsDefault)` Initializes an instance of a secure channel.
`boolean`	`init(java.lang.String remoteHost, java.lang.String remoteNetwork, int remoteNetmask)` Initializes an instance of an IPSec connection.
`boolean`	`isEstablished()` Returns true if the channel has been established.
`static void`	`main(java.lang.String[] args)`
`protected static int`	`nativeImportCertificate(java.lang.String file, java.lang.String password, boolean overwriteExisting)` This native method is used to implement the matching method from the IPSecConnection interface.
`protected static java.lang.String`	`registerPolicy(long handle)`
`protected static boolean`	`removePolicy(java.lang.String id)`
`boolean`	`start(byte[] sharedSecret, boolean persistent)` Creates a new connection entry for Windows 2000/XP.
`boolean`	`start(java.lang.String caDistinguishedName, boolean persistent)` Creates a new connection entry for Windows 2000/XP.
`boolean`	`stop()` Returns true when all the policies that have been registered and activated by start() could be deactivated and removed, false otherwise.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

IPSecConnection_Windows

public IPSecConnection_Windows()

Method Detail

init

public boolean init(java.lang.String remoteHost,
                    boolean useAsDefault)

Initializes an instance of a secure channel. This implementation only remembers remoteHost in the member variable.

Specified by:: init in interface SecureChannel

Parameters:: remoteHost - The IP address or host name of the remote host.; useAsDefault - If set to true, this channel will be used as default for all further communication. This means that instead of an IPSec transport connection, a tunnel connection with the remote subnet 0.0.0.0/0 will be created, effectively routing all IP traffic through this connection. Set to false if in doubt.
Returns:: true if the channel could be initialized, false otherwise. It will return false if the channel has already been initialized previously.
See Also:: This method must be called before any of the others.

init

public boolean init(java.lang.String remoteHost,
                    java.lang.String remoteNetwork,
                    int remoteNetmask)

Initializes an instance of an IPSec connection. This implementation only remembers remoteHost, remoteNetwork and remoteNetmask in member variables. This method is an alternative to the init method defined by the SecureChannel interface. Either of them must be called before any of the others.

Specified by:: init in interface IPSecConnection

Parameters:: remoteHost - The remote host to establish the connection to. This string can either be a hostname, or an IP (version 4 or 6) address.; remoteNetwork - The remote network behind the IPSec gateway specified with remoteHost, if any. This parameter may be null to indicate that no remote network should be used, but that the IPSec connection should be created only for reaching the remote host. Specifically, if this parameter is set to a network (in IPv4 or IPv6 address notation), then an IPsec tunnel connection will be created. If set to null, an IPSec transport connection will be created.; remoteNetmask - If remoteNetwork has been set, this parameter should be set to the remote netmask in CIDR notation, i.e. the number of bits that represent the remote network. It must be between 0 and 32 for IPv4 remote networks and between 0 and 128 for IPv6 remote networks. If remoteNetwork is null, this parameter is ignored.
Returns:: true if the channel could be initialized, false otherwise. It will return false if the channel has already been initialized previously.

start

public boolean start(byte[] sharedSecret,
                     boolean persistent)

Creates a new connection entry for Windows 2000/XP. This does not start the connection - it will be started when the first matching packet triggers it.

Specified by:: start in interface SecureChannel

Parameters:: sharedSecret - The PSK to use - this byte array will be HEX-encoded to form a textual representation.; persistent - Not supported right now. The security policies (in SPD) will always be permanent right now.
Returns:: true if the channel could be started, false otherwise.
See Also:: SecureChannel.init(java.lang.String, boolean)

start

public boolean start(java.lang.String caDistinguishedName,
                     boolean persistent)

Creates a new connection entry for Windows 2000/XP. This does not start the connection - it will be started when the first matching packet triggers it.

Specified by:: start in interface IPSecConnection

Parameters:: caDistinguishedName - The CA that is used to sign the certificates, can be null to accept any valid certificate.; persistent - Supported. If set to true, the connection will be set to auto=start, if set to false, it will be set to auto=add.
Returns:: true if the channel could be started, false otherwise.
See Also:: IPSecConnection.init(java.lang.String, java.lang.String, int), IPSecConnection.importCertificate(String, String, boolean)

stop

public boolean stop()

Returns true when all the policies that have been registered and activated by start() could be deactivated and removed, false otherwise. Also returns false when no policies have been installed previously.

Specified by:: stop in interface SecureChannel

Returns:: true if the channel could be stopped, false otherwise.
See Also:: SecureChannel.init(java.lang.String, boolean)

isEstablished

public boolean isEstablished()

Description copied from interface: SecureChannel

Returns true if the channel has been established. init() needs to be called once before this method.

Specified by:: isEstablished in interface SecureChannel

See Also:: SecureChannel.init(java.lang.String, boolean)

convertCidrMaskToAddressStyle

protected java.lang.String convertCidrMaskToAddressStyle(int cidrMask)

This is a small helper method to convert from the CIDR style network mask to the address style network mask formet, e.g. from 24 to "255.255.255.0".

Parameters:: cidrMask - The number of bits in the netmask.
Returns:: The netmask as address style string.

createPolicyHandle

protected static long createPolicyHandle(int cipher,
                                         int mac,
                                         int dhgroup,
                                         int lifetime)

addPolicyPsk

protected static boolean addPolicyPsk(long handle,
                                      byte[] fromAddress,
                                      byte[] fromMask,
                                      byte[] toAddress,
                                      byte[] toMask,
                                      byte[] fromGateway,
                                      byte[] toGateway,
                                      int cipher,
                                      int mac,
                                      boolean pfs,
                                      java.lang.String psk)

addPolicyCA

protected static boolean addPolicyCA(long handle,
                                     byte[] fromAddress,
                                     byte[] fromMask,
                                     byte[] toAddress,
                                     byte[] toMask,
                                     byte[] fromGateway,
                                     byte[] toGateway,
                                     int cipher,
                                     int mac,
                                     boolean pfs,
                                     java.lang.String caDn)

registerPolicy

protected static java.lang.String registerPolicy(long handle)

activatePolicy

protected static boolean activatePolicy(java.lang.String id)

deactivatePolicy

protected static boolean deactivatePolicy(java.lang.String id)

removePolicy

protected static boolean removePolicy(java.lang.String id)

nativeImportCertificate

protected static int nativeImportCertificate(java.lang.String file,
                                             java.lang.String password,
                                             boolean overwriteExisting)

This native method is used to implement the matching method from the IPSecConnection interface.

importCertificate

public int importCertificate(java.lang.String file,
                             java.lang.String password,
                             boolean overwriteExisting)

Implementation based on nativeImportCertificate.

Specified by:: importCertificate in interface IPSecConnection

Parameters:: file - The file name of the certificate to import. It must point to a PKCS#12 encoded file that contains the X.509 client certificate and the corresponding private key that should be used for authentication as well as the CA certificate chain up to the root CA certificate that represents the trusted path of the client certificate. The other end of the IPSec tunnel must present a certificate that has been signed by the same CA as the client certificate imported from this file.; password - The password necessary to decrypt the PKCS#12 file.; overwriteExisting - If true, existing certificates with the same common name and serial number and signed by the same CA will be overwritten.
Returns:: 0 if the certificates and the private key could be imported successfully, 1 if the file could not be found or opened, 2 if the private key could not be decrypted (password mismatch), 3 if it could not be decoded, 4 if importing failed, 5 if (at least one of the) certificates existed already and overwriteExisting was set to false 5 if anything else went wrong (like parameter error).
See Also:: nativeImportCertificate(String, String, boolean)

main

public static void main(java.lang.String[] args)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

2005-2009, Rene Mayrhofer.

org.openuat.channel Class IPSecConnection_Windows

IPSecConnection_Windows

init

init

start

start

stop

isEstablished

convertCidrMaskToAddressStyle

createPolicyHandle

addPolicyPsk

addPolicyCA

registerPolicy

activatePolicy

deactivatePolicy

removePolicy

nativeImportCertificate

importCertificate

main

org.openuat.channel
Class IPSecConnection_Windows