IkeSessionParams

IKE_DPD_DELAY_SEC_DISABLED

public static final int IKE_DPD_DELAY_SEC_DISABLED

Setting timer to this value will disable the Dead Peer Detection(DPD).

@see Builder.setDpdDelaySeconds

Constant Value: 2147483647 (0x7fffffff)

IKE_OPTION_ACCEPT_ANY_REMOTE_ID

public static final int IKE_OPTION_ACCEPT_ANY_REMOTE_ID

If set, the IKE library will accept any remote (server) identity, even if it does not match the configured remote identity

See Builder.setRemoteIdentification(IkeIdentification)

Constant Value: 0 (0x00000000)

IKE_OPTION_EAP_ONLY_AUTH

public static final int IKE_OPTION_EAP_ONLY_AUTH

If set, and EAP has been configured as the authentication method, the IKE library will request that the remote (also) use an EAP-only authentication flow.

@see Builder.setAuthEap(X509Certificate, EapSessionConfig)

Constant Value: 1 (0x00000001)

IKE_OPTION_FORCE_PORT_4500

public static final int IKE_OPTION_FORCE_PORT_4500

Configures the IKE session to always send to port 4500.

If set, the IKE Session will be initiated and maintained exclusively using destination port 4500, regardless of the presence of NAT. Otherwise, the IKE Session will be initiated on destination port 500; then, if either a NAT is detected or both MOBIKE and NAT-T are supported by the peer, it will proceed on port 4500.

Constant Value: 3 (0x00000003)

IKE_OPTION_INITIAL_CONTACT

public static final int IKE_OPTION_INITIAL_CONTACT

If set, the IKE library will send INITIAL_CONTACT notification to the peers.

If this option is set, the INITIAL_CONTACT notification payload is sent in IKE_AUTH. The client can use this option to assert to the peer that this IKE SA is the only IKE SA currently active between the authenticated identities.

@see "https://tools.ietf.org/html/rfc7296#section-2.4" RFC 7296, Internet Key Exchange Protocol Version 2 (IKEv2)

@see Builder.addIkeOption(int)

Constant Value: 4 (0x00000004)

IKE_OPTION_MOBIKE

public static final int IKE_OPTION_MOBIKE

If set, the IKE Session will attempt to handle IP address changes using RFC4555 MOBIKE.

Upon IP address changes (including Network changes), the IKE session will initiate an RFC 4555 MOBIKE procedure, migrating both this IKE Session and associated IPsec Transforms to the new local and remote address pair.

The IKE library will first attempt to enable MOBIKE to handle the changes of underlying network and addresses. For callers targeting SDK Build.VERSION_CODES.S_V2 and earlier, this option will implicitly enable the support for rekey-based mobility, and thus if the server does not support MOBIKE, the IKE Session will try migration by rekeying all associated IPsec SAs. This rekey-based mobility feature is not best-practice and has technical issues; accordingly, it will no longer be enabled for callers targeting SDK Build.VERSION_CODES.TIRAMISU and above.

Checking whether or not MOBIKE is supported by both the IKE library and the server in an IKE Session is done via IkeSessionConfiguration.isIkeExtensionEnabled(int).

It is recommended that IKE_OPTION_MOBIKE be enabled unless precluded for compatibility reasons.

If this option is set for an IKE Session, Transport-mode SAs will not be allowed in that Session.

Callers that need to perform migration of IPsec transforms and tunnels MUST implement migration specific methods in IkeSessionCallback and ChildSessionCallback.

Constant Value: 2 (0x00000002)

equals

public boolean equals (Object o)

Indicates whether some other object is "equal to" this one.

The equals method implements an equivalence relation on non-null object references:

• It is reflexive: for any non-null reference value x, x.equals(x) should return true.
• It is symmetric: for any non-null reference values x and y, x.equals(y) should return true if and only if y.equals(x) returns true.
• It is transitive: for any non-null reference values x, y, and z, if x.equals(y) returns true and y.equals(z) returns true, then x.equals(z) should return true.
• It is consistent: for any non-null reference values x and y, multiple invocations of x.equals(y) consistently return true or consistently return false, provided no information used in equals comparisons on the objects is modified.
• For any non-null reference value x, x.equals(null) should return false.

An equivalence relation partitions the elements it operates on into equivalence classes; all the members of an equivalence class are equal to each other. Members of an equivalence class are substitutable for each other, at least for some purposes.

getDpdDelaySeconds

public int getDpdDelaySeconds ()

Retrieves the Dead Peer Detection(DPD) delay in seconds

getHardLifetimeSeconds

public int getHardLifetimeSeconds ()

Retrieves hard lifetime in seconds

getIkeOptions

public Set<Integer> getIkeOptions ()

Return all the enabled IKE Options

getIkeSaProposals

public List<IkeSaProposal> getIkeSaProposals ()

Retrieves all IkeSaProposals configured

getLocalAuthConfig

public IkeSessionParams.IkeAuthConfig getLocalAuthConfig ()

Retrieves the local (client) authentication configuration

getLocalIdentification

public IkeIdentification getLocalIdentification ()

Retrieves the local (client) identity

getNattKeepAliveDelaySeconds

public int getNattKeepAliveDelaySeconds ()

Retrieves the Network Address Translation Traversal (NATT) keepalive delay in seconds

getNetwork

public Network getNetwork ()

Retrieves the configured Network, or null if was not set.

@see Builder.setNetwork(Network)

getRemoteAuthConfig

public IkeSessionParams.IkeAuthConfig getRemoteAuthConfig ()

Retrieves the remote (server) authentication configuration

getRemoteIdentification

public IkeIdentification getRemoteIdentification ()

Retrieves the required remote (server) identity

getRetransmissionTimeoutsMillis

public int[] getRetransmissionTimeoutsMillis ()

Retrieves the relative retransmission timeout list in milliseconds

@see Builder.setRetransmissionTimeoutsMillis(int[])

getServerHostname

public String getServerHostname ()

Retrieves the configured server hostname

The configured server hostname will be resolved during IKE Session creation.

getSoftLifetimeSeconds

public int getSoftLifetimeSeconds ()

Retrieves soft lifetime in seconds

hasIkeOption

public boolean hasIkeOption (int ikeOption)

Checks if the given IKE Session negotiation option is set

hashCode

public int hashCode ()

Returns a hash code value for the object. This method is supported for the benefit of hash tables such as those provided by HashMap.

The general contract of hashCode is:

• Whenever it is invoked on the same object more than once during an execution of a Java application, the hashCode method must consistently return the same integer, provided no information used in equals comparisons on the object is modified. This integer need not remain consistent from one execution of an application to another execution of the same application.
• If two objects are equal according to the equals method, then calling the hashCode method on each of the two objects must produce the same integer result.
• It is not required that if two objects are unequal according to the equals method, then calling the hashCode method on each of the two objects must produce distinct integer results. However, the programmer should be aware that producing distinct integer results for unequal objects may improve the performance of hash tables.