Added in API level 31

Summary: Ctors | Methods | Inherited Methods

IkeSessionParams.Builder

Kotlin |Java

public static final class IkeSessionParams.Builder
extends Object

java.lang.Object
↳	android.net.ipsec.ike.IkeSessionParams.Builder

This class can be used to incrementally construct a IkeSessionParams.

Summary

Public constructors
`Builder()` Construct Builder
`Builder(IkeSessionParams ikeSessionParams)` Construct Builder from the `IkeSessionParams` object.

Public methods
`IkeSessionParams.Builder`	`addIkeOption(int ikeOption)` Sets the specified IKE Option as enabled.
`IkeSessionParams.Builder`	`addIkeSaProposal(IkeSaProposal proposal)` Adds an IKE SA proposal to the `IkeSessionParams` being built.
`IkeSessionParams`	`build()` Validates and builds the `IkeSessionParams`.
`IkeSessionParams.Builder`	`removeIkeOption(int ikeOption)` Resets (disables) the specified IKE Option.
`IkeSessionParams.Builder`	`setAuthDigitalSignature(X509Certificate serverCaCert, X509Certificate clientEndCert, List<X509Certificate> clientIntermediateCerts, PrivateKey clientPrivateKey)` Configures the `IkeSession` to use public-key-signature-based authentication.
`IkeSessionParams.Builder`	`setAuthDigitalSignature(X509Certificate serverCaCert, X509Certificate clientEndCert, PrivateKey clientPrivateKey)` Configures the `IkeSession` to use public-key-signature-based authentication.
`IkeSessionParams.Builder`	`setAuthEap(X509Certificate serverCaCert, EapSessionConfig eapConfig)` Configures the `IkeSession` to use EAP authentication.
`IkeSessionParams.Builder`	`setAuthPsk(byte[] sharedKey)` Configures the `IkeSession` to use pre-shared-key-based authentication.
`IkeSessionParams.Builder`	`setDpdDelaySeconds(int dpdDelaySeconds)` Sets the Dead Peer Detection(DPD) delay in seconds.
`IkeSessionParams.Builder`	`setLifetimeSeconds(int hardLifetimeSeconds, int softLifetimeSeconds)` Sets hard and soft lifetimes.
`IkeSessionParams.Builder`	`setLocalIdentification(IkeIdentification identification)` Sets local IKE identification for the `IkeSessionParams` being built.
`IkeSessionParams.Builder`	`setNattKeepAliveDelaySeconds(int nattKeepaliveDelaySeconds)` Sets the Network Address Translation Traversal (NATT) keepalive delay in seconds.
`IkeSessionParams.Builder`	`setNetwork(Network network)` Sets the `Network` for the `IkeSessionParams` being built.
`IkeSessionParams.Builder`	`setRemoteIdentification(IkeIdentification identification)` Sets remote IKE identification for the `IkeSessionParams` being built.
`IkeSessionParams.Builder`	`setRetransmissionTimeoutsMillis(int[] retransTimeoutMillisList)` Sets the retransmission timeout list in milliseconds.
`IkeSessionParams.Builder`	`setServerHostname(String serverHostname)` Sets the server hostname for the `IkeSessionParams` being built.

Inherited methods

From class


        
          java.lang.Object

`Object`	`clone()` Creates and returns a copy of this object.
`boolean`	`equals(Object obj)` Indicates whether some other object is "equal to" this one.
`void`	`finalize()` Called by the garbage collector on an object when garbage collection determines that there are no more references to the object.
`final Class<?>`	`getClass()` Returns the runtime class of this `Object`.
`int`	`hashCode()` Returns a hash code value for the object.
`final void`	`notify()` Wakes up a single thread that is waiting on this object's monitor.
`final void`	`notifyAll()` Wakes up all threads that are waiting on this object's monitor.
`String`	`toString()` Returns a string representation of the object.
`final void`	`wait(long timeoutMillis, int nanos)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait(long timeoutMillis)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait()` Causes the current thread to wait until it is awakened, typically by being notified or interrupted.

Public constructors

Builder

Added in API level 31

public Builder ()

Construct Builder

Builder

Added in API level 31

public Builder (IkeSessionParams ikeSessionParams)

Construct Builder from the IkeSessionParams object.

Parameters
`ikeSessionParams`	`IkeSessionParams`: the object this Builder will be constructed with. This value cannot be `null`.

Public methods

addIkeOption

Added in API level 31

public IkeSessionParams.Builder addIkeOption (int ikeOption)

Sets the specified IKE Option as enabled.

Parameters

Parameters
`ikeOption`	`int`: the option to be enabled. Value is `IkeSessionParams.IKE_OPTION_ACCEPT_ANY_REMOTE_ID`, `IkeSessionParams.IKE_OPTION_EAP_ONLY_AUTH`, `IkeSessionParams.IKE_OPTION_MOBIKE`, `IkeSessionParams.IKE_OPTION_FORCE_PORT_4500`, `IkeSessionParams.IKE_OPTION_INITIAL_CONTACT`, android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_REKEY_MOBILITY, android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_AUTOMATIC_ADDRESS_FAMILY_SELECTION, android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_AUTOMATIC_NATT_KEEPALIVES, android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_AUTOMATIC_KEEPALIVE_ON_OFF, or android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_FORCE_DNS_RESOLUTION

ikeOption

int: the option to be enabled. Value is IkeSessionParams.IKE_OPTION_ACCEPT_ANY_REMOTE_ID, IkeSessionParams.IKE_OPTION_EAP_ONLY_AUTH, IkeSessionParams.IKE_OPTION_MOBIKE, IkeSessionParams.IKE_OPTION_FORCE_PORT_4500, IkeSessionParams.IKE_OPTION_INITIAL_CONTACT, android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_REKEY_MOBILITY, android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_AUTOMATIC_ADDRESS_FAMILY_SELECTION, android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_AUTOMATIC_NATT_KEEPALIVES, android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_AUTOMATIC_KEEPALIVE_ON_OFF, or android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_FORCE_DNS_RESOLUTION

Returns
`IkeSessionParams.Builder`	Builder this, to facilitate chaining. This value cannot be `null`.

Throws
`IllegalArgumentException`	if the provided option is invalid.

addIkeSaProposal

Added in API level 31

public IkeSessionParams.Builder addIkeSaProposal (IkeSaProposal proposal)

Adds an IKE SA proposal to the IkeSessionParams being built.

Parameters
`proposal`	`IkeSaProposal`: IKE SA proposal. This value cannot be `null`.

Returns
`IkeSessionParams.Builder`	Builder this, to facilitate chaining. This value cannot be `null`.

build

Added in API level 31

public IkeSessionParams build ()

Validates and builds the IkeSessionParams.

Returns
`IkeSessionParams`	IkeSessionParams the validated IkeSessionParams. This value cannot be `null`.

removeIkeOption

Added in API level 31

public IkeSessionParams.Builder removeIkeOption (int ikeOption)

Resets (disables) the specified IKE Option.

Parameters

Parameters
`ikeOption`	`int`: the option to be disabled. Value is `IkeSessionParams.IKE_OPTION_ACCEPT_ANY_REMOTE_ID`, `IkeSessionParams.IKE_OPTION_EAP_ONLY_AUTH`, `IkeSessionParams.IKE_OPTION_MOBIKE`, `IkeSessionParams.IKE_OPTION_FORCE_PORT_4500`, `IkeSessionParams.IKE_OPTION_INITIAL_CONTACT`, android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_REKEY_MOBILITY, android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_AUTOMATIC_ADDRESS_FAMILY_SELECTION, android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_AUTOMATIC_NATT_KEEPALIVES, android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_AUTOMATIC_KEEPALIVE_ON_OFF, or android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_FORCE_DNS_RESOLUTION

ikeOption

int: the option to be disabled. Value is IkeSessionParams.IKE_OPTION_ACCEPT_ANY_REMOTE_ID, IkeSessionParams.IKE_OPTION_EAP_ONLY_AUTH, IkeSessionParams.IKE_OPTION_MOBIKE, IkeSessionParams.IKE_OPTION_FORCE_PORT_4500, IkeSessionParams.IKE_OPTION_INITIAL_CONTACT, android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_REKEY_MOBILITY, android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_AUTOMATIC_ADDRESS_FAMILY_SELECTION, android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_AUTOMATIC_NATT_KEEPALIVES, android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_AUTOMATIC_KEEPALIVE_ON_OFF, or android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_FORCE_DNS_RESOLUTION

Returns
`IkeSessionParams.Builder`	Builder this, to facilitate chaining. This value cannot be `null`.

Throws
`IllegalArgumentException`	if the provided option is invalid.

setAuthDigitalSignature

Added in API level 31

public IkeSessionParams.Builder setAuthDigitalSignature (X509Certificate serverCaCert, 
                X509Certificate clientEndCert, 
                List<X509Certificate> clientIntermediateCerts, 
                PrivateKey clientPrivateKey)

Configures the IkeSession to use public-key-signature-based authentication.

The public key included by the client end certificate and the private key used for signing MUST be a matching key pair.

The IKE library will use the strongest signature algorithm supported by both sides.

Currenly only RSA digital signature is supported.

Parameters
`serverCaCert`	`X509Certificate`: the CA certificate for validating the received server certificate(s). If a null value is provided, IKE library will try all default CA certificates stored in Android system to do the validation. Otherwise, it will only use the provided CA certificate.
`clientEndCert`	`X509Certificate`: the end certificate for remote server to verify locally generated signature. This value cannot be `null`.
`clientIntermediateCerts`	`List`: intermediate certificates for the remote server to validate the end certificate. This value cannot be `null`.
`clientPrivateKey`	`PrivateKey`: private key to generate outbound digital signature. The `PrivateKey` MUST be an instance of `RSAKey`. This value cannot be `null`.

Returns
`IkeSessionParams.Builder`	Builder this, to facilitate chaining. This value cannot be `null`.

setAuthDigitalSignature

Added in API level 31

public IkeSessionParams.Builder setAuthDigitalSignature (X509Certificate serverCaCert, 
                X509Certificate clientEndCert, 
                PrivateKey clientPrivateKey)

Configures the IkeSession to use public-key-signature-based authentication.

The public key included by the client end certificate and the private key used for signing MUST be a matching key pair.

The IKE library will use the strongest signature algorithm supported by both sides.

Currenly only RSA digital signature is supported.

Parameters
`serverCaCert`	`X509Certificate`: the CA certificate for validating the received server certificate(s). If a certificate is provided, it MUST be the root CA used by the server, or authentication will fail. If no certificate is provided, any root CA in the system's truststore is considered acceptable. This value may be `null`.
`clientEndCert`	`X509Certificate`: the end certificate for remote server to verify the locally generated signature. This value cannot be `null`.
`clientPrivateKey`	`PrivateKey`: private key to generate outbound digital signature. The `PrivateKey` MUST be an instance of `RSAKey`. This value cannot be `null`.

Returns
`IkeSessionParams.Builder`	Builder this, to facilitate chaining. This value cannot be `null`.

setAuthEap

Added in API level 31

public IkeSessionParams.Builder setAuthEap (X509Certificate serverCaCert, 
                EapSessionConfig eapConfig)

Configures the IkeSession to use EAP authentication.

Not all EAP methods provide mutual authentication. As such EAP MUST be used in conjunction with a public-key-signature-based authentication of the remote server, unless EAP-Only authentication is enabled.

Callers may enable EAP-Only authentication by setting IkeSessionParams.IKE_OPTION_EAP_ONLY_AUTH, which will make IKE library request the remote to use EAP-Only authentication. The remote may opt to reject the request, at which point the received certificates and authentication payload WILL be validated with the provided root CA or system's truststore as usual. Only safe EAP methods as listed in RFC 5998 will be accepted for EAP-Only authentication.

If IkeSessionParams.IKE_OPTION_EAP_ONLY_AUTH is set, callers MUST configure EAP as the authentication method and all EAP methods set in EAP Session configuration MUST be safe methods that are accepted for EAP-Only authentication. Otherwise callers will get an exception when building the IkeSessionParams

Callers MUST declare only one authentication method. Calling this function will override the previously set authentication configuration.

Parameters
`serverCaCert`	`X509Certificate`: the CA certificate for validating the received server certificate(s). If a certificate is provided, it MUST be the root CA used by the server, or authentication will fail. If no certificate is provided, any root CA in the system's truststore is considered acceptable. This value may be `null`.
`eapConfig`	`EapSessionConfig`: This value cannot be `null`.

Returns
`IkeSessionParams.Builder`	Builder this, to facilitate chaining. This value cannot be `null`.

See also:

setAuthPsk

Added in API level 31

public IkeSessionParams.Builder setAuthPsk (byte[] sharedKey)

Configures the IkeSession to use pre-shared-key-based authentication.

Both client and server MUST be authenticated using the provided shared key. IKE authentication will fail if the remote peer tries to use other authentication methods.

Callers MUST declare only one authentication method. Calling this function will override the previously set authentication configuration.

Callers SHOULD NOT use this if any other authentication methods can be used; PSK-based authentication is generally considered insecure.

Parameters
`sharedKey`	`byte`: the shared key. This value cannot be `null`.

Returns
`IkeSessionParams.Builder`	Builder this, to facilitate chaining. This value cannot be `null`.

setDpdDelaySeconds

Added in API level 31

public IkeSessionParams.Builder setDpdDelaySeconds (int dpdDelaySeconds)

Sets the Dead Peer Detection(DPD) delay in seconds.

Parameters
`dpdDelaySeconds`	`int`: number of seconds after which IKE SA will initiate DPD if no inbound cryptographically protected IKE message was received. Defaults to 120 seconds. MUST be a value greater than or equal to than 20 seconds. Setting the value to `IkeSessionParams.IKE_DPD_DELAY_SEC_DISABLED` will disable DPD. Value is `ERROR(/android.net.ipsec.ike.IkeSessionParams#IKE_DPD_DELAY_SEC_MIN)` or greater

Returns
`IkeSessionParams.Builder`	Builder this, to facilitate chaining. This value cannot be `null`.

setLifetimeSeconds

Added in API level 31

public IkeSessionParams.Builder setLifetimeSeconds (int hardLifetimeSeconds, 
                int softLifetimeSeconds)

Sets hard and soft lifetimes.

Lifetimes will not be negotiated with the remote IKE server.

Parameters
`hardLifetimeSeconds`	`int`: number of seconds after which IKE SA will expire. Defaults to 14400 seconds (4 hours). MUST be a value from 300 seconds (5 minutes) to 86400 seconds (24 hours), inclusive. Value is between `ERROR(/android.net.ipsec.ike.IkeSessionParams#IKE_HARD_LIFETIME_SEC_MINIMUM)` and `ERROR(/android.net.ipsec.ike.IkeSessionParams#IKE_HARD_LIFETIME_SEC_MAXIMUM)` inclusive
`softLifetimeSeconds`	`int`: number of seconds after which IKE SA will request rekey. Defaults to 7200 seconds (2 hours). MUST be at least 120 seconds (2 minutes), and at least 60 seconds (1 minute) shorter than the hard lifetime. Value is between `ERROR(/android.net.ipsec.ike.IkeSessionParams#IKE_SOFT_LIFETIME_SEC_MINIMUM)` and `ERROR(/android.net.ipsec.ike.IkeSessionParams#IKE_HARD_LIFETIME_SEC_MAXIMUM)` inclusive

Returns
`IkeSessionParams.Builder`	Builder this, to facilitate chaining. This value cannot be `null`.

setLocalIdentification

Added in API level 31

public IkeSessionParams.Builder setLocalIdentification (IkeIdentification identification)

Sets local IKE identification for the IkeSessionParams being built.

It is not allowed to use KEY ID together with digital-signature-based authentication as per RFC 7296.

Parameters
`identification`	`IkeIdentification`: the local IKE identification. This value cannot be `null`.

Returns
`IkeSessionParams.Builder`	Builder this, to facilitate chaining. This value cannot be `null`.

setNattKeepAliveDelaySeconds

Added in API level 31

public IkeSessionParams.Builder setNattKeepAliveDelaySeconds (int nattKeepaliveDelaySeconds)

Sets the Network Address Translation Traversal (NATT) keepalive delay in seconds.

Parameters
`nattKeepaliveDelaySeconds`	`int`: number of seconds between keepalive packet transmissions. Defaults to 10 seconds. MUST be a value from 10 seconds to 3600 seconds, inclusive. Value is between `ERROR(/android.net.ipsec.ike.IkeSessionParams#IKE_NATT_KEEPALIVE_DELAY_SEC_MIN)` and `ERROR(/android.net.ipsec.ike.IkeSessionParams#IKE_NATT_KEEPALIVE_DELAY_SEC_MAX)` inclusive

Returns
`IkeSessionParams.Builder`	Builder this, to facilitate chaining. This value cannot be `null`.

setNetwork

Added in API level 31

public IkeSessionParams.Builder setNetwork (Network network)

Sets the Network for the IkeSessionParams being built.

If no Network is provided, the default Network (as per ConnectivityManager.getActiveNetwork()) will be used when constructing an IkeSession.

Parameters
`network`	`Network`: the `Network` that IKE Session will use, or `null` to clear the previously set `Network`

Returns
`IkeSessionParams.Builder`	Builder this, to facilitate chaining. This value cannot be `null`.

setRemoteIdentification

Added in API level 31

public IkeSessionParams.Builder setRemoteIdentification (IkeIdentification identification)

Sets remote IKE identification for the IkeSessionParams being built.

Parameters
`identification`	`IkeIdentification`: the remote IKE identification. This value cannot be `null`.

Returns
`IkeSessionParams.Builder`	Builder this, to facilitate chaining. This value cannot be `null`.

setRetransmissionTimeoutsMillis

Added in API level 31

public IkeSessionParams.Builder setRetransmissionTimeoutsMillis (int[] retransTimeoutMillisList)

Sets the retransmission timeout list in milliseconds.

Configures the retransmission by providing an array of relative retransmission timeouts in milliseconds. After sending out a request and before receiving the response, the IKE Session will iterate through the array and wait for the relative timeout before the next retry. If the last timeout is exceeded, the IKE Session will be terminated.

Each element in the array MUST be a value from 500 ms to 1800000 ms (30 minutes). The length of the array MUST NOT exceed 10. This retransmission timeout list defaults to {0.5s, 1s, 2s, 4s, 8s}

Parameters
`retransTimeoutMillisList`	`int`: the array of relative retransmission timeout in milliseconds. This value cannot be `null`.

Returns
`IkeSessionParams.Builder`	Builder this, to facilitate chaining. This value cannot be `null`.

setServerHostname

Added in API level 31

public IkeSessionParams.Builder setServerHostname (String serverHostname)

Sets the server hostname for the IkeSessionParams being built.

Parameters
`serverHostname`	`String`: the hostname of the IKE server, such as "ike.android.com". This value cannot be `null`.

Returns
`IkeSessionParams.Builder`	Builder this, to facilitate chaining. This value cannot be `null`.