1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.net.ipsec.ike;
18 
19 import android.annotation.IntRange;
20 import android.annotation.NonNull;
21 import android.annotation.SystemApi;
22 
23 import java.util.Objects;
24 
25 /**
26  * TransportModeChildSessionParams represents proposed configurations for negotiating a transport
27  * mode Child Session.
28  *
29  * @hide
30  */
31 @SystemApi
32 public final class TransportModeChildSessionParams extends ChildSessionParams {
TransportModeChildSessionParams( IkeTrafficSelector[] inboundTs, IkeTrafficSelector[] outboundTs, ChildSaProposal[] proposals, int hardLifetimeSec, int softLifetimeSec)33     private TransportModeChildSessionParams(
34             IkeTrafficSelector[] inboundTs,
35             IkeTrafficSelector[] outboundTs,
36             ChildSaProposal[] proposals,
37             int hardLifetimeSec,
38             int softLifetimeSec) {
39         super(
40                 inboundTs,
41                 outboundTs,
42                 proposals,
43                 hardLifetimeSec,
44                 softLifetimeSec,
45                 true /*isTransport*/);
46     }
47 
48     /**
49      * This class can be used to incrementally construct a {@link TransportModeChildSessionParams}.
50      */
51     public static final class Builder extends ChildSessionParams.Builder {
52         /** Create a Builder for negotiating a transport mode Child Session. */
Builder()53         public Builder() {
54             super();
55         }
56 
57         /**
58          * Adds a Child SA proposal to the {@link TransportModeChildSessionParams} being built.
59          *
60          * @param proposal Child SA proposal.
61          * @return Builder this, to facilitate chaining.
62          */
63         @NonNull
addSaProposal(@onNull ChildSaProposal proposal)64         public Builder addSaProposal(@NonNull ChildSaProposal proposal) {
65             addProposal(proposal);
66             return this;
67         }
68 
69         /**
70          * Adds an inbound {@link IkeTrafficSelector} to the {@link TransportModeChildSessionParams}
71          * being built.
72          *
73          * <p>This method allows callers to limit the inbound traffic transmitted over the Child
74          * Session to the given range. The IKE server may further narrow the range. Callers should
75          * refer to {@link ChildSessionConfiguration} for the negotiated traffic selectors.
76          *
77          * <p>If no inbound {@link IkeTrafficSelector} is provided, a default value will be used
78          * that covers all IP addresses and ports.
79          *
80          * @param trafficSelector the inbound {@link IkeTrafficSelector}.
81          * @return Builder this, to facilitate chaining.
82          */
83         @NonNull
addInboundTrafficSelectors(@onNull IkeTrafficSelector trafficSelector)84         public Builder addInboundTrafficSelectors(@NonNull IkeTrafficSelector trafficSelector) {
85             Objects.requireNonNull(trafficSelector, "Required argument not provided");
86             addInboundTs(trafficSelector);
87             return this;
88         }
89 
90         /**
91          * Adds an outbound {@link IkeTrafficSelector} to the {@link
92          * TransportModeChildSessionParams} being built.
93          *
94          * <p>This method allows callers to limit the outbound traffic transmitted over the Child
95          * Session to the given range. The IKE server may further narrow the range. Callers should
96          * refer to {@link ChildSessionConfiguration} for the negotiated traffic selectors.
97          *
98          * <p>If no outbound {@link IkeTrafficSelector} is provided, a default value will be used
99          * that covers all IP addresses and ports.
100          *
101          * @param trafficSelector the outbound {@link IkeTrafficSelector}.
102          * @return Builder this, to facilitate chaining.
103          */
104         @NonNull
addOutboundTrafficSelectors(@onNull IkeTrafficSelector trafficSelector)105         public Builder addOutboundTrafficSelectors(@NonNull IkeTrafficSelector trafficSelector) {
106             Objects.requireNonNull(trafficSelector, "Required argument not provided");
107             addOutboundTs(trafficSelector);
108             return this;
109         }
110 
111         /**
112          * Sets hard and soft lifetimes.
113          *
114          * <p>Lifetimes will not be negotiated with the remote IKE server.
115          *
116          * @param hardLifetimeSeconds number of seconds after which Child SA will expire. Defaults
117          *     to 7200 seconds (2 hours). Considering IPsec packet lifetime, IKE library requires
118          *     hard lifetime to be a value from 300 seconds (5 minutes) to 14400 seconds (4 hours),
119          *     inclusive.
120          * @param softLifetimeSeconds number of seconds after which Child SA will request rekey.
121          *     Defaults to 3600 seconds (1 hour). MUST be at least 120 seconds (2 minutes), and at
122          *     least 60 seconds (1 minute) shorter than the hard lifetime.
123          */
124         @NonNull
setLifetimeSeconds( @ntRange from = CHILD_HARD_LIFETIME_SEC_MINIMUM, to = CHILD_HARD_LIFETIME_SEC_MAXIMUM) int hardLifetimeSeconds, @IntRange( from = CHILD_SOFT_LIFETIME_SEC_MINIMUM, to = CHILD_HARD_LIFETIME_SEC_MAXIMUM) int softLifetimeSeconds)125         public Builder setLifetimeSeconds(
126                 @IntRange(
127                                 from = CHILD_HARD_LIFETIME_SEC_MINIMUM,
128                                 to = CHILD_HARD_LIFETIME_SEC_MAXIMUM)
129                         int hardLifetimeSeconds,
130                 @IntRange(
131                                 from = CHILD_SOFT_LIFETIME_SEC_MINIMUM,
132                                 to = CHILD_HARD_LIFETIME_SEC_MAXIMUM)
133                         int softLifetimeSeconds) {
134             validateAndSetLifetime(hardLifetimeSeconds, softLifetimeSeconds);
135             mHardLifetimeSec = hardLifetimeSeconds;
136             mSoftLifetimeSec = softLifetimeSeconds;
137             return this;
138         }
139 
140         /**
141          * Validates and builds the {@link TransportModeChildSessionParams}.
142          *
143          * @return the validated {@link TransportModeChildSessionParams}.
144          */
145         @NonNull
build()146         public TransportModeChildSessionParams build() {
147             addDefaultTsIfNotConfigured();
148             validateOrThrow();
149 
150             return new TransportModeChildSessionParams(
151                     mInboundTsList.toArray(new IkeTrafficSelector[0]),
152                     mOutboundTsList.toArray(new IkeTrafficSelector[0]),
153                     mSaProposalList.toArray(new ChildSaProposal[0]),
154                     mHardLifetimeSec,
155                     mSoftLifetimeSec);
156         }
157     }
158 }
159