Class ProxyProtocolHeader

java.lang.Object
org.forgerock.opendj.io.rx.ProxyProtocolHeader

public final class ProxyProtocolHeader extends Object
This class defines the proxy protocol header as it is described in the proxy protocol documentation. If the proxy protocol is enabled on DS and the proxy ip address is allowed, this header will be parsed at the beginning of the LDAP connections to extract the original IP address and the SSL information, if present, of the proxied client application. Both versions of the proxy protocol (version 1 and version 2) are supported.
  • Field Details

    • PP2_TYPE_ALPN

      public static final byte PP2_TYPE_ALPN
      Application-Layer Protocol Negotiation (ALPN). It is a byte sequence defining the upper layer protocol in use over the connection. The most common use case will be to pass the exact copy of the ALPN extension of the Transport Layer Security (TLS) protocol as defined by RFC7301.
      See Also:
    • PP2_TYPE_AUTHORITY

      public static final byte PP2_TYPE_AUTHORITY
      Contains the host name value passed by the client, as an UTF8-encoded string. In case of TLS being used on the client connection, this is the exact copy of the "server_name" extension as defined by RFC3546 [10], section 3.1, often referred to as "SNI". There are probably other situations where an authority can be mentioned on a connection without TLS being involved at all.
      See Also:
    • PP2_TYPE_CRC32C

      public static final byte PP2_TYPE_CRC32C
      The value of the type PP2_TYPE_CRC32C is a 32-bit number storing the CRC32c checksum of the PROXY protocol header.
      See Also:
    • PP2_TYPE_NOOP

      public static final byte PP2_TYPE_NOOP
      The TLV of this type should be ignored when parsed. The value is zero or more bytes. Can be used for data padding or alignment. Note that it can be used to align only by 3 or more bytes because a TLV can not be smaller than that.
      See Also:
    • PP2_TYPE_UNIQUE_ID

      public static final byte PP2_TYPE_UNIQUE_ID
      The value of the type PP2_TYPE_UNIQUE_ID is an opaque byte sequence of up to 128 bytes generated by the upstream proxy that uniquely identifies the connection.
      See Also:
    • PP2_TYPE_SSL

      public static final byte PP2_TYPE_SSL
      Type of the SSL TLV.
      See Also:
    • PP2_TYPE_NETNS

      public static final byte PP2_TYPE_NETNS
      The type PP2_TYPE_NETNS defines the value as the US-ASCII string representation of the namespace's name.
      See Also:
  • Method Details

    • newLocalProxyProtocolHeader

      public static ProxyProtocolHeader newLocalProxyProtocolHeader(int version)
      Returns a new proxy protocol header with a local command.
      Parameters:
      version - the proxy protocol version. Valid values are 1 and 2.
      Returns:
      a new proxy protocol header with a local command.
      Throws:
      IllegalArgumentException - if the version in invalid.
    • newProxyProtocolHeader

      public static ProxyProtocolHeader newProxyProtocolHeader(int version, InetSocketAddress clientAddress, InetSocketAddress proxyAddress) throws IllegalArgumentException
      Returns a new proxy protocol header with a proxy command: the connection is relayed on behalf of a client.
      Parameters:
      version - the proxy protocol version. Valid values are 1 and 2.
      clientAddress - the effective client address (source address) or null if the address is not an InetSocketAddress.
      proxyAddress - the proxy address (destination address) or null if the address is not an InetSocketAddress.
      Returns:
      a new proxy protocol header with a proxy command.
      Throws:
      IllegalArgumentException - if the version in invalid.
    • newProxyProtocolHeader

      public static ProxyProtocolHeader newProxyProtocolHeader(int version, InetSocketAddress clientAddress, InetSocketAddress proxyAddress, ProxyProtocolHeader.SslTlv sslTlv) throws IllegalArgumentException
      Returns a new proxy protocol header with a proxy command: the connection is relayed on behalf of a client.
      Parameters:
      version - the proxy protocol version. Valid values are 1 and 2.
      clientAddress - the effective client address (source address) or null if the address is not an InetSocketAddress.
      proxyAddress - the proxy address (destination address) or null if the address is not an InetSocketAddress.
      sslTlv - information describing if and how the client connected using SSL.
      Returns:
      a new proxy protocol header with a proxy command.
      Throws:
      IllegalArgumentException - if the version is invalid.
    • getVersion

      public int getVersion()
      Returns the version of the header.
      Returns:
      The version (1 or 2).
    • isLocalCommnand

      public boolean isLocalCommnand()
      Returns whether this proxy header represents a LOCAL command. Effectively, a connection established directly on the behalf of the proxy.
      Returns:
      true if the connection has been established on the behalf of the proxy. false if the connection has been established on the behalf of a client.
    • getProtocol

      public String getProtocol()
      Returns the transport protocol used by the client to communicate with the proxy.
      Returns:
      The transport protocol (TCP4, TCP6 or UNKNKOWN)
    • getSourceAddress

      public InetSocketAddress getSourceAddress()
      Returns the proxied client's address.
      Returns:
      the proxied client's address.
    • getDestinationAddress

      public InetSocketAddress getDestinationAddress()
      Returns the proxy's address.
      Returns:
      the proxy's address.
    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object
    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object
    • getTlvs

      public Map<Byte,ByteString> getTlvs()
      Returns Additional information contained in the header as part of the Type-Length-Value.
      Returns:
      The TLVs.
    • getSslTlv

      public ProxyProtocolHeader.SslTlv getSslTlv()
      Returns the information about the SSL protocol that the client might be using on the connection.
      Returns:
      The SSL information.
    • getSslCipher

      public String getSslCipher()
      Returns the SSL cipher used by the proxied client or null if the proxied client did not use a secure connection or in case of proxy protocol V1 as it does not contain SSL information.
      Returns:
      the SSL cipher used by the proxied client or null if the proxied client did not use a secure connection or in case of proxy protocol V1 as it does not contain SSL information.
    • getSslVersion

      public String getSslVersion()
      Returns the SSL version used by the proxied client or null if the proxied client did not use a secure connection or in case of proxy protocol V1 as it does not contain SSL information.
      Returns:
      the SSL version used by the proxied client or null if the proxied client did not use a secure connection or in case of proxy protocol V1 as it does not contain SSL information.
    • isSsl

      public boolean isSsl()
      Returns true if the proxied client uses SSL. Always false for proxy protocol V1 as it does not contain SSL information.
      Returns:
      true if the proxied client uses SSL. Always false for proxy protocol V1 as it does not contain SSL information.