Package org.snmp4j.security
The org.snmp4j.security
package contains three groups of
classes and interfaces:
- The authentication protocols group contains interfaces and classes for authentication of SNMP(v3) messages.
- The privacy protocols group contains interfaces and classes for encryption and decryption of SNMP(v3) messages.
- The security model group combines authentication and privacy protocols to provide security services to message processing models.
Authentication as well as privacy protocols are security protocols and
thus both are derived from the common interface SecurityProtocol
.
In order to be able to use a security protocol with SNMP4J, the protocol
implementation class has to be registered with the
SecurityProtocols
singleton, which provides access to
authentication and privacy protocols.
Authentication Protocols
All SNMP4J authentication protocol implementations have to implement the
AuthenticationProtocol
interface. SNMP4J provides implementation
for the following authentication protocols:
- MD5, which is implemented by
AuthMD5
and - SHA, which is implemented by
AuthSHA
.
Privacy Protocols
All SNMP4J privacy protocol implementations have to implement the
PrivacyProtocol
interface. SNMP4J provides implementation
for the following privacy protocols:
- DES in CBC mode, which is implemented by
PrivDES
and - AES with 128bit key, which is implemented by
PrivAES128
. - AES with 192bit key, which is implemented by
PrivAES192
. - AES with 256bit key, which is implemented by
PrivAES256
. In order to be able to use 256bit strong encryption, the strong encryption enhancement package has to be downloaded and installed.
Security Models
All SNMP4J security models have to implement the SecurityModel
interface. Before a security model can be used with SNMP4J, it has to be
registered with the SecurityModels
singleton which provides
access to security models. SNMP4J implements a single security model, the
User Based Security Model (USM).
The USM
class uses a user name table (which contains
user names) and a user table (which contains localized user information) to
store user information. A time table is used to store time information
about SNMP engines to protect SNMP communication against replay attacks
if the corresponding security level has chosen.
The following UML class diagram shows the most important classes of the
org.snmp4j.security
package and their relationships
(relationships to other packages are not shown):
-
ClassDescriptionThe
AuthenticationProtocol
interface defines a common interface for all SNMP authentication protocols.The abstract class AuthGeneric implements common operations for SNMP authentication protocols, such as MD5 and SHA.The classAuthHMAC128SHA224
implements the usmHMAC128SHA224AuthProtocol defined by RFC 7630.The classAuthHMAC192SHA256
implements the usmHMAC192SHA2256AuthProtocol defined by RFC 7630.The classAuthHMAC256SHA384
implements the usmHMAC256SHA3846AuthProtocol defined by RFC 7630.The classAuthHMAC384SHA512
implements the usmHMAC384SHA5126AuthProtocol defined by RFC 7630.The AuthMD5 class implements the MD5 authentication protocol.TheSHA
class implements the Secure Hash Authentication.TheSHA-2
class implements the Secure Hash Authentication 2.TheByteArrayWindow
provides windowed access to a subarray of a byte array.The CipherPool class provides service to share and reuse Cipher instances, across different threads.Parameter class for encrypt and decrypt methods ofSecurityProtocol
.Privacy protocol class for Triple DES (DESEDE).The PrivacyGeneric abstract class implements common functionality of privacy protocols.ThePrivacyProtocol
interface defines a common interface for all SNMP privacy protocols.Base class for PrivAES128, PrivAES192 and PrivAES256.Encryption class for AES 128.Encryption class for AES 192.Encryption class for AES 256.Privacy protocol class for DES.TheSecurityLevel
interface contains enumerated values for the different security levels.TheSecurityModel
interface as described in RFC3411 section 4.4 and RFC 5590 section 5.TheSecurityModels
class is a collection of all supported security models of a SNMP entity.TheSecurityParameters
interface represents the security parameters in a SNMPv3 message.TheSecurityProtocol
class defines common methods of authentication and privacy protocols.TheSecurityProtocols
class holds all authentication and privacy protocols for a SNMP entity.TheSecurityStateReference
interface is an empty marker interface for security model dependent state references.The abstract classSNMPv3SecurityModel
implements common methods and fields for security models for the SNMPv3 message processing model.TheTSM
(Transport Security Model) implements aSecurityModel
which uses transport security mechanisms as defined in RFC 5591.SecurityParameters
implementation for theTSM
security model.TheTsmSecurityStateReference
holds cached security data for theTSM
security model.TheUSM
class implements the User Based Security Model (USM) as defined in RFC 3414.TheUsmSecurityStateReference
holds cached security data for theUSM
security model.TheUsmTimeEntry
class represents time synchronization information associated with an engine ID.TheUsmTimeTable
class is a singleton that stores USM user information as part of the Local Configuration Datastore (LCD).TheUsmUser
class represents USM user providing information to secure SNMPv3 message exchange.TheUsmUserEntry
class represents a user in the Local Configuration Datastore (LCD).TheUsmUserTable
class stores USM user information as part of the Local Configuration Datastore (LCD).