Package org.snmp4j.security
The org.snmp4j.security package contains three groups of
classes and interfaces:
- The authentication protocols group contains interfaces and classes for authentication of SNMP(v3) messages.
- The privacy protocols group contains interfaces and classes for encryption and decryption of SNMP(v3) messages.
- The security model group combines authentication and privacy protocols to provide security services to message processing models.
Authentication as well as privacy protocols are security protocols and
thus both are derived from the common interface SecurityProtocol.
In order to be able to use a security protocol with SNMP4J, the protocol
implementation class has to be registered with the
SecurityProtocols singleton, which provides access to
authentication and privacy protocols.
Authentication Protocols
All SNMP4J authentication protocol implementations have to implement the
AuthenticationProtocol interface. SNMP4J provides implementation
for the following authentication protocols:
- MD5, which is implemented by
AuthMD5and - SHA, which is implemented by
AuthSHA.
Privacy Protocols
All SNMP4J privacy protocol implementations have to implement the
PrivacyProtocol interface. SNMP4J provides implementation
for the following privacy protocols:
- DES in CBC mode, which is implemented by
PrivDESand - AES with 128bit key, which is implemented by
PrivAES128. - AES with 192bit key, which is implemented by
PrivAES192. - AES with 256bit key, which is implemented by
PrivAES256. In order to be able to use 256bit strong encryption, the strong encryption enhancement package has to be downloaded and installed.
Security Models
All SNMP4J security models have to implement the SecurityModel
interface. Before a security model can be used with SNMP4J, it has to be
registered with the SecurityModels singleton which provides
access to security models. SNMP4J implements a single security model, the
User Based Security Model (USM).
The USM class uses a user name table (which contains
user names) and a user table (which contains localized user information) to
store user information. A time table is used to store time information
about SNMP engines to protect SNMP communication against replay attacks
if the corresponding security level has chosen.
The following UML class diagram shows the most important classes of the
org.snmp4j.security package and their relationships
(relationships to other packages are not shown):
-
ClassDescriptionThe
AuthenticationProtocolinterface defines a common interface for all SNMP authentication protocols.The abstract class AuthGeneric implements common operations for SNMP authentication protocols, such as MD5 and SHA.The classAuthHMAC128SHA224implements the usmHMAC128SHA224AuthProtocol defined by RFC 7630.The classAuthHMAC192SHA256implements the usmHMAC192SHA2256AuthProtocol defined by RFC 7630.The classAuthHMAC256SHA384implements the usmHMAC256SHA3846AuthProtocol defined by RFC 7630.The classAuthHMAC384SHA512implements the usmHMAC384SHA5126AuthProtocol defined by RFC 7630.The AuthMD5 class implements the MD5 authentication protocol.TheSHAclass implements the Secure Hash Authentication.TheSHA-2class implements the Secure Hash Authentication 2.TheByteArrayWindowprovides windowed access to a subarray of a byte array.The CipherPool class provides service to share and reuse Cipher instances, across different threads.Parameter class for encrypt and decrypt methods ofSecurityProtocol.Privacy protocol class for Triple DES (DESEDE).The PrivacyGeneric abstract class implements common functionality of privacy protocols.ThePrivacyProtocolinterface defines a common interface for all SNMP privacy protocols.Base class for PrivAES128, PrivAES192 and PrivAES256.Encryption class for AES 128.Encryption class for AES 192.Encryption class for AES 256.Privacy protocol class for DES.TheSecurityLevelinterface contains enumerated values for the different security levels.TheSecurityModelinterface as described in RFC3411 section 4.4 and RFC 5590 section 5.TheSecurityModelsclass is a collection of all supported security models of a SNMP entity.TheSecurityParametersinterface represents the security parameters in a SNMPv3 message.TheSecurityProtocolclass defines common methods of authentication and privacy protocols.TheSecurityProtocolsclass holds all authentication and privacy protocols for a SNMP entity.TheSecurityStateReferenceinterface is an empty marker interface for security model dependent state references.The abstract classSNMPv3SecurityModelimplements common methods and fields for security models for the SNMPv3 message processing model.TheTSM(Transport Security Model) implements aSecurityModelwhich uses transport security mechanisms as defined in RFC 5591.SecurityParametersimplementation for theTSMsecurity model.TheTsmSecurityStateReferenceholds cached security data for theTSMsecurity model.TheUSMclass implements the User Based Security Model (USM) as defined in RFC 3414.TheUsmSecurityStateReferenceholds cached security data for theUSMsecurity model.TheUsmTimeEntryclass represents time synchronization information associated with an engine ID.TheUsmTimeTableclass is a singleton that stores USM user information as part of the Local Configuration Datastore (LCD).TheUsmUserclass represents USM user providing information to secure SNMPv3 message exchange.TheUsmUserEntryclass represents a user in the Local Configuration Datastore (LCD).TheUsmUserTableclass stores USM user information as part of the Local Configuration Datastore (LCD).