Module org.snmp4j

Package org.snmp4j.security

Provides classes and interfaces for authentication and privacy of SNMP(v3) messages.

The org.snmp4j.security package contains three groups of classes and interfaces:

• The authentication protocols group contains interfaces and classes for authentication of SNMP(v3) messages.
• The privacy protocols group contains interfaces and classes for encryption and decryption of SNMP(v3) messages.
• The security model group combines authentication and privacy protocols to provide security services to message processing models.

Authentication as well as privacy protocols are security protocols and thus both are derived from the common interface SecurityProtocol. In order to be able to use a security protocol with SNMP4J, the protocol implementation class has to be registered with the SecurityProtocols singleton, which provides access to authentication and privacy protocols.

Authentication Protocols

All SNMP4J authentication protocol implementations have to implement the AuthenticationProtocol interface. SNMP4J provides implementation for the following authentication protocols:

• MD5, which is implemented by AuthMD5 and
• SHA, which is implemented by AuthSHA.

Privacy Protocols

All SNMP4J privacy protocol implementations have to implement the PrivacyProtocol interface. SNMP4J provides implementation for the following privacy protocols:

• DES in CBC mode, which is implemented by PrivDES and
• AES with 128bit key, which is implemented by PrivAES128.
• AES with 192bit key, which is implemented by PrivAES192.
• AES with 256bit key, which is implemented by PrivAES256. In order to be able to use 256bit strong encryption, the strong encryption enhancement package has to be downloaded and installed.

Security Models

All SNMP4J security models have to implement the SecurityModel interface. Before a security model can be used with SNMP4J, it has to be registered with the SecurityModels singleton which provides access to security models. SNMP4J implements a single security model, the User Based Security Model (USM).

The USM class uses a user name table (which contains user names) and a user table (which contains localized user information) to store user information. A time table is used to store time information about SNMP engines to protect SNMP communication against replay attacks if the corresponding security level has chosen.

The following UML class diagram shows the most important classes of the org.snmp4j.security package and their relationships (relationships to other packages are not shown):

Interface Summary

Interface	Description
AuthenticationProtocol	The AuthenticationProtocol interface defines a common interface for all SNMP authentication protocols.
PrivacyProtocol	The PrivacyProtocol interface defines a common interface for all SNMP privacy protocols.
SecurityModel	The SecurityModel interface as described in RFC3411 section 4.4 and RFC 5590 section 5.
SecurityParameters	The SecurityParameters interface represents the security parameters in a SNMPv3 message.
SecurityProtocol	The SecurityProtocol class defines common methods of authentication and privacy protocols.
SecurityStateReference	The SecurityStateReference interface is an empty marker interface for security model dependent state references.

Class Summary

Class	Description
AuthGeneric	The abstract class AuthGeneric implements common operations for SNMP authentication protocols, such as MD5 and SHA.
AuthHMAC128SHA224	The class AuthHMAC128SHA224 implements the usmHMAC128SHA224AuthProtocol defined by RFC 7630.
AuthHMAC192SHA256	The class AuthHMAC192SHA256 implements the usmHMAC192SHA2256AuthProtocol defined by RFC 7630.
AuthHMAC256SHA384	The class AuthHMAC256SHA384 implements the usmHMAC256SHA3846AuthProtocol defined by RFC 7630.
AuthHMAC384SHA512	The class AuthHMAC384SHA512 implements the usmHMAC384SHA5126AuthProtocol defined by RFC 7630.
AuthMD5	The AuthMD5 class implements the MD5 authentication protocol.
AuthSHA	The SHA class implements the Secure Hash Authentication.
AuthSHA2	The SHA-2 class implements the Secure Hash Authentication 2.
ByteArrayWindow	The ByteArrayWindow provides windowed access to a subarray of a byte array.
CipherPool	The CipherPool class provides service to share and reuse Cipher instances, across different threads.
DecryptParams	Parameter class for encrypt and decrypt methods of SecurityProtocol.
Priv3DES	Privacy protocol class for Triple DES (DESEDE).
PrivacyGeneric	The PrivacyGeneric abstract class implements common functionality of privacy protocols.
PrivAES	Base class for PrivAES128, PrivAES192 and PrivAES256.
PrivAES128	Encryption class for AES 128.
PrivAES192	Encryption class for AES 192.
PrivAES256	Encryption class for AES 256.
PrivDES	Privacy protocol class for DES.
Salt	Class that holds a 64 bit salt value for crypto operations.
SecurityModels	The SecurityModels class is a collection of all supported security models of a SNMP entity.
SecurityProtocols	The SecurityProtocols class holds all authentication and privacy protocols for a SNMP entity.
SNMPv3SecurityModel	The abstract class SNMPv3SecurityModel implements common methods and fields for security models for the SNMPv3 message processing model.
TSM	The TSM (Transport Security Model) implements a SecurityModel which uses transport security mechanisms as defined in RFC 5591.
TsmSecurityParameters	SecurityParameters implementation for the TSM security model.
TsmSecurityStateReference	The TsmSecurityStateReference holds cached security data for the TSM security model.
USM	The USM class implements the User Based Security Model (USM) as defined in RFC 3414.
UsmSecurityParameters
UsmSecurityStateReference	The UsmSecurityStateReference holds cached security data for the USM security model.
UsmTimeEntry	The UsmTimeEntry class represents time synchronization information associated with an engine ID.
UsmTimeTable	The UsmTimeTable class is a singleton that stores USM user information as part of the Local Configuration Datastore (LCD).
UsmUser	The UsmUser class represents USM user providing information to secure SNMPv3 message exchange.
UsmUserEntry	The UsmUserEntry class represents a user in the Local Configuration Datastore (LCD).
UsmUserTable	The UsmUserTable class stores USM user information as part of the Local Configuration Datastore (LCD).
UsmUserTable.UsmUserKey

Enum Summary

Enum	Description
SecurityLevel	The SecurityLevel interface contains enumerated values for the different security levels.
SecurityProtocols.SecurityProtocolType