19.3.5 Enabling Privacy in SNMPv3 Managers
If you enable privacy in your SNMPv3 agents, then you must also enable privacy in the corresponding manager. The following example shows the code for an SNMPv3 agent with privacy enabled, called SyncManagerEncryptV3. This example is found in the examplesDir/current/Snmp/Manager directory.
Example 19–7 SyncManagerEncryptV3 Manager with Privacy Enabled
/**
public class SyncManagerEncryptV3 {
public static void main(String argv[]) {
SnmpSession session = null;
if (argv.length != 2) {
usage();
java.lang.System.exit(1);
}
//Check arguments first
//host and port.
final String host = argv[0];
final String port = argv[1];
// Initialize the SNMP Manager API.
//
[...]
// Activate the encryption
//
// First create parameters.
//
final SnmpEngineParameters parameters =
new SnmpEngineParameters();
// Then activate encryption
parameters.activateEncryption();
// Finaly create the session passing it the parameters.
try {
// When instantiating a session, a new SNMP V3 engine is
// instantiated.
session= new SnmpSession(parameters,
null,
"SyncV3Manager session",
null);
}catch(SnmpStatusException e) {
println(e.getMessage());
java.lang.System.exit(0);
}
catch(IllegalArgumentException e) {
//If the engine configuration is faulty
println(e.getMessage());
java.lang.System.exit(0);
}
final SnmpEngine engine = session.getEngine();
// Create a SnmpPeer object
//
final SnmpUsmPeer agent =
new SnmpUsmPeer(engine, host, Integer.parseInt(port));
// Create parameters to associate to the entity to
// communicate with.
//
final SnmpUsmParameters p =
new SnmpUsmParameters(engine, "defaultUser");
// Set Security level
//
p.setSecurityLevel(SnmpDefinitions.authPriv);
// Register MIBS under the scope of a context.
//
p.setContextName("TEST-CONTEXT".getBytes());
// Specify a contextEngineId. This is
//
p.setContextEngineId(agent.getEngineId().getBytes());
// The newly created parameter must be associated to the agent.
//
agent.setParams(p);
// Discovery timeliness
//
agent.processUsmTimelinessDiscovery();
// A default peer (agent) can be associated to a SnmpSession.
//
session.setDefaultPeer(agent);
// Create a listener and dispatcher for SNMP traps
final SnmpEventReportDispatcher trapAgent =
new SnmpEventReportDispatcher(engine,
Integer.parseInt(port) + 1,
taskServer, null);
trapAgent.addTrapListener(new TrapListenerImpl());
final Thread trapThread = new Thread(trapAgent);
trapThread.setPriority(Thread.MAX_PRIORITY);
trapThread.start();
// Build the list of variables you want to query.
// For debug purposes, you can associate a name to your list.
//
final SnmpVarBindList list =
new SnmpVarBindList("SyncManagerEncryptV3 varbind list");
// We want to read the "sysDescr" variable.
//
// We will thus query "sysDescr.0", as sysDescr is a scalar
// variable (see RFC 1157, section 3.2.6.3. Identification
// of Object Instances, or RFC 2578, section 7. Mapping of
// the OBJECT-TYPE macro).
//
list.addVarBind("sysDescr.0");
// Make the SNMP get request and wait for the result.
//
final SnmpRequest request = session.snmpGetRequest(null, list);
println("SyncManagerEncryptV3::main:" +
" Send get request to SNMP agent on " +
host + " at port " + port);
final boolean completed = request.waitForCompletion(10000);
// Check for a timeout of the request.
//
if (completed == false) {
println("SyncManagerEncryptV3::main:" +
" Request timed out. Check reachability of agent");
// Print request.
//
println("Request: " + request.toString());
java.lang.System.exit(0);
}
// Check if the response contains an
// error.
//
final int errorStatus = request.getErrorStatus();
if (errorStatus != SnmpDefinitions.snmpRspNoError) {
println("Error status = " +
SnmpRequest.snmpErrorToString(errorStatus));
println("Error index = " +
request.getErrorIndex());
java.lang.System.exit(0);
}
// Display the content of the result.
//
final SnmpVarBindList result = request.getResponseVarBindList();
println("Result: \n" + result);
println("\n>> Press Enter if you want to stop" +
" this SNMP manager.\n");
java.lang.System.in.read();
// Nicely stop the session
//
session.destroySession();
// End the SnmpEventReportDispatcher.
//
trapAgent.close();
taskServer.terminate();
//
// That's all !
//
java.lang.System.exit(0);
} catch(Exception e) {
java.lang.System.err.println("SyncManagerEncryptV3::main:" +
" Exception occurred:" + e );
e.printStackTrace();
}
}
}
|
By default, a Java DMK 5.1 manager handles requests that are authenticated, but not encrypted. To activate encryption, you need to set certain parameters when you instantiate the SNMP session. As shown in Example 19–7, these parameters are passed to the engine using the SnmpEngineParameters class, as follows:
-
Firstly, the application creates new SNMP engine parameters, called parameters in this example, by calling SnmpEngineParameters:
SnmpEngineParameters parameters = new SnmpEngineParameters();
-
Then it activates encryption by making parameters call the activateEncryption method:
parameters.activateEncryption();
-
Finally, it then passes the parameters to the newly created SNMPv3 session:
session= new SnmpSession(parameters, null, "SyncV3Manager session", null)
The SyncManagerEncryptV3 manager application then continues with the generation of a USM peer, defining the context and setting trap listeners in the same way as any other manager. Note, however, that in this manager, the security level is set to authPriv.
As well as the manager itself, you must also configure the security file associated with that manager. Example 19–8 shows the security file associated with SyncManagerEncryptV3.
Example 19–8 Manager jdmkencrypt.security File
#Authentication and encryption. userEntry=0x8000002a05819dcb6e00001f95,defaultUser,, usmHMACMD5AuthProtocol,mypasswd,usmDESPrivProtocol,mypasswd # #####APPENDED PROPERTY#### localEngineBoots=2 # #####APPENDED PROPERTY#### localEngineID=0x8000002a05000000ebffd342ca |
As was the case for the AgentEncryptV3 agent, in this file, you can see that the DES privacy protocol is specified.
To Run the SyncManagerEncryptV3 Example
-
If you have not already done so, build and compile the AgentEncryptV3 example in examplesDir/current/Snmp/Agent.
Type the following commands:
$ mibgen -d . mib_II.txt $ javac -classpath classpath -d . *.java
-
Start the AgentEncryptV3 agent, passing it its associated security file, jdmkencrypt.security.
$ java -classpath classpath -Djdmk.security.file=jdmkencrypt.security AgentEncryptV3
Press Enter to start sending traps.
-
Press Enter to start sending traps.
-
In another window, if you have not already done so, build and compile the SyncManagerEncryptV3 example in examplesDir/current/Snmp/Manager.
Type the following commands:
$ mibgen -mo -d . mib_II.txt $ javac -classpath classpath -d . *.java
-
Start the SyncManagerEncryptV3 manager, passing it its associated security file, jdmkencrypt.security, and specifying the host name and port number of the agent it is to communicate with.
$ java -classpath classpath -Djdmk.security.file=jdmkencrypt.security SyncManagerEncryptV3 localhost 8085
You should see the manager start to receive encrypted traps from the agent.
SyncManagerEncryptV3::main: Send get request to SNMP agent on localhost at port 8085 Result: [Object ID : 1.3.6.1.2.1.1.1.0 (Syntax : String) Value : SunOS sparc 5.8] >> Press Enter if you want to stop this SNMP manager. NOTE: TrapListenerImpl received trap V3: ContextEngineId : 0x8000002a05819dcb6e00001f95 ContextName : TEST-CONTEXT VarBind list : oid : 1.3.6.1.2.1.1.3.0 val : 0:0:40 oid : 1.3.6.1.6.3.1.1.4.1.0 val : 1.2.3.4.5.6.7.8.9.0 oid : 1.3.6.1.2.1.2.2.1.1.1 val : 1 -
Press Control-C in each window to stop both the agent and the manager
- © 2010, Oracle Corporation and/or its affiliates