Since version 3.0, SNMP4J and SNMP4J-Agent support TLS. This How-To describes how those SNMP4J APIs are configured to use TLS.
The following steps prepare the SNMP4J API for TLS usage:
-Djavax.net.ssl.trustStore=<trustStoreFilePath> -Djavax.net.ssl.trustStorePassword=<trustStorePassword> -Djavax.net.ssl.keyStore=<keyStoreFilePath> -Djavax.net.ssl.keyStorePassword=<keyStorePassword> |
// create the TLS transport mapping: AbstractTransportMapping transport = new TLSTM(); // set the security callback (only required for command responder, // but also recommended for command generators) - // the callback will be configured later: DefaultTlsTmSecurityCallback securityCallback = new DefaultTlsTmSecurityCallback(); ((TLSTM)transport).setSecurityCallback(securityCallback); MessageDispatcher md = new MessageDispatcherImpl(); // we need MPv3 for TLSTM: md.addMessageProcessingModel(new MPv3()); Snmp snmp = new Snmp(md, transport); // create and initialize the TransportSecurityModel TSM: SecurityModels.getInstance().addSecurityModel(new TSM(new OctetString(mpv3.getLocalEngineID()), false)); // do not forget to listen for responses: snmp.listen(); |
String sn = "myTlsSecurityName"; CertifiedTarget ct = new CertifiedTarget(new OctetString(sn)); ct.setSecurityModel(SecurityModel.SECURITY_MODEL_TSM); ct.setAddress(GenericAddress.parse("tls:127.0.0.1/161")); |
// add the distinguished name (DN) of the certificates we want to accept as peer: securityCallback.addAcceptedSubjectDN(""EMAILADDRESS=info@company.com, C=US, CN=Foo Bar""); // |