Module org.snmp4j

Package org.snmp4j.security

Class AuthGeneric

java.lang.Object

org.snmp4j.security.AuthGeneric

All Implemented Interfaces:

Serializable, AuthenticationProtocol, SecurityProtocol

Direct Known Subclasses:

AuthMD5, AuthSHA, AuthSHA2

public abstract class AuthGeneric
extends Object
implements AuthenticationProtocol

The abstract class AuthGeneric implements common operations for SNMP authentication protocols, such as MD5 and SHA.

Version:

1.0

Author:

Frank Fock, Jochen Katz

See Also:

• Serialized Form

Field Summary

Fields

Modifier and Type	Field	Description
static final int	HMAC_BLOCK_SIZE
protected int	hmacBlockSize

Constructor Summary

Constructors

Constructor	Description
AuthGeneric(String protoName, int digestLength)	Creates an authentication protocol with the specified name (ID) and digest length and using the DEFAULT_AUTHENTICATION_CODE_LENGTH default code length.
AuthGeneric(String protoName, int digestLength, int authenticationCodeLength)	Creates an authentication protocol with the specified name (ID) and digest length and using the DEFAULT_AUTHENTICATION_CODE_LENGTH default code length.
AuthGeneric(String protoName, int digestLength, int authenticationCodeLength, int hmacBlockSize)	Creates an authentication protocol with the specified name (ID) and digest length and using the DEFAULT_AUTHENTICATION_CODE_LENGTH default code length.

Method Summary

Modifier and Type	Method	Description
boolean	authenticate(byte[] authenticationKey, byte[] message, int messageOffset, int messageLength, ByteArrayWindow digest)	Authenticates an outgoing message.
byte[]	changeDelta(byte[] oldKey, byte[] newKey, byte[] random)	Computes the delta digest needed to remotely change an user's authenitcation key.
int	getAuthenticationCodeLength()	The length of the authentication code (the hashing output length) in octets.
int	getDigestLength()	Gets the length of the message digest used by this authentication protocol.
protected MessageDigest	getDigestObject()	Get a fresh MessageDigest object of the Algorithm specified in the constructor.
int	getMaxKeyLength()	Get the maximum length of the key in bytes for this security protocol.
byte[]	hash(byte[] data)	Generates a hash value for the given data.
byte[]	hash(byte[] data, int offset, int length)	Generates a hash value for the given data.
boolean	isAuthentic(byte[] authenticationKey, byte[] message, int messageOffset, int messageLength, ByteArrayWindow digest)	Authenticates an incoming message.
boolean	isSupported()	Checks whether this security protocol is actually supported by this Java runtime environment.
byte[]	passwordToKey(OctetString passwordString, byte[] engineID)	Generates the localized key for the given password and engine id.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.snmp4j.security.AuthenticationProtocol

getID

Field Details

HMAC_BLOCK_SIZE

public static final int HMAC_BLOCK_SIZE

See Also:

• Constant Field Values

hmacBlockSize

protected int hmacBlockSize

Constructor Details

AuthGeneric

public AuthGeneric(String protoName,
 int digestLength)

Creates an authentication protocol with the specified name (ID) and digest length and using the DEFAULT_AUTHENTICATION_CODE_LENGTH default code length.

Parameters:

protoName - the name (ID) of the authentication protocol. Only names that are supported by the used security provider can be used.

digestLength - the digest length.

AuthGeneric

public AuthGeneric(String protoName,
 int digestLength,
 int authenticationCodeLength)

Creates an authentication protocol with the specified name (ID) and digest length and using the DEFAULT_AUTHENTICATION_CODE_LENGTH default code length.

Parameters:

protoName - the name (ID) of the authentication protocol. Only names that are supported by the used security provider can be used.

digestLength - the digest length.

authenticationCodeLength - the length of the hash output (i.e., the authentication code length).

Since:

2.4.0

AuthGeneric

public AuthGeneric(String protoName,
 int digestLength,
 int authenticationCodeLength,
 int hmacBlockSize)

Creates an authentication protocol with the specified name (ID) and digest length and using the DEFAULT_AUTHENTICATION_CODE_LENGTH default code length.

Parameters:

protoName - the name (ID) of the authentication protocol. Only names that are supported by the used security provider can be used.

digestLength - the digest length.

authenticationCodeLength - the length of the hash output (i.e., the authentication code length).

hmacBlockSize - the HMAC block size of the authentication protocol.

Since:

2.5.4

Method Details

getDigestLength

public int getDigestLength()

Gets the length of the message digest used by this authentication protocol.

Specified by:

getDigestLength in interface AuthenticationProtocol

Returns:

the number of octets in the digest.

getMaxKeyLength

public int getMaxKeyLength()

Description copied from interface: SecurityProtocol

Get the maximum length of the key in bytes for this security protocol.

Specified by:

getMaxKeyLength in interface SecurityProtocol

Returns:

the (maximum) length of the security protocols key.

getAuthenticationCodeLength

public int getAuthenticationCodeLength()

The length of the authentication code (the hashing output length) in octets.

Specified by:

getAuthenticationCodeLength in interface AuthenticationProtocol

Returns:

the length of the authentication code.

Since:

2.4.0

getDigestObject

protected MessageDigest getDigestObject()

Get a fresh MessageDigest object of the Algorithm specified in the constructor.

Returns:

a new, fresh Message Digest object.

isSupported

public boolean isSupported()

Description copied from interface: SecurityProtocol

Checks whether this security protocol is actually supported by this Java runtime environment.

Specified by:

isSupported in interface SecurityProtocol

Returns:

true if this security protocol is supported, false otherwise.

authenticate

public boolean authenticate(byte[] authenticationKey,
 byte[] message,
 int messageOffset,
 int messageLength,
 ByteArrayWindow digest)

Description copied from interface: AuthenticationProtocol

Authenticates an outgoing message. This method fills the authentication parameters field of the given message. The parameter digestOffset offset is pointing inside the message buffer and must be zeroed before the authentication value is computed.

Specified by:

authenticate in interface AuthenticationProtocol

Parameters:

authenticationKey - the authentication key to be used for authenticating the message.

message - the entire message for which the digest should be determined.

messageOffset - the offset in message where the message actually starts.

messageLength - the actual message length (may be smaller than message.length).

digest - the offset in message where to store the digest.

Returns:

true if the message digest has been successfully computed and set, false otherwise.

isAuthentic

public boolean isAuthentic(byte[] authenticationKey,
 byte[] message,
 int messageOffset,
 int messageLength,
 ByteArrayWindow digest)

Description copied from interface: AuthenticationProtocol

Authenticates an incoming message. This method checks if the value in the authentication parameters field of the message is valid. The following procedure is used to verify the authenitcation value

• copy the authentication value to a temp buffer
• zero the auth field
• recalculate the authenthication value
• compare the two authentcation values
• write back the received authentication value

Specified by:

isAuthentic in interface AuthenticationProtocol

Parameters:

authenticationKey - the authentication key to be used for authenticating the message.

message - the entire message for which the digest should be determined.

messageOffset - the offset in message where the message actually starts.

messageLength - the actual message length (may be smaller than message.length).

digest - the digest of the message.

Returns:

true if the message is authentic, false otherwise.

changeDelta

public byte[] changeDelta(byte[] oldKey,
 byte[] newKey,
 byte[] random)

Description copied from interface: AuthenticationProtocol

Computes the delta digest needed to remotely change an user's authenitcation key. The length of the old key (e.g. 16 for MD5, 20 for SHA) must match the length of the new key.

Specified by:

changeDelta in interface AuthenticationProtocol

Parameters:

oldKey - the old authentication/privacy key.

newKey - the new authentication/privacy key.

random - the random 'seed' to be used to produce the digest.

Returns:

the byte array representing the delta for key change operations. To obtain the key change value, append this delta to the random array.

passwordToKey

public byte[] passwordToKey(OctetString passwordString,
 byte[] engineID)

Description copied from interface: AuthenticationProtocol

Generates the localized key for the given password and engine id.

Specified by:

passwordToKey in interface AuthenticationProtocol

Parameters:

passwordString - the authentication pass phrase.

engineID - the engine ID of the authoritative engine.

Returns:

the localized authentication key.

hash

public byte[] hash(byte[] data)

Description copied from interface: AuthenticationProtocol

Generates a hash value for the given data.

Specified by:

hash in interface AuthenticationProtocol

Parameters:

data - the data

Returns:

the generated hash.

hash

public byte[] hash(byte[] data,
 int offset,
 int length)

Description copied from interface: AuthenticationProtocol

Generates a hash value for the given data.

Specified by:

hash in interface AuthenticationProtocol

Parameters:

data - the data

offset - offset into data

length - length of data to hash

Returns:

the generated hash.