dendi-wang/thingsboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SNMP v3: fix unsupported authentication and protocol versions

Browse Source
This commit is contained in:
ViacheslavKlimov 2024-08-16 13:20:38 +03:00
parent ed0a7d5adb
commit 9d1f162fa5
3 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
common/transport/snmp/src/main/java/org/thingsboard/server/transport/snmp/SnmpTransportContext.java
View File

@ -127,7 +127,7 @@ public class SnmpTransportContext extends TransportContext {
.build(); .build();
registerSessionMsgListener(sessionContext); registerSessionMsgListener(sessionContext);
} catch (Exception e) { } catch (Exception e) {
log.error("Failed to establish session for SNMP device {}: {}", device.getId(), e.toString()); log.error("Failed to establish session for SNMP device {}", device.getId(), e);
transportService.errorEvent(device.getTenantId(), device.getId(), "sessionEstablishing", e); transportService.errorEvent(device.getTenantId(), device.getId(), "sessionEstablishing", e);
return; return;
} }
@ -166,7 +166,7 @@ public class SnmpTransportContext extends TransportContext {
log.trace("Configuration of the device {} was not updated", device); log.trace("Configuration of the device {} was not updated", device);
} }
} catch (Exception e) { } catch (Exception e) {
log.error("Failed to update session for SNMP device {}: {}", sessionContext.getDeviceId(), e.getMessage()); log.error("Failed to update session for SNMP device {}", sessionContext.getDeviceId(), e);
transportService.lifecycleEvent(sessionContext.getTenantId(), sessionContext.getDeviceId(), ComponentLifecycleEvent.UPDATED, false, e); transportService.lifecycleEvent(sessionContext.getTenantId(), sessionContext.getDeviceId(), ComponentLifecycleEvent.UPDATED, false, e);
destroyDeviceSession(sessionContext); destroyDeviceSession(sessionContext);
} }

19
common/transport/snmp/src/main/java/org/thingsboard/server/transport/snmp/service/SnmpAuthService.java
View File

@ -72,11 +72,18 @@ public class SnmpAuthService {
OctetString engineId = new OctetString(deviceTransportConfig.getEngineId()); OctetString engineId = new OctetString(deviceTransportConfig.getEngineId());
OID authenticationProtocol = new OID(deviceTransportConfig.getAuthenticationProtocol().getOid()); OID authenticationProtocol = new OID(deviceTransportConfig.getAuthenticationProtocol().getOid());
byte[] authenticationPassphrase = SecurityProtocols.getInstance().passwordToKey(authenticationProtocol,
new OctetString(deviceTransportConfig.getAuthenticationPassphrase()), engineId.getValue());
if (authenticationPassphrase == null) {
throw new UnsupportedOperationException("Authentication protocol " + deviceTransportConfig.getAuthenticationProtocol() + " is not supported");
}
OID privacyProtocol = new OID(deviceTransportConfig.getPrivacyProtocol().getOid()); OID privacyProtocol = new OID(deviceTransportConfig.getPrivacyProtocol().getOid());
OctetString authenticationPassphrase = new OctetString(deviceTransportConfig.getAuthenticationPassphrase()); byte[] privacyPassphrase = SecurityProtocols.getInstance().passwordToKey(privacyProtocol,
authenticationPassphrase = new OctetString(SecurityProtocols.getInstance().passwordToKey(authenticationProtocol, authenticationPassphrase, engineId.getValue())); authenticationProtocol, new OctetString(deviceTransportConfig.getPrivacyPassphrase()), engineId.getValue());
OctetString privacyPassphrase = new OctetString(deviceTransportConfig.getPrivacyPassphrase()); if (privacyPassphrase == null) {
privacyPassphrase = new OctetString(SecurityProtocols.getInstance().passwordToKey(privacyProtocol, authenticationProtocol, privacyPassphrase, engineId.getValue())); throw new UnsupportedOperationException("Privacy protocol " + deviceTransportConfig.getPrivacyProtocol() + " is not supported");
}
USM usm = snmpTransportService.getSnmp().getUSM(); USM usm = snmpTransportService.getSnmp().getUSM();
if (usm.hasUser(engineId, securityName)) { if (usm.hasUser(engineId, securityName)) {
@ -84,8 +91,8 @@ public class SnmpAuthService {
} }
usm.addLocalizedUser( usm.addLocalizedUser(
engineId.getValue(), username, engineId.getValue(), username,
authenticationProtocol, authenticationPassphrase.getValue(), authenticationProtocol, authenticationPassphrase,
privacyProtocol, privacyPassphrase.getValue() privacyProtocol, privacyPassphrase
); );
UserTarget userTarget = new UserTarget(); UserTarget userTarget = new UserTarget();

1
common/transport/snmp/src/main/java/org/thingsboard/server/transport/snmp/service/SnmpTransportService.java
View File

@ -148,6 +148,7 @@ public class SnmpTransportService implements TbTransportService, CommandResponde
snmp.addNotificationListener(transportMapping, transportMapping.getListenAddress(), this); snmp.addNotificationListener(transportMapping, transportMapping.getListenAddress(), this);
snmp.listen(); snmp.listen();
SecurityProtocols.getInstance().addPredefinedProtocolSet(SecurityProtocols.SecurityProtocolSet.maxCompatibility);
USM usm = new USM(SecurityProtocols.getInstance(), new OctetString(MPv3.createLocalEngineID()), 0); USM usm = new USM(SecurityProtocols.getInstance(), new OctetString(MPv3.createLocalEngineID()), 0);
SecurityModels.getInstance().addSecurityModel(usm); SecurityModels.getInstance().addSecurityModel(usm);
} }