SNMP v3: fix unsupported authentication and protocol versions

2024-08-16 13:20:38 +03:00 · 2024-08-16 13:20:38 +03:00 · 9d1f162fa5
commit 9d1f162fa5
parent ed0a7d5adb
3 changed files with 16 additions and 8 deletions
--- a/common/transport/snmp/src/main/java/org/thingsboard/server/transport/snmp/SnmpTransportContext.java
+++ b/common/transport/snmp/src/main/java/org/thingsboard/server/transport/snmp/SnmpTransportContext.java
@ -127,7 +127,7 @@ public class SnmpTransportContext extends TransportContext {
                    .build();
            registerSessionMsgListener(sessionContext);
        } catch (Exception e) {
-            log.error("Failed to establish session for SNMP device {}: {}", device.getId(), e.toString());
+            log.error("Failed to establish session for SNMP device {}", device.getId(), e);
            transportService.errorEvent(device.getTenantId(), device.getId(), "sessionEstablishing", e);
            return;
        }
@ -166,7 +166,7 @@ public class SnmpTransportContext extends TransportContext {
                log.trace("Configuration of the device {} was not updated", device);
            }
        } catch (Exception e) {
-            log.error("Failed to update session for SNMP device {}: {}", sessionContext.getDeviceId(), e.getMessage());
+            log.error("Failed to update session for SNMP device {}", sessionContext.getDeviceId(), e);
            transportService.lifecycleEvent(sessionContext.getTenantId(), sessionContext.getDeviceId(), ComponentLifecycleEvent.UPDATED, false, e);
            destroyDeviceSession(sessionContext);
        }
--- a/common/transport/snmp/src/main/java/org/thingsboard/server/transport/snmp/service/SnmpAuthService.java
+++ b/common/transport/snmp/src/main/java/org/thingsboard/server/transport/snmp/service/SnmpAuthService.java
@ -72,11 +72,18 @@ public class SnmpAuthService {
                OctetString engineId = new OctetString(deviceTransportConfig.getEngineId());

                OID authenticationProtocol = new OID(deviceTransportConfig.getAuthenticationProtocol().getOid());
+                byte[] authenticationPassphrase = SecurityProtocols.getInstance().passwordToKey(authenticationProtocol,
+                        new OctetString(deviceTransportConfig.getAuthenticationPassphrase()), engineId.getValue());
+                if (authenticationPassphrase == null) {
+                    throw new UnsupportedOperationException("Authentication protocol " + deviceTransportConfig.getAuthenticationProtocol() + " is not supported");
+                }
+
                OID privacyProtocol = new OID(deviceTransportConfig.getPrivacyProtocol().getOid());
-                OctetString authenticationPassphrase = new OctetString(deviceTransportConfig.getAuthenticationPassphrase());
-                authenticationPassphrase = new OctetString(SecurityProtocols.getInstance().passwordToKey(authenticationProtocol, authenticationPassphrase, engineId.getValue()));
-                OctetString privacyPassphrase = new OctetString(deviceTransportConfig.getPrivacyPassphrase());
-                privacyPassphrase = new OctetString(SecurityProtocols.getInstance().passwordToKey(privacyProtocol, authenticationProtocol, privacyPassphrase, engineId.getValue()));
+                byte[] privacyPassphrase = SecurityProtocols.getInstance().passwordToKey(privacyProtocol,
+                        authenticationProtocol, new OctetString(deviceTransportConfig.getPrivacyPassphrase()), engineId.getValue());
+                if (privacyPassphrase == null) {
+                    throw new UnsupportedOperationException("Privacy protocol " + deviceTransportConfig.getPrivacyProtocol() + " is not supported");
+                }

                USM usm = snmpTransportService.getSnmp().getUSM();
                if (usm.hasUser(engineId, securityName)) {
@ -84,8 +91,8 @@ public class SnmpAuthService {
                }
                usm.addLocalizedUser(
                        engineId.getValue(), username,
-                        authenticationProtocol, authenticationPassphrase.getValue(),
-                        privacyProtocol, privacyPassphrase.getValue()
+                        authenticationProtocol, authenticationPassphrase,
+                        privacyProtocol, privacyPassphrase
                );

                UserTarget userTarget = new UserTarget();
--- a/common/transport/snmp/src/main/java/org/thingsboard/server/transport/snmp/service/SnmpTransportService.java
+++ b/common/transport/snmp/src/main/java/org/thingsboard/server/transport/snmp/service/SnmpTransportService.java
@ -148,6 +148,7 @@ public class SnmpTransportService implements TbTransportService, CommandResponde
        snmp.addNotificationListener(transportMapping, transportMapping.getListenAddress(), this);
        snmp.listen();

+        SecurityProtocols.getInstance().addPredefinedProtocolSet(SecurityProtocols.SecurityProtocolSet.maxCompatibility);
        USM usm = new USM(SecurityProtocols.getInstance(), new OctetString(MPv3.createLocalEngineID()), 0);
        SecurityModels.getInstance().addSecurityModel(usm);
    }