Merge pull request thingsboard#11515 from thingsboard/fix/snmp-v3

Fixes for SNMP v3
Seeyly · Aug 28, 2024 · 1479407 · 1479407
2 parents e0244c2 + 5e47e16
commit 1479407
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 12 deletions.
diff --git a/...nsport/snmp/src/main/java/org/thingsboard/server/transport/snmp/SnmpTransportContext.java b/...nsport/snmp/src/main/java/org/thingsboard/server/transport/snmp/SnmpTransportContext.java
@@ -127,7 +127,7 @@ private void establishDeviceSession(Device device) {
                     .build();
             registerSessionMsgListener(sessionContext);
         } catch (Exception e) {
-            log.error("Failed to establish session for SNMP device {}: {}", device.getId(), e.toString());
+            log.error("Failed to establish session for SNMP device {}", device.getId(), e);
             transportService.errorEvent(device.getTenantId(), device.getId(), "sessionEstablishing", e);
             return;
         }
@@ -166,7 +166,7 @@ private void updateDeviceSession(DeviceSessionContext sessionContext, Device dev
                 log.trace("Configuration of the device {} was not updated", device);
             }
         } catch (Exception e) {
-            log.error("Failed to update session for SNMP device {}: {}", sessionContext.getDeviceId(), e.getMessage());
+            log.error("Failed to update session for SNMP device {}", sessionContext.getDeviceId(), e);
             transportService.lifecycleEvent(sessionContext.getTenantId(), sessionContext.getDeviceId(), ComponentLifecycleEvent.UPDATED, false, e);
             destroyDeviceSession(sessionContext);
         }

diff --git a/...ort/snmp/src/main/java/org/thingsboard/server/transport/snmp/service/SnmpAuthService.java b/...ort/snmp/src/main/java/org/thingsboard/server/transport/snmp/service/SnmpAuthService.java
@@ -24,6 +24,7 @@
 import org.snmp4j.security.SecurityModel;
 import org.snmp4j.security.SecurityProtocols;
 import org.snmp4j.security.USM;
+import org.snmp4j.security.UsmUser;
 import org.snmp4j.smi.Address;
 import org.snmp4j.smi.GenericAddress;
 import org.snmp4j.smi.OID;
@@ -69,24 +70,26 @@ public Target setUpSnmpTarget(SnmpDeviceProfileTransportConfiguration profileTra
             case V3:
                 OctetString username = new OctetString(deviceTransportConfig.getUsername());
                 OctetString securityName = new OctetString(deviceTransportConfig.getSecurityName());
-                OctetString engineId = new OctetString(deviceTransportConfig.getEngineId());
+                OctetString engineId = OctetString.fromString(deviceTransportConfig.getEngineId(), 16);
 
                 OID authenticationProtocol = new OID(deviceTransportConfig.getAuthenticationProtocol().getOid());
+                OctetString authenticationPassphrase = Optional.ofNullable(SecurityProtocols.getInstance().passwordToKey(authenticationProtocol,
+                                new OctetString(deviceTransportConfig.getAuthenticationPassphrase()), engineId.getValue()))
+                        .map(OctetString::new)
+                        .orElseThrow(() -> new UnsupportedOperationException("Authentication protocol " + deviceTransportConfig.getAuthenticationProtocol() + " is not supported"));
+
                 OID privacyProtocol = new OID(deviceTransportConfig.getPrivacyProtocol().getOid());
-                OctetString authenticationPassphrase = new OctetString(deviceTransportConfig.getAuthenticationPassphrase());
-                authenticationPassphrase = new OctetString(SecurityProtocols.getInstance().passwordToKey(authenticationProtocol, authenticationPassphrase, engineId.getValue()));
-                OctetString privacyPassphrase = new OctetString(deviceTransportConfig.getPrivacyPassphrase());
-                privacyPassphrase = new OctetString(SecurityProtocols.getInstance().passwordToKey(privacyProtocol, authenticationProtocol, privacyPassphrase, engineId.getValue()));
+                OctetString privacyPassphrase = Optional.ofNullable(SecurityProtocols.getInstance().passwordToKey(privacyProtocol,
+                                authenticationProtocol, new OctetString(deviceTransportConfig.getPrivacyPassphrase()), engineId.getValue()))
+                        .map(OctetString::new)
+                        .orElseThrow(() -> new UnsupportedOperationException("Privacy protocol " + deviceTransportConfig.getPrivacyProtocol() + " is not supported"));
 
                 USM usm = snmpTransportService.getSnmp().getUSM();
                 if (usm.hasUser(engineId, securityName)) {
                     usm.removeAllUsers(username, engineId);
                 }
-                usm.addLocalizedUser(
-                        engineId.getValue(), username,
-                        authenticationProtocol, authenticationPassphrase.getValue(),
-                        privacyProtocol, privacyPassphrase.getValue()
-                );
+                UsmUser usmUser = new UsmUser(username, authenticationProtocol, authenticationPassphrase, privacyProtocol, privacyPassphrase, engineId);
+                usm.addUser(username, engineId, usmUser);
 
                 UserTarget userTarget = new UserTarget();
                 userTarget.setSecurityName(securityName);

diff --git a/...nmp/src/main/java/org/thingsboard/server/transport/snmp/service/SnmpTransportService.java b/...nmp/src/main/java/org/thingsboard/server/transport/snmp/service/SnmpTransportService.java
@@ -148,6 +148,7 @@ private void initializeSnmp() throws IOException {
         snmp.addNotificationListener(transportMapping, transportMapping.getListenAddress(), this);
         snmp.listen();
 
+        SecurityProtocols.getInstance().addPredefinedProtocolSet(SecurityProtocols.SecurityProtocolSet.maxCompatibility);
         USM usm = new USM(SecurityProtocols.getInstance(), new OctetString(MPv3.createLocalEngineID()), 0);
         SecurityModels.getInstance().addSecurityModel(usm);
     }