org.snmp4j.security

Class AuthGeneric

java.lang.Object

org.snmp4j.security.AuthGeneric

All Implemented Interfaces:

Serializable, AuthenticationProtocol, SecurityProtocol

Direct Known Subclasses:

AuthMD5, AuthSHA, AuthSHA2

public abstract class AuthGeneric
extends Object
implements AuthenticationProtocol

The abstract class AuthGeneric implements common operations for SNMP authentication protocols, such as MD5 and SHA.

Version:

1.0

Author:

Jochen Katz & Frank Fock

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
AuthGeneric(String protoName, int digestLength) Creates an authentication protocol with the specified name (ID) and digest length and using the DEFAULT_AUTHENTICATION_CODE_LENGTH default code length.
AuthGeneric(String protoName, int digestLength, int authenticationCodeLength) Creates an authentication protocol with the specified name (ID) and digest length and using the DEFAULT_AUTHENTICATION_CODE_LENGTH default code length.

Method Summary

Methods

Modifier and Type	Method and Description
boolean	authenticate(byte[] authenticationKey, byte[] message, int messageOffset, int messageLength, ByteArrayWindow digest) Authenticates an outgoing message.
byte[]	changeDelta(byte[] oldKey, byte[] newKey, byte[] random) Computes the delta digest needed to remotely change an user's authenitcation key.
int	getAuthenticationCodeLength() The length of the authentication code (the hashing output length) in octets.
int	getDigestLength() Gets the length of the message digest used by this authentication protocol.
protected MessageDigest	getDigestObject() Get a fresh MessageDigest object of the Algorithm specified in the constructor.
byte[]	hash(byte[] data) Generates a hash value for the given data.
byte[]	hash(byte[] data, int offset, int length) Generates a hash value for the given data.
boolean	isAuthentic(byte[] authenticationKey, byte[] message, int messageOffset, int messageLength, ByteArrayWindow digest) Authenticates an incoming message.
byte[]	passwordToKey(OctetString passwordString, byte[] engineID) Generates the localized key for the given password and engine id.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.snmp4j.security.AuthenticationProtocol

getID

Constructor Detail

AuthGeneric

public AuthGeneric(String protoName,
           int digestLength)

Creates an authentication protocol with the specified name (ID) and digest length and using the DEFAULT_AUTHENTICATION_CODE_LENGTH default code length.

Parameters:

protoName - the name (ID) of the authentication protocol. Only names that are supported by the used security provider can be used.

digestLength - the digest length.

AuthGeneric

public AuthGeneric(String protoName,
           int digestLength,
           int authenticationCodeLength)

Creates an authentication protocol with the specified name (ID) and digest length and using the DEFAULT_AUTHENTICATION_CODE_LENGTH default code length.

Parameters:

protoName - the name (ID) of the authentication protocol. Only names that are supported by the used security provider can be used.

digestLength - the digest length.

authenticationCodeLength - the length of the hash output (i.e., the authentication code length).

Since:

2.4.0

Method Detail

getDigestLength

public int getDigestLength()

Gets the length of the message digest used by this authentication protocol.

Specified by:

getDigestLength in interface AuthenticationProtocol

Returns:

the number of octets in the digest.

getAuthenticationCodeLength

public int getAuthenticationCodeLength()

The length of the authentication code (the hashing output length) in octets.

Specified by:

getAuthenticationCodeLength in interface AuthenticationProtocol

Returns:

the length of the authentication code.

Since:

2.4.0

getDigestObject

protected MessageDigest getDigestObject()

Get a fresh MessageDigest object of the Algorithm specified in the constructor.

Returns:

a new, fresh Message Digest object.

authenticate

public boolean authenticate(byte[] authenticationKey,
                   byte[] message,
                   int messageOffset,
                   int messageLength,
                   ByteArrayWindow digest)

Description copied from interface: AuthenticationProtocol

Authenticates an outgoing message. This method fills the authentication parameters field of the given message. The parameter digestOffset offset is pointing inside the message buffer and must be zeroed before the authentication value is computed.

Specified by:

authenticate in interface AuthenticationProtocol

Parameters:

authenticationKey - the authentication key to be used for authenticating the message.

message - the entire message for which the digest should be determined.

messageOffset - the offset in message where the message actually starts.

messageLength - the actual message length (may be smaller than message.length).

digest - the offset in message where to store the digest.

Returns:

true if the message digest has been successfully computed and set, false otherwise.

isAuthentic

public boolean isAuthentic(byte[] authenticationKey,
                  byte[] message,
                  int messageOffset,
                  int messageLength,
                  ByteArrayWindow digest)

Description copied from interface: AuthenticationProtocol

Authenticates an incoming message. This method checks if the value in the authentication parameters field of the message is valid. The following procedure is used to verify the authenitcation value

• copy the authentication value to a temp buffer
• zero the auth field
• recalculate the authenthication value
• compare the two authentcation values
• write back the received authentication value

Specified by:

isAuthentic in interface AuthenticationProtocol

Parameters:

authenticationKey - the authentication key to be used for authenticating the message.

message - the entire message for which the digest should be determined.

messageOffset - the offset in message where the message actually starts.

messageLength - the actual message length (may be smaller than message.length).

digest - the digest of the message.

Returns:

true if the message is authentic, false otherwise.

changeDelta

public byte[] changeDelta(byte[] oldKey,
                 byte[] newKey,
                 byte[] random)

Description copied from interface: AuthenticationProtocol

Computes the delta digest needed to remotely change an user's authenitcation key. The length of the old key (e.g. 16 for MD5, 20 for SHA) must match the length of the new key.

Specified by:

changeDelta in interface AuthenticationProtocol

Parameters:

oldKey - the old authentication/privacy key.

newKey - the new authentication/privacy key.

random - the random 'seed' to be used to produce the digest.

Returns:

the byte array representing the delta for key change operations. To obtain the key change value, append this delta to the random array.

passwordToKey

public byte[] passwordToKey(OctetString passwordString,
                   byte[] engineID)

Description copied from interface: AuthenticationProtocol

Generates the localized key for the given password and engine id.

Specified by:

passwordToKey in interface AuthenticationProtocol

Parameters:

passwordString - the authentication pass phrase.

engineID - the engine ID of the authoritative engine.

Returns:

the localized authentication key.

hash

public byte[] hash(byte[] data)

Description copied from interface: AuthenticationProtocol

Generates a hash value for the given data.

Specified by:

hash in interface AuthenticationProtocol

Parameters:

data - the data

Returns:

the generated hash.

hash

public byte[] hash(byte[] data,
          int offset,
          int length)

Description copied from interface: AuthenticationProtocol

Generates a hash value for the given data.

Specified by:

hash in interface AuthenticationProtocol

Parameters:

data - the data

offset - offset into data

length - length of data to hash

Returns:

the generated hash.