All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.snmp4j.agent.mo.snmp.dh.DHKeyChangeImpl Maven / Gradle / Ivy

There is a newer version: 3.8.1
Show newest version
/*_############################################################################
  _## 
  _##  SNMP4J-Agent 3 - DHKeyChangeImpl.java  
  _## 
  _##  Copyright (C) 2005-2018  Frank Fock (SNMP4J.org)
  _##  
  _##  Licensed under the Apache License, Version 2.0 (the "License");
  _##  you may not use this file except in compliance with the License.
  _##  You may obtain a copy of the License at
  _##  
  _##      http://www.apache.org/licenses/LICENSE-2.0
  _##  
  _##  Unless required by applicable law or agreed to in writing, software
  _##  distributed under the License is distributed on an "AS IS" BASIS,
  _##  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  _##  See the License for the specific language governing permissions and
  _##  limitations under the License.
  _##  
  _##########################################################################*/

package org.snmp4j.agent.mo.snmp.dh;

import org.snmp4j.agent.MOAccess;
import org.snmp4j.agent.mo.MOMutableTableRow;
import org.snmp4j.agent.mo.MOTableRow;
import org.snmp4j.agent.mo.snmp.KeyChange;
import org.snmp4j.agent.mo.snmp.UsmMIB;
import org.snmp4j.agent.request.SubRequest;
import org.snmp4j.log.LogAdapter;
import org.snmp4j.log.LogFactory;
import org.snmp4j.mp.SnmpConstants;
import org.snmp4j.security.AuthenticationProtocol;
import org.snmp4j.security.SecurityProtocol;
import org.snmp4j.security.dh.DHOperations;
import org.snmp4j.security.dh.DHParameters;
import org.snmp4j.smi.OID;
import org.snmp4j.smi.OctetString;
import org.snmp4j.smi.Variable;

import javax.crypto.interfaces.DHPublicKey;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;

/**
 * The Diffie Hellman KeyChange object implements a ManagedObject column that implements the DHKeyChange textual
 * convention as defined in RFC 2786.
 *
 * @author Frank Fock
 * @since 3.0
 */
public class DHKeyChangeImpl extends KeyChange {


    private static final LogAdapter LOGGER = LogFactory.getLogger(DHKeyChangeImpl.class);

    private DHParameters dhParameters;
    private DHOperations.KeyType keyType;
    private UsmMIB usmMIB;

    public DHKeyChangeImpl(int columnID, MOAccess access, OctetString defaultValue,
                           DHParameters usmDHParameters, UsmMIB usmMIB,
                           DHOperations.KeyType keyType) {
        super(columnID, access, defaultValue, true);
        this.usmMIB = usmMIB;
        this.keyType = keyType;
        this.dhParameters = usmDHParameters;
    }

    @Override
    public void get(SubRequest subRequest, MOTableRow row, int column) {
        DHKeyInfo keyInfo = getDHKeyInfo(row, column);
        if (keyInfo != null && getAccess().isAccessibleForRead()) {
            if (keyInfo.getKeyPair() == null) {
                try {
                    keyInfo.generatePublicKey(dhParameters);
                } catch (NoSuchAlgorithmException e) {
                    LOGGER.error("Failed to generate DH public key because Diffie-Hellman algorithm is not available", e);
                } catch (InvalidAlgorithmParameterException e) {
                    LOGGER.error("Failed to generate DH public key because of invalid parameters", e);
                }
            }
            subRequest.getVariableBinding().setVariable(DHOperations.derivePublicKey(keyInfo.getKeyPair()));
        }
        else {
            subRequest.getStatus().setErrorStatus(SnmpConstants.SNMP_ERROR_NO_ACCESS);
        }
        subRequest.completed();
    }

    @Override
    public void prepare(SubRequest subRequest, MOTableRow row, MOTableRow changeSet, int column) {
        super.prepare(subRequest, row, changeSet, column);
        DHKeyInfo keyInfo = getDHKeyInfo(row, column);
        if (keyInfo == null || keyInfo.getKeyPair() ==  null || !(keyInfo.getKeyPair().getPublic() instanceof DHPublicKey)) {
            subRequest.setErrorStatus(SnmpConstants.SNMP_ERROR_WRONG_VALUE);
        }
        Variable variable = subRequest.getVariableBinding().getVariable();
        if (variable instanceof OctetString) {
            OctetString yz = (OctetString)variable;
            OctetString yl = DHOperations.derivePublicKey(keyInfo.getKeyPair());
            try {
                OctetString yr = yz.substring(0, yl.length());
                if (!yr.equals(yl)) {
                    subRequest.setErrorStatus(SnmpConstants.SNMP_ERROR_WRONG_VALUE);
                }
            }
            catch (IndexOutOfBoundsException ioobe) {
                subRequest.setErrorStatus(SnmpConstants.SNMP_ERROR_WRONG_VALUE);
            }

        }
    }

    @Override
    public void commit(SubRequest subRequest, MOTableRow row, MOTableRow changeSet, int column) {
        Variable variable = subRequest.getVariableBinding().getVariable();
        if (variable instanceof OctetString && row.getBaseRow() instanceof UsmMIB.UsmTableRow) {
            DHKeyInfo keyInfo = getDHKeyInfo(row, column);
            if (keyInfo == null) {
                subRequest.setErrorStatus(SnmpConstants.SNMP_ERROR_COMMIT_FAILED);
                return;
            }
            OID protocolForKeyChangerotocol = usmMIB.getProtocolForKeyChange(subRequest.getRequest(), row.getIndex(), keyType);
            SecurityProtocol securityProtocol =
                    usmMIB.getSecurityProtocols().getSecurityProtocol(protocolForKeyChangerotocol);
            if (securityProtocol == null) {
                LOGGER.warn("Unknown security protocol '"+protocolForKeyChangerotocol+"' specified for row "+row.getIndex());
                subRequest.setErrorStatus(SnmpConstants.SNMP_ERROR_COMMIT_FAILED);
                return;
            }
            int keyLength = securityProtocol.getMaxKeyLength();
            OctetString yz = (OctetString) variable;
            OctetString yl = DHOperations.derivePublicKey(keyInfo.getKeyPair());
            OctetString z = new OctetString(yz.substring(yl.length(), yz.length()));
            if (keyInfo.getKeyAgreement() == null) {
                keyInfo.getInitializedKeyAgreement();
            }
            byte[] sharedKey = DHOperations.computeSharedKey(keyInfo.getKeyAgreement(), z.getValue(), dhParameters);
            byte[] usmKey = DHOperations.deriveKey(sharedKey, keyLength);
            keyInfo.setUsmKey(usmKey);

            int usmMirrorKeyChangeObjectIndex =
                    UsmMIB.colUsmUserAuthKeyChange + (((column < 2) ? column : column + 1));
            ((MOMutableTableRow)row.getBaseRow()).setValue(usmMirrorKeyChangeObjectIndex, null);

        }
        super.commit(subRequest, row, changeSet, column);
    }

    @Override
    public void undo(SubRequest subRequest, MOTableRow row, int column) {
        DHKeyInfo keyInfo = getDHKeyInfo(row, column);
        if (keyInfo != null) {
            // Deletion is sufficient
            keyInfo.clearUsmKey();
        }
        super.undo(subRequest, row, column);
    }

    DHKeyInfo getDHKeyInfo(MOTableRow row, int columnID) {
        if (row instanceof SnmpUsmDhObjectsMib.UsmDHUserKeyEntryRow) {
            SnmpUsmDhObjectsMib.UsmDHUserKeyEntryRow dhUsmUserEntry = (SnmpUsmDhObjectsMib.UsmDHUserKeyEntryRow) row;
            switch (columnID) {
                case SnmpUsmDhObjectsMib.idxUsmDHUserAuthKeyChange:
                    return dhUsmUserEntry.getAuthKeyChange();
                case SnmpUsmDhObjectsMib.idxUsmDHUserOwnAuthKeyChange:
                    return dhUsmUserEntry.getOwnAuthKeyChange();
                case SnmpUsmDhObjectsMib.idxUsmDHUserPrivKeyChange:
                    return dhUsmUserEntry.getPrivKeyChange();
                case SnmpUsmDhObjectsMib.idxUsmDHUserOwnPrivKeyChange:
                    return dhUsmUserEntry.getOwnPrivKeyChange();
            }
        }
        return null;
    }

}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy