Support for Bouncy castle Keystore

Hello,

This is w.r.t establishing TLS connection using snmp4j .
As part of TLS client connection application we are supposed to pass
-Djavax.net.ssl.trustStore=<trustStoreFilePath> -Djavax.net.ssl.trustStorePassword=<trustStorePassword> -Djavax.net.ssl.keyStore=<keyStoreFilePath>
-Djavax.net.ssl.keyStorePassword=<keyStorePassword>

We see that JKS is the default supported format for keyStore/trustStore . Does snmp4j supports BouncyCastle keystore /trustsore ?

You can use BKS too if you add BouncyCastleProvider as security provider to your Java runtime.

Hello ,
I tried using BSK (Bouncy castel keystore ) by running snmp4j agent and connecting using SNMP4j API and was able to successfully connect only after updating the attribute passed for getintance as “BKS” which was earlier hardcoded as JKS in the class TLSTMUtil under method createSSLContext
KeyStore ks = KeyStore.getInstance(“BKS”);

Please let me know if there will be any configurability provided for this ?

Regards,
Vikas

Thank you for the reply . Will be trying that .

Sure, I will make it easier to change the security provider in the next release.

1 Like

I just found out, that SNMP4J 3.5.1 already provides configurability for the key store type using security property: keystore.type

The default values of security properties are read from an implementation-specific location, which is typically the properties file conf/security/java.security in the Java installation directory.

1 Like

Hi Frank ,

Yes, I did verify updating the security property in my client side application and it works fine.

Code snippet for reference

The Issue was that I was using snmp4j-3.4.5 when I had posted this query .

Thank you for the help .