Support for Bouncy castle Keystore

tvikasv · August 17, 2021, 2:10pm

Hello,

This is w.r.t establishing TLS connection using snmp4j .
As part of TLS client connection application we are supposed to pass
-Djavax.net.ssl.trustStore=<trustStoreFilePath> -Djavax.net.ssl.trustStorePassword=<trustStorePassword> -Djavax.net.ssl.keyStore=<keyStoreFilePath>
-Djavax.net.ssl.keyStorePassword=<keyStorePassword>

We see that JKS is the default supported format for keyStore/trustStore . Does snmp4j supports BouncyCastle keystore /trustsore ?

AGENTPP · August 17, 2021, 2:15pm

You can use BKS too if you add BouncyCastleProvider as security provider to your Java runtime.

tvikasv · August 18, 2021, 8:35am

Hello ,
I tried using BSK (Bouncy castel keystore ) by running snmp4j agent and connecting using SNMP4j API and was able to successfully connect only after updating the attribute passed for getintance as “BKS” which was earlier hardcoded as JKS in the class TLSTMUtil under method createSSLContext
KeyStore ks = KeyStore.getInstance(“BKS”);

Please let me know if there will be any configurability provided for this ?

Regards,
Vikas

tvikasv · August 18, 2021, 8:35am

Thank you for the reply . Will be trying that .

AGENTPP · August 18, 2021, 10:14am

Sure, I will make it easier to change the security provider in the next release.

AGENTPP · September 29, 2021, 10:21pm

I just found out, that SNMP4J 3.5.1 already provides configurability for the key store type using security property: keystore.type

The default values of security properties are read from an implementation-specific location, which is typically the properties file conf/security/java.security in the Java installation directory.

tvikasv · September 30, 2021, 10:41am

Hi Frank ,

Yes, I did verify updating the security property in my client side application and it works fine.

Code snippet for reference

The Issue was that I was using snmp4j-3.4.5 when I had posted this query .

Thank you for the help .

tvikasv · December 9, 2021, 8:30am

Hi Frank

Can the configurability for the key store type using security property be back ported to 2.8.x ?

We are using snmp4j 2.8.7 with Java
openjdk version “1.8.0_282”

cc: @anjali.k_m

Regards,
Vikas

AGENTPP · December 9, 2021, 12:20pm

Isn‘t it available yet?
If not, it can be backported with the next release.

tvikasv · December 9, 2021, 8:06pm

Hi Frank,
No , it is not available in 2.8.x .

Thank you for the support .

Regards,
Vikas

tvikasv · January 11, 2022, 9:41am

Hi Frank ,

Is the changes backported to 2.8.x ? Please let us know the availability status for the same .

Regards,
Vikas

AGENTPP · January 11, 2022, 11:03pm

That is already part of the latest 2.8.8 snapshot.

tvikasv · January 12, 2022, 11:46am

Hi Frank,

I was able to verify the same . Thank you for the support.

Regards,
Vikas