Hello,
This is w.r.t establishing TLS connection using snmp4j .
As part of TLS client connection application we are supposed to pass
-Djavax.net.ssl.trustStore=<trustStoreFilePath> -Djavax.net.ssl.trustStorePassword=<trustStorePassword> -Djavax.net.ssl.keyStore=<keyStoreFilePath>
-Djavax.net.ssl.keyStorePassword=<keyStorePassword>
We see that JKS is the default supported format for keyStore/trustStore . Does snmp4j supports BouncyCastle keystore /trustsore ?
You can use BKS too if you add BouncyCastleProvider as security provider to your Java runtime.
Hello ,
I tried using BSK (Bouncy castel keystore ) by running snmp4j agent and connecting using SNMP4j API and was able to successfully connect only after updating the attribute passed for getintance as “BKS” which was earlier hardcoded as JKS in the class TLSTMUtil under method createSSLContext
KeyStore ks = KeyStore.getInstance(“BKS”);
Please let me know if there will be any configurability provided for this ?
Regards,
Vikas
Thank you for the reply . Will be trying that .
Sure, I will make it easier to change the security provider in the next release.
I just found out, that SNMP4J 3.5.1 already provides configurability for the key store type using security property: keystore.type
The default values of security properties are read from an implementation-specific location, which is typically the properties file conf/security/java.security in the Java installation directory.
Hi Frank ,
Yes, I did verify updating the security property in my client side application and it works fine.
Code snippet for reference
The Issue was that I was using snmp4j-3.4.5 when I had posted this query .
Thank you for the help .
Hi Frank
Can the configurability for the key store type using security property be back ported to 2.8.x ?
We are using snmp4j 2.8.7 with Java
openjdk version “1.8.0_282”
cc: @anjali.k_m
Regards,
Vikas
Isn‘t it available yet?
If not, it can be backported with the next release.
Hi Frank,
No , it is not available in 2.8.x .
Thank you for the support .
Regards,
Vikas
Hi Frank ,
Is the changes backported to 2.8.x ? Please let us know the availability status for the same .
Regards,
Vikas
That is already part of the latest 2.8.8 snapshot.
