This is an automated email from the ASF dual-hosted git repository.
turcsanyi pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new ae4f80ab09 NIFI-14231: Update ListenTrapSNMP to disable legacy SNMP
versions when using SNMPv3
ae4f80ab09 is described below
commit ae4f80ab0967b4680044bc995639f82e072112d1
Author: lehelb <[email protected]>
AuthorDate: Wed Mar 26 17:30:16 2025 +0100
NIFI-14231: Update ListenTrapSNMP to disable legacy SNMP versions when
using SNMPv3
Added trap version and security level handling.
Added validation to USM Users parsing. Added extra test case for legacy
auth and priv protocols. Enhanced documentation.
Refactored SNMPUtils::getOid
This closes #9824.
Signed-off-by: Peter Turcsanyi <[email protected]>
---
.../nifi/snmp/factory/core/V3SNMPFactory.java | 69 ++++++++++++++-------
.../nifi/snmp/operations/SNMPTrapReceiver.java | 26 +++++++-
.../snmp/operations/SNMPTrapReceiverHandler.java | 16 ++---
.../nifi/snmp/processors/ListenTrapSNMP.java | 69 ++++++++-------------
.../properties/AuthenticationProtocol.java | 70 +++++++++++++++++++++
.../processors/properties/PrivacyProtocol.java | 71 ++++++++++++++++++++++
.../processors/properties/UsmUserInputMethod.java | 58 ++++++++++++++++++
.../properties/V3SecurityProperties.java | 27 +-------
.../java/org/apache/nifi/snmp/utils/SNMPUtils.java | 51 ----------------
.../nifi/snmp/utils/UsmUserDeserializer.java | 10 +--
.../additionalDetails.md | 24 ++++----
.../operations/SNMPTrapReceiverHandlerTest.java | 5 +-
.../nifi/snmp/operations/SNMPTrapReceiverTest.java | 8 ++-
.../nifi/snmp/utils/JsonFileUsmReaderTest.java | 6 ++
.../nifi/snmp/utils/JsonUsmReaderTestBase.java | 13 ++--
....json => invalid_usm_user_legacy_protocol.json} | 30 ++++-----
...d_users.json => invalid_usm_user_protocol.json} | 0
.../{invalid_users.json => usm_users.json} | 6 +-
18 files changed, 365 insertions(+), 194 deletions(-)
diff --git
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/factory/core/V3SNMPFactory.java
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/factory/core/V3SNMPFactory.java
index ef945f4f4e..ac54a10577 100644
---
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/factory/core/V3SNMPFactory.java
+++
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/factory/core/V3SNMPFactory.java
@@ -17,7 +17,8 @@
package org.apache.nifi.snmp.factory.core;
import org.apache.nifi.snmp.configuration.SNMPConfiguration;
-import org.apache.nifi.snmp.utils.SNMPUtils;
+import org.apache.nifi.snmp.processors.properties.AuthenticationProtocol;
+import org.apache.nifi.snmp.processors.properties.PrivacyProtocol;
import org.snmp4j.Snmp;
import org.snmp4j.Target;
import org.snmp4j.UserTarget;
@@ -37,27 +38,8 @@ public class V3SNMPFactory extends SNMPManagerFactory
implements SNMPContext {
@Override
public Snmp createSnmpManagerInstance(final SNMPConfiguration
configuration) {
final Snmp snmpManager =
super.createSnmpManagerInstance(configuration);
-
- // Create USM.
- final OctetString localEngineId = new
OctetString(MPv3.createLocalEngineID());
- final USM usm = new USM(SecurityProtocols.getInstance(),
localEngineId, 0);
- SecurityModels.getInstance().addSecurityModel(usm);
-
- Optional.ofNullable(configuration.getSecurityName())
- .map(OctetString::new)
- .ifPresent(securityName -> {
- OID authProtocol =
Optional.ofNullable(configuration.getAuthProtocol())
- .map(SNMPUtils::getAuth).orElse(null);
- OctetString authPassphrase =
Optional.ofNullable(configuration.getAuthPassphrase())
- .map(OctetString::new).orElse(null);
- OID privacyProtocol =
Optional.ofNullable(configuration.getPrivacyProtocol())
- .map(SNMPUtils::getPriv).orElse(null);
- OctetString privacyPassphrase =
Optional.ofNullable(configuration.getPrivacyPassphrase())
- .map(OctetString::new).orElse(null);
- snmpManager.getUSM().addUser(new UsmUser(securityName,
authProtocol, authPassphrase,
- privacyProtocol, privacyPassphrase));
- });
-
+ initializeUsm();
+ addUsmUserIfSecure(snmpManager, configuration);
return snmpManager;
}
@@ -74,4 +56,47 @@ public class V3SNMPFactory extends SNMPManagerFactory
implements SNMPContext {
return userTarget;
}
+
+ private void initializeUsm() {
+ final OctetString localEngineId = new
OctetString(MPv3.createLocalEngineID());
+ final USM usm = new USM(SecurityProtocols.getInstance(),
localEngineId, 0);
+ SecurityModels.getInstance().addSecurityModel(usm);
+ }
+
+ private void addUsmUserIfSecure(final Snmp snmpManager, final
SNMPConfiguration configuration) {
+ Optional.ofNullable(configuration.getSecurityName())
+ .map(OctetString::new)
+ .ifPresent(securityName -> addUserToUsm(snmpManager,
configuration, securityName));
+ }
+
+ private void addUserToUsm(final Snmp snmpManager, final SNMPConfiguration
configuration, final OctetString securityName) {
+ final OID authProtocol = getAuthProtocol(configuration);
+ final OctetString authPassphrase =
getOctetString(configuration.getAuthPassphrase());
+ final OID privacyProtocol = getPrivacyProtocol(configuration);
+ final OctetString privacyPassphrase =
getOctetString(configuration.getPrivacyPassphrase());
+
+ final UsmUser user = new UsmUser(securityName, authProtocol,
authPassphrase,
+ privacyProtocol, privacyPassphrase);
+ snmpManager.getUSM().addUser(user);
+ }
+
+ private OID getAuthProtocol(final SNMPConfiguration configuration) {
+ return Optional.ofNullable(configuration.getAuthProtocol())
+ .map(AuthenticationProtocol::valueOf)
+ .map(AuthenticationProtocol::getOid)
+ .orElse(null);
+ }
+
+ private OID getPrivacyProtocol(final SNMPConfiguration configuration) {
+ return Optional.ofNullable(configuration.getPrivacyProtocol())
+ .map(PrivacyProtocol::valueOf)
+ .map(PrivacyProtocol::getOid)
+ .orElse(null);
+ }
+
+ private OctetString getOctetString(final String value) {
+ return Optional.ofNullable(value)
+ .map(OctetString::new)
+ .orElse(null);
+ }
}
diff --git
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/operations/SNMPTrapReceiver.java
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/operations/SNMPTrapReceiver.java
index be276d30d3..ab858527d9 100644
---
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/operations/SNMPTrapReceiver.java
+++
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/operations/SNMPTrapReceiver.java
@@ -20,11 +20,14 @@ import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.ProcessSessionFactory;
+import org.apache.nifi.snmp.configuration.SNMPConfiguration;
import org.apache.nifi.snmp.utils.SNMPUtils;
import org.snmp4j.CommandResponder;
import org.snmp4j.CommandResponderEvent;
import org.snmp4j.PDU;
import org.snmp4j.PDUv1;
+import org.snmp4j.mp.SnmpConstants;
+import org.snmp4j.security.SecurityLevel;
import org.snmp4j.smi.Address;
import java.util.Map;
@@ -36,15 +39,34 @@ public class SNMPTrapReceiver implements CommandResponder {
private final ProcessSessionFactory processSessionFactory;
private final ComponentLog logger;
+ private final SNMPConfiguration configuration;
- public SNMPTrapReceiver(final ProcessSessionFactory processSessionFactory,
final ComponentLog logger) {
+ public SNMPTrapReceiver(final ProcessSessionFactory processSessionFactory,
final SNMPConfiguration configuration, final ComponentLog logger) {
this.processSessionFactory = processSessionFactory;
this.logger = logger;
+ this.configuration = configuration;
}
@Override
public void processPdu(final CommandResponderEvent event) {
final PDU pdu = event.getPDU();
+ final int expectedVersion = configuration.getVersion();
+
+ final int receivedVersion = event.getMessageProcessingModel();
+ if (expectedVersion != receivedVersion) {
+ logger.debug("Ignoring trap: Expected version {} but received {}",
expectedVersion, receivedVersion);
+ return;
+ }
+
+ final int receivedSecurityLevel = event.getSecurityLevel();
+ if (expectedVersion == SnmpConstants.version3) {
+ final int expectedSecurityLevel =
SecurityLevel.valueOf(configuration.getSecurityLevel()).getSnmpValue();
+ if (expectedSecurityLevel != receivedSecurityLevel) {
+ logger.debug("Ignoring SNMPv3 trap: Expected security level {}
but received {}", expectedSecurityLevel, receivedSecurityLevel);
+ return;
+ }
+ }
+
if (isValidTrapPdu(pdu)) {
final ProcessSession processSession =
processSessionFactory.createSession();
final FlowFile flowFile = createFlowFile(processSession, event);
@@ -60,7 +82,7 @@ public class SNMPTrapReceiver implements CommandResponder {
}
}
- private FlowFile createFlowFile(final ProcessSession processSession, final
CommandResponderEvent event) {
+ private FlowFile createFlowFile(final ProcessSession processSession, final
CommandResponderEvent event) {
FlowFile flowFile = processSession.create();
final Map<String, String> attributes;
final PDU pdu = event.getPDU();
diff --git
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/operations/SNMPTrapReceiverHandler.java
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/operations/SNMPTrapReceiverHandler.java
index 8420154499..a742cc165e 100644
---
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/operations/SNMPTrapReceiverHandler.java
+++
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/operations/SNMPTrapReceiverHandler.java
@@ -69,8 +69,12 @@ public class SNMPTrapReceiverHandler {
}
public void createTrapReceiver(final ProcessSessionFactory
processSessionFactory, final ComponentLog logger) {
- addUsmUsers();
- SNMPTrapReceiver trapReceiver = new
SNMPTrapReceiver(processSessionFactory, logger);
+ final int version = configuration.getVersion();
+ if (version == SnmpConstants.version3) {
+ addUsmUsers();
+ }
+
+ SNMPTrapReceiver trapReceiver = new
SNMPTrapReceiver(processSessionFactory, configuration, logger);
snmpManager.addCommandResponder(trapReceiver);
isStarted = true;
}
@@ -95,11 +99,9 @@ public class SNMPTrapReceiverHandler {
}
private void addUsmUsers() {
- if (configuration.getVersion() == SnmpConstants.version3) {
- USM usm = new USM(SecurityProtocols.getInstance(), new
OctetString(MPv3.createLocalEngineID()), 0);
- SecurityModels.getInstance().addSecurityModel(usm);
- usmUsers.forEach(user -> snmpManager.getUSM().addUser(user));
- }
+ USM usm = new USM(SecurityProtocols.getInstance(), new
OctetString(MPv3.createLocalEngineID()), 0);
+ SecurityModels.getInstance().addSecurityModel(usm);
+ usmUsers.forEach(user -> snmpManager.getUSM().addUser(user));
}
// Visible for testing.
diff --git
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/ListenTrapSNMP.java
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/ListenTrapSNMP.java
index 7c4755d5aa..05aaa5422e 100644
---
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/ListenTrapSNMP.java
+++
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/ListenTrapSNMP.java
@@ -23,7 +23,6 @@ import
org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.annotation.lifecycle.OnScheduled;
import org.apache.nifi.annotation.lifecycle.OnStopped;
-import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.ConfigVerificationResult;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.resource.ResourceCardinality;
@@ -40,6 +39,7 @@ import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.snmp.configuration.SNMPConfiguration;
import org.apache.nifi.snmp.operations.SNMPTrapReceiverHandler;
import org.apache.nifi.snmp.processors.properties.BasicProperties;
+import org.apache.nifi.snmp.processors.properties.UsmUserInputMethod;
import org.apache.nifi.snmp.processors.properties.V3SecurityProperties;
import org.apache.nifi.snmp.utils.JsonFileUsmReader;
import org.apache.nifi.snmp.utils.JsonUsmReader;
@@ -67,11 +67,6 @@ import java.util.Set;
@RequiresInstanceClassLoading
public class ListenTrapSNMP extends AbstractSessionFactoryProcessor implements
VerifiableProcessor {
- public static final AllowableValue USM_JSON_FILE_PATH = new
AllowableValue("usm-json-file-path", "Json File Path", "The path of the JSON
file containing the USM users");
- public static final AllowableValue USM_JSON_CONTENT = new
AllowableValue("usm-json-content", "Json Content", "The JSON containing the USM
users");
- public static final AllowableValue USM_SECURITY_NAMES = new
AllowableValue("usm-security-names", "Security Names", "In case of noAuthNoPriv
security level" +
- " - the list of security names separated by commas");
-
public static final PropertyDescriptor SNMP_MANAGER_PORT = new
PropertyDescriptor.Builder()
.name("snmp-manager-port")
.displayName("SNMP Manager Port")
@@ -80,13 +75,13 @@ public class ListenTrapSNMP extends
AbstractSessionFactoryProcessor implements V
.addValidator(StandardValidators.PORT_VALIDATOR)
.build();
- public static final PropertyDescriptor SNMP_USM_USER_SOURCE = new
PropertyDescriptor.Builder()
+ public static final PropertyDescriptor SNMP_USM_USER_INPUT_METHOD = new
PropertyDescriptor.Builder()
.name("snmp-usm-users-source")
- .displayName("USM Users Source")
- .description("The ways to provide USM User data")
+ .displayName("USM Users Input Method")
+ .description("Specifies how USM user data is provided.")
.required(true)
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
- .allowableValues(USM_JSON_CONTENT, USM_JSON_FILE_PATH,
USM_SECURITY_NAMES)
+ .allowableValues(UsmUserInputMethod.class)
.dependsOn(BasicProperties.SNMP_VERSION, BasicProperties.SNMP_V3)
.build();
@@ -97,7 +92,7 @@ public class ListenTrapSNMP extends
AbstractSessionFactoryProcessor implements V
.required(false)
.identifiesExternalResource(ResourceCardinality.SINGLE,
ResourceType.FILE)
.dependsOn(BasicProperties.SNMP_VERSION, BasicProperties.SNMP_V3)
- .dependsOn(SNMP_USM_USER_SOURCE, USM_JSON_FILE_PATH)
+ .dependsOn(SNMP_USM_USER_INPUT_METHOD,
UsmUserInputMethod.USM_JSON_FILE_PATH)
.build();
public static final PropertyDescriptor SNMP_USM_USERS_JSON = new
PropertyDescriptor.Builder()
@@ -107,7 +102,7 @@ public class ListenTrapSNMP extends
AbstractSessionFactoryProcessor implements V
.required(false)
.sensitive(true)
.dependsOn(BasicProperties.SNMP_VERSION, BasicProperties.SNMP_V3)
- .dependsOn(SNMP_USM_USER_SOURCE, USM_JSON_CONTENT)
+ .dependsOn(SNMP_USM_USER_INPUT_METHOD,
UsmUserInputMethod.USM_JSON_CONTENT)
.addValidator(JsonValidator.INSTANCE)
.build();
@@ -118,7 +113,7 @@ public class ListenTrapSNMP extends
AbstractSessionFactoryProcessor implements V
.required(false)
.dependsOn(BasicProperties.SNMP_VERSION, BasicProperties.SNMP_V3)
.dependsOn(V3SecurityProperties.SNMP_SECURITY_LEVEL,
V3SecurityProperties.NO_AUTH_NO_PRIV)
- .dependsOn(SNMP_USM_USER_SOURCE, USM_SECURITY_NAMES)
+ .dependsOn(SNMP_USM_USER_INPUT_METHOD,
UsmUserInputMethod.USM_SECURITY_NAMES)
.addValidator(StandardValidators.NON_BLANK_VALIDATOR)
.build();
@@ -137,7 +132,7 @@ public class ListenTrapSNMP extends
AbstractSessionFactoryProcessor implements V
BasicProperties.SNMP_VERSION,
BasicProperties.SNMP_COMMUNITY,
V3SecurityProperties.SNMP_SECURITY_LEVEL,
- SNMP_USM_USER_SOURCE,
+ SNMP_USM_USER_INPUT_METHOD,
SNMP_USM_USERS_JSON_FILE_PATH,
SNMP_USM_USERS_JSON,
SNMP_USM_SECURITY_NAMES
@@ -156,15 +151,12 @@ public class ListenTrapSNMP extends
AbstractSessionFactoryProcessor implements V
public List<ConfigVerificationResult> verify(ProcessContext context,
ComponentLog verificationLogger, Map<String, String> attributes) {
final List<ConfigVerificationResult> results = new ArrayList<>();
- final String usmUserSource =
context.getProperty(SNMP_USM_USER_SOURCE).getValue();
-
- if (usmUserSource != null) {
- final UsmReader usmReader = getUsmReader(context, usmUserSource);
-
+ final String userInputMethodValue =
context.getProperty(SNMP_USM_USER_INPUT_METHOD).getValue();
+ if (userInputMethodValue != null) {
+ final UsmUserInputMethod usmUserInputMethod =
UsmUserInputMethod.fromValue(context.getProperty(SNMP_USM_USER_INPUT_METHOD).getValue());
+ final UsmReader usmReader = getUsmReader(context,
usmUserInputMethod);
try {
- if (usmReader != null) {
- usmReader.readUsm();
- }
+ usmReader.readUsm();
} catch (Exception e) {
results.add(new ConfigVerificationResult.Builder()
.verificationStepName("USM User processing")
@@ -182,23 +174,19 @@ public class ListenTrapSNMP extends
AbstractSessionFactoryProcessor implements V
final int managerPort =
context.getProperty(SNMP_MANAGER_PORT).asInteger();
final String securityLevel =
context.getProperty(V3SecurityProperties.SNMP_SECURITY_LEVEL).getValue();
- SNMPConfiguration configuration;
-
- configuration = SNMPConfiguration.builder()
+ final SNMPConfiguration configuration = SNMPConfiguration.builder()
.setManagerPort(managerPort)
.setVersion(version)
.setSecurityLevel(securityLevel)
.setCommunityString(context.getProperty(BasicProperties.SNMP_COMMUNITY).getValue())
.build();
- final String usmUserSource =
context.getProperty(SNMP_USM_USER_SOURCE).getValue();
-
- if (usmUserSource != null) {
- final UsmReader usmReader = getUsmReader(context, usmUserSource);
- if (usmReader != null) {
- usmUsers = usmReader.readUsm();
- }
+ final String userInputMethodValue =
context.getProperty(SNMP_USM_USER_INPUT_METHOD).getValue();
+ if (userInputMethodValue != null) {
+ final UsmUserInputMethod usmUserInputMethod =
UsmUserInputMethod.fromValue(context.getProperty(SNMP_USM_USER_INPUT_METHOD).getValue());
+ final UsmReader usmReader = getUsmReader(context,
usmUserInputMethod);
+ usmUsers = usmReader.readUsm();
}
snmpTrapReceiverHandler = new SNMPTrapReceiverHandler(configuration,
usmUsers);
@@ -237,20 +225,15 @@ public class ListenTrapSNMP extends
AbstractSessionFactoryProcessor implements V
return PROPERTY_DESCRIPTORS;
}
- private UsmReader getUsmReader(ProcessContext context, String
usmUserSource) {
+ private UsmReader getUsmReader(ProcessContext context, UsmUserInputMethod
usmUserInputMethod) {
final String usmUsersJsonFilePath =
context.getProperty(SNMP_USM_USERS_JSON_FILE_PATH).getValue();
final String usmUsersJson =
context.getProperty(SNMP_USM_USERS_JSON).getValue();
final String usmSecurityNames =
context.getProperty(SNMP_USM_SECURITY_NAMES).getValue();
- UsmReader usmReader = null;
-
- if (USM_JSON_FILE_PATH.getValue().equals(usmUserSource)) {
- usmReader = new JsonFileUsmReader(usmUsersJsonFilePath);
- } else if (USM_JSON_CONTENT.getValue().equals(usmUserSource)) {
- usmReader = new JsonUsmReader(usmUsersJson);
- } else if (USM_SECURITY_NAMES.getValue().equals(usmUserSource)) {
- usmReader = new SecurityNamesUsmReader(usmSecurityNames);
- }
- return usmReader;
+ return switch (usmUserInputMethod) {
+ case USM_JSON_FILE_PATH -> new
JsonFileUsmReader(usmUsersJsonFilePath);
+ case USM_JSON_CONTENT -> new JsonUsmReader(usmUsersJson);
+ case USM_SECURITY_NAMES -> new
SecurityNamesUsmReader(usmSecurityNames);
+ };
}
}
diff --git
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/properties/AuthenticationProtocol.java
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/properties/AuthenticationProtocol.java
new file mode 100644
index 0000000000..1292305dec
--- /dev/null
+++
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/properties/AuthenticationProtocol.java
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.snmp.processors.properties;
+
+import org.apache.nifi.components.DescribedValue;
+import org.snmp4j.security.AuthHMAC128SHA224;
+import org.snmp4j.security.AuthHMAC192SHA256;
+import org.snmp4j.security.AuthHMAC256SHA384;
+import org.snmp4j.security.AuthHMAC384SHA512;
+import org.snmp4j.smi.OID;
+
+public enum AuthenticationProtocol implements DescribedValue {
+ HMAC128SHA224("HMAC128SHA224", "SHA224",
+ "HMAC with SHA224, a variant of SHA-2, used for ensuring data
integrity and authenticity. It combines the HMAC construction with the SHA224
hash function.",
+ AuthHMAC128SHA224.ID),
+ HMAC192SHA256("HMAC192SHA256", "SHA256",
+ "HMAC with SHA256, a widely used secure hash function in the SHA-2
family, providing strong data integrity and authenticity guarantees.",
+ AuthHMAC192SHA256.ID),
+ HMAC256SHA384("HMAC256SHA384", "SHA384",
+ "HMAC with SHA384, a stronger variant of SHA-2 providing a 384-bit
hash for increased security in data integrity and authenticity.",
+ AuthHMAC256SHA384.ID),
+ HMAC384SHA512("HMAC384SHA512", "SHA512",
+ "HMAC with SHA512, using the SHA-2 family with a 512-bit hash,
providing the highest level of security for data integrity and authenticity.",
+ AuthHMAC384SHA512.ID);
+
+ private final String value;
+ private final String displayName;
+ private final String description;
+ private final OID oid;
+
+ AuthenticationProtocol(final String value, final String displayName, final
String description, final OID oid) {
+ this.value = value;
+ this.displayName = displayName;
+ this.description = description;
+ this.oid = oid;
+ }
+
+ @Override
+ public String getValue() {
+ return value;
+ }
+
+ @Override
+ public String getDisplayName() {
+ return displayName;
+ }
+
+ @Override
+ public String getDescription() {
+ return description;
+ }
+
+ public OID getOid() {
+ return oid;
+ }
+}
diff --git
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/properties/PrivacyProtocol.java
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/properties/PrivacyProtocol.java
new file mode 100644
index 0000000000..824bd3094f
--- /dev/null
+++
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/properties/PrivacyProtocol.java
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.snmp.processors.properties;
+
+import org.apache.nifi.components.DescribedValue;
+import org.snmp4j.security.PrivAES128;
+import org.snmp4j.security.PrivAES192;
+import org.snmp4j.security.PrivAES256;
+import org.snmp4j.security.PrivDES;
+import org.snmp4j.smi.OID;
+
+public enum PrivacyProtocol implements DescribedValue {
+ DES("DES", "DES",
+ "Data Encryption Standard (DES) is an older symmetric-key
algorithm used for encrypting digital data. DES is considered insecure due" +
+ " to its short 56-bit key length, which is vulnerable to
brute-force attacks. It is now generally replaced by stronger encryption
protocols.",
+ PrivDES.ID),
+ AES128("AES128", "AES128",
+ "Advanced Encryption Standard (AES) with a 128-bit key length,
offering a balance between speed and security. AES128 is widely considered" +
+ " to be secure and is commonly used in various
cryptographic applications.",
+ PrivAES128.ID),
+ AES192("AES192", "AES192",
+ "Advanced Encryption Standard (AES) with a 192-bit key length,
providing a higher level of security than AES128, suitable for applications" +
+ " that require stronger encryption.",
+ PrivAES192.ID),
+ AES256("AES256", "AES256",
+ "Advanced Encryption Standard (AES) with a 256-bit key length,
offering the highest level of encryption strength. AES256 is the" +
+ " recommended choice for high-security applications and is
considered highly resistant to brute-force attacks.",
+ PrivAES256.ID);
+
+ private final String value;
+ private final String displayName;
+ private final String description;
+ private final OID oid;
+
+ PrivacyProtocol(final String value, final String displayName, final String
description, final OID oid) {
+ this.value = value;
+ this.displayName = displayName;
+ this.description = description;
+ this.oid = oid;
+ }
+
+ public String getValue() {
+ return value;
+ }
+
+ public String getDisplayName() {
+ return displayName;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public OID getOid() {
+ return oid;
+ }
+}
diff --git
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/properties/UsmUserInputMethod.java
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/properties/UsmUserInputMethod.java
new file mode 100644
index 0000000000..6fd13dac54
--- /dev/null
+++
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/properties/UsmUserInputMethod.java
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.snmp.processors.properties;
+
+import org.apache.nifi.components.DescribedValue;
+
+public enum UsmUserInputMethod implements DescribedValue {
+
+ USM_JSON_FILE_PATH("usm-json-file-path", "Json File Path", "The path of
the JSON file containing the USM users"),
+ USM_JSON_CONTENT("usm-json-content", "Json Content", "The JSON containing
the USM users"),
+ USM_SECURITY_NAMES("usm-security-names", "Security Names", "In case of
noAuthNoPriv security level - the list of security names separated by commas");
+
+ private final String value;
+ private final String displayName;
+ private final String description;
+
+ UsmUserInputMethod(String value, String displayName, String description) {
+ this.value = value;
+ this.displayName = displayName;
+ this.description = description;
+ }
+
+ public String getValue() {
+ return value;
+ }
+
+ public String getDisplayName() {
+ return displayName;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public static UsmUserInputMethod fromValue(String value) {
+ for (UsmUserInputMethod source : values()) {
+ if (source.value.equals(value)) {
+ return source;
+ }
+ }
+ throw new IllegalArgumentException("Unknown value: " + value);
+ }
+}
+
diff --git
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/properties/V3SecurityProperties.java
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/properties/V3SecurityProperties.java
index 6566ac6dcf..f1d882608c 100644
---
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/properties/V3SecurityProperties.java
+++
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/properties/V3SecurityProperties.java
@@ -30,10 +30,6 @@ public class V3SecurityProperties {
// Utility class, not needed to instantiate.
}
- private static final String SHA_2_ALGORITHM = "Provides authentication
based on the HMAC-SHA-2 algorithm.";
- private static final String AES_DESCRIPTION = "AES is a symmetric
algorithm which uses the same 128, 192, or 256 bit" +
- " key for both encryption and decryption (the security of an AES
system increases exponentially with key length).";
-
// SNMPv3 security levels
public static final AllowableValue NO_AUTH_NO_PRIV = new
AllowableValue(SecurityLevel.noAuthNoPriv.name(),
SecurityLevel.noAuthNoPriv.name(),
"Communication without authentication and privacy.");
@@ -42,25 +38,6 @@ public class V3SecurityProperties {
public static final AllowableValue AUTH_PRIV = new
AllowableValue(SecurityLevel.authPriv.name(), SecurityLevel.authPriv.name(),
"Communication with authentication and privacy.");
- // SNMPv3 authentication protocols
- public static final AllowableValue HMAC128SHA224 = new
AllowableValue("HMAC128SHA224", "SHA224",
- SHA_2_ALGORITHM);
- public static final AllowableValue HMAC192SHA256 = new
AllowableValue("HMAC192SHA256", "SHA256",
- SHA_2_ALGORITHM);
- public static final AllowableValue HMAC256SHA384 = new
AllowableValue("HMAC256SHA384", "SHA384",
- SHA_2_ALGORITHM);
- public static final AllowableValue HMAC384SHA512 = new
AllowableValue("HMAC384SHA512", "SHA512",
- SHA_2_ALGORITHM);
-
- // SNMPv3 encryption
- public static final AllowableValue DES = new AllowableValue("DES", "DES",
- "Symmetric-key algorithm for the encryption of digital data. DES
has been considered insecure" +
- " because of the feasibility of brute-force attacks. We
recommend using the AES encryption protocol.");
-
- public static final AllowableValue AES128 = new AllowableValue("AES128",
"AES128", AES_DESCRIPTION);
- public static final AllowableValue AES192 = new AllowableValue("AES192",
"AES192", AES_DESCRIPTION);
- public static final AllowableValue AES256 = new AllowableValue("AES256",
"AES256", AES_DESCRIPTION);
-
public static final PropertyDescriptor SNMP_SECURITY_LEVEL = new
PropertyDescriptor.Builder()
.name("snmp-security-level")
.displayName("SNMP Security Level")
@@ -88,7 +65,7 @@ public class V3SecurityProperties {
.displayName("SNMP Authentication Protocol")
.description("Hash based authentication protocol for secure
authentication.")
.required(true)
- .allowableValues(HMAC128SHA224, HMAC192SHA256, HMAC256SHA384,
HMAC384SHA512)
+ .allowableValues(AuthenticationProtocol.class)
.dependsOn(SNMP_SECURITY_LEVEL, AUTH_NO_PRIV, AUTH_PRIV)
.build();
@@ -107,7 +84,7 @@ public class V3SecurityProperties {
.displayName("SNMP Privacy Protocol")
.description("Privacy allows for encryption of SNMP v3 messages to
ensure confidentiality of data.")
.required(true)
- .allowableValues(DES, AES128, AES192, AES256)
+ .allowableValues(PrivacyProtocol.class)
.dependsOn(SNMP_SECURITY_LEVEL, AUTH_PRIV)
.build();
diff --git
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/utils/SNMPUtils.java
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/utils/SNMPUtils.java
index 7019fcf771..3fb7371f0c 100644
---
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/utils/SNMPUtils.java
+++
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/utils/SNMPUtils.java
@@ -16,25 +16,12 @@
*/
package org.apache.nifi.snmp.utils;
-import org.apache.nifi.snmp.exception.InvalidAuthProtocolException;
-import org.apache.nifi.snmp.exception.InvalidPrivProtocolException;
import org.apache.nifi.snmp.exception.InvalidSnmpVersionException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.snmp4j.PDU;
import org.snmp4j.PDUv1;
import org.snmp4j.mp.SnmpConstants;
-import org.snmp4j.security.AuthHMAC128SHA224;
-import org.snmp4j.security.AuthHMAC192SHA256;
-import org.snmp4j.security.AuthHMAC256SHA384;
-import org.snmp4j.security.AuthHMAC384SHA512;
-import org.snmp4j.security.AuthMD5;
-import org.snmp4j.security.AuthSHA;
-import org.snmp4j.security.Priv3DES;
-import org.snmp4j.security.PrivAES128;
-import org.snmp4j.security.PrivAES192;
-import org.snmp4j.security.PrivAES256;
-import org.snmp4j.security.PrivDES;
import org.snmp4j.smi.AbstractVariable;
import org.snmp4j.smi.AssignableFromInteger;
import org.snmp4j.smi.AssignableFromLong;
@@ -67,8 +54,6 @@ public final class SNMPUtils {
private static final String OID_PROP_PATTERN = SNMP_PROP_PREFIX + "%s" +
SNMP_PROP_DELIMITER + "%s";
private static final Pattern OID_PATTERN = Pattern.compile("[0-9+.]*");
- private static final Map<String, OID> AUTH_MAP;
- private static final Map<String, OID> PRIV_MAP;
private static final Map<String, String> REPORT_MAP;
private static final Map<String, Integer> VERSION_MAP;
@@ -87,27 +72,6 @@ public final class SNMPUtils {
REPORT_MAP = Collections.unmodifiableMap(map);
}
- static {
- final Map<String, OID> map = new HashMap<>();
- map.put("DES", PrivDES.ID);
- map.put("3DES", Priv3DES.ID);
- map.put("AES128", PrivAES128.ID);
- map.put("AES192", PrivAES192.ID);
- map.put("AES256", PrivAES256.ID);
- PRIV_MAP = Collections.unmodifiableMap(map);
- }
-
- static {
- final Map<String, OID> map = new HashMap<>();
- map.put("SHA", AuthSHA.ID);
- map.put("MD5", AuthMD5.ID);
- map.put("HMAC128SHA224", AuthHMAC128SHA224.ID);
- map.put("HMAC192SHA256", AuthHMAC192SHA256.ID);
- map.put("HMAC256SHA384", AuthHMAC256SHA384.ID);
- map.put("HMAC384SHA512", AuthHMAC384SHA512.ID);
- AUTH_MAP = Collections.unmodifiableMap(map);
- }
-
static {
final Map<String, Integer> map = new HashMap<>();
map.put("SNMPv1", SnmpConstants.version1);
@@ -152,21 +116,6 @@ public final class SNMPUtils {
return attributes;
}
- public static OID getPriv(final String privProtocol) {
- if (PRIV_MAP.containsKey(privProtocol)) {
- return PRIV_MAP.get(privProtocol);
- }
- throw new InvalidPrivProtocolException("Invalid privacy protocol
provided.");
- }
-
-
- public static OID getAuth(final String authProtocol) {
- if (AUTH_MAP.containsKey(authProtocol)) {
- return AUTH_MAP.get(authProtocol);
- }
- throw new InvalidAuthProtocolException("Invalid authentication
protocol provided.");
- }
-
public static boolean addVariables(final PDU pdu, final Map<String,
String> attributes) {
boolean result = false;
try {
diff --git
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/utils/UsmUserDeserializer.java
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/utils/UsmUserDeserializer.java
index f07ccf78a7..779084a82d 100644
---
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/utils/UsmUserDeserializer.java
+++
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/utils/UsmUserDeserializer.java
@@ -20,6 +20,8 @@ import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.deser.std.StdDeserializer;
+import org.apache.nifi.snmp.processors.properties.AuthenticationProtocol;
+import org.apache.nifi.snmp.processors.properties.PrivacyProtocol;
import org.snmp4j.security.UsmUser;
import org.snmp4j.smi.OID;
import org.snmp4j.smi.OctetString;
@@ -34,13 +36,13 @@ class UsmUserDeserializer extends StdDeserializer<UsmUser> {
@Override
public UsmUser deserialize(JsonParser jp, DeserializationContext ctxt)
throws IOException {
- JsonNode node = jp.getCodec().readTree(jp);
- String securityName = node.get("securityName").asText();
+ final JsonNode node = jp.getCodec().readTree(jp);
+ final String securityName = node.get("securityName").asText();
OID authProtocol = null;
final JsonNode authProtocolNode = node.get("authProtocol");
if (authProtocolNode != null) {
- authProtocol = SNMPUtils.getAuth(authProtocolNode.asText());
+ authProtocol =
AuthenticationProtocol.valueOf(authProtocolNode.asText()).getOid();
}
OctetString authPassphrase = null;
@@ -57,7 +59,7 @@ class UsmUserDeserializer extends StdDeserializer<UsmUser> {
OID privProtocol = null;
final JsonNode privProtocolNode = node.get("privProtocol");
if (privProtocolNode != null) {
- privProtocol = SNMPUtils.getPriv(privProtocolNode.asText());
+ privProtocol =
PrivacyProtocol.valueOf(privProtocolNode.asText()).getOid();
}
OctetString privPassphrase = null;
diff --git
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/resources/docs/org.apache.nifi.snmp.processors.ListenTrapSNMP/additionalDetails.md
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/resources/docs/org.apache.nifi.snmp.processors.ListenTrapSNMP/additionalDetails.md
index c3f859a631..9a58ef2fe1 100644
---
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/resources/docs/org.apache.nifi.snmp.processors.ListenTrapSNMP/additionalDetails.md
+++
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/resources/docs/org.apache.nifi.snmp.processors.ListenTrapSNMP/additionalDetails.md
@@ -17,27 +17,27 @@
## Summary
-This processor listens to SNMP traps and creates a flowfile from the trap PDU.
The versions SNMPv1, SNMPv2c and SNMPv3
-are supported. The component is based on [SNMP4J](http://www.snmp4j.org/).
+The ListenTrapSNMP processor listens for incoming SNMP traps and generates a
FlowFile from the received Protocol Data Unit (PDU). It supports SNMPv1,
SNMPv2c, and SNMPv3, utilizing the SNMP4J library.
-SNMPv3 has user-based security. The USM Users Source property allows users to
choose between three different ways to
-provide the USM user database. An example json file containing two users:
+When configured to use SNMPv3, SNMPv1 and SNMPv2c are automatically disabled.
As a result, traps using SNMPv1 or SNMPv2c message models will not be received
or processed. This is done to enforce a higher level of security, as SNMPv1 and
SNMPv2c transmit community strings in plaintext, making them vulnerable to
interception and unauthorized access.
+
+For SNMPv3, security is based on a User-Based Security Model (USM). The 'USM
Users Input Method' property allows users to configure the USM user database in
different ways. Below is an example JSON file defining two users as "Json
Content":
```json
[
{
"securityName": "user1",
- "authProtocol": "MD5",
- "authPassphrase": "abc12345",
- "privProtocol": "DES",
- "privPassphrase": "abc12345"
+ "authProtocol": "HMAC384SHA512",
+ "authPassphrase": "authPassphrase1",
+ "privProtocol": "AES192",
+ "privPassphrase": "privPassphrase1"
},
{
- "securityName": "newUser2",
- "authProtocol": "MD5",
- "authPassphrase": "abc12345",
+ "securityName": "user2",
+ "authProtocol": "HMAC192SHA256",
+ "authPassphrase": "authPassphrase2",
"privProtocol": "AES256",
- "privPassphrase": "abc12345"
+ "privPassphrase": "privPassphrase2"
}
]
diff --git
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/operations/SNMPTrapReceiverHandlerTest.java
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/operations/SNMPTrapReceiverHandlerTest.java
index f6ad2bb08e..0b9fe21aae 100644
---
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/operations/SNMPTrapReceiverHandlerTest.java
+++
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/operations/SNMPTrapReceiverHandlerTest.java
@@ -19,6 +19,7 @@ package org.apache.nifi.snmp.operations;
import org.apache.nifi.processor.ProcessSessionFactory;
import org.apache.nifi.snmp.configuration.SNMPConfiguration;
import org.apache.nifi.snmp.utils.JsonFileUsmReader;
+import org.apache.nifi.snmp.utils.JsonUsmReaderTestBase;
import org.apache.nifi.util.MockComponentLog;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentCaptor;
@@ -42,8 +43,6 @@ import static org.mockito.Mockito.when;
class SNMPTrapReceiverHandlerTest {
- public static final String USERS_JSON = "src/test/resources/users.json";
-
@Test
void testTrapReceiverCreatesCommandResponder() {
final SNMPConfiguration snmpConfiguration =
mock(SNMPConfiguration.class);
@@ -86,7 +85,7 @@ class SNMPTrapReceiverHandlerTest {
@Test
void testAddUsmUsers() {
- final List<UsmUser> usmUsers = new
JsonFileUsmReader(USERS_JSON).readUsm();
+ final List<UsmUser> usmUsers = new
JsonFileUsmReader(JsonUsmReaderTestBase.USERS_JSON_PATH).readUsm();
final SNMPConfiguration snmpConfiguration = SNMPConfiguration.builder()
.setManagerPort(0)
diff --git
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/operations/SNMPTrapReceiverTest.java
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/operations/SNMPTrapReceiverTest.java
index 2c9a3bed2b..75d26b32a5 100644
---
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/operations/SNMPTrapReceiverTest.java
+++
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/operations/SNMPTrapReceiverTest.java
@@ -18,6 +18,8 @@ package org.apache.nifi.snmp.operations;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.processor.ProcessSessionFactory;
+import org.apache.nifi.snmp.helper.configurations.SNMPConfigurationFactory;
+import
org.apache.nifi.snmp.helper.configurations.SNMPV1V2cConfigurationFactory;
import org.apache.nifi.snmp.processors.ListenTrapSNMP;
import org.apache.nifi.util.LogMessage;
import org.apache.nifi.util.MockComponentLog;
@@ -29,6 +31,7 @@ import org.junit.jupiter.api.Test;
import org.snmp4j.CommandResponderEvent;
import org.snmp4j.PDU;
import org.snmp4j.PDUv1;
+import org.snmp4j.mp.SnmpConstants;
import org.snmp4j.smi.Address;
import org.snmp4j.smi.OID;
import org.snmp4j.smi.VariableBinding;
@@ -54,13 +57,16 @@ class SNMPTrapReceiverTest {
private PDU mockPdu;
private SNMPTrapReceiver snmpTrapReceiver;
+ private static final SNMPConfigurationFactory snmpV1ConfigurationFactory =
new SNMPV1V2cConfigurationFactory(SnmpConstants.version1);
+
@BeforeEach
public void init() {
mockProcessSessionFactory = mock(ProcessSessionFactory.class);
mockComponentLog = new MockComponentLog("componentId",
MOCK_COMPONENT_ID);
mockPdu = mock(PDU.class);
- snmpTrapReceiver = new SNMPTrapReceiver(mockProcessSessionFactory,
mockComponentLog);
+ snmpTrapReceiver = new SNMPTrapReceiver(mockProcessSessionFactory,
snmpV1ConfigurationFactory.createSnmpListenTrapConfig(0), mockComponentLog);
+
final ListenTrapSNMP listenTrapSNMP = new ListenTrapSNMP();
mockProcessSession = new MockProcessSession(new
SharedSessionState(listenTrapSNMP, new AtomicLong(0L)), listenTrapSNMP);
}
diff --git
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/utils/JsonFileUsmReaderTest.java
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/utils/JsonFileUsmReaderTest.java
index 098bcd334b..d8db60558d 100644
---
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/utils/JsonFileUsmReaderTest.java
+++
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/utils/JsonFileUsmReaderTest.java
@@ -47,4 +47,10 @@ class JsonFileUsmReaderTest extends JsonUsmReaderTestBase {
assertThrows(ProcessException.class, jsonFileUsmReader::readUsm);
}
+ @Test
+ void testReadLegacyJsonThrowsException() {
+ final UsmReader jsonFileUsmReader = new
JsonFileUsmReader(LEGACY_USERS_JSON_PATH);
+ assertThrows(ProcessException.class, jsonFileUsmReader::readUsm);
+ }
+
}
diff --git
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/utils/JsonUsmReaderTestBase.java
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/utils/JsonUsmReaderTestBase.java
index 82402d0503..8dc5362c86 100644
---
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/utils/JsonUsmReaderTestBase.java
+++
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/utils/JsonUsmReaderTestBase.java
@@ -25,9 +25,10 @@ import java.util.List;
public class JsonUsmReaderTestBase {
- static final String USERS_JSON_PATH = "src/test/resources/users.json";
- static final String NOT_FOUND_USERS_JSON_PATH =
"src/test/resources/not_found.json";
- static final String INVALID_USERS_JSON_PATH =
"src/test/resources/invalid_users.json";
+ public static final String USERS_JSON_PATH =
"src/test/resources/usm_users.json";
+ public static final String NOT_FOUND_USERS_JSON_PATH =
"src/test/resources/not_found.json";
+ public static final String INVALID_USERS_JSON_PATH =
"src/test/resources/invalid_usm_user_protocol.json";
+ public static final String LEGACY_USERS_JSON_PATH =
"src/test/resources/invalid_usm_user_legacy_protocol.json";
static final List<UsmUser> expectedUsmUsers;
@@ -35,14 +36,14 @@ public class JsonUsmReaderTestBase {
expectedUsmUsers = new ArrayList<>();
expectedUsmUsers.add(new UsmUser(
new OctetString("user1"),
- new OID("1.3.6.1.6.3.10.1.1.2"),
+ new OID("1.3.6.1.6.3.10.1.1.7"),
new OctetString("abc12345"),
- new OID("1.3.6.1.6.3.10.1.2.2"),
+ new OID("1.3.6.1.4.1.4976.2.2.1.1.1"),
new OctetString("abc12345")
));
expectedUsmUsers.add(new UsmUser(
new OctetString("user2"),
- new OID("1.3.6.1.6.3.10.1.1.3"),
+ new OID("1.3.6.1.6.3.10.1.1.5"),
new OctetString("abc12345"),
new OID("1.3.6.1.4.1.4976.2.2.1.1.2"),
new OctetString("abc12345")
diff --git
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/users.json
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/invalid_usm_user_legacy_protocol.json
similarity index 95%
rename from
nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/users.json
rename to
nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/invalid_usm_user_legacy_protocol.json
index 113586e9c8..52f74c69c7 100644
---
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/users.json
+++
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/invalid_usm_user_legacy_protocol.json
@@ -1,16 +1,16 @@
-[
- {
- "securityName":"user1",
- "authProtocol":"MD5",
- "authPassphrase":"abc12345",
- "privProtocol":"DES",
- "privPassphrase":"abc12345"
- },
- {
- "securityName":"user2",
- "authProtocol":"SHA",
- "authPassphrase":"abc12345",
- "privProtocol":"AES256",
- "privPassphrase":"abc12345"
- }
+[
+ {
+ "securityName":"user1",
+ "authProtocol":"MD5",
+ "authPassphrase":"abc12345",
+ "privProtocol":"DES",
+ "privPassphrase":"abc12345"
+ },
+ {
+ "securityName":"user2",
+ "authProtocol":"SHA",
+ "authPassphrase":"abc12345",
+ "privProtocol":"AES256",
+ "privPassphrase":"abc12345"
+ }
]
\ No newline at end of file
diff --git
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/invalid_users.json
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/invalid_usm_user_protocol.json
similarity index 100%
copy from
nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/invalid_users.json
copy to
nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/invalid_usm_user_protocol.json
diff --git
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/invalid_users.json
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/usm_users.json
similarity index 66%
rename from
nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/invalid_users.json
rename to
nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/usm_users.json
index 806440382b..c93257b6d6 100644
---
a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/invalid_users.json
+++
b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/usm_users.json
@@ -1,14 +1,14 @@
[
{
"securityName":"user1",
- "authProtocol":"INVALID",
+ "authProtocol":"HMAC384SHA512",
"authPassphrase":"abc12345",
- "privProtocol":"DES",
+ "privProtocol":"AES192",
"privPassphrase":"abc12345"
},
{
"securityName":"user2",
- "authProtocol":"SHA",
+ "authProtocol":"HMAC192SHA256",
"authPassphrase":"abc12345",
"privProtocol":"AES256",
"privPassphrase":"abc12345"
