Hi Peter,
The Provider positions are 1-based. You wrote that you used 0
as position. That won't work (-1 is returned). Have you tried
it with position 1?
Best regards,
Frank
Am 03.11.2011 22:56, schrieb Frank Fock:
> Hi Peter,
>
> I will try to add the requested configurability.
> The ticket number is SFJ-52.
>
> Best regards,
> Frank
>
>
> Am 02.11.2011 13:36, schrieb Peter Verthez:
>> Hi Frank,
>>
>> To elaborate on this (because the context wasn't really explained in the
>> original mail of Jones):
>>
>> We found that in performance tests on our product (with a big number of
>> agents) that there was a high thread contention for SNMPv3 managed
>> agents. A jstack showed that a lot of our threads were running in the
>> following stack frame at the moment of the jstack, which indicates that
>> this functionality generates a relatively big load:
>>
>> "JM-282" prio=3 tid=0x000000013f032800 nid=0x391 runnable
>> [0xfffffffc89f38000]
>> java.lang.Thread.State: RUNNABLE
>> at sun.security.pkcs11.wrapper.PKCS11.C_DestroyObject(Native Method)
>> at sun.security.pkcs11.SessionKeyRef.dispose(P11Key.java:1070)
>> at
>> sun.security.pkcs11.SessionKeyRef.drainRefQueueBounded(P11Key.java:1046)
>> at sun.security.pkcs11.SessionKeyRef.<init>(P11Key.java:1061)
>> at sun.security.pkcs11.P11Key.<init>(P11Key.java:97)
>> at sun.security.pkcs11.P11Key$P11SecretKey.<init>(P11Key.java:374)
>> at sun.security.pkcs11.P11Key.secretKey(P11Key.java:266)
>> at
>> sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:222)
>> at
>> sun.security.pkcs11.P11SecretKeyFactory.convertKey(P11SecretKeyFactory.java:131)
>> at sun.security.pkcs11.P11Cipher.engineGetKeySize(P11Cipher.java:828)
>> at javax.crypto.Cipher.b(DashoA13*..)
>> at javax.crypto.Cipher.a(DashoA13*..)
>> at javax.crypto.Cipher.a(DashoA13*..)
>> at javax.crypto.Cipher.a(DashoA13*..)
>> - locked<0xfffffffd81aa1ca8> (a java.lang.Object)
>> at javax.crypto.Cipher.init(DashoA13*..)
>> at javax.crypto.Cipher.init(DashoA13*..)
>> at org.snmp4j.security.PrivDES.encrypt(PrivDES.java:111)
>> at org.snmp4j.security.USM.generateResponseMessage(USM.java:461)
>> at org.snmp4j.security.USM.generateRequestMessage(USM.java:215)
>> at org.snmp4j.mp.MPv3.prepareOutgoingMessage(MPv3.java:767)
>> at
>> org.snmp4j.MessageDispatcherImpl.sendPdu(MessageDispatcherImpl.java:444)
>> at org.snmp4j.Snmp.sendMessage(Snmp.java:1067)
>> at org.snmp4j.Snmp.send(Snmp.java:895)
>> - locked<0xfffffffd81aa2068> (a
>> org.snmp4j.Snmp$SyncResponseListener)
>> at org.snmp4j.Snmp.send(Snmp.java:875)
>>
>> Originally, our performance team pointed in the direction of SNMP4J,
>> saying that SNMP4J should probably not call Cipher.init() so much, but I
>> could show them that section 8.1.1.1 in RFC 2574 requires to init the
>> Cipher for each packet separately.
>>
>> So then we started looking at alternatives, and we found that if we
>> hacked SNMP4J to use the Apache BouncyCastle security provider, the
>> thread contention was gone and our application behaved properly. So
>> presumably the Sun JCE security provider that is used by default by
>> SNMP4J is not very optimally written.
>>
>> Now, we would not like to have to maintain our own patch on SNMP4J, so
>> that is where the question from Jones came from: we tried to change the
>> default security provider that SNMP4J uses without touching SNMP4J's
>> code, but Security.insertProviderAt() apparently doesn't help in that
>> even if we insert the provider at position 0.
>>
>> Could an API be added to permit applications to change the security
>> provider that SNMP4J uses?
>>
>> Best regards,
>> Peter.
>>
>>
>> On 24/10/2011 9:00, jones vinu wrote:
>>> Hi Frank,
>>> We would want to change the Cipher encryption provider in
>>> our application used by snmp4j since the Sun JCE provider is heavy weight .
>>> But unfortunately we have not been able to change it without modifying
>>> snmp4j since the Sun JCE provider is considered as the default provider
>>> even when we insert Apache bouncy castle as the first priority provider.
>>> Hence it would be good if we have option to configure the provider as a
>>> Configurable parameter in some property file.
>>>
>>> Security.insertProviderAt(new BouncyCastleProvider(), 0);
>>> try {
>>> Cipher alg = Cipher.getInstance("DESede/CBC/NoPadding");
>>> System.out.println(alg.getProvider());
>>> } catch (NoSuchAlgorithmException e) {
>>> // TODO Auto-generated catch block
>>> e.printStackTrace();
>>> } catch (NoSuchPaddingException e) {
>>> // TODO Auto-generated catch block
>>> e.printStackTrace();
>>> }
>>> Output :SunJCE version 1.6
>>>
>>> And using it as
>>> Cipher alg = Cipher.getInstance("DESede/CBC/NoPadding","BC");
>>> Output :BC version 1.4
>>>
>>> Thanks
>>> Jones
>>>
>>> _______________________________________________
>>> SNMP4J mailing list
>>> SNMP4J@agentpp.org
>>> http://lists.agentpp.org/mailman/listinfo/snmp4j
> _______________________________________________
> SNMP4J mailing list
> SNMP4J@agentpp.org
> http://lists.agentpp.org/mailman/listinfo/snmp4j
_______________________________________________
SNMP4J mailing list
SNMP4J@agentpp.org
http://lists.agentpp.org/mailman/listinfo/snmp4j
