diff --git a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/utils/UsmUserDeserializer.java b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/utils/UsmUserDeserializer.java index 779084a82d27..1296ba55bab8 100644 --- a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/utils/UsmUserDeserializer.java +++ b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/utils/UsmUserDeserializer.java @@ -73,12 +73,23 @@ public UsmUser deserialize(JsonParser jp, DeserializationContext ctxt) throws IO "authentication protocol is specified."); } + OctetString localizationEngineID = null; + final JsonNode localizationEngineIDNode = node.get("localizationEngineID"); + if (localizationEngineIDNode != null) { + if (localizationEngineIDNode.asText().contains(":")) { + localizationEngineID = OctetString.fromHexString(localizationEngineIDNode.asText()); + } else { + localizationEngineID = OctetString.fromHexStringPairs(localizationEngineIDNode.asText()); + } + } + return new UsmUser( new OctetString(securityName), authProtocol, authPassphrase, privProtocol, - privPassphrase + privPassphrase, + localizationEngineID ); } } diff --git a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/resources/docs/org.apache.nifi.snmp.processors.ListenTrapSNMP/additionalDetails.md b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/resources/docs/org.apache.nifi.snmp.processors.ListenTrapSNMP/additionalDetails.md index 9a58ef2fe14c..3988d647d50c 100644 --- a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/resources/docs/org.apache.nifi.snmp.processors.ListenTrapSNMP/additionalDetails.md +++ b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/resources/docs/org.apache.nifi.snmp.processors.ListenTrapSNMP/additionalDetails.md @@ -21,7 +21,7 @@ The ListenTrapSNMP processor listens for incoming SNMP traps and generates a Flo When configured to use SNMPv3, SNMPv1 and SNMPv2c are automatically disabled. As a result, traps using SNMPv1 or SNMPv2c message models will not be received or processed. This is done to enforce a higher level of security, as SNMPv1 and SNMPv2c transmit community strings in plaintext, making them vulnerable to interception and unauthorized access. -For SNMPv3, security is based on a User-Based Security Model (USM). The 'USM Users Input Method' property allows users to configure the USM user database in different ways. Below is an example JSON file defining two users as "Json Content": +For SNMPv3, security is based on a User-Based Security Model (USM). The 'USM Users Input Method' property allows users to configure the USM user database in different ways. Below is an example JSON file defining three users as "Json Content": ```json [ @@ -37,8 +37,18 @@ For SNMPv3, security is based on a User-Based Security Model (USM). The 'USM Use "authProtocol": "HMAC192SHA256", "authPassphrase": "authPassphrase2", "privProtocol": "AES256", - "privPassphrase": "privPassphrase2" + "privPassphrase": "privPassphrase2", + "localizationEngineID":"00:0A:95:9D:68:16" + }, + { + "securityName":"user3", + "authProtocol":"HMAC384SHA512", + "authPassphrase":"authPassphrase3", + "privProtocol":"AES256", + "privPassphrase":"privPassphrase3", + "localizationEngineID":"08A69E" } ] -``` \ No newline at end of file +``` +**NOTE:** `localizationEngineID` is not required, but if specified it must be a hex string either with or without colon delimiters. \ No newline at end of file diff --git a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/operations/SNMPTrapReceiverHandlerTest.java b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/operations/SNMPTrapReceiverHandlerTest.java index 0b9fe21aae1b..07bee38b7959 100644 --- a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/operations/SNMPTrapReceiverHandlerTest.java +++ b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/operations/SNMPTrapReceiverHandlerTest.java @@ -99,7 +99,7 @@ void testAddUsmUsers() { trapReceiverHandler.setSnmpManager(mockSnmpManager); trapReceiverHandler.createTrapReceiver(null, null); - verify(mockSnmpManager.getUSM(), times(2)).addUser(usmUserCaptor.capture()); + verify(mockSnmpManager.getUSM(), times(3)).addUser(usmUserCaptor.capture()); verify(mockSnmpManager).addCommandResponder(any(SNMPTrapReceiver.class)); assertTrue(trapReceiverHandler.isStarted()); diff --git a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/utils/JsonUsmReaderTest.java b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/utils/JsonUsmReaderTest.java index 955efe6f5ec2..b80f732b1ac6 100644 --- a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/utils/JsonUsmReaderTest.java +++ b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/utils/JsonUsmReaderTest.java @@ -56,8 +56,7 @@ void testReadInvalidJsonThrowsException() { } static String readFile(String path) throws IOException { - byte[] encoded = Files.readAllBytes(Paths.get(path)); - return new String(encoded, StandardCharsets.UTF_8); + return Files.readString(Paths.get(path), StandardCharsets.UTF_8); } } diff --git a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/utils/JsonUsmReaderTestBase.java b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/utils/JsonUsmReaderTestBase.java index 8dc5362c8677..f34f12dac67a 100644 --- a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/utils/JsonUsmReaderTestBase.java +++ b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/java/org/apache/nifi/snmp/utils/JsonUsmReaderTestBase.java @@ -31,6 +31,7 @@ public class JsonUsmReaderTestBase { public static final String LEGACY_USERS_JSON_PATH = "src/test/resources/invalid_usm_user_legacy_protocol.json"; static final List expectedUsmUsers; + private static final OctetString EMPTY_LOCALIZATION_ENGINE_ID = null; static { expectedUsmUsers = new ArrayList<>(); @@ -39,15 +40,25 @@ public class JsonUsmReaderTestBase { new OID("1.3.6.1.6.3.10.1.1.7"), new OctetString("abc12345"), new OID("1.3.6.1.4.1.4976.2.2.1.1.1"), - new OctetString("abc12345") + new OctetString("abc12345"), + EMPTY_LOCALIZATION_ENGINE_ID + )); expectedUsmUsers.add(new UsmUser( new OctetString("user2"), new OID("1.3.6.1.6.3.10.1.1.5"), new OctetString("abc12345"), new OID("1.3.6.1.4.1.4976.2.2.1.1.2"), - new OctetString("abc12345") + new OctetString("abc12345"), + OctetString.fromHexString("00:0A:95:9D:68:16") + )); + expectedUsmUsers.add(new UsmUser( + new OctetString("user3"), + new OID("1.3.6.1.6.3.10.1.1.7"), + new OctetString("abc12345"), + new OID("1.3.6.1.4.1.4976.2.2.1.1.2"), + new OctetString("abc12345"), + OctetString.fromHexStringPairs("08A69E") )); } - } diff --git a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/usm_users.json b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/usm_users.json index c93257b6d640..2ab3cb58b642 100644 --- a/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/usm_users.json +++ b/nifi-extension-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/test/resources/usm_users.json @@ -11,6 +11,15 @@ "authProtocol":"HMAC192SHA256", "authPassphrase":"abc12345", "privProtocol":"AES256", - "privPassphrase":"abc12345" + "privPassphrase":"abc12345", + "localizationEngineID":"00:0A:95:9D:68:16" + }, + { + "securityName":"user3", + "authProtocol":"HMAC384SHA512", + "authPassphrase":"abc12345", + "privProtocol":"AES256", + "privPassphrase":"abc12345", + "localizationEngineID":"08A69E" } ] \ No newline at end of file