SNMPMgr Class

Properties   Methods   Events   Config Settings   Errors  

The SNMPMgr class is used to implement UDP-based SNMP Management Applications.

Syntax

class ipworkssnmp.SNMPMgr

Remarks

The SNMPMgr class implements a UDP-based standard SNMP Manager as specified in the SNMP RFCs. The class supports SNMP v1, v2c, and v3.

SNMP over DTLS is also supported when ssl_enabled is set to True. When acting as a client, the on_ssl_server_authentication event allows you to check the server identity and other security attributes. The on_ssl_status event provides information about the DTLS handshake. Additional SSL-related settings are also supported through the config method. When acting as a server, the SSLCert properties are used to select a certificate for the server. When client authentication is required, the ssl_authenticate_clients property can be set to True and the on_ssl_client_authentication event can be used to examine client credentials.

The class provides both encoding/decoding and transport capabilities, making the task of developing a custom SNMP manager as simple as setting a few key properties and handling a few events. SNMP data, such as for instance SNMP object id-s (OID-s) are exchanged as text strings, thus further simplifying the task of handling them.

The class is activated/deactivated by calling the activate or deactivate method. These methods enable or disable sending and receiving. The activation status can be found in the active property.

Messages are received through events such as on_response, on_trap, or on_inform_request. SNMP Traps are received through the on_trap event.

Messages are sent to other agents or managers by using class's methods such as send_get_request, send_get_next_request, send_get_bulk_request, send_set_request, and send_inform_request.

SNMP OIDs, types, and values are provided in the objects collection of SNMP objects for both sent and received packets.

SNMPv3 USM security is enabled by setting properties such as user, authentication_password, and encryption_password and calling the discover method to bind to a particular agent (remote_engine_id). Upon successful discovery, received packets are checked for integrity (authentication) and timeliness. Note that the discovery step is optional, and may be avoided if the values for remote_engine_id, remote_engine_boots, and remote_engine_time are known in advance and provided to the class through the respective properties.

By default, the class operates synchronously (except for the discover method), sending a request and waiting until the corresponding response has been received. This behavior may be overridden by setting timeout to 0, in which case the class returns control immediately after a send, and responses are received exclusively through the on_response event.

Property List


The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

accept_dataEnables or disables data reception.
activeIndicates whether the class is active.
authentication_passwordThe password used for SNMPv3 authentication.
authentication_protocolThe authentication protocol used for SNMPv3 packets.
communityThe community string used to authenticate SNMP packets.
encryption_algorithmThe encryption algorithm used for SNMPv3 packets.
encryption_passwordThe password used for SNMPv3 privacy.
error_descriptionDescription of the status code for the last SNMP packet received by the class.
error_indexIndex of the first variable (object) that caused an error from the last SNMP response.
error_statusStatus code for the last SNMP packet received by the class.
local_engine_idThe Engine Id of the SNMP Manager.
local_hostThe name of the local host or user-assigned IP interface through which connections are initiated or accepted.
local_portThe port in the local host where the SNMP Manager is bound to.
obj_countThe number of records in the Obj arrays.
obj_typeThe current object's type.
obj_idThe current object's id which is encoded as a string of numbers separated by periods.
obj_type_stringA string representation of the current object's ObjectType .
obj_valueThe current object's value.
remote_engine_bootsThe remote engine boots (SNMPv3).
remote_engine_idThe Engine Id of the remote agent.
remote_engine_timeThe remote engine time (SNMPv3).
remote_hostThe address of the remote host. Domain names are resolved to IP addresses.
remote_portThe port where the remote SNMP agent is listening.
request_idThe request-id to mark outgoing packets with.
snmp_versionVersion of SNMP used for outgoing requests.
ssl_accept_server_cert_effective_dateThe date on which this certificate becomes valid.
ssl_accept_server_cert_expiration_dateThe date on which the certificate expires.
ssl_accept_server_cert_extended_key_usageA comma-delimited list of extended key usage identifiers.
ssl_accept_server_cert_fingerprintThe hex-encoded, 16-byte MD5 fingerprint of the certificate.
ssl_accept_server_cert_fingerprint_sha1The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.
ssl_accept_server_cert_fingerprint_sha256The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.
ssl_accept_server_cert_issuerThe issuer of the certificate.
ssl_accept_server_cert_private_keyThe private key of the certificate (if available).
ssl_accept_server_cert_private_key_availableWhether a PrivateKey is available for the selected certificate.
ssl_accept_server_cert_private_key_containerThe name of the PrivateKey container for the certificate (if available).
ssl_accept_server_cert_public_keyThe public key of the certificate.
ssl_accept_server_cert_public_key_algorithmThe textual description of the certificate's public key algorithm.
ssl_accept_server_cert_public_key_lengthThe length of the certificate's public key (in bits).
ssl_accept_server_cert_serial_numberThe serial number of the certificate encoded as a string.
ssl_accept_server_cert_signature_algorithmThe text description of the certificate's signature algorithm.
ssl_accept_server_cert_storeThe name of the certificate store for the client certificate.
ssl_accept_server_cert_store_passwordIf the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.
ssl_accept_server_cert_store_typeThe type of certificate store for this certificate.
ssl_accept_server_cert_subject_alt_namesComma-separated lists of alternative subject names for the certificate.
ssl_accept_server_cert_thumbprint_md5The MD5 hash of the certificate.
ssl_accept_server_cert_thumbprint_sha1The SHA-1 hash of the certificate.
ssl_accept_server_cert_thumbprint_sha256The SHA-256 hash of the certificate.
ssl_accept_server_cert_usageThe text description of UsageFlags .
ssl_accept_server_cert_usage_flagsThe flags that show intended use for the certificate.
ssl_accept_server_cert_versionThe certificate's version number.
ssl_accept_server_cert_subjectThe subject of the certificate used for client authentication.
ssl_accept_server_cert_encodedThe certificate (PEM/Base64 encoded).
ssl_authenticate_clientsIf set to True, the server asks the client(s) for a certificate.
ssl_cert_effective_dateThe date on which this certificate becomes valid.
ssl_cert_expiration_dateThe date on which the certificate expires.
ssl_cert_extended_key_usageA comma-delimited list of extended key usage identifiers.
ssl_cert_fingerprintThe hex-encoded, 16-byte MD5 fingerprint of the certificate.
ssl_cert_fingerprint_sha1The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.
ssl_cert_fingerprint_sha256The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.
ssl_cert_issuerThe issuer of the certificate.
ssl_cert_private_keyThe private key of the certificate (if available).
ssl_cert_private_key_availableWhether a PrivateKey is available for the selected certificate.
ssl_cert_private_key_containerThe name of the PrivateKey container for the certificate (if available).
ssl_cert_public_keyThe public key of the certificate.
ssl_cert_public_key_algorithmThe textual description of the certificate's public key algorithm.
ssl_cert_public_key_lengthThe length of the certificate's public key (in bits).
ssl_cert_serial_numberThe serial number of the certificate encoded as a string.
ssl_cert_signature_algorithmThe text description of the certificate's signature algorithm.
ssl_cert_storeThe name of the certificate store for the client certificate.
ssl_cert_store_passwordIf the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.
ssl_cert_store_typeThe type of certificate store for this certificate.
ssl_cert_subject_alt_namesComma-separated lists of alternative subject names for the certificate.
ssl_cert_thumbprint_md5The MD5 hash of the certificate.
ssl_cert_thumbprint_sha1The SHA-1 hash of the certificate.
ssl_cert_thumbprint_sha256The SHA-256 hash of the certificate.
ssl_cert_usageThe text description of UsageFlags .
ssl_cert_usage_flagsThe flags that show intended use for the certificate.
ssl_cert_versionThe certificate's version number.
ssl_cert_subjectThe subject of the certificate used for client authentication.
ssl_cert_encodedThe certificate (PEM/Base64 encoded).
ssl_enabledWhether DTLS is enabled.
ssl_server_cert_effective_dateThe date on which this certificate becomes valid.
ssl_server_cert_expiration_dateThe date on which the certificate expires.
ssl_server_cert_extended_key_usageA comma-delimited list of extended key usage identifiers.
ssl_server_cert_fingerprintThe hex-encoded, 16-byte MD5 fingerprint of the certificate.
ssl_server_cert_fingerprint_sha1The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.
ssl_server_cert_fingerprint_sha256The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.
ssl_server_cert_issuerThe issuer of the certificate.
ssl_server_cert_private_keyThe private key of the certificate (if available).
ssl_server_cert_private_key_availableWhether a PrivateKey is available for the selected certificate.
ssl_server_cert_private_key_containerThe name of the PrivateKey container for the certificate (if available).
ssl_server_cert_public_keyThe public key of the certificate.
ssl_server_cert_public_key_algorithmThe textual description of the certificate's public key algorithm.
ssl_server_cert_public_key_lengthThe length of the certificate's public key (in bits).
ssl_server_cert_serial_numberThe serial number of the certificate encoded as a string.
ssl_server_cert_signature_algorithmThe text description of the certificate's signature algorithm.
ssl_server_cert_storeThe name of the certificate store for the client certificate.
ssl_server_cert_store_passwordIf the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.
ssl_server_cert_store_typeThe type of certificate store for this certificate.
ssl_server_cert_subject_alt_namesComma-separated lists of alternative subject names for the certificate.
ssl_server_cert_thumbprint_md5The MD5 hash of the certificate.
ssl_server_cert_thumbprint_sha1The SHA-1 hash of the certificate.
ssl_server_cert_thumbprint_sha256The SHA-256 hash of the certificate.
ssl_server_cert_usageThe text description of UsageFlags .
ssl_server_cert_usage_flagsThe flags that show intended use for the certificate.
ssl_server_cert_versionThe certificate's version number.
ssl_server_cert_subjectThe subject of the certificate used for client authentication.
ssl_server_cert_encodedThe certificate (PEM/Base64 encoded).
store_walk_objectsTells the class whether or not to store returned objects.
timeoutThis property includes the timeout for the class.
userThe user name used for SNMPv3 authentication.
walk_limitThe limit of oid's returned in a walk.

Method List


The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

activateActivates the class.
configSets or retrieves a configuration setting.
deactivateDeactivates the class.
discoverPerforms SNMPv3 discovery.
do_eventsThis method processes events from the internal message queue.
hash_passwordsHashes all passwords in the cache.
interruptThis method interrupts the current method.
resetClears the object arrays.
send_get_bulk_requestSend a GetBulkRequest packet.
send_get_next_requestSend GetNextRequest packet.
send_get_requestSend GetRequest packet.
send_inform_requestSend an InformRequest packet.
send_set_requestSend Set Request packet.
valueReturns the value corresponding to an OID.
walkDoes an SNMP walk starting with the specified oid.

Event List


The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

on_bad_packetFired for erroneous and/or malformed messages.
on_connectedFired immediately after a connection completes (or fails).
on_disconnectedFired when a connection is closed.
on_discovery_requestFired when an SNMPv3 discovery packet is received.
on_discovery_responseFired when an SNMPv3 discovery response is received.
on_errorFired when information is available about errors during data delivery.
on_hash_passwordFired before and after a password is hashed.
on_inform_requestFired when an InformRequest packet is received.
on_packet_traceFired for every packet sent or received.
on_ready_to_sendFired when the class is ready to send data.
on_reportFired when a Report packet is received.
on_responseFired when a GetResponse packet is received.
on_ssl_client_authenticationFired when the client presents its credentials to the server.
on_ssl_server_authenticationFires when connecting to the server.
on_ssl_statusShows the progress of the secure connection.
on_trapFired when a SNMP trap packet is received.

Config Settings


The following is a list of config settings for the class with short descriptions. Click on the links for further details.

AllowSingleStepDiscoveryWhether to allow discovery to be completed in a single step.
CheckMessageOriginWhether to match the origin IP address when receiving responses.
CheckSNMPVersionWhether to check the version of incoming packets.
CompatibilityModeWhether to operate the class in a specific compatibility mode.
ContextEngineIdSets the context engine id of the SNMP entity.
ContextNameSets the context name of the SNMP entity.
DecryptLogPacketsWhether to decrypt logged packets.
ForceLocalPortForces the class to bind to a specific port.
IgnoreDuplicateResponseWhether to ignore duplicate responses.
IgnorePortMismatchWhether to check if the port matches when a response is received.
IncomingContextEngineIdThe engine Id of the received packet.
IncomingContextNameThe context name of the received packet.
MsgMaxSizeThe maximum supported message size.
SourceAddressThe source address of the received packet.
SourcePortThe source port of the received packet.
TimeoutInMillisecondsThe timeout is treated as milliseconds.
WalkInsideRangeStops the SNMP walk if the OID value returned from an agent is outside the table.
WalkStartOIDSpecifies the OID to be used when a Walk is performed.
CaptureIPPacketInfoUsed to capture the packet information.
DelayHostResolutionWhether the hostname is resolved when RemoteHost is set.
DestinationAddressUsed to get the destination address from the packet information.
DontFragmentUsed to set the Don't Fragment flag of outgoing packets.
LocalHostThe name of the local host through which connections are initiated or accepted.
LocalPortThe port in the local host where the class binds.
MaxPacketSizeThe maximum length of the packets that can be received.
QOSDSCPValueUsed to specify an arbitrary QOS/DSCP setting (optional).
QOSTrafficTypeUsed to specify QOS/DSCP settings (optional).
ShareLocalPortIf set to True, allows more than one instance of the class to be active on the same local port.
SourceIPAddressUsed to set the source IP address used when sending a packet.
SourceMacAddressUsed to set the source MAC address used when sending a packet.
UseConnectionDetermines whether to use a connected socket.
UseIPv6Whether or not to use IPv6.
AbsoluteTimeoutDetermines whether timeouts are inactivity timeouts or absolute timeouts.
FirewallDataUsed to send extra data to the firewall.
InBufferSizeThe size in bytes of the incoming queue of the socket.
OutBufferSizeThe size in bytes of the outgoing queue of the socket.
BuildInfoInformation about the product's build.
CodePageThe system code page used for Unicode to Multibyte translations.
LicenseInfoInformation about the current license.
MaskSensitiveDataWhether sensitive data is masked in log messages.
ProcessIdleEventsWhether the class uses its internal event loop to process events when the main thread is idle.
SelectWaitMillisThe length of time in milliseconds the class will wait when DoEvents is called if there are no events to process.
UseInternalSecurityAPIWhether or not to use the system security libraries or an internal implementation.

accept_data Property

Enables or disables data reception.

Syntax

def get_accept_data() -> bool: ...
def set_accept_data(value: bool) -> None: ...

accept_data = property(get_accept_data, set_accept_data)

Default Value

TRUE

Remarks

Setting the property to False temporarily disables data reception. Setting the property to True re-enables data reception.

active Property

Indicates whether the class is active.

Syntax

def get_active() -> bool: ...
def set_active(value: bool) -> None: ...

active = property(get_active, set_active)

Default Value

FALSE

Remarks

This property indicates whether the class is currently active and can send or receive data.

The class will be automatically activated if it is not already and you attempt to perform an operation which requires the class to be active.

Use the activate and deactivate methods to control whether the class is active.

authentication_password Property

The password used for SNMPv3 authentication.

Syntax

def get_authentication_password() -> str: ...
def set_authentication_password(value: str) -> None: ...

authentication_password = property(get_authentication_password, set_authentication_password)

Default Value

""

Remarks

Every time encryption_password, authentication_password, or remote_engine_id are set, a localized key is computed automatically, and cached internally.

authentication_protocol Property

The authentication protocol used for SNMPv3 packets.

Syntax

def get_authentication_protocol() -> int: ...
def set_authentication_protocol(value: int) -> None: ...

authentication_protocol = property(get_authentication_protocol, set_authentication_protocol)

Default Value

1

Remarks

This property defines the authentication protocol used when snmp_version is set to snmpverV3. Possible values are:

  • 1 (HMAC-MD5-96 - default)
  • 2 (HMAC-SHA-96)
  • 3 (HMAC-192-SHA-256)
  • 4 (HMAC-384-SHA-512)

community Property

The community string used to authenticate SNMP packets.

Syntax

def get_community() -> str: ...
def set_community(value: str) -> None: ...

community = property(get_community, set_community)

Default Value

"public"

Remarks

Must match the community name that is specified on the agent.

Typical values are "public" or "private".

This property is used for all SNMP packets sent by the class.

encryption_algorithm Property

The encryption algorithm used for SNMPv3 packets.

Syntax

def get_encryption_algorithm() -> int: ...
def set_encryption_algorithm(value: int) -> None: ...

encryption_algorithm = property(get_encryption_algorithm, set_encryption_algorithm)

Default Value

1

Remarks

In order to use encryption, you must set the encryption_password property. The supported algorithms for encryption are:

DES (1)Data Encryption Standard.
AES (2)Advanced Encryption Standard with key length of 128.
3DES (3)Triple Data Encryption Standard.
AES192 (4)Advanced Encryption Standard with key length of 192.
AES256 (5)Advanced Encryption Standard with key length of 256.

encryption_password Property

The password used for SNMPv3 privacy.

Syntax

def get_encryption_password() -> str: ...
def set_encryption_password(value: str) -> None: ...

encryption_password = property(get_encryption_password, set_encryption_password)

Default Value

""

Remarks

Every time encryption_password, authentication_password, or remote_engine_id are set, a localized key is computed automatically, and cached internally.

error_description Property

Description of the status code for the last SNMP packet received by the class.

Syntax

def get_error_description() -> str: ...

error_description = property(get_error_description, None)

Default Value

"0"

Remarks

Please refer to the error_status property for more information.

This property is read-only.

error_index Property

Index of the first variable (object) that caused an error from the last SNMP response.

Syntax

def get_error_index() -> int: ...

error_index = property(get_error_index, None)

Default Value

0

Remarks

This property is used in conjunction with the error_status property, and refers to the object that caused the error reported in the last SNMP response. This value is parsed directly from the SNMP response, which will be a one-based value, so a value of i here maps to index i-1 in the objects collection.

The error_index property has no meaning when the error_status property is 0 (no error).

This property is read-only.

error_status Property

Status code for the last SNMP packet received by the class.

Syntax

def get_error_status() -> int: ...

error_status = property(get_error_status, None)

Default Value

0

Remarks

This property is used in conjunction with the error_index property, which denotes the index of the variable in error. The error_description property provides a textual description of the error.

The following is a list of valid SNMP status code values:

0 (noError) No error.
1 (tooBig) The response cannot fit in a single SNMP message.
2 (noSuchName) Variable does not exist.
3 (badValue) Invalid value or syntax.
4 (readOnly) Variable is read-only.
5 (genError) Other error (SNMPv1).
6 (noAccess) Access denied.
7 (wrongType) Wrong object type.
8 (wrongLength) Wrong length.
9 (wrongEncoding) Wrong encoding.
10 (wrongValue) Wrong value.
11 (noCreation) No creation.
12 (inconsistentValue) Inconsistent value.
13 (resourceUnavailable) Resource unavailable.
14 (commitFailed) Commit failed.
15 (undoFailed) Undo failed.
16 (authorizationError) Authorization error.
17 (notWritable) Variable is not writable.
18 (inconsistentName) Inconsistent name.
The ErrorIndex parameter indicates the index of the first variable (object) that caused an error. The default value is 0.

Variable indexes start with 0. ErrorIndex has no meaning when ErrorStatus is 0 (no error).

The default value is 0 (no error).

This property is read-only.

local_engine_id Property

The Engine Id of the SNMP Manager.

Syntax

def get_local_engine_id() -> bytes: ...
def set_local_engine_id(value: bytes) -> None: ...

local_engine_id = property(get_local_engine_id, set_local_engine_id)

Default Value

""

Remarks

This property is only used for SNMPv3 packets (when snmp_version is 3).

local_host Property

The name of the local host or user-assigned IP interface through which connections are initiated or accepted.

Syntax

def get_local_host() -> str: ...
def set_local_host(value: str) -> None: ...

local_host = property(get_local_host, set_local_host)

Default Value

""

Remarks

This property contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multihomed hosts (machines with more than one IP interface) setting LocalHost to the IP address of an interface will make the class initiate connections (or accept in the case of server classs) only through that interface. It is recommended to provide an IP address rather than a hostname when setting this property to ensure the desired interface is used.

If the class is connected, the local_host property shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multihomed hosts (machines with more than one IP interface).

Note: local_host is not persistent. You must always set it in code, and never in the property window.

local_port Property

The port in the local host where the SNMP Manager is bound to.

Syntax

def get_local_port() -> int: ...
def set_local_port(value: int) -> None: ...

local_port = property(get_local_port, set_local_port)

Default Value

0

Remarks

The local_port property must be set before the class is activated (active is set to True). It instructs the class to bind to a specific port (or communication endpoint) in the local machine. The default port is 0 (random port). If you would like to receive traps, set local_port to 162 (standard trap port). However, it is recommended that the SNMPTrapMgr class be used for listening to traps, because SNMPMgr is limited to receiving SNMPv3 traps from a single agent only. SNMPTrapMgr does not have this limitation.

local_port cannot be changed once the class is active. Any attempt to set the local_port property when the class is active will generate an error.

Note: on macOS and iOS, root permissions are required to set local_port to any value below 1024.

obj_count Property

The number of records in the Obj arrays.

Syntax

def get_obj_count() -> int: ...
def set_obj_count(value: int) -> None: ...

obj_count = property(get_obj_count, set_obj_count)

Default Value

0

Remarks

This property controls the size of the following arrays:

The array indices start at 0 and end at obj_count - 1.

obj_type Property

The current object's type.

Syntax

def get_obj_type(obj_index: int) -> int: ...
def set_obj_type(obj_index: int, value: int) -> None: ...

Default Value

5

Remarks

The current object's type. The default type is NULL (5).

The corresponding object id and value are specified by the obj_oid and obj_value properties.

Possible object type values include:

otInteger (2) 2
otOctetString (4) 4
otNull (5) 5
otObjectID (6) 6
otIPAddress (64)64
otCounter32 (65)65
otGauge32 (66)66
otTimeTicks (67)67
otOpaque (68)68
otNSAP (69)69
otCounter64 (70)70
otUnsignedInteger32 (71)71

The class also supports the following artificial object values used to designate error conditions:

otNoSuchObject (128)No such object error.
otNoSuchInstance (129)No such instance error.
otEndOfMibView (130)End of MIB View error.

The obj_index parameter specifies the index of the item in the array. The size of the array is controlled by the obj_count property.

obj_id Property

The current object's id which is encoded as a string of numbers separated by periods.

Syntax

def get_obj_id(obj_index: int) -> str: ...
def set_obj_id(obj_index: int, value: str) -> None: ...

Default Value

""

Remarks

The current object's id which is encoded as a string of numbers separated by periods. For instance: "1.3.6.1.2.1.1.1.0" (OID for "system description").

The corresponding object type and value (if any) are specified by the object_type and obj_value properties.

Example

SNMPControl.ObjCount = 1 SNMPControl.ObjId(0) = "1.3.6.1.2.1.1.1.0"

The obj_index parameter specifies the index of the item in the array. The size of the array is controlled by the obj_count property.

obj_type_string Property

A string representation of the current object's ObjectType .

Syntax

def get_obj_type_string(obj_index: int) -> str: ...

Default Value

""

Remarks

A string representation of the current object's object_type.

The corresponding object id and value are specified by the obj_oid and obj_value properties.

The obj_index parameter specifies the index of the item in the array. The size of the array is controlled by the obj_count property.

This property is read-only.

obj_value Property

The current object's value.

Syntax

def get_obj_value(obj_index: int) -> bytes: ...
def set_obj_value(obj_index: int, value: bytes) -> None: ...

Default Value

""

Remarks

The current object's value. The corresponding object id and type are specified by the obj_oid and object_type properties.

Example

SNMPControl.ObjCount = 1 SNMPControl.ObjId(0) = "1.3.6.1.2.1.1.1.0" SNMPControl.ObjValue(0) = "New Value"

The obj_index parameter specifies the index of the item in the array. The size of the array is controlled by the obj_count property.

remote_engine_boots Property

The remote engine boots (SNMPv3).

Syntax

def get_remote_engine_boots() -> int: ...
def set_remote_engine_boots(value: int) -> None: ...

remote_engine_boots = property(get_remote_engine_boots, set_remote_engine_boots)

Default Value

0

Remarks

This property is used in conjunction with the remote_engine_time property. Please refer to the description of the remote_engine_time property, and the discover method for further information.

remote_engine_id Property

The Engine Id of the remote agent.

Syntax

def get_remote_engine_id() -> bytes: ...
def set_remote_engine_id(value: bytes) -> None: ...

remote_engine_id = property(get_remote_engine_id, set_remote_engine_id)

Default Value

""

Remarks

This property is only used for SNMPv3 packets (see snmp_version), and is reset every time remote_host or remote_port changes.

remote_engine_id is normally discovered through the discover method. However, by manually supplying a value for the property, remote_engine_id discovery step may be eliminated, thus avoiding the extra roundtrip to the agent (remote_engine_boots and remote_engine_time are also required for user authentication - please refer to the discover method for more information).

remote_engine_time Property

The remote engine time (SNMPv3).

Syntax

def get_remote_engine_time() -> int: ...
def set_remote_engine_time(value: int) -> None: ...

remote_engine_time = property(get_remote_engine_time, set_remote_engine_time)

Default Value

0

Remarks

remote_engine_time is used by SNMPv3 authentication to ensure timeliness of requests, and avoid replay attacks.

The value of remote_engine_time is provided as what is expected to be the current value of the remote engine clock based on a cached time differential between the remote engine clock and the local engine time obtained during the discovery process (see discover).

This property is used in conjunction with remote_engine_boots. Please refer to the remote_engine_boots property and the discover method for more information.

remote_host Property

The address of the remote host. Domain names are resolved to IP addresses.

Syntax

def get_remote_host() -> str: ...
def set_remote_host(value: str) -> None: ...

remote_host = property(get_remote_host, set_remote_host)

Default Value

""

Remarks

The remote_host property specifies the IP address (IP number in dotted internet format) or Domain Name of the host SNMP requests or traps are sent to.

If remote_host is set to 255.255.255.255, the class broadcasts data on the local subnet.

If the remote_host property is set to a Domain Name, a DNS request is initiated and upon successful termination of the request, the remote_host property is set to the corresponding address. If the search is not successful, an error is returned.

remote_port Property

The port where the remote SNMP agent is listening.

Syntax

def get_remote_port() -> int: ...
def set_remote_port(value: int) -> None: ...

remote_port = property(get_remote_port, set_remote_port)

Default Value

161

Remarks

The remote_port is the port on the remote_host to send SNMP requests to.

A valid port number (a value between 1 and 65535) is required. The default value is 161.

request_id Property

The request-id to mark outgoing packets with.

Syntax

def get_request_id() -> int: ...
def set_request_id(value: int) -> None: ...

request_id = property(get_request_id, set_request_id)

Default Value

1

Remarks

If a custom value is needed for request_id, the property must be set before sending the request. The class increments request_id automatically after sending each packet.

snmp_version Property

Version of SNMP used for outgoing requests.

Syntax

def get_snmp_version() -> int: ...
def set_snmp_version(value: int) -> None: ...

snmp_version = property(get_snmp_version, set_snmp_version)

Default Value

2

Remarks

This property takes one of the following values:

snmpverV1 (1)SNMP Version 1.
snmpverV2c (2)SNMP Version 2c.
snmpverV3 (3)SNMP Version 3.

ssl_accept_server_cert_effective_date Property

The date on which this certificate becomes valid.

Syntax

def get_ssl_accept_server_cert_effective_date() -> str: ...

ssl_accept_server_cert_effective_date = property(get_ssl_accept_server_cert_effective_date, None)

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

ssl_accept_server_cert_expiration_date Property

The date on which the certificate expires.

Syntax

def get_ssl_accept_server_cert_expiration_date() -> str: ...

ssl_accept_server_cert_expiration_date = property(get_ssl_accept_server_cert_expiration_date, None)

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

ssl_accept_server_cert_extended_key_usage Property

A comma-delimited list of extended key usage identifiers.

Syntax

def get_ssl_accept_server_cert_extended_key_usage() -> str: ...

ssl_accept_server_cert_extended_key_usage = property(get_ssl_accept_server_cert_extended_key_usage, None)

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

ssl_accept_server_cert_fingerprint Property

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

def get_ssl_accept_server_cert_fingerprint() -> str: ...

ssl_accept_server_cert_fingerprint = property(get_ssl_accept_server_cert_fingerprint, None)

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

ssl_accept_server_cert_fingerprint_sha1 Property

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

def get_ssl_accept_server_cert_fingerprint_sha1() -> str: ...

ssl_accept_server_cert_fingerprint_sha1 = property(get_ssl_accept_server_cert_fingerprint_sha1, None)

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

ssl_accept_server_cert_fingerprint_sha256 Property

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

def get_ssl_accept_server_cert_fingerprint_sha256() -> str: ...

ssl_accept_server_cert_fingerprint_sha256 = property(get_ssl_accept_server_cert_fingerprint_sha256, None)

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

ssl_accept_server_cert_issuer Property

The issuer of the certificate.

Syntax

def get_ssl_accept_server_cert_issuer() -> str: ...

ssl_accept_server_cert_issuer = property(get_ssl_accept_server_cert_issuer, None)

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

ssl_accept_server_cert_private_key Property

The private key of the certificate (if available).

Syntax

def get_ssl_accept_server_cert_private_key() -> str: ...

ssl_accept_server_cert_private_key = property(get_ssl_accept_server_cert_private_key, None)

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The ssl_accept_server_cert_private_key may be available but not exportable. In this case, ssl_accept_server_cert_private_key returns an empty string.

This property is read-only.

ssl_accept_server_cert_private_key_available Property

Whether a PrivateKey is available for the selected certificate.

Syntax

def get_ssl_accept_server_cert_private_key_available() -> bool: ...

ssl_accept_server_cert_private_key_available = property(get_ssl_accept_server_cert_private_key_available, None)

Default Value

FALSE

Remarks

Whether a ssl_accept_server_cert_private_key is available for the selected certificate. If ssl_accept_server_cert_private_key_available is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

ssl_accept_server_cert_private_key_container Property

The name of the PrivateKey container for the certificate (if available).

Syntax

def get_ssl_accept_server_cert_private_key_container() -> str: ...

ssl_accept_server_cert_private_key_container = property(get_ssl_accept_server_cert_private_key_container, None)

Default Value

""

Remarks

The name of the ssl_accept_server_cert_private_key container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

ssl_accept_server_cert_public_key Property

The public key of the certificate.

Syntax

def get_ssl_accept_server_cert_public_key() -> str: ...

ssl_accept_server_cert_public_key = property(get_ssl_accept_server_cert_public_key, None)

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

ssl_accept_server_cert_public_key_algorithm Property

The textual description of the certificate's public key algorithm.

Syntax

def get_ssl_accept_server_cert_public_key_algorithm() -> str: ...

ssl_accept_server_cert_public_key_algorithm = property(get_ssl_accept_server_cert_public_key_algorithm, None)

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

ssl_accept_server_cert_public_key_length Property

The length of the certificate's public key (in bits).

Syntax

def get_ssl_accept_server_cert_public_key_length() -> int: ...

ssl_accept_server_cert_public_key_length = property(get_ssl_accept_server_cert_public_key_length, None)

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

ssl_accept_server_cert_serial_number Property

The serial number of the certificate encoded as a string.

Syntax

def get_ssl_accept_server_cert_serial_number() -> str: ...

ssl_accept_server_cert_serial_number = property(get_ssl_accept_server_cert_serial_number, None)

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

ssl_accept_server_cert_signature_algorithm Property

The text description of the certificate's signature algorithm.

Syntax

def get_ssl_accept_server_cert_signature_algorithm() -> str: ...

ssl_accept_server_cert_signature_algorithm = property(get_ssl_accept_server_cert_signature_algorithm, None)

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

ssl_accept_server_cert_store Property

The name of the certificate store for the client certificate.

Syntax

def get_ssl_accept_server_cert_store() -> bytes: ...
def set_ssl_accept_server_cert_store(value: bytes) -> None: ...

ssl_accept_server_cert_store = property(get_ssl_accept_server_cert_store, set_ssl_accept_server_cert_store)

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The ssl_accept_server_cert_store_type property denotes the type of the certificate store specified by ssl_accept_server_cert_store. If the store is password-protected, specify the password in ssl_accept_server_cert_store_password.

ssl_accept_server_cert_store is used in conjunction with the ssl_accept_server_cert_subject property to specify client certificates. If ssl_accept_server_cert_store has a value, and ssl_accept_server_cert_subject or ssl_accept_server_cert_encoded is set, a search for a certificate is initiated. Please see the ssl_accept_server_cert_subject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

MYA certificate store holding personal certificates with their associated private keys.
CACertifying authority certificates.
ROOTRoot certificates.

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

ssl_accept_server_cert_store_password Property

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

def get_ssl_accept_server_cert_store_password() -> str: ...
def set_ssl_accept_server_cert_store_password(value: str) -> None: ...

ssl_accept_server_cert_store_password = property(get_ssl_accept_server_cert_store_password, set_ssl_accept_server_cert_store_password)

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

ssl_accept_server_cert_store_type Property

The type of certificate store for this certificate.

Syntax

def get_ssl_accept_server_cert_store_type() -> int: ...
def set_ssl_accept_server_cert_store_type(value: int) -> None: ...

ssl_accept_server_cert_store_type = property(get_ssl_accept_server_cert_store_type, set_ssl_accept_server_cert_store_type)

Default Value

0

Remarks

The type of certificate store for this certificate.

The class supports both public and private keys in a variety of formats. When the cstAuto value is used, the class will automatically determine the type. This property can take one of the following values:

0 (cstUser - default)For Windows, this specifies that the certificate store is a certificate store owned by the current user.

Note: This store type is not available in Java.

1 (cstMachine)For Windows, this specifies that the certificate store is a machine store.

Note: This store type is not available in Java.

2 (cstPFXFile)The certificate store is the name of a PFX (PKCS#12) file containing certificates.
3 (cstPFXBlob)The certificate store is a string (binary or Base64-encoded) representing a certificate store in PFX (PKCS#12) format.
4 (cstJKSFile)The certificate store is the name of a Java Key Store (JKS) file containing certificates.

Note: This store type is only available in Java.

5 (cstJKSBlob)The certificate store is a string (binary or Base64-encoded) representing a certificate store in Java Key Store (JKS) format.

Note: This store type is only available in Java.

6 (cstPEMKeyFile)The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate.
7 (cstPEMKeyBlob)The certificate store is a string (binary or Base64-encoded) that contains a private key and an optional certificate.
8 (cstPublicKeyFile)The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate.
9 (cstPublicKeyBlob)The certificate store is a string (binary or Base64-encoded) that contains a PEM- or DER-encoded public key certificate.
10 (cstSSHPublicKeyBlob)The certificate store is a string (binary or Base64-encoded) that contains an SSH-style public key.
11 (cstP7BFile)The certificate store is the name of a PKCS#7 file containing certificates.
12 (cstP7BBlob)The certificate store is a string (binary) representing a certificate store in PKCS#7 format.
13 (cstSSHPublicKeyFile)The certificate store is the name of a file that contains an SSH-style public key.
14 (cstPPKFile)The certificate store is the name of a file that contains a PPK (PuTTY Private Key).
15 (cstPPKBlob)The certificate store is a string (binary) that contains a PPK (PuTTY Private Key).
16 (cstXMLFile)The certificate store is the name of a file that contains a certificate in XML format.
17 (cstXMLBlob)The certificate store is a string that contains a certificate in XML format.
18 (cstJWKFile)The certificate store is the name of a file that contains a JWK (JSON Web Key).
19 (cstJWKBlob)The certificate store is a string that contains a JWK (JSON Web Key).
21 (cstBCFKSFile)The certificate store is the name of a file that contains a BCFKS (Bouncy Castle FIPS Key Store).

Note: This store type is only available in Java and .NET.

22 (cstBCFKSBlob)The certificate store is a string (binary or Base64-encoded) representing a certificate store in BCFKS (Bouncy Castle FIPS Key Store) format.

Note: This store type is only available in Java and .NET.

23 (cstPKCS11)The certificate is present on a physical security key accessible via a PKCS#11 interface.

To use a security key, the necessary data must first be collected using the CertMgr class. The list_store_certificates method may be called after setting cert_store_type to cstPKCS11, cert_store_password to the PIN, and cert_store to the full path of the PKCS#11 DLL. The certificate information returned in the on_cert_list event's CertEncoded parameter may be saved for later use.

When using a certificate, pass the previously saved security key information as the ssl_accept_server_cert_store and set ssl_accept_server_cert_store_password to the PIN.

Code Example. SSH Authentication with Security Key: certmgr.CertStoreType = CertStoreTypes.cstPKCS11; certmgr.OnCertList += (s, e) => { secKeyBlob = e.CertEncoded; }; certmgr.CertStore = @"C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll"; certmgr.CertStorePassword = "123456"; //PIN certmgr.ListStoreCertificates(); sftp.SSHCert = new Certificate(CertStoreTypes.cstPKCS11, secKeyBlob, "123456", "*"); sftp.SSHUser = "test"; sftp.SSHLogon("myhost", 22);

99 (cstAuto)The store type is automatically detected from the input data. This setting may be used with both public and private keys and can detect any of the supported formats automatically.

ssl_accept_server_cert_subject_alt_names Property

Comma-separated lists of alternative subject names for the certificate.

Syntax

def get_ssl_accept_server_cert_subject_alt_names() -> str: ...

ssl_accept_server_cert_subject_alt_names = property(get_ssl_accept_server_cert_subject_alt_names, None)

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

ssl_accept_server_cert_thumbprint_md5 Property

The MD5 hash of the certificate.

Syntax

def get_ssl_accept_server_cert_thumbprint_md5() -> str: ...

ssl_accept_server_cert_thumbprint_md5 = property(get_ssl_accept_server_cert_thumbprint_md5, None)

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

ssl_accept_server_cert_thumbprint_sha1 Property

The SHA-1 hash of the certificate.

Syntax

def get_ssl_accept_server_cert_thumbprint_sha1() -> str: ...

ssl_accept_server_cert_thumbprint_sha1 = property(get_ssl_accept_server_cert_thumbprint_sha1, None)

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

ssl_accept_server_cert_thumbprint_sha256 Property

The SHA-256 hash of the certificate.

Syntax

def get_ssl_accept_server_cert_thumbprint_sha256() -> str: ...

ssl_accept_server_cert_thumbprint_sha256 = property(get_ssl_accept_server_cert_thumbprint_sha256, None)

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

ssl_accept_server_cert_usage Property

The text description of UsageFlags .

Syntax

def get_ssl_accept_server_cert_usage() -> str: ...

ssl_accept_server_cert_usage = property(get_ssl_accept_server_cert_usage, None)

Default Value

""

Remarks

The text description of ssl_accept_server_cert_usage_flags.

This value will be one or more of the following strings and will be separated by commas:

  • Digital Signature
  • Non-Repudiation
  • Key Encipherment
  • Data Encipherment
  • Key Agreement
  • Certificate Signing
  • CRL Signing
  • Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

ssl_accept_server_cert_usage_flags Property

The flags that show intended use for the certificate.

Syntax

def get_ssl_accept_server_cert_usage_flags() -> int: ...

ssl_accept_server_cert_usage_flags = property(get_ssl_accept_server_cert_usage_flags, None)

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of ssl_accept_server_cert_usage_flags is a combination of the following flags:

0x80Digital Signature
0x40Non-Repudiation
0x20Key Encipherment
0x10Data Encipherment
0x08Key Agreement
0x04Certificate Signing
0x02CRL Signing
0x01Encipher Only

Please see the ssl_accept_server_cert_usage property for a text representation of ssl_accept_server_cert_usage_flags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

ssl_accept_server_cert_version Property

The certificate's version number.

Syntax

def get_ssl_accept_server_cert_version() -> str: ...

ssl_accept_server_cert_version = property(get_ssl_accept_server_cert_version, None)

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

ssl_accept_server_cert_subject Property

The subject of the certificate used for client authentication.

Syntax

def get_ssl_accept_server_cert_subject() -> str: ...
def set_ssl_accept_server_cert_subject(value: str) -> None: ...

ssl_accept_server_cert_subject = property(get_ssl_accept_server_cert_subject, set_ssl_accept_server_cert_subject)

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

FieldMeaning
CNCommon Name. This is commonly a hostname like www.server.com.
OOrganization
OUOrganizational Unit
LLocality
SState
CCountry
EEmail Address

If a field value contains a comma, it must be quoted.

ssl_accept_server_cert_encoded Property

The certificate (PEM/Base64 encoded).

Syntax

def get_ssl_accept_server_cert_encoded() -> bytes: ...
def set_ssl_accept_server_cert_encoded(value: bytes) -> None: ...

ssl_accept_server_cert_encoded = property(get_ssl_accept_server_cert_encoded, set_ssl_accept_server_cert_encoded)

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The ssl_accept_server_cert_store and ssl_accept_server_cert_subject properties also may be used to specify a certificate.

When ssl_accept_server_cert_encoded is set, a search is initiated in the current ssl_accept_server_cert_store for the private key of the certificate. If the key is found, ssl_accept_server_cert_subject is updated to reflect the full subject of the selected certificate; otherwise, ssl_accept_server_cert_subject is set to an empty string.

ssl_authenticate_clients Property

If set to True, the server asks the client(s) for a certificate.

Syntax

def get_ssl_authenticate_clients() -> bool: ...
def set_ssl_authenticate_clients(value: bool) -> None: ...

ssl_authenticate_clients = property(get_ssl_authenticate_clients, set_ssl_authenticate_clients)

Default Value

FALSE

Remarks

This property is used in conjunction with the on_ssl_client_authentication event. Please refer to the documentation of the on_ssl_client_authentication event for details.

ssl_cert_effective_date Property

The date on which this certificate becomes valid.

Syntax

def get_ssl_cert_effective_date() -> str: ...

ssl_cert_effective_date = property(get_ssl_cert_effective_date, None)

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

ssl_cert_expiration_date Property

The date on which the certificate expires.

Syntax

def get_ssl_cert_expiration_date() -> str: ...

ssl_cert_expiration_date = property(get_ssl_cert_expiration_date, None)

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

ssl_cert_extended_key_usage Property

A comma-delimited list of extended key usage identifiers.

Syntax

def get_ssl_cert_extended_key_usage() -> str: ...

ssl_cert_extended_key_usage = property(get_ssl_cert_extended_key_usage, None)

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

ssl_cert_fingerprint Property

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

def get_ssl_cert_fingerprint() -> str: ...

ssl_cert_fingerprint = property(get_ssl_cert_fingerprint, None)

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

ssl_cert_fingerprint_sha1 Property

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

def get_ssl_cert_fingerprint_sha1() -> str: ...

ssl_cert_fingerprint_sha1 = property(get_ssl_cert_fingerprint_sha1, None)

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

ssl_cert_fingerprint_sha256 Property

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

def get_ssl_cert_fingerprint_sha256() -> str: ...

ssl_cert_fingerprint_sha256 = property(get_ssl_cert_fingerprint_sha256, None)

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

ssl_cert_issuer Property

The issuer of the certificate.

Syntax

def get_ssl_cert_issuer() -> str: ...

ssl_cert_issuer = property(get_ssl_cert_issuer, None)

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

ssl_cert_private_key Property

The private key of the certificate (if available).

Syntax

def get_ssl_cert_private_key() -> str: ...

ssl_cert_private_key = property(get_ssl_cert_private_key, None)

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The ssl_cert_private_key may be available but not exportable. In this case, ssl_cert_private_key returns an empty string.

This property is read-only.

ssl_cert_private_key_available Property

Whether a PrivateKey is available for the selected certificate.

Syntax

def get_ssl_cert_private_key_available() -> bool: ...

ssl_cert_private_key_available = property(get_ssl_cert_private_key_available, None)

Default Value

FALSE

Remarks

Whether a ssl_cert_private_key is available for the selected certificate. If ssl_cert_private_key_available is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

ssl_cert_private_key_container Property

The name of the PrivateKey container for the certificate (if available).

Syntax

def get_ssl_cert_private_key_container() -> str: ...

ssl_cert_private_key_container = property(get_ssl_cert_private_key_container, None)

Default Value

""

Remarks

The name of the ssl_cert_private_key container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

ssl_cert_public_key Property

The public key of the certificate.

Syntax

def get_ssl_cert_public_key() -> str: ...

ssl_cert_public_key = property(get_ssl_cert_public_key, None)

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

ssl_cert_public_key_algorithm Property

The textual description of the certificate's public key algorithm.

Syntax

def get_ssl_cert_public_key_algorithm() -> str: ...

ssl_cert_public_key_algorithm = property(get_ssl_cert_public_key_algorithm, None)

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

ssl_cert_public_key_length Property

The length of the certificate's public key (in bits).

Syntax

def get_ssl_cert_public_key_length() -> int: ...

ssl_cert_public_key_length = property(get_ssl_cert_public_key_length, None)

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

ssl_cert_serial_number Property

The serial number of the certificate encoded as a string.

Syntax

def get_ssl_cert_serial_number() -> str: ...

ssl_cert_serial_number = property(get_ssl_cert_serial_number, None)

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

ssl_cert_signature_algorithm Property

The text description of the certificate's signature algorithm.

Syntax

def get_ssl_cert_signature_algorithm() -> str: ...

ssl_cert_signature_algorithm = property(get_ssl_cert_signature_algorithm, None)

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

ssl_cert_store Property

The name of the certificate store for the client certificate.

Syntax

def get_ssl_cert_store() -> bytes: ...
def set_ssl_cert_store(value: bytes) -> None: ...

ssl_cert_store = property(get_ssl_cert_store, set_ssl_cert_store)

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The ssl_cert_store_type property denotes the type of the certificate store specified by ssl_cert_store. If the store is password-protected, specify the password in ssl_cert_store_password.

ssl_cert_store is used in conjunction with the ssl_cert_subject property to specify client certificates. If ssl_cert_store has a value, and ssl_cert_subject or ssl_cert_encoded is set, a search for a certificate is initiated. Please see the ssl_cert_subject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

MYA certificate store holding personal certificates with their associated private keys.
CACertifying authority certificates.
ROOTRoot certificates.

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

ssl_cert_store_password Property

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

def get_ssl_cert_store_password() -> str: ...
def set_ssl_cert_store_password(value: str) -> None: ...

ssl_cert_store_password = property(get_ssl_cert_store_password, set_ssl_cert_store_password)

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

ssl_cert_store_type Property

The type of certificate store for this certificate.

Syntax

def get_ssl_cert_store_type() -> int: ...
def set_ssl_cert_store_type(value: int) -> None: ...

ssl_cert_store_type = property(get_ssl_cert_store_type, set_ssl_cert_store_type)

Default Value

0

Remarks

The type of certificate store for this certificate.

The class supports both public and private keys in a variety of formats. When the cstAuto value is used, the class will automatically determine the type. This property can take one of the following values:

0 (cstUser - default)For Windows, this specifies that the certificate store is a certificate store owned by the current user.

Note: This store type is not available in Java.

1 (cstMachine)For Windows, this specifies that the certificate store is a machine store.

Note: This store type is not available in Java.

2 (cstPFXFile)The certificate store is the name of a PFX (PKCS#12) file containing certificates.
3 (cstPFXBlob)The certificate store is a string (binary or Base64-encoded) representing a certificate store in PFX (PKCS#12) format.
4 (cstJKSFile)The certificate store is the name of a Java Key Store (JKS) file containing certificates.

Note: This store type is only available in Java.

5 (cstJKSBlob)The certificate store is a string (binary or Base64-encoded) representing a certificate store in Java Key Store (JKS) format.

Note: This store type is only available in Java.

6 (cstPEMKeyFile)The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate.
7 (cstPEMKeyBlob)The certificate store is a string (binary or Base64-encoded) that contains a private key and an optional certificate.
8 (cstPublicKeyFile)The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate.
9 (cstPublicKeyBlob)The certificate store is a string (binary or Base64-encoded) that contains a PEM- or DER-encoded public key certificate.
10 (cstSSHPublicKeyBlob)The certificate store is a string (binary or Base64-encoded) that contains an SSH-style public key.
11 (cstP7BFile)The certificate store is the name of a PKCS#7 file containing certificates.
12 (cstP7BBlob)The certificate store is a string (binary) representing a certificate store in PKCS#7 format.
13 (cstSSHPublicKeyFile)The certificate store is the name of a file that contains an SSH-style public key.
14 (cstPPKFile)The certificate store is the name of a file that contains a PPK (PuTTY Private Key).
15 (cstPPKBlob)The certificate store is a string (binary) that contains a PPK (PuTTY Private Key).
16 (cstXMLFile)The certificate store is the name of a file that contains a certificate in XML format.
17 (cstXMLBlob)The certificate store is a string that contains a certificate in XML format.
18 (cstJWKFile)The certificate store is the name of a file that contains a JWK (JSON Web Key).
19 (cstJWKBlob)The certificate store is a string that contains a JWK (JSON Web Key).
21 (cstBCFKSFile)The certificate store is the name of a file that contains a BCFKS (Bouncy Castle FIPS Key Store).

Note: This store type is only available in Java and .NET.

22 (cstBCFKSBlob)The certificate store is a string (binary or Base64-encoded) representing a certificate store in BCFKS (Bouncy Castle FIPS Key Store) format.

Note: This store type is only available in Java and .NET.

23 (cstPKCS11)The certificate is present on a physical security key accessible via a PKCS#11 interface.

To use a security key, the necessary data must first be collected using the CertMgr class. The list_store_certificates method may be called after setting cert_store_type to cstPKCS11, cert_store_password to the PIN, and cert_store to the full path of the PKCS#11 DLL. The certificate information returned in the on_cert_list event's CertEncoded parameter may be saved for later use.

When using a certificate, pass the previously saved security key information as the ssl_cert_store and set ssl_cert_store_password to the PIN.

Code Example. SSH Authentication with Security Key: certmgr.CertStoreType = CertStoreTypes.cstPKCS11; certmgr.OnCertList += (s, e) => { secKeyBlob = e.CertEncoded; }; certmgr.CertStore = @"C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll"; certmgr.CertStorePassword = "123456"; //PIN certmgr.ListStoreCertificates(); sftp.SSHCert = new Certificate(CertStoreTypes.cstPKCS11, secKeyBlob, "123456", "*"); sftp.SSHUser = "test"; sftp.SSHLogon("myhost", 22);

99 (cstAuto)The store type is automatically detected from the input data. This setting may be used with both public and private keys and can detect any of the supported formats automatically.

ssl_cert_subject_alt_names Property

Comma-separated lists of alternative subject names for the certificate.

Syntax

def get_ssl_cert_subject_alt_names() -> str: ...

ssl_cert_subject_alt_names = property(get_ssl_cert_subject_alt_names, None)

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

ssl_cert_thumbprint_md5 Property

The MD5 hash of the certificate.

Syntax

def get_ssl_cert_thumbprint_md5() -> str: ...

ssl_cert_thumbprint_md5 = property(get_ssl_cert_thumbprint_md5, None)

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

ssl_cert_thumbprint_sha1 Property

The SHA-1 hash of the certificate.

Syntax

def get_ssl_cert_thumbprint_sha1() -> str: ...

ssl_cert_thumbprint_sha1 = property(get_ssl_cert_thumbprint_sha1, None)

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

ssl_cert_thumbprint_sha256 Property

The SHA-256 hash of the certificate.

Syntax

def get_ssl_cert_thumbprint_sha256() -> str: ...

ssl_cert_thumbprint_sha256 = property(get_ssl_cert_thumbprint_sha256, None)

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

ssl_cert_usage Property

The text description of UsageFlags .

Syntax

def get_ssl_cert_usage() -> str: ...

ssl_cert_usage = property(get_ssl_cert_usage, None)

Default Value

""

Remarks

The text description of ssl_cert_usage_flags.

This value will be one or more of the following strings and will be separated by commas:

  • Digital Signature
  • Non-Repudiation
  • Key Encipherment
  • Data Encipherment
  • Key Agreement
  • Certificate Signing
  • CRL Signing
  • Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

ssl_cert_usage_flags Property

The flags that show intended use for the certificate.

Syntax

def get_ssl_cert_usage_flags() -> int: ...

ssl_cert_usage_flags = property(get_ssl_cert_usage_flags, None)

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of ssl_cert_usage_flags is a combination of the following flags:

0x80Digital Signature
0x40Non-Repudiation
0x20Key Encipherment
0x10Data Encipherment
0x08Key Agreement
0x04Certificate Signing
0x02CRL Signing
0x01Encipher Only

Please see the ssl_cert_usage property for a text representation of ssl_cert_usage_flags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

ssl_cert_version Property

The certificate's version number.

Syntax

def get_ssl_cert_version() -> str: ...

ssl_cert_version = property(get_ssl_cert_version, None)

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

ssl_cert_subject Property

The subject of the certificate used for client authentication.

Syntax

def get_ssl_cert_subject() -> str: ...
def set_ssl_cert_subject(value: str) -> None: ...

ssl_cert_subject = property(get_ssl_cert_subject, set_ssl_cert_subject)

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

FieldMeaning
CNCommon Name. This is commonly a hostname like www.server.com.
OOrganization
OUOrganizational Unit
LLocality
SState
CCountry
EEmail Address

If a field value contains a comma, it must be quoted.

ssl_cert_encoded Property

The certificate (PEM/Base64 encoded).

Syntax

def get_ssl_cert_encoded() -> bytes: ...
def set_ssl_cert_encoded(value: bytes) -> None: ...

ssl_cert_encoded = property(get_ssl_cert_encoded, set_ssl_cert_encoded)

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The ssl_cert_store and ssl_cert_subject properties also may be used to specify a certificate.

When ssl_cert_encoded is set, a search is initiated in the current ssl_cert_store for the private key of the certificate. If the key is found, ssl_cert_subject is updated to reflect the full subject of the selected certificate; otherwise, ssl_cert_subject is set to an empty string.

ssl_enabled Property

Whether DTLS is enabled.

Syntax

def get_ssl_enabled() -> bool: ...
def set_ssl_enabled(value: bool) -> None: ...

ssl_enabled = property(get_ssl_enabled, set_ssl_enabled)

Default Value

FALSE

Remarks

This setting specifies whether DTLS is enabled in the class. When False (default) the class operates in plaintext mode. When True DTLS is enabled.

ssl_server_cert_effective_date Property

The date on which this certificate becomes valid.

Syntax

def get_ssl_server_cert_effective_date() -> str: ...

ssl_server_cert_effective_date = property(get_ssl_server_cert_effective_date, None)

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

ssl_server_cert_expiration_date Property

The date on which the certificate expires.

Syntax

def get_ssl_server_cert_expiration_date() -> str: ...

ssl_server_cert_expiration_date = property(get_ssl_server_cert_expiration_date, None)

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

ssl_server_cert_extended_key_usage Property

A comma-delimited list of extended key usage identifiers.

Syntax

def get_ssl_server_cert_extended_key_usage() -> str: ...

ssl_server_cert_extended_key_usage = property(get_ssl_server_cert_extended_key_usage, None)

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

ssl_server_cert_fingerprint Property

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

def get_ssl_server_cert_fingerprint() -> str: ...

ssl_server_cert_fingerprint = property(get_ssl_server_cert_fingerprint, None)

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

ssl_server_cert_fingerprint_sha1 Property

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

def get_ssl_server_cert_fingerprint_sha1() -> str: ...

ssl_server_cert_fingerprint_sha1 = property(get_ssl_server_cert_fingerprint_sha1, None)

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

ssl_server_cert_fingerprint_sha256 Property

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

def get_ssl_server_cert_fingerprint_sha256() -> str: ...

ssl_server_cert_fingerprint_sha256 = property(get_ssl_server_cert_fingerprint_sha256, None)

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

ssl_server_cert_issuer Property

The issuer of the certificate.

Syntax

def get_ssl_server_cert_issuer() -> str: ...

ssl_server_cert_issuer = property(get_ssl_server_cert_issuer, None)

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

ssl_server_cert_private_key Property

The private key of the certificate (if available).

Syntax

def get_ssl_server_cert_private_key() -> str: ...

ssl_server_cert_private_key = property(get_ssl_server_cert_private_key, None)

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The ssl_server_cert_private_key may be available but not exportable. In this case, ssl_server_cert_private_key returns an empty string.

This property is read-only.

ssl_server_cert_private_key_available Property

Whether a PrivateKey is available for the selected certificate.

Syntax

def get_ssl_server_cert_private_key_available() -> bool: ...

ssl_server_cert_private_key_available = property(get_ssl_server_cert_private_key_available, None)

Default Value

FALSE

Remarks

Whether a ssl_server_cert_private_key is available for the selected certificate. If ssl_server_cert_private_key_available is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

ssl_server_cert_private_key_container Property

The name of the PrivateKey container for the certificate (if available).

Syntax

def get_ssl_server_cert_private_key_container() -> str: ...

ssl_server_cert_private_key_container = property(get_ssl_server_cert_private_key_container, None)

Default Value

""

Remarks

The name of the ssl_server_cert_private_key container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

ssl_server_cert_public_key Property

The public key of the certificate.

Syntax

def get_ssl_server_cert_public_key() -> str: ...

ssl_server_cert_public_key = property(get_ssl_server_cert_public_key, None)

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

ssl_server_cert_public_key_algorithm Property

The textual description of the certificate's public key algorithm.

Syntax

def get_ssl_server_cert_public_key_algorithm() -> str: ...

ssl_server_cert_public_key_algorithm = property(get_ssl_server_cert_public_key_algorithm, None)

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

ssl_server_cert_public_key_length Property

The length of the certificate's public key (in bits).

Syntax

def get_ssl_server_cert_public_key_length() -> int: ...

ssl_server_cert_public_key_length = property(get_ssl_server_cert_public_key_length, None)

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

ssl_server_cert_serial_number Property

The serial number of the certificate encoded as a string.

Syntax

def get_ssl_server_cert_serial_number() -> str: ...

ssl_server_cert_serial_number = property(get_ssl_server_cert_serial_number, None)

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

ssl_server_cert_signature_algorithm Property

The text description of the certificate's signature algorithm.

Syntax

def get_ssl_server_cert_signature_algorithm() -> str: ...

ssl_server_cert_signature_algorithm = property(get_ssl_server_cert_signature_algorithm, None)

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

ssl_server_cert_store Property

The name of the certificate store for the client certificate.

Syntax

def get_ssl_server_cert_store() -> bytes: ...

ssl_server_cert_store = property(get_ssl_server_cert_store, None)

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The ssl_server_cert_store_type property denotes the type of the certificate store specified by ssl_server_cert_store. If the store is password-protected, specify the password in ssl_server_cert_store_password.

ssl_server_cert_store is used in conjunction with the ssl_server_cert_subject property to specify client certificates. If ssl_server_cert_store has a value, and ssl_server_cert_subject or ssl_server_cert_encoded is set, a search for a certificate is initiated. Please see the ssl_server_cert_subject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

MYA certificate store holding personal certificates with their associated private keys.
CACertifying authority certificates.
ROOTRoot certificates.

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

This property is read-only.

ssl_server_cert_store_password Property

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

def get_ssl_server_cert_store_password() -> str: ...

ssl_server_cert_store_password = property(get_ssl_server_cert_store_password, None)

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

This property is read-only.

ssl_server_cert_store_type Property

The type of certificate store for this certificate.

Syntax

def get_ssl_server_cert_store_type() -> int: ...

ssl_server_cert_store_type = property(get_ssl_server_cert_store_type, None)

Default Value

0

Remarks

The type of certificate store for this certificate.

The class supports both public and private keys in a variety of formats. When the cstAuto value is used, the class will automatically determine the type. This property can take one of the following values:

0 (cstUser - default)For Windows, this specifies that the certificate store is a certificate store owned by the current user.

Note: This store type is not available in Java.

1 (cstMachine)For Windows, this specifies that the certificate store is a machine store.

Note: This store type is not available in Java.

2 (cstPFXFile)The certificate store is the name of a PFX (PKCS#12) file containing certificates.
3 (cstPFXBlob)The certificate store is a string (binary or Base64-encoded) representing a certificate store in PFX (PKCS#12) format.
4 (cstJKSFile)The certificate store is the name of a Java Key Store (JKS) file containing certificates.

Note: This store type is only available in Java.

5 (cstJKSBlob)The certificate store is a string (binary or Base64-encoded) representing a certificate store in Java Key Store (JKS) format.

Note: This store type is only available in Java.

6 (cstPEMKeyFile)The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate.
7 (cstPEMKeyBlob)The certificate store is a string (binary or Base64-encoded) that contains a private key and an optional certificate.
8 (cstPublicKeyFile)The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate.
9 (cstPublicKeyBlob)The certificate store is a string (binary or Base64-encoded) that contains a PEM- or DER-encoded public key certificate.
10 (cstSSHPublicKeyBlob)The certificate store is a string (binary or Base64-encoded) that contains an SSH-style public key.
11 (cstP7BFile)The certificate store is the name of a PKCS#7 file containing certificates.
12 (cstP7BBlob)The certificate store is a string (binary) representing a certificate store in PKCS#7 format.
13 (cstSSHPublicKeyFile)The certificate store is the name of a file that contains an SSH-style public key.
14 (cstPPKFile)The certificate store is the name of a file that contains a PPK (PuTTY Private Key).
15 (cstPPKBlob)The certificate store is a string (binary) that contains a PPK (PuTTY Private Key).
16 (cstXMLFile)The certificate store is the name of a file that contains a certificate in XML format.
17 (cstXMLBlob)The certificate store is a string that contains a certificate in XML format.
18 (cstJWKFile)The certificate store is the name of a file that contains a JWK (JSON Web Key).
19 (cstJWKBlob)The certificate store is a string that contains a JWK (JSON Web Key).
21 (cstBCFKSFile)The certificate store is the name of a file that contains a BCFKS (Bouncy Castle FIPS Key Store).

Note: This store type is only available in Java and .NET.

22 (cstBCFKSBlob)The certificate store is a string (binary or Base64-encoded) representing a certificate store in BCFKS (Bouncy Castle FIPS Key Store) format.

Note: This store type is only available in Java and .NET.

23 (cstPKCS11)The certificate is present on a physical security key accessible via a PKCS#11 interface.

To use a security key, the necessary data must first be collected using the CertMgr class. The list_store_certificates method may be called after setting cert_store_type to cstPKCS11, cert_store_password to the PIN, and cert_store to the full path of the PKCS#11 DLL. The certificate information returned in the on_cert_list event's CertEncoded parameter may be saved for later use.

When using a certificate, pass the previously saved security key information as the ssl_server_cert_store and set ssl_server_cert_store_password to the PIN.

Code Example. SSH Authentication with Security Key: certmgr.CertStoreType = CertStoreTypes.cstPKCS11; certmgr.OnCertList += (s, e) => { secKeyBlob = e.CertEncoded; }; certmgr.CertStore = @"C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll"; certmgr.CertStorePassword = "123456"; //PIN certmgr.ListStoreCertificates(); sftp.SSHCert = new Certificate(CertStoreTypes.cstPKCS11, secKeyBlob, "123456", "*"); sftp.SSHUser = "test"; sftp.SSHLogon("myhost", 22);

99 (cstAuto)The store type is automatically detected from the input data. This setting may be used with both public and private keys and can detect any of the supported formats automatically.

This property is read-only.

ssl_server_cert_subject_alt_names Property

Comma-separated lists of alternative subject names for the certificate.

Syntax

def get_ssl_server_cert_subject_alt_names() -> str: ...

ssl_server_cert_subject_alt_names = property(get_ssl_server_cert_subject_alt_names, None)

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

ssl_server_cert_thumbprint_md5 Property

The MD5 hash of the certificate.

Syntax

def get_ssl_server_cert_thumbprint_md5() -> str: ...

ssl_server_cert_thumbprint_md5 = property(get_ssl_server_cert_thumbprint_md5, None)

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

ssl_server_cert_thumbprint_sha1 Property

The SHA-1 hash of the certificate.

Syntax

def get_ssl_server_cert_thumbprint_sha1() -> str: ...

ssl_server_cert_thumbprint_sha1 = property(get_ssl_server_cert_thumbprint_sha1, None)

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

ssl_server_cert_thumbprint_sha256 Property

The SHA-256 hash of the certificate.

Syntax

def get_ssl_server_cert_thumbprint_sha256() -> str: ...

ssl_server_cert_thumbprint_sha256 = property(get_ssl_server_cert_thumbprint_sha256, None)

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

ssl_server_cert_usage Property

The text description of UsageFlags .

Syntax

def get_ssl_server_cert_usage() -> str: ...

ssl_server_cert_usage = property(get_ssl_server_cert_usage, None)

Default Value

""

Remarks

The text description of ssl_server_cert_usage_flags.

This value will be one or more of the following strings and will be separated by commas:

  • Digital Signature
  • Non-Repudiation
  • Key Encipherment
  • Data Encipherment
  • Key Agreement
  • Certificate Signing
  • CRL Signing
  • Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

ssl_server_cert_usage_flags Property

The flags that show intended use for the certificate.

Syntax

def get_ssl_server_cert_usage_flags() -> int: ...

ssl_server_cert_usage_flags = property(get_ssl_server_cert_usage_flags, None)

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of ssl_server_cert_usage_flags is a combination of the following flags:

0x80Digital Signature
0x40Non-Repudiation
0x20Key Encipherment
0x10Data Encipherment
0x08Key Agreement
0x04Certificate Signing
0x02CRL Signing
0x01Encipher Only

Please see the ssl_server_cert_usage property for a text representation of ssl_server_cert_usage_flags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

ssl_server_cert_version Property

The certificate's version number.

Syntax

def get_ssl_server_cert_version() -> str: ...

ssl_server_cert_version = property(get_ssl_server_cert_version, None)

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

ssl_server_cert_subject Property

The subject of the certificate used for client authentication.

Syntax

def get_ssl_server_cert_subject() -> str: ...

ssl_server_cert_subject = property(get_ssl_server_cert_subject, None)

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

FieldMeaning
CNCommon Name. This is commonly a hostname like www.server.com.
OOrganization
OUOrganizational Unit
LLocality
SState
CCountry
EEmail Address

If a field value contains a comma, it must be quoted.

This property is read-only.

ssl_server_cert_encoded Property

The certificate (PEM/Base64 encoded).

Syntax

def get_ssl_server_cert_encoded() -> bytes: ...

ssl_server_cert_encoded = property(get_ssl_server_cert_encoded, None)

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The ssl_server_cert_store and ssl_server_cert_subject properties also may be used to specify a certificate.

When ssl_server_cert_encoded is set, a search is initiated in the current ssl_server_cert_store for the private key of the certificate. If the key is found, ssl_server_cert_subject is updated to reflect the full subject of the selected certificate; otherwise, ssl_server_cert_subject is set to an empty string.

This property is read-only.

store_walk_objects Property

Tells the class whether or not to store returned objects.

Syntax

def get_store_walk_objects() -> bool: ...
def set_store_walk_objects(value: bool) -> None: ...

store_walk_objects = property(get_store_walk_objects, set_store_walk_objects)

Default Value

TRUE

Remarks

When a walk is performed, this property tells the class whether or not to store the objects that are returned by the server in the objects collection. If the data is accumulated through the events, and not desired to be saved by the class, set this property to false.

timeout Property

This property includes the timeout for the class.

Syntax

def get_timeout() -> int: ...
def set_timeout(value: int) -> None: ...

timeout = property(get_timeout, set_timeout)

Default Value

60

Remarks

If the timeout property is set to 0, all operations return immediately, potentially failing with a WOULDBLOCK error if data cannot be sent immediately.

If timeout is set to a positive value, data is sent in a blocking manner and the class will wait for the operation to complete before returning control. The class will handle any potential WOULDBLOCK errors internally and automatically retry the operation for a maximum of timeout seconds.

The class will use do_events to enter an efficient wait loop during any potential waiting period, making sure that all system events are processed immediately as they arrive. This ensures that the host application does not freeze and remains responsive.

If timeout expires, and the operation is not yet complete, the class fails with an error.

Note: By default, all timeouts are inactivity timeouts, that is, the timeout period is extended by timeout seconds when any amount of data is successfully sent or received.

The default value for the timeout property is 60 seconds.

user Property

The user name used for SNMPv3 authentication.

Syntax

def get_user() -> str: ...
def set_user(value: str) -> None: ...

user = property(get_user, set_user)

Default Value

""

Remarks

If authentication is desired, this property must be set before the class attempts to connect to an SNMPv3 Agent.

walk_limit Property

The limit of oid's returned in a walk.

Syntax

def get_walk_limit() -> int: ...
def set_walk_limit(value: int) -> None: ...

walk_limit = property(get_walk_limit, set_walk_limit)

Default Value

0

Remarks

This property specifies the limit of how many oid's are to be traversed during an SNMP walk. If set to 0, the class will traverse all oid's in the specified table that are lexographically greater than the value of the specified table oid.

activate Method

Activates the class.

Syntax

def activate() -> None: ...

Remarks

This method activates the component and will allow it to send or receive data.

The class will be automatically activated if it is not already and you attempt to perform an operation which requires the class to be active.

Note: Use the active property to check whether the component is active.

config Method

Sets or retrieves a configuration setting.

Syntax

def config(configuration_string: str) -> str: ...

Remarks

config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

deactivate Method

Deactivates the class.

Syntax

def deactivate() -> None: ...

Remarks

This method deactivates the component and will prohibit it from sending and receiving data.

Note: Use the active property to check whether the component is active.

discover Method

Performs SNMPv3 discovery.

Syntax

def discover() -> None: ...

Remarks

When the method is called an SNMPv3 engine discovery request is sent to remote_host.

If an authentication_password is provided, the engine id discovery request is followed by an engine time discovery request, as required by the SNMPv3 User Security Model (USM). In this case timeout must be set to a non-zero value before calling Discover and the class will wait until a response is received from remote_host.

The on_discovery_response event is fired upon receipt of a valid discovery response and the values of remote_engine_id, remote_engine_boots, and remote_engine_time will then be updated with the received Engine Id, Time, and Boots.

do_events Method

This method processes events from the internal message queue.

Syntax

def do_events() -> None: ...

Remarks

When do_events is called, the class processes any available events. If no events are available, it waits for a preset period of time, and then returns.

hash_passwords Method

Hashes all passwords in the cache.

Syntax

def hash_passwords() -> None: ...

Remarks

Forces computation of all passwords hashes in the cache. Used together with the on_hash_password event to enable implementations of external password hash storage.

interrupt Method

This method interrupts the current method.

Syntax

def interrupt() -> None: ...

Remarks

If there is no method in progress, interrupt simply returns, doing nothing.

reset Method

Clears the object arrays.

Syntax

def reset() -> None: ...

Remarks

Clears the object arrays, and sets the trap and error properties to their default values. This is useful for reinitializing all the properties that are used to create outgoing packets before building a new packet.

Note: snmp_version will be reset to snmpverV2c (2).

send_get_bulk_request Method

Send a GetBulkRequest packet.

Syntax

def send_get_bulk_request(non_repeaters: int, max_repetitions: int) -> None: ...

Remarks

Sends a GetBulkRequest packet. This is only available for SNMP versions 2 and 3.

NonRepeaters specifies the number of variables for which a single lexicographic successor is to be returned.

MaxRepetitions specifies the number of lexicographic successors to be returned for variables other than those in the NonRepeaters list.

The object identifiers, types, and values for the request are taken from the objects collection.

A GetBulkRequest is very similar to a GetNextRequest, the difference is that Getbulk performs a continuous GetNext operation based on the MaxRepitions value. The NonRepeaters value will determine the number of objects for which a simple GetNext operation should be performed. For the remaining variables, a continuous GetNext operation is performed based on the MaxRepitions value.

So if you send a request containing X objects, the agent will perform N simple GetNext operations and M continuous GetNext operations X - N times. With X being the number of objects received, N being the number of NonRepeaters, and M being the number of MaxRepitions. Thus the SNMPMgr is expecting to receive N + M x (X - N) objects, assuming that each object has M successors.

Example (Sending a GetBulk Request)

SNMPControl.RemoteHost = "MyAgent" SNMPControl.ObjCount = 2 SNMPControl.ObjId(0) = "1.3.6.1.2.1.1.1.0" SNMPControl.objId(1) = "1.3.6.1.2.1.1.3.0" SNMPControl.SendGetBulkRequest(1,4)

The code sample above will send a GetBulkRequest with 1 non repeater, and a maxrepetitions of 4. Since there is only 1 non repeater, only one ObjID will "not repeat" and will only return one successor. The rest of the ObjID's (in this case, only 1) will return 4 successors. This particular example will return the following ObjID's:

1 1.3.6.1.2.1.1.2.0
2 1.3.6.1.2.1.1.4.0
3 1.3.6.1.2.1.1.5.0
4 1.3.6.1.2.1.1.6.0
5 1.3.6.1.2.1.1.7.0

send_get_next_request Method

Send GetNextRequest packet.

Syntax

def send_get_next_request() -> None: ...

Remarks

Sends a GetNextRequest packet. The object identifiers, types, and values for the request are taken from the objects collection.

Example (Sending a GetNext Request)

SNMPControl.ObjCount = 2 SNMPControl.ObjId(0) = "1.3.6.1.2.1.1.1.0" SNMPControl.SendGetNextRequest() The agent will respond with the "next" (relative to the ObjID(s) you specify) OID in the table.

send_get_request Method

Send GetRequest packet.

Syntax

def send_get_request() -> None: ...

Remarks

Sends a GetRequest packet. The object identifiers, types, and values for the request are taken from the objects collection.

Example (Sending a GetRequest)

SNMPControl.RemoteHost = "MyAgent" SNMPControl.ObjCount = 2 SNMPControl.ObjId(0) = "1.3.6.1.2.1.1.1.0" SNMPControl.ObjId(1) = "1.3.6.1.2.1.1.2.0" SNMPControl.SendGetRequest()

send_inform_request Method

Send an InformRequest packet.

Syntax

def send_inform_request() -> None: ...

Remarks

Sends an InformRequest packet. The object identifiers, types, and values for the request are taken from the objects collection.

send_set_request Method

Send Set Request packet.

Syntax

def send_set_request() -> None: ...

Remarks

Sends a SetRequest packet. The object identifiers, types, and values for the request are taken from the objects collection.

Example (Sending a SetRequest)

SNMPControl.RemoteHost = "MyAgent" SNMPControl.ObjCount = 1 SNMPControl.ObjId(0) = "1.3.6.1.2.1.1.1.0" SNMPControl.ObjValue(0) = "New Value" SNMPControl.ObjType(0) = otOctetString SNMPControl.SendSetRequest()

value Method

Returns the value corresponding to an OID.

Syntax

def value(oid: str) -> str: ...

Remarks

If the OID does not exist in the objects collection, a trappable error is generated.

Please refer to the SNMPObject type for more information.

walk Method

Does an SNMP walk starting with the specified oid.

Syntax

def walk(table_oid: str) -> None: ...

Remarks

A walk will traverse all OIDs in the TableOid that are lexographically greater than the value of the TableOid.

The results of the walk may be obtained through the Response events. During the event, the current returned object will exist inside of the objects collection. If store_walk_objects is set to true, the objects collection will contain all returned objects when the walk completes.

Use the walk_limit property to regulate how many objects the walk will traverse in the table.

NOTE: The collection of objects is cleared before the walk begins.

on_bad_packet Event

Fired for erroneous and/or malformed messages.

Syntax

class SNMPMgrBadPacketEventParams(object):
  @property
  def packet() -> bytes: ...

  @property
  def source_address() -> str: ...

  @property
  def source_port() -> int: ...

  @property
  def error_code() -> int: ...

  @property
  def error_description() -> str: ...

  @property
  def report() -> bool: ...
  @report.setter
  def report(value) -> None: ...

# In class SNMPMgr:
@property
def on_bad_packet() -> Callable[[SNMPMgrBadPacketEventParams], None]: ...
@on_bad_packet.setter
def on_bad_packet(event_hook: Callable[[SNMPMgrBadPacketEventParams], None]) -> None: ...

Remarks

The full message is provided in the Packet parameter.

The on_bad_packet event is also fired when authentication fails for received packets due to a bad password or other reasons.

If the Report parameter is set to True, an unauthenticated error report will be sent to the client, otherwise the packet will be silently ignored.

on_connected Event

Fired immediately after a connection completes (or fails).

Syntax

class SNMPMgrConnectedEventParams(object):
  @property
  def remote_address() -> str: ...

  @property
  def remote_port() -> int: ...

  @property
  def status_code() -> int: ...

  @property
  def description() -> str: ...

# In class SNMPMgr:
@property
def on_connected() -> Callable[[SNMPMgrConnectedEventParams], None]: ...
@on_connected.setter
def on_connected(event_hook: Callable[[SNMPMgrConnectedEventParams], None]) -> None: ...

Remarks

This event fires after a connection completes or fails.

StatusCode is the value returned by the system TCP/IP stack. This will be 0 if the connection was successful.

Description contains a human readable description of the status. This will be "OK" if the connection was successful.

RemoteAddress is the IP address of the remote host.

RemotePort is the port on the remote host.

on_disconnected Event

Fired when a connection is closed.

Syntax

class SNMPMgrDisconnectedEventParams(object):
  @property
  def remote_address() -> str: ...

  @property
  def remote_port() -> int: ...

  @property
  def status_code() -> int: ...

  @property
  def description() -> str: ...

# In class SNMPMgr:
@property
def on_disconnected() -> Callable[[SNMPMgrDisconnectedEventParams], None]: ...
@on_disconnected.setter
def on_disconnected(event_hook: Callable[[SNMPMgrDisconnectedEventParams], None]) -> None: ...

Remarks

This event fires after a connection is broken.

StatusCode is the value returned by the system TCP/IP stack. This will be 0 if the connection was broken normally.

Description contains a human readable description of the status. This will be "OK" if the connection was broken normally.

RemoteAddress is the IP address of the remote host.

RemotePort is the port on the remote host.

on_discovery_request Event

Fired when an SNMPv3 discovery packet is received.

Syntax

class SNMPMgrDiscoveryRequestEventParams(object):
  @property
  def engine_id() -> bytes: ...

  @property
  def engine_boots() -> int: ...

  @property
  def engine_time() -> int: ...

  @property
  def user() -> str: ...

  @property
  def security_level() -> int: ...

  @property
  def source_address() -> str: ...

  @property
  def source_port() -> int: ...

  @property
  def respond() -> bool: ...
  @respond.setter
  def respond(value) -> None: ...

# In class SNMPMgr:
@property
def on_discovery_request() -> Callable[[SNMPMgrDiscoveryRequestEventParams], None]: ...
@on_discovery_request.setter
def on_discovery_request(event_hook: Callable[[SNMPMgrDiscoveryRequestEventParams], None]) -> None: ...

Remarks

EngineId, EngineBoots, EngineTime, and User are the values received from SourceAddress.

For SNMPv3, the User parameter shows the user that was supplied with the packet. This parameter MUST be used together with the SecurityLevel parameter which shows the level of security in the message.

The SecurityLevel parameter shows whether the request has been authenticated. If SecurityLevel is 0, the request has NOT been authenticated (i.e. the packet signature has not been verified). For an authenticated, non encrypted request, SecurityLevel is 1. For an authenticated and encrypted request, SecurityLevel is 2.

Respond is True by default, and will automatically send a response using the value in local_engine_id. To suppress the response, set Respond to False.

The value returned to SourceAddress for EngineBoots is always 0, and EngineTime is the number of seconds since January 1st, 1970 (GMT).

on_discovery_response Event

Fired when an SNMPv3 discovery response is received.

Syntax

class SNMPMgrDiscoveryResponseEventParams(object):
  @property
  def engine_id() -> bytes: ...

  @property
  def engine_boots() -> int: ...

  @property
  def engine_time() -> int: ...

  @property
  def user() -> str: ...

  @property
  def security_level() -> int: ...

  @property
  def source_address() -> str: ...

  @property
  def source_port() -> int: ...

# In class SNMPMgr:
@property
def on_discovery_response() -> Callable[[SNMPMgrDiscoveryResponseEventParams], None]: ...
@on_discovery_response.setter
def on_discovery_response(event_hook: Callable[[SNMPMgrDiscoveryResponseEventParams], None]) -> None: ...

Remarks

EngineId, EngineBoots, EngineTime, and User are the values received from SourceAddress and SourcePort.

The SecurityLevel parameter shows whether the request has been authenticated. If SecurityLevel is 0, the request has NOT been authenticated (i.e. the packet signature has not been verified). For an authenticated request, SecurityLevel is at least 1.

on_error Event

Fired when information is available about errors during data delivery.

Syntax

class SNMPMgrErrorEventParams(object):
  @property
  def error_code() -> int: ...

  @property
  def description() -> str: ...

# In class SNMPMgr:
@property
def on_error() -> Callable[[SNMPMgrErrorEventParams], None]: ...
@on_error.setter
def on_error(event_hook: Callable[[SNMPMgrErrorEventParams], None]) -> None: ...

Remarks

The on_error event is fired in case of exceptional conditions during message processing. Normally the class fails with an error.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

on_hash_password Event

Fired before and after a password is hashed.

Syntax

class SNMPMgrHashPasswordEventParams(object):
  @property
  def password() -> str: ...

  @property
  def auth_algorithm() -> int: ...

  @property
  def hash() -> str: ...
  @hash.setter
  def hash(value) -> None: ...

# In class SNMPMgr:
@property
def on_hash_password() -> Callable[[SNMPMgrHashPasswordEventParams], None]: ...
@on_hash_password.setter
def on_hash_password(event_hook: Callable[[SNMPMgrHashPasswordEventParams], None]) -> None: ...

Remarks

SNMPv3 passwords are hashed in order to obtain authentication and encryption keys. This is an expensive operation, and in certain situations it may be preferable to store the hashed passwords externally and supply them on demand.

If a hash is required, the event fires with an empty string in the Hash parameter. In this case, you can choose to supply a value for the hash and stop the class from computing the hash.

The event also fires every time a hash is computed. In this case, the Hash parameter contains the value of the computed hash.

AuthAlgorithm contains either 1 for HMAC-MD5-96, 2 for HMAC-SHA-96 or 3 for HMAC-192-SHA-256

on_inform_request Event

Fired when an InformRequest packet is received.

Syntax

class SNMPMgrInformRequestEventParams(object):
  @property
  def request_id() -> int: ...

  @property
  def snmp_version() -> int: ...

  @property
  def community() -> str: ...

  @property
  def user() -> str: ...

  @property
  def security_level() -> int: ...

  @property
  def source_address() -> str: ...

  @property
  def source_port() -> int: ...

  @property
  def error_index() -> int: ...
  @error_index.setter
  def error_index(value) -> None: ...

  @property
  def error_status() -> int: ...
  @error_status.setter
  def error_status(value) -> None: ...

  @property
  def error_description() -> str: ...

  @property
  def respond() -> bool: ...
  @respond.setter
  def respond(value) -> None: ...

# In class SNMPMgr:
@property
def on_inform_request() -> Callable[[SNMPMgrInformRequestEventParams], None]: ...
@on_inform_request.setter
def on_inform_request(event_hook: Callable[[SNMPMgrInformRequestEventParams], None]) -> None: ...

Remarks

The user in an InformRequest packet (SNMPv3) must match the user in the user property. If not, the request is rejected, and a on_bad_packet event is fired before on_inform_request is fired.

The list of variables in the SNMP packet, including optional values and types, is provided through the objects collection. Each object is of type SNMPObject. This type describes the obj_id, obj_type, and obj_value of each SNMP object. These variables must be copied to another location before the event has completed executing, or they may be overridden by other events.

The SourceAddress and SourcePort parameters show the address and port of the sender as reported by the TCP/IP stack.

The MessageId parameter identifies the received request.

For SNMPv3, the User parameter shows the user that was supplied with the packet. This parameter MUST be used together with the SecurityLevel parameter which shows the level of security in the message.

The SecurityLevel parameter shows whether the request has been authenticated. If SecurityLevel is 0, the request has NOT been authenticated (i.e. the packet signature has not been verified). For an authenticated, non encrypted request, SecurityLevel is 1. For an authenticated and encrypted request, SecurityLevel is 2.

To send a response, the Respond parameter must be set to true. By default, this value is false, which means no response will be sent. The ErrorStatus parameter may also be set to a valid SNMP status code (the default value is 0, which represents no error).

The following is a list of valid SNMP status code values:

0 (noError) No error.
1 (tooBig) The response cannot fit in a single SNMP message.
2 (noSuchName) Variable does not exist.
3 (badValue) Invalid value or syntax.
4 (readOnly) Variable is read-only.
5 (genError) Other error (SNMPv1).
6 (noAccess) Access denied.
7 (wrongType) Wrong object type.
8 (wrongLength) Wrong length.
9 (wrongEncoding) Wrong encoding.
10 (wrongValue) Wrong value.
11 (noCreation) No creation.
12 (inconsistentValue) Inconsistent value.
13 (resourceUnavailable) Resource unavailable.
14 (commitFailed) Commit failed.
15 (undoFailed) Undo failed.
16 (authorizationError) Authorization error.
17 (notWritable) Variable is not writable.
18 (inconsistentName) Inconsistent name.
The ErrorIndex parameter indicates the index of the first variable (object) that caused an error. The default value is 0.

Variable indexes start with 0. ErrorIndex has no meaning when ErrorStatus is 0 (no error).

on_packet_trace Event

Fired for every packet sent or received.

Syntax

class SNMPMgrPacketTraceEventParams(object):
  @property
  def packet() -> bytes: ...

  @property
  def direction() -> int: ...

  @property
  def packet_address() -> str: ...

  @property
  def packet_port() -> int: ...

# In class SNMPMgr:
@property
def on_packet_trace() -> Callable[[SNMPMgrPacketTraceEventParams], None]: ...
@on_packet_trace.setter
def on_packet_trace(event_hook: Callable[[SNMPMgrPacketTraceEventParams], None]) -> None: ...

Remarks

The on_packet_trace event shows all the packets sent or received by the class.

Packet contains the full contents of the datagram.

Direction shows the direction of the packet: 1 for incoming packets, and 2 for outgoing packets.

In the case of an incoming packet, PacketAddress and PacketPort identify the source of the packet.

In the case of an outgoing packet, PacketAddress and PacketPort identify the destination of the packet.

on_ready_to_send Event

Fired when the class is ready to send data.

Syntax

class SNMPMgrReadyToSendEventParams(object):
# In class SNMPMgr:
@property
def on_ready_to_send() -> Callable[[SNMPMgrReadyToSendEventParams], None]: ...
@on_ready_to_send.setter
def on_ready_to_send(event_hook: Callable[[SNMPMgrReadyToSendEventParams], None]) -> None: ...

Remarks

The on_ready_to_send event indicates that the underlying TCP/IP subsystem is ready to accept data after a failed DataToSend(TBD. DataToSend is removed).

on_report Event

Fired when a Report packet is received.

Syntax

class SNMPMgrReportEventParams(object):
  @property
  def request_id() -> int: ...

  @property
  def snmp_version() -> int: ...

  @property
  def community() -> str: ...

  @property
  def user() -> str: ...

  @property
  def security_level() -> int: ...

  @property
  def source_address() -> str: ...

  @property
  def source_port() -> int: ...

  @property
  def error_index() -> int: ...

  @property
  def error_status() -> int: ...

  @property
  def error_description() -> str: ...

# In class SNMPMgr:
@property
def on_report() -> Callable[[SNMPMgrReportEventParams], None]: ...
@on_report.setter
def on_report(event_hook: Callable[[SNMPMgrReportEventParams], None]) -> None: ...

Remarks

For SNMPv3, the User parameter shows the user that was supplied with the packet. This parameter MUST be used together with the SecurityLevel parameter which shows the level of security in the message.

The SecurityLevel parameter shows whether the request has been authenticated. If SecurityLevel is 0, the request has NOT been authenticated (i.e. the packet signature has not been verified). For an authenticated, non encrypted request, SecurityLevel is 1. For an authenticated and encrypted request, SecurityLevel is 2.

The list of variables in the SNMP packet, including optional values and types, is provided through the objects collection. Each object is of type SNMPObject. This type describes the obj_id, obj_type, and obj_value of each SNMP object. These variables must be copied to another location before the event has completed executing, or they may be overridden by other events.

The SourceAddress and SourcePort parameters show the address and port of the sender as reported by the TCP/IP stack.

on_response Event

Fired when a GetResponse packet is received.

Syntax

class SNMPMgrResponseEventParams(object):
  @property
  def request_id() -> int: ...

  @property
  def snmp_version() -> int: ...

  @property
  def community() -> str: ...

  @property
  def user() -> str: ...

  @property
  def security_level() -> int: ...

  @property
  def source_address() -> str: ...

  @property
  def source_port() -> int: ...

  @property
  def error_index() -> int: ...

  @property
  def error_status() -> int: ...

  @property
  def error_description() -> str: ...

# In class SNMPMgr:
@property
def on_response() -> Callable[[SNMPMgrResponseEventParams], None]: ...
@on_response.setter
def on_response(event_hook: Callable[[SNMPMgrResponseEventParams], None]) -> None: ...

Remarks

The ErrorStatus and ErrorIndex parameters contain information about possible errors. ErrorDescription is a textual description of ErrorStatus. This value is parsed directly from the SNMP response, which will be a one-based value, so a value of i here maps to index i-1 in the objects collection.

The following is a list of valid SNMP status code values:

0 (noError) No error.
1 (tooBig) The response cannot fit in a single SNMP message.
2 (noSuchName) Variable does not exist.
3 (badValue) Invalid value or syntax.
4 (readOnly) Variable is read-only.
5 (genError) Other error (SNMPv1).
6 (noAccess) Access denied.
7 (wrongType) Wrong object type.
8 (wrongLength) Wrong length.
9 (wrongEncoding) Wrong encoding.
10 (wrongValue) Wrong value.
11 (noCreation) No creation.
12 (inconsistentValue) Inconsistent value.
13 (resourceUnavailable) Resource unavailable.
14 (commitFailed) Commit failed.
15 (undoFailed) Undo failed.
16 (authorizationError) Authorization error.
17 (notWritable) Variable is not writable.
18 (inconsistentName) Inconsistent name.
The ErrorIndex parameter indicates the index of the first variable (object) that caused an error. The default value is 0.

Variable indexes start with 0. ErrorIndex has no meaning when ErrorStatus is 0 (no error).

The list of variables in the SNMP packet, including optional values and types, is provided through the objects collection. Each object is of type SNMPObject. This type describes the obj_id, obj_type, and obj_value of each SNMP object. These variables must be copied to another location before the event has completed executing, or they may be overridden by other events.

The SourceAddress and SourcePort parameters show the address and port of the sender as reported by the TCP/IP stack.

on_ssl_client_authentication Event

Fired when the client presents its credentials to the server.

Syntax

class SNMPMgrSSLClientAuthenticationEventParams(object):
  @property
  def remote_address() -> str: ...

  @property
  def remote_port() -> int: ...

  @property
  def cert_encoded() -> bytes: ...

  @property
  def cert_subject() -> str: ...

  @property
  def cert_issuer() -> str: ...

  @property
  def status() -> str: ...

  @property
  def accept() -> bool: ...
  @accept.setter
  def accept(value) -> None: ...

# In class SNMPMgr:
@property
def on_ssl_client_authentication() -> Callable[[SNMPMgrSSLClientAuthenticationEventParams], None]: ...
@on_ssl_client_authentication.setter
def on_ssl_client_authentication(event_hook: Callable[[SNMPMgrSSLClientAuthenticationEventParams], None]) -> None: ...

Remarks

This event fires when a client connects to the class and presents a certificate for authentication. The Accept parameter is a recommendation on whether to continue or close the connection. This is just a suggestion: application software must use its own logic to determine whether to continue or not.

When Accept is False, Status shows why the verification failed (otherwise, Status contains the string "OK").

RemoteAddress is the IP address of the connecting client.

RemotePort is the source port of the connecting client.

CertEncoded is the base64 encoded certificate presented by the client.

CertSubject is the subject of the certificate presented by the client.

CertIssuer is the subject of the issuer of the certificate presented by the client.

Status is the stauts of the certificate.

Accept defines whether the certificate is accepted.

on_ssl_server_authentication Event

Fires when connecting to the server.

Syntax

class SNMPMgrSSLServerAuthenticationEventParams(object):
  @property
  def remote_address() -> str: ...

  @property
  def remote_port() -> int: ...

  @property
  def cert_encoded() -> bytes: ...

  @property
  def cert_subject() -> str: ...

  @property
  def cert_issuer() -> str: ...

  @property
  def status() -> str: ...

  @property
  def accept() -> bool: ...
  @accept.setter
  def accept(value) -> None: ...

# In class SNMPMgr:
@property
def on_ssl_server_authentication() -> Callable[[SNMPMgrSSLServerAuthenticationEventParams], None]: ...
@on_ssl_server_authentication.setter
def on_ssl_server_authentication(event_hook: Callable[[SNMPMgrSSLServerAuthenticationEventParams], None]) -> None: ...

Remarks

This event is where the client can decide whether to continue with the connection process or not. The Accept parameter is a recommendation on whether to continue or close the connection. This is just a suggestion: application software must use its own logic to determine whether to continue or not.

When Accept is False, Status shows why the verification failed (otherwise, Status contains the string "OK"). If it is decided to continue, you can override and accept the certificate by setting the Accept parameter to True.

RemoteAddress is the IP address of the server.

RemotePort is the source port of the server.

CertEncoded is the base64 encoded certificate presented by the server.

CertSubject is the subject of the certificate presented by the server.

CertIssuer is the subject of the issuer of the certificate presented by the server.

Status is the stauts of the certificate.

Accept defines whether the certificate is accepted.

on_ssl_status Event

Shows the progress of the secure connection.

Syntax

class SNMPMgrSSLStatusEventParams(object):
  @property
  def remote_address() -> str: ...

  @property
  def remote_port() -> int: ...

  @property
  def message() -> str: ...

# In class SNMPMgr:
@property
def on_ssl_status() -> Callable[[SNMPMgrSSLStatusEventParams], None]: ...
@on_ssl_status.setter
def on_ssl_status(event_hook: Callable[[SNMPMgrSSLStatusEventParams], None]) -> None: ...

Remarks

The event is fired for informational and logging purposes only. It is used to track the progress of the connection.

RemoteAddress is the IP address of the remote machine.

RemotePort is the port of the remote machine.

Message is the log message.

on_trap Event

Fired when a SNMP trap packet is received.

Syntax

class SNMPMgrTrapEventParams(object):
  @property
  def request_id() -> int: ...

  @property
  def snmp_version() -> int: ...

  @property
  def community() -> str: ...

  @property
  def user() -> str: ...

  @property
  def security_level() -> int: ...

  @property
  def trap_oid() -> str: ...

  @property
  def time_stamp() -> int: ...

  @property
  def source_address() -> str: ...

  @property
  def source_port() -> int: ...

# In class SNMPMgr:
@property
def on_trap() -> Callable[[SNMPMgrTrapEventParams], None]: ...
@on_trap.setter
def on_trap(event_hook: Callable[[SNMPMgrTrapEventParams], None]) -> None: ...

Remarks

The SNMPTrapMgr class should normally be used to receive traps, since it was designed and contains functionality specifically for that purpose. The SNMPMgr component can only receive traps from the agent that it is has most recently discovered with the discover method.

The TrapOID and TimeStamp parameters contain the Trap OID and TimeStamp. In the case of an SNMPv1 trap, there are two possible scenarios:

First, if the enterprise of the trap is "1.3.6.1.6.3.1.1.5", TrapOID will be a concatenation of TrapEnterprise and GenericTrap + 1. For instance a TrapOID of "1.3.6.1.6.3.1.1.5.5" has a TrapEnterprise of "1.3.6.1.6.3.1.1.5" and a GenericTrap of "4".

Second, In all other cases TrapOID will be a concatenation of the values for TrapEnterprise, GenericTrap, and SpecificTrap, separated by '.'.

For SNMPv2 and above, they are read from the variable-value list (if available).

For SNMPv3, the User parameter shows the user that was supplied with the packet. This parameter MUST be used together with the SecurityLevel parameter which shows the level of security in the message.

The SecurityLevel parameter shows whether the request has been authenticated. If SecurityLevel is 0, the request has NOT been authenticated (i.e. the packet signature has not been verified). For an authenticated, non encrypted request, SecurityLevel is 1. For an authenticated and encrypted request, SecurityLevel is 2.

The SNMPMgr class is limited to accepting authenticated traps only for the user specified in user and password and from the engine specified in remote_engine_id with time parameters in remote_engine_boots and remote_engine_time (usually this is the SNMP engine discovered through the last call to discover). If authenticated traps come from a different engine, or for a different user, they are ignored, and a on_bad_packet event is fired instead.

The list of variables in the SNMP packet, including optional values and types, is provided through the objects collection. Each object is of type SNMPObject. This type describes the obj_id, obj_type, and obj_value of each SNMP object. These variables must be copied to another location before the event has completed executing, or they may be overridden by other events.

The SourceAddress and SourcePort parameters show the address and port of the sender as reported by the TCP/IP stack.

SNMPMgr Config Settings

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.

SNMPManager Config Settings

AllowSingleStepDiscovery:   Whether to allow discovery to be completed in a single step.

When making a discovery request in SNMPv3 while this setting is set to False (default), the component will send a second discovery request even if the agent responds to the first request with the EngineBoots and EngineTime. If set to True, the component will skip the second request if all the necessary information is returned in the first response.

CheckMessageOrigin:   Whether to match the origin IP address when receiving responses.

This setting specifies whether the class matches the source IP address in the response to the destination IP address of the request. When True (default) the class makes sure that response are received from the same IP to which the request was sent. In most cases this does not need to be changed. If there is a specific reason that responses are expected to originate from a different IP from that which the request was sent, this may be set to False. When False the class will not check the origin of received responses.

CheckSNMPVersion:   Whether to check the version of incoming packets.

By default only packets matching snmp_version can be received. Set this to False to ignore the version of incoming packets. The default is True.

CompatibilityMode:   Whether to operate the component in a specific compatibility mode.

This setting will cause the component to operate in a manner different than normal so that it is compatible with third-party products and libraries. The following table lists the possible values for this setting:

0 (default)Component operates normally for greatest compatibility.
1Component uses SNMP4j-compatible encryption (AES192 and AES256).
2Component automatically detects whether to use SNMP4j-compatible encryption (AES192 and AES256). Note: This option is only applicable when receiving packets. If you are using SNMPMgr or sending secure traps, you will need to select either 0 or 1.
ContextEngineId:   Sets the context engine id of the SNMP entity.

If set, the context engine id included in the PDU will be set.

ContextName:   Sets the context name of the SNMP entity.

If set, the context name included in the PDU will be set.

DecryptLogPackets:   Whether to decrypt logged packets.

When set to True this setting will cause the class to decrypt packets logged in on_packet_trace. This only applies when using SNMP Version 3. The default is False.

ForceLocalPort:   Forces the class to bind to a specific port.

The default value is True, which makes the class throw an error if local_port is busy. When ForceLocalPort is set to False and the port is busy, the class silently chooses another random port.

IgnoreDuplicateResponse:   Whether to ignore duplicate responses.

In some scenarios an agent may send a duplicate response (identified by it's RequestID). To prevent processing of a duplicate response set this to True. The default is False

IgnorePortMismatch:   Whether to check if the port matches when a response is received.

When a response is received, the class will validate that the port in the response is the same as the port in the request. To disable this, set this to True.

IncomingContextEngineId:   The engine Id of the received packet.

This setting holds the engine Id of the received packet. This may be queried at any time, including from within an event, and returns the engine Id of the received packet. This is not needed in most cases, but can be used to store the incoming engine Id to send an asynchronous response later. This value is read-only.

IncomingContextName:   The context name of the received packet.

This setting holds the context name of the received packet. This may be queried at any time, including from within an event, and returns the context name of the received packet. This is not needed in most cases, but can be used to store the incoming context name to send an asynchronous response later. This value is read-only.

MsgMaxSize:   The maximum supported message size.

This setting specifies the maximum supported message size in bytes. This is only applicable when snmp_version is set to 3. This corresponds to the "msgMaxSize" field in the request.

SourceAddress:   The source address of the received packet.

This setting holds the source address of the received packet. This may be queried at any time, including from within an event, and returns the source address of the received packet. This value is read-only.

SourcePort:   The source port of the received packet.

This setting holds the source port of the received packet. This may be queried at any time, including from within an event, and returns the source port of the received packet. This value is read-only.

TimeoutInMilliseconds:   The timeout is treated as milliseconds.

Setting TimeoutInMilliseconds to true causes the class to use the value in timeout as milliseconds instead of seconds, which is the default.

WalkInsideRange:   Stops the SNMP walk if the OID value returned from an agent is outside the table.

When WalkInsideRange is set to true the Walk will continue only while the OID Values returned from the agent are greater than the current OID Value. If an object is returned with an OID value that is out of this range it is not added to the objects collection, the on_error event will fire, and walk will return. The default value is true.

WalkStartOID:   Specifies the OID to be used when a Walk is performed.

When this property is set and walk is called, the first request sent will contain the specified WalkStartOID value. This feature is particularly useful in the case of errors, such as timeouts, that may occur during a Walk. In such a case, you can set WalkStartOID to the last OID returned before the Timeout occurred then call walk again (using the original tableOID parameter value). This will allow you to continue the Walk where it left off (when the Timeout error occurred).

Note that when store_walk_objects is set to true and WalkStartOID is set, the existing entries in objects will be maintained when walk is called and new returned objects will be added (just as if no error occurred in the initial walk call).

UDP Config Settings

CaptureIPPacketInfo:   Used to capture the packet information.

If this is set to True, the component will capture the IP packet information.

The default value for this setting is False.

Note: This configuration setting is available only in Windows.

DelayHostResolution:   Whether the hostname is resolved when RemoteHost is set.

This configuration setting specifies whether a hostname is resolved immediately when remote_host is set. If True the class will resolve the hostname and the IP address will be present in the remote_host property. If False, the hostname is not resolved until needed by the component when a method to connect or send data is called. If desired, resolve_remote_host may be called to manually resolve the value in remote_host at any time.

The default value is False.

DestinationAddress:   Used to get the destination address from the packet information.

If CaptureIPPacketInfo is set to True, then this will be populated with the packet's destination address when a packet is received. This information will be accessible in the DataIn event.

Note: This configuration setting is available only in Windows.

DontFragment:   Used to set the Don't Fragment flag of outgoing packets.

When set to True, packets sent by the class will have the Don't Fragment flag set. The default value is False.

LocalHost:   The name of the local host through which connections are initiated or accepted.

The local_host setting contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multihomed hosts (machines with more than one IP interface), setting LocalHost to the value of an interface will make the class initiate connections (or accept in the case of server classs) only through that interface.

If the class is connected, the local_host setting shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multihomed hosts (machines with more than one IP interface).

LocalPort:   The port in the local host where the class binds.

This configuration setting must be set before a connection is attempted. It instructs the class to bind to a specific port (or communication endpoint) in the local machine.

Setting this to 0 (default) enables the system to choose a port at random. The chosen port will be shown by local_port after the connection is established.

local_port cannot be changed once a connection is made. Any attempt to set this when a connection is active will generate an error.

This configuration setting is useful when trying to connect to services that require a trusted port on the client side. An example is the remote shell (rsh) service in UNIX systems.

MaxPacketSize:   The maximum length of the packets that can be received.

This configuration setting specifies the maximum size of the datagrams that the class will accept without truncation.

QOSDSCPValue:   Used to specify an arbitrary QOS/DSCP setting (optional).

UseConnection must be True to use this configuration setting. This option allows you to specify an arbitrary DSCP value between 0 and 63. The default is 0. When set to the default value, the component will not set a DSCP value.

Note: This configuration setting uses the qWAVE API and is available only on Windows 7, Windows Server 2008 R2, and later.

QOSTrafficType:   Used to specify QOS/DSCP settings (optional).

UseConnection must be True to use this setting. You may specify either the text or integer values: BestEffort (0), Background (1), ExcellentEffort (2), AudioVideo (3), Voice (4), and Control (5).

Note: This configuration setting uses the qWAVE API and is available only on Windows Vista and Windows Server 2008 or above.

Note: QOSTrafficType must be set before setting active to True.

ShareLocalPort:   If set to True, allows more than one instance of the class to be active on the same local port.

This option must be set before the class is activated through the active property or it will have no effect.

The default value for this setting is False.

SourceIPAddress:   Used to set the source IP address used when sending a packet.

This configuration setting can be used to override the source IP address when sending a packet.

Note: This configuration setting is available only in Windows and requires that the winpcap library be installed (or npcap with winpcap compatibility).

SourceMacAddress:   Used to set the source MAC address used when sending a packet.

This configuration setting can be used to override the source MAC address when sending a packet.

Note: This configuration setting is available only in Windows and requires that the winpcap library be installed (or npcap with winpcap compatibility).

UseConnection:   Determines whether to use a connected socket.

UseConnection specifies whether or not the class should use a connected socket. The connection is defined as an association in between the local address/port and the remote address/port. As such, this is not a connection in the traditional Transmission Control Protocol (TCP) sense. It means only that the class will send and receive data to and from the specified destination.

The default value for this setting is False.

UseIPv6:   Whether or not to use IPv6.

By default, the component expects an IPv4 address for local and remote host properties, and it will create an IPv4 socket. To use IPv6 instead, set this to True.

Socket Config Settings

AbsoluteTimeout:   Determines whether timeouts are inactivity timeouts or absolute timeouts.

If AbsoluteTimeout is set to True, any method that does not complete within timeout seconds will be aborted. By default, AbsoluteTimeout is False, and the timeout is an inactivity timeout.

Note: This option is not valid for User Datagram Protocol (UDP) ports.

FirewallData:   Used to send extra data to the firewall.

When the firewall is a tunneling proxy, use this property to send custom (additional) headers to the firewall (e.g., headers for custom authentication schemes).

InBufferSize:   The size in bytes of the incoming queue of the socket.

This is the size of an internal queue in the Transmission Control Protocol (TCP)/IP stack. You can increase or decrease its size depending on the amount of data that you will be receiving. In some cases, increasing the value of the InBufferSize setting can provide significant improvements in performance.

Some TCP/IP implementations do not support variable buffer sizes. If that is the case, when the class is activated the InBufferSize reverts to its defined size. The same happens if you attempt to make it too large or too small.

OutBufferSize:   The size in bytes of the outgoing queue of the socket.

This is the size of an internal queue in the TCP/IP stack. You can increase or decrease its size depending on the amount of data that you will be sending. In some cases, increasing the value of the OutBufferSize setting can provide significant improvements in performance.

Some TCP/IP implementations do not support variable buffer sizes. If that is the case, when the class is activated the OutBufferSize reverts to its defined size. The same happens if you attempt to make it too large or too small.

Base Config Settings

BuildInfo:   Information about the product's build.

When queried, this setting will return a string containing information about the product's build.

CodePage:   The system code page used for Unicode to Multibyte translations.

The default code page is Unicode UTF-8 (65001).

The following is a list of valid code page identifiers:

IdentifierName
037IBM EBCDIC - U.S./Canada
437OEM - United States
500IBM EBCDIC - International
708Arabic - ASMO 708
709Arabic - ASMO 449+, BCON V4
710Arabic - Transparent Arabic
720Arabic - Transparent ASMO
737OEM - Greek (formerly 437G)
775OEM - Baltic
850OEM - Multilingual Latin I
852OEM - Latin II
855OEM - Cyrillic (primarily Russian)
857OEM - Turkish
858OEM - Multilingual Latin I + Euro symbol
860OEM - Portuguese
861OEM - Icelandic
862OEM - Hebrew
863OEM - Canadian-French
864OEM - Arabic
865OEM - Nordic
866OEM - Russian
869OEM - Modern Greek
870IBM EBCDIC - Multilingual/ROECE (Latin-2)
874ANSI/OEM - Thai (same as 28605, ISO 8859-15)
875IBM EBCDIC - Modern Greek
932ANSI/OEM - Japanese, Shift-JIS
936ANSI/OEM - Simplified Chinese (PRC, Singapore)
949ANSI/OEM - Korean (Unified Hangul Code)
950ANSI/OEM - Traditional Chinese (Taiwan; Hong Kong SAR, PRC)
1026IBM EBCDIC - Turkish (Latin-5)
1047IBM EBCDIC - Latin 1/Open System
1140IBM EBCDIC - U.S./Canada (037 + Euro symbol)
1141IBM EBCDIC - Germany (20273 + Euro symbol)
1142IBM EBCDIC - Denmark/Norway (20277 + Euro symbol)
1143IBM EBCDIC - Finland/Sweden (20278 + Euro symbol)
1144IBM EBCDIC - Italy (20280 + Euro symbol)
1145IBM EBCDIC - Latin America/Spain (20284 + Euro symbol)
1146IBM EBCDIC - United Kingdom (20285 + Euro symbol)
1147IBM EBCDIC - France (20297 + Euro symbol)
1148IBM EBCDIC - International (500 + Euro symbol)
1149IBM EBCDIC - Icelandic (20871 + Euro symbol)
1200Unicode UCS-2 Little-Endian (BMP of ISO 10646)
1201Unicode UCS-2 Big-Endian
1250ANSI - Central European
1251ANSI - Cyrillic
1252ANSI - Latin I
1253ANSI - Greek
1254ANSI - Turkish
1255ANSI - Hebrew
1256ANSI - Arabic
1257ANSI - Baltic
1258ANSI/OEM - Vietnamese
1361Korean (Johab)
10000MAC - Roman
10001MAC - Japanese
10002MAC - Traditional Chinese (Big5)
10003MAC - Korean
10004MAC - Arabic
10005MAC - Hebrew
10006MAC - Greek I
10007MAC - Cyrillic
10008MAC - Simplified Chinese (GB 2312)
10010MAC - Romania
10017MAC - Ukraine
10021MAC - Thai
10029MAC - Latin II
10079MAC - Icelandic
10081MAC - Turkish
10082MAC - Croatia
12000Unicode UCS-4 Little-Endian
12001Unicode UCS-4 Big-Endian
20000CNS - Taiwan
20001TCA - Taiwan
20002Eten - Taiwan
20003IBM5550 - Taiwan
20004TeleText - Taiwan
20005Wang - Taiwan
20105IA5 IRV International Alphabet No. 5 (7-bit)
20106IA5 German (7-bit)
20107IA5 Swedish (7-bit)
20108IA5 Norwegian (7-bit)
20127US-ASCII (7-bit)
20261T.61
20269ISO 6937 Non-Spacing Accent
20273IBM EBCDIC - Germany
20277IBM EBCDIC - Denmark/Norway
20278IBM EBCDIC - Finland/Sweden
20280IBM EBCDIC - Italy
20284IBM EBCDIC - Latin America/Spain
20285IBM EBCDIC - United Kingdom
20290IBM EBCDIC - Japanese Katakana Extended
20297IBM EBCDIC - France
20420IBM EBCDIC - Arabic
20423IBM EBCDIC - Greek
20424IBM EBCDIC - Hebrew
20833IBM EBCDIC - Korean Extended
20838IBM EBCDIC - Thai
20866Russian - KOI8-R
20871IBM EBCDIC - Icelandic
20880IBM EBCDIC - Cyrillic (Russian)
20905IBM EBCDIC - Turkish
20924IBM EBCDIC - Latin-1/Open System (1047 + Euro symbol)
20932JIS X 0208-1990 & 0121-1990
20936Simplified Chinese (GB2312)
21025IBM EBCDIC - Cyrillic (Serbian, Bulgarian)
21027Extended Alpha Lowercase
21866Ukrainian (KOI8-U)
28591ISO 8859-1 Latin I
28592ISO 8859-2 Central Europe
28593ISO 8859-3 Latin 3
28594ISO 8859-4 Baltic
28595ISO 8859-5 Cyrillic
28596ISO 8859-6 Arabic
28597ISO 8859-7 Greek
28598ISO 8859-8 Hebrew
28599ISO 8859-9 Latin 5
28605ISO 8859-15 Latin 9
29001Europa 3
38598ISO 8859-8 Hebrew
50220ISO 2022 Japanese with no halfwidth Katakana
50221ISO 2022 Japanese with halfwidth Katakana
50222ISO 2022 Japanese JIS X 0201-1989
50225ISO 2022 Korean
50227ISO 2022 Simplified Chinese
50229ISO 2022 Traditional Chinese
50930Japanese (Katakana) Extended
50931US/Canada and Japanese
50933Korean Extended and Korean
50935Simplified Chinese Extended and Simplified Chinese
50936Simplified Chinese
50937US/Canada and Traditional Chinese
50939Japanese (Latin) Extended and Japanese
51932EUC - Japanese
51936EUC - Simplified Chinese
51949EUC - Korean
51950EUC - Traditional Chinese
52936HZ-GB2312 Simplified Chinese
54936Windows XP: GB18030 Simplified Chinese (4 Byte)
57002ISCII Devanagari
57003ISCII Bengali
57004ISCII Tamil
57005ISCII Telugu
57006ISCII Assamese
57007ISCII Oriya
57008ISCII Kannada
57009ISCII Malayalam
57010ISCII Gujarati
57011ISCII Punjabi
65000Unicode UTF-7
65001Unicode UTF-8
The following is a list of valid code page identifiers for Mac OS only:
IdentifierName
1ASCII
2NEXTSTEP
3JapaneseEUC
4UTF8
5ISOLatin1
6Symbol
7NonLossyASCII
8ShiftJIS
9ISOLatin2
10Unicode
11WindowsCP1251
12WindowsCP1252
13WindowsCP1253
14WindowsCP1254
15WindowsCP1250
21ISO2022JP
30MacOSRoman
10UTF16String
0x90000100UTF16BigEndian
0x94000100UTF16LittleEndian
0x8c000100UTF32String
0x98000100UTF32BigEndian
0x9c000100UTF32LittleEndian
65536Proprietary

LicenseInfo:   Information about the current license.

When queried, this setting will return a string containing information about the license this instance of a class is using. It will return the following information:

  • Product: The product the license is for.
  • Product Key: The key the license was generated from.
  • License Source: Where the license was found (e.g., RuntimeLicense, License File).
  • License Type: The type of license installed (e.g., Royalty Free, Single Server).
  • Last Valid Build: The last valid build number for which the license will work.
MaskSensitiveData:   Whether sensitive data is masked in log messages.

In certain circumstances it may be beneficial to mask sensitive data, like passwords, in log messages. Set this to True to mask sensitive data. The default is True.

This setting only works on these classes: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.

ProcessIdleEvents:   Whether the class uses its internal event loop to process events when the main thread is idle.

If set to False, the class will not fire internal idle events. Set this to False to use the class in a background thread on Mac OS. By default, this setting is True.

SelectWaitMillis:   The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process.

If there are no events to process when do_events is called, the class will wait for the amount of time specified here before returning. The default value is 20.

UseInternalSecurityAPI:   Whether or not to use the system security libraries or an internal implementation.

When set to False, the class will use the system security libraries by default to perform cryptographic functions where applicable.

Setting this configuration setting to True tells the class to use the internal implementation instead of using the system security libraries.

On Windows, this setting is set to False by default. On Linux/macOS, this setting is set to True by default.

To use the system security libraries for Linux, OpenSSL support must be enabled. For more information on how to enable OpenSSL, please refer to the OpenSSL Notes section.

SNMPMgr Errors

SNMPMgr Errors

201   Timeout.
301   Bad Object Index when accessing the Obj* properties. Timeout when performing an operation. Check the error description for details.
302   Value exceeds maximum number of objects allowed.
303   The value must be an IP address in dotted format.
305   Unsupported SNMP version.
306   Unknown PDU type.
307   The class is busy performing the current action.
308   Verification failed.
309   Missing password for Verification.
310   Missing signature.
311   Missing remote time.
312   Missing timeout value.
313   Decryption Failed.
314   Missing password for decryption.
315   Not encrypted.
316   Security model not supported.
317   Defective packet
318   Not from bound point.
319   Operation not permitted in current role.
320   Bad packet.
321   Message not authenticated.
322   No such oid.
323   Missing privacy parameter.
324   Bad engine id.
325   Bad time frame.
326   Bad user name.
327   Security level was not accepted.
328   Discovery failed.
329   Incorrect key length.
330   No authentication password supplied.
333   Returned OID was out of range. This is applicable only when WalkInsideRange is set to true.

The class may also return one of the following error codes, which are inherited from other classes.

UDP Errors

104   UDP is already active.
106   You cannot change the local_port while the class is active.
107   You cannot change the local_host at this time. A connection is in progress.
109   The class must be active for this operation.
112   You cannot change MaxPacketSize while the class is active.
113   You cannot change ShareLocalPort option while the class is active.
114   You cannot change remote_host when UseConnection is set and the class active.
115   You cannot change remote_port when UseConnection is set and the class is active.
116   remote_port cannot be zero when UseConnection is set. Please specify a valid service port number.
117   You cannot change UseConnection while the class is active.
118   Message cannot be longer than MaxPacketSize.
119   Message too short.
434   Unable to convert string to selected CodePage.

SSL Errors

270   Cannot load specified security library.
271   Cannot open certificate store.
272   Cannot find specified certificate.
273   Cannot acquire security credentials.
274   Cannot find certificate chain.
275   Cannot verify certificate chain.
276   Error during handshake.
280   Error verifying certificate.
281   Could not find client certificate.
282   Could not find server certificate.
283   Error encrypting data.
284   Error decrypting data.

TCP/IP Errors

10004   [10004] Interrupted system call.
10009   [10009] Bad file number.
10013   [10013] Access denied.
10014   [10014] Bad address.
10022   [10022] Invalid argument.
10024   [10024] Too many open files.
10035   [10035] Operation would block.
10036   [10036] Operation now in progress.
10037   [10037] Operation already in progress.
10038   [10038] Socket operation on nonsocket.
10039   [10039] Destination address required.
10040   [10040] Message is too long.
10041   [10041] Protocol wrong type for socket.
10042   [10042] Bad protocol option.
10043   [10043] Protocol is not supported.
10044   [10044] Socket type is not supported.
10045   [10045] Operation is not supported on socket.
10046   [10046] Protocol family is not supported.
10047   [10047] Address family is not supported by protocol family.
10048   [10048] Address already in use.
10049   [10049] Cannot assign requested address.
10050   [10050] Network is down.
10051   [10051] Network is unreachable.
10052   [10052] Net dropped connection or reset.
10053   [10053] Software caused connection abort.
10054   [10054] Connection reset by peer.
10055   [10055] No buffer space available.
10056   [10056] Socket is already connected.
10057   [10057] Socket is not connected.
10058   [10058] Cannot send after socket shutdown.
10059   [10059] Too many references, cannot splice.
10060   [10060] Connection timed out.
10061   [10061] Connection refused.
10062   [10062] Too many levels of symbolic links.
10063   [10063] File name is too long.
10064   [10064] Host is down.
10065   [10065] No route to host.
10066   [10066] Directory is not empty
10067   [10067] Too many processes.
10068   [10068] Too many users.
10069   [10069] Disc Quota Exceeded.
10070   [10070] Stale NFS file handle.
10071   [10071] Too many levels of remote in path.
10091   [10091] Network subsystem is unavailable.
10092   [10092] WINSOCK DLL Version out of range.
10093   [10093] Winsock is not loaded yet.
11001   [11001] Host not found.
11002   [11002] Nonauthoritative 'Host not found' (try again or check DNS setup).
11003   [11003] Nonrecoverable errors: FORMERR, REFUSED, NOTIMP.
11004   [11004] Valid name, no data record (check DNS setup).