diff options
Diffstat (limited to 'testing/fulltests/tls/STsmPrefix')
-rw-r--r-- | testing/fulltests/tls/STsmPrefix | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/testing/fulltests/tls/STsmPrefix b/testing/fulltests/tls/STsmPrefix new file mode 100644 index 0000000..ec0f8d6 --- /dev/null +++ b/testing/fulltests/tls/STsmPrefix @@ -0,0 +1,86 @@ +#!/bin/sh + +. STlsVars + +# this file contains tests common to both tls and dtls usages + +export NET_SNMP_CRT_CFGTOOL="${builddir}/net-snmp-config" +NSCERT="perl $SNMP_BASEDIR/../../../local/net-snmp-cert" +NSCERTARGS="-I -C $SNMP_TMPDIR" + +TLSDIR=$SNMP_TMPDIR/tls + +######################################### +# Create the certificates + +# create the ca +CAPTURE $NSCERT genca --cn ca-net-snmp.org $NSCERTARGS + +# snmpd +HOSTNAME=`hostname` +CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpd --cn $HOSTNAME $NSCERTARGS +SERVERFP=`$NSCERT showcerts --fingerprint --brief snmpd $NSCERTARGS` +CHECKVALUEISNT "$SERVERFP" "" "generated fingerprint for snmpd certificate" + +# user +CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpapp --cn 'testuser' $NSCERTARGS +TESTUSERFP=`$NSCERT showcerts --fingerprint --brief snmpapp $NSCERTARGS` +CHECKVALUEISNT "$TESTUSERFP" "" "generated fingerprint for testuser certificate" + +# user2 +CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpapp2 --cn 'testuser2' $NSCERTARGS +TESTUSER2FP=`$NSCERT showcerts --fingerprint --brief snmpapp2 $NSCERTARGS` +CHECKVALUEISNT "$TESTUSER2FP" "" "generated fingerprint for testuser2 certificate" + +CONFIGAPP serverCert $SERVERFP +CONFIGAGENT certSecName 9 $TESTUSERFP --cn +CONFIGAGENT certSecName 10 $TESTUSER2FP --cn +CONFIGAGENT rwuser -s tsm testuser authpriv +CONFIGAGENT rwuser -s tsm $TSM_PREFIX:testuser2 authpriv +CONFIGAGENT rocommunity public + +# +# Start the agent +# +AGENT_FLAGS="-Dtsm udp:9999" +FLAGS="-On $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT" +STARTAGENT + +CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0" +CHECK ".1.3.6.1.2.1.190.1.2.1.0 = INTEGER: false" + +# using user 1 - a common name mapped certificate +# (using the default "snmpapp" certificate because we don't specify another) +CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.1.3.0" + +CHECK ".1.3.6.1.2.1.1.3.0 = Timeticks:" + +# using user 2 should now fail because no prefix is applied +CAPTURE "snmpget -T our_identity=snmpapp2 -Dssl $FLAGS .1.3.6.1.2.1.1.3.0" + +CHECKCOUNT 0 ".1.3.6.1.2.1.1.3.0 = Timeticks:" +CHECK "authorizationError" + +# set the TSM prefix scalar to 1 to turn on prefixing +CAPTURE "snmpset -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0 i 1" + + +# using user 2 should now work and the prefix should have been added +# to the securityName, so the agent now accepts it +CAPTURE "snmpget -T our_identity=snmpapp2 -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0" + +CHECK ".1.3.6.1.2.1.190.1.2.1.0 = INTEGER: true" + +# using user 1 should now fail because the prefix has added to the +# securityName, so the agent now accepts it +CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.1.3.0" + +CHECKCOUNT 0 ".1.3.6.1.2.1.1.3.0 = Timeticks:" +CHECK "authorizationError" + +CAPTURE "snmpget -v 1 -c public 127.0.0.1:9999 .1.3.6.1.2.1.190.1.2.1.0" + +# cleanup +STOPAGENT + +FINISHED |