1 files changed, 86 insertions, 0 deletions

diff --git a/testing/fulltests/tls/STsmPrefix b/testing/fulltests/tls/STsmPrefix
new file mode 100644
index 0000000..ec0f8d6
--- /dev/null
+++ b/testing/fulltests/tls/STsmPrefix
@@ -0,0 +1,86 @@
+#!/bin/sh
+
+. STlsVars
+
+# this file contains tests common to both tls and dtls usages
+
+export NET_SNMP_CRT_CFGTOOL="${builddir}/net-snmp-config"
+NSCERT="perl $SNMP_BASEDIR/../../../local/net-snmp-cert"
+NSCERTARGS="-I -C $SNMP_TMPDIR"
+
+TLSDIR=$SNMP_TMPDIR/tls
+
+#########################################
+# Create the certificates
+
+# create the ca
+CAPTURE $NSCERT genca --cn ca-net-snmp.org  $NSCERTARGS
+
+# snmpd
+HOSTNAME=`hostname`
+CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpd --cn $HOSTNAME $NSCERTARGS
+SERVERFP=`$NSCERT showcerts --fingerprint --brief snmpd  $NSCERTARGS`
+CHECKVALUEISNT "$SERVERFP" "" "generated fingerprint for snmpd certificate"
+
+# user
+CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpapp --cn 'testuser'  $NSCERTARGS
+TESTUSERFP=`$NSCERT showcerts --fingerprint --brief snmpapp $NSCERTARGS`
+CHECKVALUEISNT "$TESTUSERFP" "" "generated fingerprint for testuser certificate"
+
+# user2
+CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpapp2 --cn 'testuser2'  $NSCERTARGS
+TESTUSER2FP=`$NSCERT showcerts --fingerprint --brief snmpapp2 $NSCERTARGS`
+CHECKVALUEISNT "$TESTUSER2FP" "" "generated fingerprint for testuser2 certificate"
+
+CONFIGAPP serverCert $SERVERFP
+CONFIGAGENT certSecName 9  $TESTUSERFP     --cn
+CONFIGAGENT certSecName 10  $TESTUSER2FP     --cn
+CONFIGAGENT  rwuser -s tsm testuser authpriv
+CONFIGAGENT  rwuser -s tsm $TSM_PREFIX:testuser2 authpriv
+CONFIGAGENT rocommunity public
+
+#
+# Start the agent
+#
+AGENT_FLAGS="-Dtsm udp:9999"
+FLAGS="-On $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT"
+STARTAGENT
+
+CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0"
+CHECK ".1.3.6.1.2.1.190.1.2.1.0 = INTEGER: false"
+
+# using user 1 - a common name mapped certificate
+# (using the default "snmpapp" certificate because we don't specify another)
+CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.1.3.0"
+
+CHECK       ".1.3.6.1.2.1.1.3.0 = Timeticks:"
+
+# using user 2 should now fail because no prefix is applied
+CAPTURE "snmpget -T our_identity=snmpapp2 -Dssl $FLAGS .1.3.6.1.2.1.1.3.0"
+
+CHECKCOUNT 0 ".1.3.6.1.2.1.1.3.0 = Timeticks:"
+CHECK "authorizationError"
+
+# set the TSM prefix scalar to 1 to turn on prefixing
+CAPTURE "snmpset -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0 i 1"
+
+
+# using user 2 should now work and the prefix should have been added
+# to the securityName, so the agent now accepts it
+CAPTURE "snmpget -T our_identity=snmpapp2 -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0"
+
+CHECK ".1.3.6.1.2.1.190.1.2.1.0 = INTEGER: true"
+
+# using user 1 should now fail because the prefix has added to the
+# securityName, so the agent now accepts it
+CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.1.3.0"
+
+CHECKCOUNT 0 ".1.3.6.1.2.1.1.3.0 = Timeticks:"
+CHECK "authorizationError"
+
+CAPTURE "snmpget -v 1 -c public 127.0.0.1:9999 .1.3.6.1.2.1.190.1.2.1.0"
+
+# cleanup
+STOPAGENT
+
+FINISHED