testing/fulltests/tls/STsmPrefix - vendor/opensource/netsnmp - Git at Google

 #!/bin/sh

 . STlsVars

 # this file contains tests common to both tls and dtls usages

 export NET_SNMP_CRT_CFGTOOL="${builddir}/net-snmp-config"
 NSCERT="perl $SNMP_BASEDIR/../../../local/net-snmp-cert"
 NSCERTARGS="-I -C $SNMP_TMPDIR"

 TLSDIR=$SNMP_TMPDIR/tls

 #########################################
 # Create the certificates

 # create the ca
 CAPTURE $NSCERT genca --cn ca-net-snmp.org  $NSCERTARGS

 # snmpd
 HOSTNAME=`hostname`
 CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpd --cn $HOSTNAME $NSCERTARGS
 SERVERFP=`$NSCERT showcerts --fingerprint --brief snmpd  $NSCERTARGS`
 CHECKVALUEISNT "$SERVERFP" "" "generated fingerprint for snmpd certificate"

 # user
 CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpapp --cn 'testuser'  $NSCERTARGS
 TESTUSERFP=`$NSCERT showcerts --fingerprint --brief snmpapp $NSCERTARGS`
 CHECKVALUEISNT "$TESTUSERFP" "" "generated fingerprint for testuser certificate"

 # user2
 CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpapp2 --cn 'testuser2'  $NSCERTARGS
 TESTUSER2FP=`$NSCERT showcerts --fingerprint --brief snmpapp2 $NSCERTARGS`
 CHECKVALUEISNT "$TESTUSER2FP" "" "generated fingerprint for testuser2 certificate"

 CONFIGAPP serverCert $SERVERFP
 CONFIGAGENT certSecName 9  $TESTUSERFP     --cn
 CONFIGAGENT certSecName 10  $TESTUSER2FP     --cn
 CONFIGAGENT  rwuser -s tsm testuser authpriv
 CONFIGAGENT  rwuser -s tsm $TSM_PREFIX:testuser2 authpriv
 CONFIGAGENT rocommunity public

 #
 # Start the agent
 #
 AGENT_FLAGS="-Dtsm udp:9999"
 FLAGS="-On $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT"
 STARTAGENT

 CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0"
 CHECK ".1.3.6.1.2.1.190.1.2.1.0 = INTEGER: false"

 # using user 1 - a common name mapped certificate
 # (using the default "snmpapp" certificate because we don't specify another)
 CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.1.3.0"

 CHECK       ".1.3.6.1.2.1.1.3.0 = Timeticks:"

 # using user 2 should now fail because no prefix is applied
 CAPTURE "snmpget -T our_identity=snmpapp2 -Dssl $FLAGS .1.3.6.1.2.1.1.3.0"

 CHECKCOUNT 0 ".1.3.6.1.2.1.1.3.0 = Timeticks:"
 CHECK "authorizationError"

 # set the TSM prefix scalar to 1 to turn on prefixing
 CAPTURE "snmpset -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0 i 1"


 # using user 2 should now work and the prefix should have been added
 # to the securityName, so the agent now accepts it
 CAPTURE "snmpget -T our_identity=snmpapp2 -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0"

 CHECK ".1.3.6.1.2.1.190.1.2.1.0 = INTEGER: true"

 # using user 1 should now fail because the prefix has added to the
 # securityName, so the agent now accepts it
 CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.1.3.0"

 CHECKCOUNT 0 ".1.3.6.1.2.1.1.3.0 = Timeticks:"
 CHECK "authorizationError"

 CAPTURE "snmpget -v 1 -c public 127.0.0.1:9999 .1.3.6.1.2.1.190.1.2.1.0"

 # cleanup
 STOPAGENT

 FINISHED
	#!/bin/sh

	. STlsVars

	# this file contains tests common to both tls and dtls usages

	export NET_SNMP_CRT_CFGTOOL="${builddir}/net-snmp-config"
	NSCERT="perl $SNMP_BASEDIR/../../../local/net-snmp-cert"
	NSCERTARGS="-I -C $SNMP_TMPDIR"

	TLSDIR=$SNMP_TMPDIR/tls

	#########################################
	# Create the certificates

	# create the ca
	CAPTURE $NSCERT genca --cn ca-net-snmp.org $NSCERTARGS

	# snmpd
	HOSTNAME=`hostname`
	CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpd --cn $HOSTNAME $NSCERTARGS
	SERVERFP=`$NSCERT showcerts --fingerprint --brief snmpd $NSCERTARGS`
	CHECKVALUEISNT "$SERVERFP" "" "generated fingerprint for snmpd certificate"

	# user
	CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpapp --cn 'testuser' $NSCERTARGS
	TESTUSERFP=`$NSCERT showcerts --fingerprint --brief snmpapp $NSCERTARGS`
	CHECKVALUEISNT "$TESTUSERFP" "" "generated fingerprint for testuser certificate"

	# user2
	CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpapp2 --cn 'testuser2' $NSCERTARGS
	TESTUSER2FP=`$NSCERT showcerts --fingerprint --brief snmpapp2 $NSCERTARGS`
	CHECKVALUEISNT "$TESTUSER2FP" "" "generated fingerprint for testuser2 certificate"

	CONFIGAPP serverCert $SERVERFP
	CONFIGAGENT certSecName 9 $TESTUSERFP --cn
	CONFIGAGENT certSecName 10 $TESTUSER2FP --cn
	CONFIGAGENT rwuser -s tsm testuser authpriv
	CONFIGAGENT rwuser -s tsm $TSM_PREFIX:testuser2 authpriv
	CONFIGAGENT rocommunity public

	#
	# Start the agent
	#
	AGENT_FLAGS="-Dtsm udp:9999"
	FLAGS="-On $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT"
	STARTAGENT

	CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0"
	CHECK ".1.3.6.1.2.1.190.1.2.1.0 = INTEGER: false"

	# using user 1 - a common name mapped certificate
	# (using the default "snmpapp" certificate because we don't specify another)
	CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.1.3.0"

	CHECK ".1.3.6.1.2.1.1.3.0 = Timeticks:"

	# using user 2 should now fail because no prefix is applied
	CAPTURE "snmpget -T our_identity=snmpapp2 -Dssl $FLAGS .1.3.6.1.2.1.1.3.0"

	CHECKCOUNT 0 ".1.3.6.1.2.1.1.3.0 = Timeticks:"
	CHECK "authorizationError"

	# set the TSM prefix scalar to 1 to turn on prefixing
	CAPTURE "snmpset -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0 i 1"


	# using user 2 should now work and the prefix should have been added
	# to the securityName, so the agent now accepts it
	CAPTURE "snmpget -T our_identity=snmpapp2 -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0"

	CHECK ".1.3.6.1.2.1.190.1.2.1.0 = INTEGER: true"

	# using user 1 should now fail because the prefix has added to the
	# securityName, so the agent now accepts it
	CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.1.3.0"

	CHECKCOUNT 0 ".1.3.6.1.2.1.1.3.0 = Timeticks:"
	CHECK "authorizationError"

	CAPTURE "snmpget -v 1 -c public 127.0.0.1:9999 .1.3.6.1.2.1.190.1.2.1.0"

	# cleanup
	STOPAGENT

	FINISHED