| #!/bin/sh |
| |
| . STlsVars |
| |
| # this is usually something like "localhost:", so we need to strip the : |
| OURHOST=`echo $SNMP_TEST_DEST | sed 's/:.*//'` |
| |
| # create a CA |
| |
| CAPTURE $NSCERT genca --cn ca-net-snmp.org $NSCERTARGS |
| CAFP=`$NSCERT showcas --fingerprint --brief ca-net-snmp.org $NSCERTARGS` |
| CHECKVALUEISNT "$CAFP" "" "generated fingerprint for ca-net-snmp.org certificate" |
| |
| # create a server certificate using the CA certificate |
| CAPTURE $NSCERT gencert -t snmpd --with-ca ca-net-snmp.org $checknametype ${checknameprefix}$OURHOST $NSCERTARGS |
| SNMPDFP=`$NSCERT showcert --fingerprint --brief snmpd $NSCERTARGS` |
| |
| CONFIGAGENT '[snmp]' serverCert $SNMPDFP |
| |
| # create a user certificate |
| CAPTURE $NSCERT gencert -t snmpapp --cn 'testuser' $NSCERTARGS |
| TESTUSERFP=`$NSCERT showcerts --fingerprint --brief snmpapp $NSCERTARGS` |
| CHECKVALUEISNT "$TESTUSERFP" "" "generated fingerprint for testuser certificate" |
| |
| CONFIGAGENT certSecName 10 $TESTUSERFP --cn |
| CONFIGAGENT rwuser -s tsm testuser authpriv |
| |
| CONFIGAPP clientCert $TESTUSERFP |
| |
| # start the agent up |
| FLAGS="-On $SNMP_FLAGS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT" |
| |
| # start up the agent |
| STARTAGENT |
| |
| ######################################## |
| # Positive tests |
| # (should work) |
| |
| # ensure we can access it via a direct FP check |
| DOSETTEST fingerprintIdentity "-T their_identity=$SNMPDFP $FLAGS" |
| |
| # directly specify the host name |
| DOSETTEST hostnameIdentity "-T trust_cert=$CAFP -T their_hostname=$OURHOST $FLAGS" |
| |
| # This should also work because we: |
| # - trust the CA cert |
| # - use a session destname that matches the certificate |
| DOSETTEST sessionnameIdentity "-T trust_cert=$CAFP $FLAGS" |
| |
| ######################################## |
| # DONE |
| |
| #sleep 500 |
| STOPAGENT |
| |
| FINISHED |