#!/bin/sh . STlsVars ######################################### # CERTIFICATE SETUP # # produce the certificates to use # snmptrapd HOSTNAME=`hostname` CAPTURE $NSCERT gencert -t snmptrapdd --cn $HOSTNAME $NSCERTARGS SERVERFP=`$NSCERT showcerts --fingerprint --brief snmptrapdd $NSCERTARGS` CHECKVALUEISNT "$SERVERFP" "" "generated fingerprint for snmptrapdd certificate" # user CAPTURE $NSCERT gencert -t snmpapp --cn 'testuser' $NSCERTARGS TESTUSERFP=`$NSCERT showcerts --fingerprint --brief snmpapp $NSCERTARGS` CHECKVALUEISNT "$TESTUSERFP" "" "generated fingerprint for testuser certificate" # CA certificate CAPTURE $NSCERT genca --cn ca-net-snmp.org $NSCERTARGS CAFP=`$NSCERT showcas --fingerprint --brief ca-net-snmp.org $NSCERTARGS` CHECKVALUEISNT "$CAFP" "" "generated fingerprint for ca-net-snmp.org certificate" # user 9: CA signed user cert CAPTURE $NSCERT gencert -t causer --with-ca ca-net-snmp.org --san email:user9@test.net-snmp.org --email user9@test.net-snmp.org $NSCERTARGS CAUSERFP=`$NSCERT showcerts --fingerprint --brief causer $NSCERTARGS` CHECKVALUEISNT "$CAUSERFP" "" "generated fingerprint for causer certificate" ######################################### # AGENT CONFIGURATION # CONFIGTRAPD '[snmp]' debugTokens tsm # ,tls,ssl,cert,tsm CONFIGTRAPD '[snmp]' doDebugging 1 CONFIGTRAPD '[snmp]' serverCert $SERVERFP CONFIGTRAPD '[snmp]' trustCert $CAFP # common name mappings CONFIGTRAPD certSecName 9 $TESTUSERFP --cn CONFIGTRAPD certSecName 100 $CAFP --rfc822 CONFIGAPP serverCert $SERVERFP CONFIGAPP defSecurityModel tsm CONFIGTRAPD authuser log -s tsm testuser authpriv # this file contains tests common to both tls and dtls usages # start the agent up FLAGS="-Dtls -On $SNMP_FLAGS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPTRAPD_PORT" STARTTRAPD ######################################## # POST-TRAPD-STARTUP Certificates # user CAPTURE $NSCERT gencert -t snmptrap --cn 'testuser' $NSCERTARGS TESTUSERFP=`$NSCERT showcerts --fingerprint --brief snmptrap $NSCERTARGS` CHECKVALUEISNT "$TESTUSERFP" "" "generated fingerprint for testuser certificate" ###################################################################### # ACTUAL TESTS # # Run the actual list of tests # # using user 1 - a common name mapped certificate # (using the default "snmpapp" certificate because we don't specify another) DOTRAPTEST user1TrapTest "$FLAGS" # failing using the CA signed cert without DOFAILTRAPTEST user2UnknownUser "-T our_identity=snmptrap $FLAGS" # using user 1 - sending an INFORM # (using the default "snmpapp" certificate because we don't specify another) DOTRAPTEST user1InformTest "-Ci $FLAGS" STOPTRAPD FINISHED