#!/bin/sh

. STlsVars

# this file contains tests common to both tls and dtls usages

export NET_SNMP_CRT_CFGTOOL="${builddir}/net-snmp-config"
NSCERT="perl $SNMP_BASEDIR/../../../local/net-snmp-cert"
NSCERTARGS="-I -C $SNMP_TMPDIR"

TLSDIR=$SNMP_TMPDIR/tls

#########################################
# Create the certificates

# create the ca
CAPTURE $NSCERT genca --cn ca-net-snmp.org  $NSCERTARGS

# snmpd
HOSTNAME=`hostname`
CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpd --cn $HOSTNAME $NSCERTARGS
SERVERFP=`$NSCERT showcerts --fingerprint --brief snmpd  $NSCERTARGS`
CHECKVALUEISNT "$SERVERFP" "" "generated fingerprint for snmpd certificate"

# user
CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpapp --cn 'testuser'  $NSCERTARGS
TESTUSERFP=`$NSCERT showcerts --fingerprint --brief snmpapp $NSCERTARGS`
CHECKVALUEISNT "$TESTUSERFP" "" "generated fingerprint for testuser certificate"

# user2
CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpapp2 --cn 'testuser2'  $NSCERTARGS
TESTUSER2FP=`$NSCERT showcerts --fingerprint --brief snmpapp2 $NSCERTARGS`
CHECKVALUEISNT "$TESTUSER2FP" "" "generated fingerprint for testuser2 certificate"

CONFIGAPP serverCert $SERVERFP
CONFIGAGENT certSecName 9  $TESTUSERFP     --cn
CONFIGAGENT certSecName 10  $TESTUSER2FP     --cn
CONFIGAGENT  rwuser -s tsm testuser authpriv
CONFIGAGENT  rwuser -s tsm $TSM_PREFIX:testuser2 authpriv
CONFIGAGENT rocommunity public

#
# Start the agent
#
AGENT_FLAGS="-Dtsm udp:9999"
FLAGS="-On $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT"
STARTAGENT

CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0"
CHECK ".1.3.6.1.2.1.190.1.2.1.0 = INTEGER: false"

# using user 1 - a common name mapped certificate
# (using the default "snmpapp" certificate because we don't specify another)
CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.1.3.0"

CHECK       ".1.3.6.1.2.1.1.3.0 = Timeticks:"

# using user 2 should now fail because no prefix is applied
CAPTURE "snmpget -T our_identity=snmpapp2 -Dssl $FLAGS .1.3.6.1.2.1.1.3.0"

CHECKCOUNT 0 ".1.3.6.1.2.1.1.3.0 = Timeticks:"
CHECK "authorizationError"

# set the TSM prefix scalar to 1 to turn on prefixing
CAPTURE "snmpset -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0 i 1"


# using user 2 should now work and the prefix should have been added
# to the securityName, so the agent now accepts it
CAPTURE "snmpget -T our_identity=snmpapp2 -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0"

CHECK ".1.3.6.1.2.1.190.1.2.1.0 = INTEGER: true"

# using user 1 should now fail because the prefix has added to the
# securityName, so the agent now accepts it
CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.1.3.0"

CHECKCOUNT 0 ".1.3.6.1.2.1.1.3.0 = Timeticks:"
CHECK "authorizationError"

CAPTURE "snmpget -v 1 -c public 127.0.0.1:9999 .1.3.6.1.2.1.190.1.2.1.0"

# cleanup
STOPAGENT

FINISHED