func TestCommunity(t *testing.T) {
expCom := "public"
snmp, _ := snmpclient2.NewSNMP("udp", "127.0.0.1", snmpclient2.Arguments{
Version: snmpclient2.V2c,
Community: expCom,
})
sec := snmpclient2.NewCommunity()
pdu := snmpclient2.NewPdu(snmpclient2.V2c, snmpclient2.GetRequest)
smsg := snmpclient2.NewMessage(snmpclient2.V2c, pdu).(*snmpclient2.MessageV1)
err := sec.GenerateRequestMessage(snmpclient2.GetArgs(snmp), smsg)
if err != nil {
t.Errorf("GenerateRequestMessage() - has error %v", err)
}
if !bytes.Equal(smsg.Community, []byte(expCom)) {
t.Errorf("GenerateRequestMessage() - expected [%s], actual [%s]", expCom, smsg.Community)
}
if len(smsg.PduBytes()) == 0 {
t.Error("GenerateRequestMessage() - pdu marshal")
}
pdu = snmpclient2.NewPdu(snmpclient2.V2c, snmpclient2.GetResponse)
rmsg := snmpclient2.NewMessage(snmpclient2.V2c, pdu).(*snmpclient2.MessageV1)
err = sec.ProcessIncomingMessage(snmpclient2.GetArgs(snmp), rmsg)
if err == nil {
t.Error("ProcessIncomingMessage() - community check")
}
rmsg.Community = []byte(expCom)
rmsg.SetPduBytes(smsg.PduBytes())
err = sec.ProcessIncomingMessage(snmpclient2.GetArgs(snmp), rmsg)
if err != nil {
t.Errorf("ProcessIncomingMessage() - has error %v", err)
}
}
func aTestUsm(t *testing.T) {
expUser := []byte("myUser")
expEngId := []byte{0x80, 0x00, 0x00, 0x00, 0x01}
expCtxId := []byte{0x80, 0x00, 0x00, 0x00, 0x05}
expCtxName := "myName"
snmp, _ := snmpclient2.NewSNMP("udp", "127.0.0.1",
snmpclient2.Arguments{
Version: snmpclient2.V3,
UserName: string(expUser),
SecurityLevel: snmpclient2.AuthPriv,
AuthPassword: "******",
AuthProtocol: snmpclient2.Md5,
PrivPassword: "******",
PrivProtocol: snmpclient2.Des,
ContextEngineId: hex.EncodeToString(expCtxId),
ContextName: expCtxName,
})
sec := snmpclient2.NewUsm().(*snmpclient2.USM)
pdu := snmpclient2.NewPdu(snmpclient2.V3, snmpclient2.GetRequest)
spdu := pdu.(*snmpclient2.ScopedPdu)
smsg := snmpclient2.NewMessage(snmpclient2.V3, pdu).(*snmpclient2.MessageV3)
smsg.SetAuthentication(false)
smsg.SetPrivacy(false)
// Discovery
err := sec.GenerateRequestMessage(snmpclient2.GetArgs(snmp), smsg)
if err != nil {
t.Errorf("GenerateRequestMessage() - has error %v", err)
}
if !bytes.Equal(spdu.ContextEngineId, expCtxId) {
t.Errorf("GenerateRequestMessage() - expected [%s], actual [%s]",
expCtxId, spdu.ContextEngineId)
}
if string(spdu.ContextName) != expCtxName {
t.Errorf("GenerateRequestMessage() - expected [%s], actual [%s]",
expCtxName, string(spdu.ContextName))
}
if len(smsg.PduBytes()) == 0 {
t.Error("GenerateRequestMessage() - pdu marshal")
}
pdu = snmpclient2.NewPdu(snmpclient2.V3, snmpclient2.Report)
rmsg := snmpclient2.NewMessage(snmpclient2.V3, pdu).(*snmpclient2.MessageV3)
rmsg.SetPduBytes(smsg.PduBytes())
err = sec.ProcessIncomingMessage(snmpclient2.GetArgs(snmp), rmsg)
if err == nil {
t.Error("ProcessIncomingMessage() - engineId check")
}
rmsg.AuthEngineId = expEngId
rmsg.AuthEngineBoots = -1
err = sec.ProcessIncomingMessage(snmpclient2.GetArgs(snmp), rmsg)
if err == nil {
t.Error("ProcessIncomingMessage() - boots check")
}
rmsg.AuthEngineBoots = 1
rmsg.AuthEngineTime = -1
err = sec.ProcessIncomingMessage(snmpclient2.GetArgs(snmp), rmsg)
if err == nil {
t.Error("ProcessIncomingMessage() - time check")
}
rmsg.AuthEngineTime = 1
err = sec.ProcessIncomingMessage(snmpclient2.GetArgs(snmp), rmsg)
if err != nil {
t.Errorf("ProcessIncomingMessage() - has error %v", err)
}
if !bytes.Equal(sec.AuthEngineId, expEngId) {
t.Errorf("ProcessIncomingMessage() - expected [%s], actual [%s]",
sec.AuthEngineId, expEngId)
}
// if len(sec.AuthKey) == 0 {
// t.Error("ProcessIncomingMessage() - authKey")
// }
// if len(sec.PrivKey) == 0 {
// t.Error("ProcessIncomingMessage() - privKey")
// }
// Synchronize
smsg.SetAuthentication(true)
smsg.SetPrivacy(true)
err = sec.GenerateRequestMessage(snmpclient2.GetArgs(snmp), smsg)
if err != nil {
t.Errorf("GenerateRequestMessage() - has error %v", err)
}
if !bytes.Equal(smsg.UserName, expUser) {
t.Errorf("GenerateRequestMessage() - expected [%s], actual [%s]",
expUser, smsg.UserName)
}
if !bytes.Equal(smsg.AuthEngineId, expEngId) {
t.Errorf("GenerateRequestMessage() - expected [%s], actual [%s]",
expEngId, smsg.AuthEngineId)
}
if len(smsg.PrivParameter) == 0 {
t.Error("GenerateRequestMessage() - privParameter")
}
if len(smsg.AuthParameter) == 0 {
t.Error("GenerateRequestMessage() - authParameter")
}
pdu = snmpclient2.NewPdu(snmpclient2.V3, snmpclient2.Report)
rmsg = snmpclient2.NewMessage(snmpclient2.V3, pdu).(*snmpclient2.MessageV3)
rmsg.SetAuthentication(true)
rmsg.SetPrivacy(true)
rmsg.SetPduBytes(smsg.PduBytes())
rmsg.AuthEngineId = []byte("foobar")
rmsg.AuthEngineBoots = smsg.AuthEngineBoots
rmsg.AuthEngineTime = smsg.AuthEngineTime
rmsg.PrivParameter = smsg.PrivParameter
rmsg.AuthParameter = smsg.AuthParameter
err = sec.ProcessIncomingMessage(snmpclient2.GetArgs(snmp), rmsg)
if err == nil {
t.Error("ProcessIncomingMessage() - userName check")
}
rmsg.UserName = expUser
err = sec.ProcessIncomingMessage(snmpclient2.GetArgs(snmp), rmsg)
if err == nil {
t.Error("ProcessIncomingMessage() - authEngine check")
}
rmsg.AuthEngineId = expEngId
err = sec.ProcessIncomingMessage(snmpclient2.GetArgs(snmp), rmsg)
if err != nil {
t.Errorf("ProcessIncomingMessage() - has error %v", err)
}
if sec.AuthEngineBoots != rmsg.AuthEngineBoots {
t.Error("ProcessIncomingMessage() - engineBoots")
}
if sec.AuthEngineTime != rmsg.AuthEngineTime {
t.Error("ProcessIncomingMessage() - engineTime")
}
// Request
sec.AuthEngineBoots = 1
sec.AuthEngineTime = 1
err = sec.GenerateRequestMessage(snmpclient2.GetArgs(snmp), smsg)
if err != nil {
t.Errorf("GenerateRequestMessage() - has error %v", err)
}
if smsg.AuthEngineBoots != sec.AuthEngineBoots {
t.Errorf("GenerateRequestMessage() - expected [%d], actual [%d]",
sec.AuthEngineBoots, smsg.AuthEngineBoots)
}
if smsg.AuthEngineTime != sec.AuthEngineTime {
t.Errorf("GenerateRequestMessage() - expected [%d], actual [%d]",
sec.AuthEngineTime, smsg.AuthEngineTime)
}
pdu = snmpclient2.NewPdu(snmpclient2.V3, snmpclient2.GetResponse)
spdu = pdu.(*snmpclient2.ScopedPdu)
rmsg = snmpclient2.NewMessage(snmpclient2.V3, pdu).(*snmpclient2.MessageV3)
rmsg.AuthEngineId = expEngId
rmsg.AuthEngineBoots = smsg.AuthEngineBoots
rmsg.AuthEngineTime = smsg.AuthEngineTime
rmsg.UserName = expUser
// set PduBytes with GetResponse
b, _ := spdu.Marshal()
rmsg.SetPduBytes(b)
err = sec.ProcessIncomingMessage(snmpclient2.GetArgs(snmp), rmsg)
if err == nil {
t.Error("ProcessIncomingMessage() - contextEngineId check")
}
// set PduBytes with ContextEngineId
spdu.ContextEngineId = expCtxId
b, _ = spdu.Marshal()
rmsg.SetPduBytes(b)
err = sec.ProcessIncomingMessage(snmpclient2.GetArgs(snmp), rmsg)
if err == nil {
t.Error("ProcessIncomingMessage() - contextName check")
}
// // set PduBytes with ContextName
// spdu.ContextName = []byte(expCtxName)
// b, _ = spdu.Marshal()
// rmsg.SetPduBytes(b)
// err = sec.ProcessIncomingMessage(snmpclient2.GetArgs(snmp), rmsg)
// if err == nil {
// t.Error("ProcessIncomingMessage() - response authenticate check")
// }
}
func TestMessageProcessingV3(t *testing.T) {
snmp, _ := snmpclient2.NewSNMP("udp", "127.0.0.1", snmpclient2.Arguments{
Version: snmpclient2.V3,
UserName: "******",
SecurityLevel: snmpclient2.AuthPriv,
AuthPassword: "******",
AuthProtocol: snmpclient2.Md5,
PrivPassword: "******",
PrivProtocol: snmpclient2.Des,
})
var mss snmpclient2.Message = &snmpclient2.MessageV1{}
t.Log(mss.String())
mp := snmpclient2.NewMessageProcessing(snmpclient2.V3)
//usm := mp.Security().(*snmpclient2.USM)
//usm.AuthKey = []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
//usm.PrivKey = []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
pdu := snmpclient2.NewPdu(snmpclient2.V3, snmpclient2.GetRequest)
msg, err := mp.PrepareOutgoingMessage(snmp, pdu)
if err != nil {
t.Errorf("PrepareOutgoingMessage() - has error %v", err)
}
if len(msg.PduBytes()) == 0 {
t.Error("PrepareOutgoingMessage() - pdu bytes")
}
if pdu.RequestId() == 0 {
t.Error("PrepareOutgoingMessage() - request id")
}
msgv3 := msg.(*snmpclient2.MessageV3)
if msgv3.MessageId == 0 {
t.Error("PrepareOutgoingMessage() - message id")
}
if !msgv3.Reportable() || !msgv3.Authentication() || !msgv3.Privacy() {
t.Error("PrepareOutgoingMessage() - security flag")
}
msgv3.SetAuthentication(false)
msgv3.SetPrivacy(false)
msgv3.AuthEngineId = []byte{0, 0, 0, 0, 0}
requestId := pdu.RequestId()
messageId := msgv3.MessageId
_, err = mp.PrepareDataElements(snmp, msg, []byte{0x00, 0x00})
if err == nil {
t.Error("PrepareDataElements() - message unmarshal error")
}
b, _ := msg.Marshal()
_, err = mp.PrepareDataElements(snmp, msg, b)
if err == nil {
t.Error("PrepareDataElements() - pdu type check")
}
pdu = snmpclient2.NewPdu(snmpclient2.V3, snmpclient2.GetResponse)
rmsg := snmpclient2.NewMessage(snmpclient2.V3, pdu).(*snmpclient2.MessageV3)
b, _ = rmsg.Marshal()
_, err = mp.PrepareDataElements(snmp, msg, b)
if err == nil {
t.Error("PrepareDataElements() - message id check")
}
rmsg = snmpclient2.NewMessage(snmpclient2.V3, pdu).(*snmpclient2.MessageV3)
rmsg.AuthEngineId = []byte{0, 0, 0, 0, 0}
rmsg.MessageId = messageId
b, _ = rmsg.Marshal()
_, err = mp.PrepareDataElements(snmp, msg, b)
if err == nil {
t.Error("PrepareDataElements() - security model check")
}
pdu.(*snmpclient2.ScopedPdu).ContextEngineId = rmsg.AuthEngineId
pduBytes, _ := pdu.Marshal()
rmsg.SetPduBytes(pduBytes)
rmsg.SecurityModel = 3
b, _ = rmsg.Marshal()
_, err = mp.PrepareDataElements(snmp, msg, b)
if err == nil {
t.Error("PrepareDataElements() - request id check")
}
pdu.SetRequestId(requestId)
pduBytes, _ = pdu.Marshal()
rmsg.SetPduBytes(pduBytes)
rmsg.UserName = []byte(snmpclient2.GetArgs(snmp).UserName)
b, _ = rmsg.Marshal()
_, err = mp.PrepareDataElements(snmp, msg, b)
if err != nil {
t.Errorf("PrepareDataElements() - has error %v", err)
}
}