[SNMP4J] Unit Test SNMP v3 Agent with TestSnmpManager

Discussion:

ulrich berl

2018-08-06 12:44:12 UTC

Hi!

I wrote a SNMP v3 Agent. The agent was tested using a third-party SnmpManager, works fine if configured with the allowed usm users; additional if vor a valid user a wrong authpassphrase is supplied, the request is not successful.

So i wrote some unit tests for the agent, BUT the problem is, that using a TestSnmpManager - using snmp4j too - allows only one instance of SecurityModels, which will be written by Agent and the TestSnmpManager (having same id SECURITY_MODEL_USM, so will be overwritten).

So in this scenario in my test i can successful query eg. sysDescr from agent using an allowed v3 user with wrong authpassphrase ...

How to successful write such an unit test using Agent AND TestSnmpManager (snmp4j) to eg. verify get request for valid v3 user with correct/wrong passphrases ?
Or i have to create binary for TestSnmpManager and use it as external tool ?

br, Ulrich

ulrich berl

2018-08-06 13:53:33 UTC

Permalink

BTW. as workaround: using net-snmp (binary) controlled via apache.commons.exec from within unit test

Frank Fock

2018-08-06 18:14:06 UTC

Permalink

Hi Ulrich,

You can use the description for your case too:
https://oosnmp.net/confluence/pages/viewpage.action?pageId=1441800 <https://oosnmp.net/confluence/pages/viewpage.action?pageId=1441800>

Hope this helps.

Best regards,
Frank Fock

Hi!
I wrote a SNMP v3 Agent. The agent was tested using a third-party SnmpManager, works fine if configured with the allowed usm users; additional if vor a valid user a wrong authpassphrase is supplied, the request is not successful.
So i wrote some unit tests for the agent, BUT the problem is, that using a TestSnmpManager - using snmp4j too - allows only one instance of SecurityModels, which will be written by Agent and the TestSnmpManager (having same id SECURITY_MODEL_USM, so will be overwritten).
So in this scenario in my test i can successful query eg. sysDescr from agent using an allowed v3 user with wrong authpassphrase ...
How to successful write such an unit test using Agent AND TestSnmpManager (snmp4j) to eg. verify get request for valid v3 user with correct/wrong passphrases ?
Or i have to create binary for TestSnmpManager and use it as external tool ?
br, Ulrich
_______________________________________________
SNMP4J mailing list
https://oosnmp.net/mailman/listinfo/snmp4j

ulrich berl

2018-08-07 06:57:10 UTC

Permalink

Hi Frank!

I think i have to use the USM Separation case from https://oosnmp.net/confluence/pages/viewpage.action?pageId=1441800 - correct ?

Seems to work..

br, Ulrich

ulrich berl

2018-08-07 07:53:59 UTC

Permalink

Hi Frank!

As i use one instance of a TestSnmpManager in my unit test now i use 'Key Localization' AND 'USM Separation' because following series of unit test will fail (WrongDigest):

Unit Test 1 - TEST V3 GET SysDescr for USER 'MD5' WITH WRONG AuthPassPhrase
Unit Test 2 - TEST V3 GET SysDescr for USER 'MD5' WITH CORRECT AuthPassPhrase

or without 'Key Localization' i have to call snmp.getUSM().removeAllUsers(securityName) before adding same use again (snmp.getUSM().addUser)

br, Ulrich

ulrich berl

2018-08-07 06:28:20 UTC

Permalink

Hi Frank!

For the TestSnmpManager i tried the Key Localization as described in https://oosnmp.net/confluence/pages/viewpage.action?pageId=1441800.

But same result as before: using a wrong auth password results in a successful snmp request.

This is the block from get request in the TestSnmpManager:

SecurityProtocols secProtocols = SecurityProtocols.getInstance();
Target t = getTarget();
byte[] engineID = snmp.discoverAuthoritativeEngineID(t.getAddress(), t.getTimeout());

OctetString authKey = new OctetString(authPassphrase);
byte[] bytesAuthKey = secProtocols.passwordToKey(authProtocol, authKey, engineID);

OctetString privKey = new OctetString(privPassphrase);
byte[] bytesPrivKey = secProtocols.passwordToKey(privProtocol, authProtocol, privKey, engineID);

snmp.getUSM().addLocalizedUser(engineID, securityName,
authProtocol, bytesAuthKey,
privProtocol, bytesPrivKey);

Maybe I'll do something wrong ...

br, Ulrich