-- ************************************************************************
-- Copyright (c) 2004-2013 New H3C Tech. Co., Ltd. All rights reserved.
--
-- Description: WAPI extension mib
-- Reference:
-- Version: V1.4
-- History:
--   V1.0 created by zhanglianglun
--     Initial version 2007-5-20
--   V1.1 2009-06-04 modified by caizibin
--        Add hh3cwapiCertificateInstalled, hh3cwapiConfigTable,
--        hh3cwapiUserwithInvalidCertificate,
--        hh3cwapiStationReplayAttack, hh3cwapiTamperAttack,
--        hh3cwapiLowSafeLevelAttack, hh3cwapiAddressRedirectionAttack,
--        hh3cwapiTrapInfoMacAddr, hh3cwapiTrapInfoAPId,
--        hh3cwapiTrapInfoRadioId, hh3cwapiTrapInfoBSSId
--   V1.2 2010-03-06 modified by xuyonggang
--        Add hh3cwapiConfigExtTable
--   V1.3 2010-11-23 modified by xuyonggang
--        Add hh3cwapiCfgExtASIPAddressType
--        Add hh3cwapiCfgExtASIPAddress
--        Add hh3cwapiCfgExtASName
--        Add hh3cwapiCfgExtCertDomain
--        Add hh3cwapiCfgExtCertInstalled
--   V1.4 2013-01-10 modified by xuyonggang
--        Add hh3cwapiTrapInfoAPMacAddr
-- ************************************************************************
HH3C-WAPI-MIB DEFINITIONS ::= BEGIN

    IMPORTS
        Counter32, Integer32, Unsigned32,
        MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE
            FROM SNMPv2-SMI
        TruthValue, MacAddress
            FROM SNMPv2-TC
        ifIndex, ifDescr
            FROM RFC1213-MIB
        InetAddressType, InetAddress
            FROM INET-ADDRESS-MIB
        hh3cCommon
            FROM HH3C-OID-MIB;

    hh3cwapiMIB MODULE-IDENTITY
        LAST-UPDATED "201012011757Z"
        ORGANIZATION
            "New H3C Tech. Co., Ltd."
        CONTACT-INFO
            "Platform Team New H3C Tech. Co., Ltd.
            Hai-Dian District Beijing P.R. China
            http://www.h3c.com
            Zip:100085
            "
        DESCRIPTION
            "HH3C-WAPI-MIB is an extension of MIB in WAPI
            protocol.  This MIB contains objects to
            manage configuration and monitor running state
            for WAPI feature."
        ::= { hh3cCommon 77 }

    hh3cwapiMIBObjects OBJECT IDENTIFIER ::= { hh3cwapiMIB 1 }
    hh3cwapiMIBStatsObjects OBJECT IDENTIFIER ::= { hh3cwapiMIB 2 }
    hh3cwapiMIBTableObjects OBJECT IDENTIFIER ::= { hh3cwapiMIB 3 }
    hh3cwapiTrap OBJECT IDENTIFIER ::= { hh3cwapiMIB 4 }

-- ************************************************************************
-- * hh3cwapiModeEnabled OBJECT
-- ************************************************************************
    hh3cwapiModeEnabled OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "When this object is set to TRUE, it shall indicate that WAPI
            is enabled.  Otherwise, it shall indicate that WAPI is disabled."
        ::= { hh3cwapiMIBObjects 1 }

-- ************************************************************************
-- * hh3cwapiASIPAddress OBJECT
-- ************************************************************************
    hh3cwapiASIPAddressType OBJECT-TYPE
        SYNTAX  InetAddressType
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This object is used to set global IP addresses
            type (IPv4 or IPv6) of AS."
        DEFVAL { ipv4 }
        ::= { hh3cwapiMIBObjects 2 }

    hh3cwapiASIPAddress OBJECT-TYPE
        SYNTAX InetAddress
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This object is used to set the global IP address of AS."
        ::= { hh3cwapiMIBObjects 3 }

-- ************************************************************************
-- * hh3cwapiCertificateInstalled OBJECT
-- ************************************************************************
    hh3cwapiCertificateInstalled OBJECT-TYPE
        SYNTAX  TruthValue
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "This object indicates whether the entity has installed
            certificate.  When the value is TURE, it shall indicate that
            the entity has installed certificate.  Otherwise, it shall
            indicate that the entity hasn't installed certificate."
        ::= { hh3cwapiMIBObjects 4 }

-- ************************************************************************
-- * 9 statistics OBJECTS
-- ************************************************************************
    hh3cwapiStatsWAISignatureErrors OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "This counter increases when the received packet of
            WAI signature is wrong."
        ::= { hh3cwapiMIBStatsObjects 1 }

    hh3cwapiStatsWAIHMACErrors OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "This counter increases when the received packet of
            WAI message authentication key checking error occurs."
        ::= { hh3cwapiMIBStatsObjects 2 }

    hh3cwapiStatsWAIAuthRsltFailures OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "This counter increases when the WAI authentication result is
            unsuccessful."
        ::= { hh3cwapiMIBStatsObjects 3 }

    hh3cwapiStatsWAIDiscardCounters OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "This counter increases when the received packet of WAI are
            discarded."
        ::= { hh3cwapiMIBStatsObjects 4 }

    hh3cwapiStatsWAITimeoutCounters OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "This counter increases when the packet of WAI overtime are
            detected."
        ::= { hh3cwapiMIBStatsObjects 5 }

    hh3cwapiStatsWAIFormatErrors OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "This counter increases when the WAI packet of WAI format
            error is detected."
        ::= { hh3cwapiMIBStatsObjects 6 }

    hh3cwapiStatsWAICtfHskFailures OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "This counter increases when the WAI certificate authenticates
            unsuccessfully."
        ::= { hh3cwapiMIBStatsObjects 7 }

    hh3cwapiStatsWAIUniHskFailures OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "This counter increases when the WAI unicast cipher key
            negotiates unsuccessfully."
        ::= { hh3cwapiMIBStatsObjects 8 }

    hh3cwapiStatsWAIMulHskFailures OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "This counter increases when the WAI multicast cipher key
            announces unsuccessfully."
        ::= { hh3cwapiMIBStatsObjects 9 }

-- ************************************************************************
-- * hh3cwapiConfigTable Table
-- ************************************************************************
    hh3cwapiConfigTable OBJECT-TYPE
        SYNTAX SEQUENCE OF Hh3cwapiConfigEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The table containing WAPI configuration objects."
        ::= { hh3cwapiMIBTableObjects 1 }

    hh3cwapiConfigEntry OBJECT-TYPE
        SYNTAX Hh3cwapiConfigEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "An entry in the hh3cwapiConfigTable."
        INDEX { ifIndex }
        ::= { hh3cwapiConfigTable 1 }

    Hh3cwapiConfigEntry ::= SEQUENCE
        {
            hh3cwapiConfigASIPAddressType InetAddressType,
            hh3cwapiConfigASIPAddress InetAddress,
            hh3cwapiConfigAuthMethod INTEGER,
            hh3cwapiConfigAuthMode INTEGER,
            hh3cwapiConfigISPDomain OCTET STRING,
            hh3cwapiConfigCertificateDomain OCTET STRING,
            hh3cwapiConfigASName OCTET STRING,
            hh3cwapiConfigBKRekeyEnabled TruthValue
        }

    hh3cwapiConfigASIPAddressType OBJECT-TYPE
        SYNTAX InetAddressType
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This object is used to set IP addresses type of AS."
        ::= { hh3cwapiConfigEntry 1 }

    hh3cwapiConfigASIPAddress OBJECT-TYPE
        SYNTAX InetAddress
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This object is used to set the IP address of AS."
        ::= { hh3cwapiConfigEntry 2 }

    hh3cwapiConfigAuthMethod OBJECT-TYPE
        SYNTAX INTEGER {
            certificate(1),
            psk(2),
            certificatePsk(3)
        }
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This object selects a mechanism for WAPI authentication method.  The
            default is certificate."
        DEFVAL { certificate }
        ::= { hh3cwapiConfigEntry 3 }

    hh3cwapiConfigAuthMode OBJECT-TYPE
        SYNTAX INTEGER {
            standard(1),
            radiusExtension(2)
        }
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This object selects a mechanism for WAPI authentication mode.  When
            the value is standard, it shall indicate that the entity acts accord
            with the official definition.  Otherwise, it shall indicate that the
            entity finishs authentication by means of RADIUS.  The default is standard."
        DEFVAL { standard }
        ::= { hh3cwapiConfigEntry 4 }

    hh3cwapiConfigISPDomain OBJECT-TYPE
        SYNTAX OCTET STRING (SIZE(0..24))
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "The ISP domain name."
        ::= { hh3cwapiConfigEntry 5 }

    hh3cwapiConfigCertificateDomain OBJECT-TYPE
        SYNTAX OCTET STRING (SIZE(1..15))
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "The PKI domain name."
        ::= { hh3cwapiConfigEntry 6 }

    hh3cwapiConfigASName OBJECT-TYPE
        SYNTAX OCTET STRING (SIZE(1..15))
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "The name of AS."
        ::= { hh3cwapiConfigEntry 7 }

    hh3cwapiConfigBKRekeyEnabled OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This object indicates whether the BK rekey function is supported.  When the
            value is TURE, it shall indicate that the BK rekey function is supported.
            Otherwise, it shall indicate that the BK rekey function is not supported."
        ::= { hh3cwapiConfigEntry 8 }

-- *************************************************************************
-- * hh3cwapiConfigExtTable Table
-- *************************************************************************

    hh3cwapiConfigExtTable OBJECT-TYPE
        SYNTAX SEQUENCE OF Hh3cwapiConfigExtEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The table containing WAPI configuration objects for SSID."
        ::= { hh3cwapiMIBTableObjects 2 }

    hh3cwapiConfigExtEntry OBJECT-TYPE
        SYNTAX Hh3cwapiConfigExtEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "An extend entry in the hh3cwapiConfigExtTable."
        INDEX { hh3cwapiConfigServicePolicyID }
        ::= { hh3cwapiConfigExtTable 1 }

    Hh3cwapiConfigExtEntry ::= SEQUENCE
    {
        hh3cwapiConfigServicePolicyID Integer32,
        hh3cwapiConfigUnicastCipherEnabled TruthValue,
        hh3cwapiConfigUnicastCipherSize Unsigned32,
        hh3cwapiConfigAuthenticationSuiteEnabled TruthValue,
        hh3cwapiConfigAuthenticationSuite  OCTET STRING,
        hh3cwapiCfgExtASIPAddressType InetAddressType,
        hh3cwapiCfgExtASIPAddress InetAddress,
        hh3cwapiCfgExtASName OCTET STRING,
        hh3cwapiCfgExtCertDomain OCTET STRING,
        hh3cwapiCfgExtCertInstalled TruthValue
    }

    hh3cwapiConfigServicePolicyID OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Represents the ID of each service policy."
    ::= { hh3cwapiConfigExtEntry 1 }

   hh3cwapiConfigUnicastCipherEnabled OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This object enables or disables the unicast cipher."
        ::= { hh3cwapiConfigExtEntry 2 }

   hh3cwapiConfigUnicastCipherSize OBJECT-TYPE
        SYNTAX Unsigned32 (0..4294967295)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "This object indicates the length in bits of the unicast cipher
            key.  This should be 256 for SMS4, first 128 bits for encrypting,
            last 128 bits for integrity checking."
        ::= { hh3cwapiConfigExtEntry 3 }

    hh3cwapiConfigAuthenticationSuiteEnabled OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This variable indicates the corresponding AKM suite is enabled
            or disabled."
        ::= { hh3cwapiConfigExtEntry 4 }

    hh3cwapiConfigAuthenticationSuite OBJECT-TYPE
       SYNTAX OCTET STRING (SIZE(4))
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
           "The selector of an AKM suite.  It consists of an OUI (the first 3
           octets) and a cipher suite identifier (the last octet)."
       ::= { hh3cwapiConfigExtEntry 5 }

    hh3cwapiCfgExtASIPAddressType OBJECT-TYPE
        SYNTAX InetAddressType
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This object is used to set IP addresses type of AS."
        ::= { hh3cwapiConfigExtEntry 6 }

    hh3cwapiCfgExtASIPAddress OBJECT-TYPE
        SYNTAX InetAddress
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This object is used to set the IP address of AS."
        ::= { hh3cwapiConfigExtEntry 7 }

    hh3cwapiCfgExtASName OBJECT-TYPE
        SYNTAX OCTET STRING (SIZE(1..15))
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This object is used to set the name of AS."
        ::= { hh3cwapiConfigExtEntry 8 }

    hh3cwapiCfgExtCertDomain OBJECT-TYPE
        SYNTAX OCTET STRING (SIZE(1..15))
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This object is used to set the PKI domain name."
        ::= { hh3cwapiConfigExtEntry 9 }

    hh3cwapiCfgExtCertInstalled OBJECT-TYPE
        SYNTAX  TruthValue
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "This object indicates whether the entity has installed
            certificate.  When the value is TURE, it shall indicate that
            the SSID has installed certificate.  Otherwise, it shall
            indicate that the SSID hasn't installed certificate."
        ::= { hh3cwapiConfigExtEntry 10 }

-- ************************************************************************
-- * trap OBJECT
-- ************************************************************************
    hh3cwapiTrapPrefix OBJECT IDENTIFIER ::= { hh3cwapiTrap 0 }
    hh3cwapiUserwithInvalidCertificate NOTIFICATION-TYPE
        OBJECTS
        {
            ifIndex,
            ifDescr,
            hh3cwapiTrapInfoMacAddr,
            hh3cwapiTrapInfoAPId,
            hh3cwapiTrapInfoRadioId,
            hh3cwapiTrapInfoBSSId,
            hh3cwapiTrapInfoAPMacAddr
        }
        STATUS current
        DESCRIPTION
            "This trap is sent when a user intrudes upon network with invalid
            certificate."
        ::= { hh3cwapiTrapPrefix 1 }

    hh3cwapiStationReplayAttack NOTIFICATION-TYPE
        OBJECTS
        {
            ifIndex,
            ifDescr,
            hh3cwapiTrapInfoMacAddr,
            hh3cwapiTrapInfoAPId,
            hh3cwapiTrapInfoRadioId,
            hh3cwapiTrapInfoBSSId,
            hh3cwapiTrapInfoAPMacAddr
        }
        STATUS current
        DESCRIPTION
            "This trap is sent when an attacker records and replays network
            transactions."
        ::= { hh3cwapiTrapPrefix 2 }

    hh3cwapiTamperAttack NOTIFICATION-TYPE
        OBJECTS
        {
            ifIndex,
            ifDescr,
            hh3cwapiTrapInfoMacAddr,
            hh3cwapiTrapInfoAPId,
            hh3cwapiTrapInfoRadioId,
            hh3cwapiTrapInfoBSSId,
            hh3cwapiTrapInfoAPMacAddr
        }
        STATUS current
        DESCRIPTION
            "This trap is sent when an attacker monitors network traffic and
            maliciously changes data in transit(for example, an attacker may
            modify the contents of a WAI message)."
        ::= { hh3cwapiTrapPrefix 3 }

    hh3cwapiLowSafeLevelAttack NOTIFICATION-TYPE
        OBJECTS
        {
            ifIndex,
            ifDescr,
            hh3cwapiTrapInfoMacAddr,
            hh3cwapiTrapInfoAPId,
            hh3cwapiTrapInfoRadioId,
            hh3cwapiTrapInfoBSSId,
            hh3cwapiTrapInfoAPMacAddr
        }
        STATUS current
        DESCRIPTION
            "This trap is sent when a station associates AP(Access Point),
            creates packet of Unicast Key Negotiation Response with wrong
            WIE(WAPI Information Element) of ASUE(Authentication Supplicant
            Entity)."
        ::= { hh3cwapiTrapPrefix 4 }

    hh3cwapiAddressRedirectionAttack NOTIFICATION-TYPE
        OBJECTS
        {
            ifIndex,
            ifDescr,
            hh3cwapiTrapInfoMacAddr,
            hh3cwapiTrapInfoAPId,
            hh3cwapiTrapInfoRadioId,
            hh3cwapiTrapInfoBSSId,
            hh3cwapiTrapInfoAPMacAddr
        }
        STATUS current
        DESCRIPTION
            "This trap is sent when an attacker maliciously changes destination
            MAC address of WPI(WLAN Privacy Infrastructure) frame."
        ::= { hh3cwapiTrapPrefix 5 }

-- ************************************************************************
-- * The following objects are used for binding informations when sending traps.
-- ************************************************************************

hh3cwapiTrapInfo OBJECT IDENTIFIER ::= { hh3cwapiTrap 1 }

hh3cwapiTrapInfoMacAddr OBJECT-TYPE
        SYNTAX MacAddress
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "The MAC address of the WAPI user."
        ::= { hh3cwapiTrapInfo 1 }

hh3cwapiTrapInfoAPId OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "To uniquely identify each AP."
        ::= { hh3cwapiTrapInfo 2 }

hh3cwapiTrapInfoRadioId OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "Represents each radio."
        ::= { hh3cwapiTrapInfo 3 }

hh3cwapiTrapInfoBSSId OBJECT-TYPE
        SYNTAX MacAddress
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "As MAC Address format, it is to identify BSS."
        ::= { hh3cwapiTrapInfo 4 }

hh3cwapiTrapInfoAPMacAddr OBJECT-TYPE
        SYNTAX MacAddress
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "As MAC Address format, it is to identify AP"
        ::= { hh3cwapiTrapInfo 5 }
END
