-- ==================================================================== -- Copyright (c) 2004-2022 New H3C Tech. Co., Ltd. All rights reserved. -- -- Description: The MIB is designed to get PKI trap information. -- Reference: -- Version: 1.2 -- History: -- V1.0: The initial version created by Zhaoming. -- V1.1: Modified by Zhaoming Dec.30 2021 -- 1) 'hh3cPKICertUpdateTime' was added to the 'hh3cPKIGetLocalCertSucScep' -- and 'hh3cPKIGetLocalCertFailScep' traps. -- V1.2: Modified by skf9095 Sep.22 2022 -- 1) Added the 'hh3cPKICrlHasExpiredTrapCntl' -- and 'hh3cPKICrlHasExpired' traps. -- 2) Added the 'hh3cPKIWriteToFlashFailTrapCntl' -- and 'hh3cPKIWriteToFlashFail' traps. -- ===================================================================== HH3C-PKI-MONITOR-MIB DEFINITIONS ::= BEGIN IMPORTS DisplayString, TruthValue, DateAndTime FROM SNMPv2-TC OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF hh3cCommon FROM HH3C-OID-MIB; hh3cPKIMonitor MODULE-IDENTITY LAST-UPDATED "202209221725Z" -- September 22, 2022 at 12:47 GMT ORGANIZATION "New H3C Tech. Co., Ltd." CONTACT-INFO "Platform Team New H3C Tech. Co., Ltd. Hai-Dian District Beijing P.R. China http://www.h3c.com Zip:100085" DESCRIPTION "The MIB is designed to obtain the alarm information of the PKI module." REVISION "202209221725Z" DESCRIPTION "Add hh3cPKICrlHasExpiredTrapCntl to hh3cPKITrapCntlGroup. Add hh3cPKIWriteToFlashFailTrapCntl to hh3cPKITrapCntlGroup. Add hh3cPKICrlHasExpired to hh3cPKITrapGroup. Add hh3cPKIWriteToFlashFail to hh3cPKITrapGroup." REVISION "202112301247Z" DESCRIPTION "This revision is about the trap hh3cPKIGetLocalCertSucScep and hh3cPKIGetLocalCertFailScep ." REVISION "202109141347Z" DESCRIPTION "Initial version." ::= { hh3cCommon 209 } -- ======================================================================== -- Node definitions -- ======================================================================== -- Begin the node of hh3cPKIObjects. hh3cPKIObjects OBJECT IDENTIFIER ::= { hh3cPKIMonitor 1 } -- ======================================= -- Begin the hh3cPKITrapObject. -- ======================================= hh3cPKITrapObject OBJECT IDENTIFIER ::= { hh3cPKIObjects 1 } hh3cPKICACertIssuer OBJECT-TYPE SYNTAX DisplayString(SIZE(0..255)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The issuer of CA certificate with a trap." ::= { hh3cPKITrapObject 1 } hh3cPKICACertSubject OBJECT-TYPE SYNTAX DisplayString(SIZE(0..255)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The subject of CA certificate with a trap." ::= { hh3cPKITrapObject 2 } hh3cPKICACertStartTime OBJECT-TYPE SYNTAX DateAndTime(SIZE(8 | 11)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The time when the CA certificate becomes effective with a trap." ::= { hh3cPKITrapObject 3 } hh3cPKICACertFinishTime OBJECT-TYPE SYNTAX DateAndTime(SIZE(8 | 11)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The time when the CA certificate expires with a trap." ::= { hh3cPKITrapObject 4 } hh3cPKICrlIssuer OBJECT-TYPE SYNTAX DisplayString(SIZE(0..255)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The issuer of CRL with a trap." ::= { hh3cPKITrapObject 5 } hh3cPKICrlStartTime OBJECT-TYPE SYNTAX DateAndTime(SIZE(8 | 11)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The time when the CRL becomes effective with a trap." ::= { hh3cPKITrapObject 6 } hh3cPKICrlFinishTime OBJECT-TYPE SYNTAX DateAndTime(SIZE(8 | 11)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The time when CRL expires with a trap." ::= { hh3cPKITrapObject 7 } hh3cPKIDomainName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..31)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The PKI domain name with a trap." ::= { hh3cPKITrapObject 8 } hh3cPKICrlUrl OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..1023)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The URL path of CRL with a trap." ::= { hh3cPKITrapObject 9 } hh3cPKIVrfName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..31)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The VPN instance name with a trap." ::= { hh3cPKITrapObject 10 } hh3cPKICertUrl OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..1023)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The URL path of the certificate with a trap." ::= { hh3cPKITrapObject 11 } hh3cPKILocalCertIssuer OBJECT-TYPE SYNTAX DisplayString(SIZE(0..255)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The issuer of local certificate with a trap." ::= { hh3cPKITrapObject 12 } hh3cPKILocalCertSubject OBJECT-TYPE SYNTAX DisplayString(SIZE(0..255)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The subject of local certificate with a trap." ::= { hh3cPKITrapObject 13 } hh3cPKILocalCertStartTime OBJECT-TYPE SYNTAX DateAndTime(SIZE(8 | 11)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The time when the local certificate becomes effective with a trap." ::= { hh3cPKITrapObject 14 } hh3cPKILocalCertFinishTime OBJECT-TYPE SYNTAX DateAndTime(SIZE(8 | 11)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The time when the local certificate expires with a trap." ::= { hh3cPKITrapObject 15 } hh3cPKIEntityName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..31)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The entity name with a trap." ::= { hh3cPKITrapObject 16 } hh3cPKICertSave OBJECT-TYPE SYNTAX DisplayString(SIZE(0..255)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The certificate save file name with a trap." ::= { hh3cPKITrapObject 17 } hh3cPKICertUpdateTime OBJECT-TYPE SYNTAX DateAndTime(SIZE(8 | 11)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Time when the certificate was updated with a trap." ::= { hh3cPKITrapObject 18 } -- ======================================= -- Begin the hh3cPKITrapCntl. -- ======================================= hh3cPKITrapCntl OBJECT IDENTIFIER ::= { hh3cPKIObjects 2 } hh3cPKITrapGlobalCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether all PKI traps should be generated." ::= { hh3cPKITrapCntl 1 } hh3cPKICACertInvalidTrapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKICACertInvalid traps should be generated." ::= { hh3cPKITrapCntl 2 } hh3cPKICACertValidTrapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKICACertValid traps should be generated." ::= { hh3cPKITrapCntl 3 } hh3cPKICrlInvalidTrapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKICrlInvalid traps should be generated." ::= { hh3cPKITrapCntl 4 } hh3cPKICrlValidTrapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKICrlValid traps should be generated." ::= { hh3cPKITrapCntl 5 } hh3cPKIGetCrlSucHttpTrapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKIGetCrlSucHttp traps should be generated." ::= { hh3cPKITrapCntl 6 } hh3cPKIGetCrlFailHttpTrapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKIGetCrlFailHttp traps should be generated." ::= { hh3cPKITrapCntl 7 } hh3cPKIGetCrlSucLdapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKIGetCrlSucLdap traps should be generated." ::= { hh3cPKITrapCntl 8 } hh3cPKIGetCrlFailLdapTrapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKIGetCrlFailLdap traps should be generated." ::= { hh3cPKITrapCntl 9 } hh3cPKIGetCrlSucScepTrapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKIGetCrlSucScep traps should be generated." ::= { hh3cPKITrapCntl 10 } hh3cPKIGetCrlFailScepTrapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKIGetCrlFailScep traps should be generated." ::= { hh3cPKITrapCntl 11 } hh3cPKILocCertInvalidTrapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKILocalCertInvalid traps should be generated." ::= { hh3cPKITrapCntl 12 } hh3cPKILocCertValidTrapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKILocalCertValid traps should be generated." ::= { hh3cPKITrapCntl 13 } hh3cPKIGetLocCertSucLdapTrapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKIGetLocalCertSucLdap traps should be generated." ::= { hh3cPKITrapCntl 14 } hh3cPKIGetLocCertFailLdapTrapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKIGetLocalCertFailLdap traps should be generated." ::= { hh3cPKITrapCntl 15 } hh3cPKIGetLocCeSucScepTrapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKIGetLocalCertSucScep traps should be generated." ::= { hh3cPKITrapCntl 16 } hh3cPKIGetLocCeFailScepTrapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKIGetLocalCertFailScep traps should be generated." ::= { hh3cPKITrapCntl 17 } hh3cPKILocCertNearExpirTrapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKILocalCertNearlyExpired traps should be generated." ::= { hh3cPKITrapCntl 18 } hh3cPKILocCertHasExpirTrapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKILocalCertHasExpired traps should be generated." ::= { hh3cPKITrapCntl 19 } hh3cPKICrlHasExpiredTrapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKICrlHasExpired traps should be generated." ::= { hh3cPKITrapCntl 20 } hh3cPKIWriteToFlashFailTrapCntl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hh3cPKIWriteToFlashFail traps should be generated." ::= { hh3cPKITrapCntl 21 } -- ================================================ -- definition of traps. -- ================================================ hh3cPKITrap OBJECT IDENTIFIER ::= { hh3cPKIObjects 3 } hh3cPKINotifications OBJECT IDENTIFIER ::= { hh3cPKITrap 0 } hh3cPKICACertInvalid NOTIFICATION-TYPE OBJECTS { hh3cPKICACertIssuer, hh3cPKICACertSubject, hh3cPKICACertStartTime, hh3cPKICACertFinishTime } STATUS current DESCRIPTION "This notification is generated when the CA certificate is invalid." ::= { hh3cPKINotifications 1 } hh3cPKICACertValid NOTIFICATION-TYPE OBJECTS { hh3cPKICACertIssuer, hh3cPKICACertSubject, hh3cPKICACertStartTime, hh3cPKICACertFinishTime } STATUS current DESCRIPTION "This notification is generated when the CA certificate is valid." ::= { hh3cPKINotifications 2 } hh3cPKICrlInvalid NOTIFICATION-TYPE OBJECTS { hh3cPKICrlIssuer, hh3cPKICrlStartTime, hh3cPKICrlFinishTime } STATUS current DESCRIPTION "This notification is generated when the CRL is invalid." ::= { hh3cPKINotifications 3 } hh3cPKICrlValid NOTIFICATION-TYPE OBJECTS { hh3cPKICrlIssuer, hh3cPKICrlStartTime, hh3cPKICrlFinishTime } STATUS current DESCRIPTION "This notification is generated when the CRL is valid." ::= { hh3cPKINotifications 4 } hh3cPKIGetCrlSucHttp NOTIFICATION-TYPE OBJECTS { hh3cPKIDomainName, hh3cPKICrlUrl, hh3cPKIVrfName } STATUS current DESCRIPTION "This notification is generated when the CRL is successfully obtained through the HTTP protocol." ::= { hh3cPKINotifications 5 } hh3cPKIGetCrlFailHttp NOTIFICATION-TYPE OBJECTS { hh3cPKIDomainName, hh3cPKICrlUrl, hh3cPKIVrfName } STATUS current DESCRIPTION "This notification is generated when the CRL fails to be obtained through the HTTP protocol." ::= { hh3cPKINotifications 6 } hh3cPKIGetCrlSucLdap NOTIFICATION-TYPE OBJECTS { hh3cPKIDomainName, hh3cPKICrlUrl, hh3cPKIVrfName } STATUS current DESCRIPTION "This notification is generated when the CRL is successfully obtained through the LDAP protocol." ::= { hh3cPKINotifications 7 } hh3cPKIGetCrlFailLdap NOTIFICATION-TYPE OBJECTS { hh3cPKIDomainName, hh3cPKICrlUrl, hh3cPKIVrfName } STATUS current DESCRIPTION "This notification is generated when the CRL fails to be obtained through the LDAP protocol." ::= { hh3cPKINotifications 8 } hh3cPKIGetCrlSucScep NOTIFICATION-TYPE OBJECTS { hh3cPKIDomainName, hh3cPKIVrfName, hh3cPKICertUrl } STATUS current DESCRIPTION "This notification is generated when the CRL is successfully obtained through the SCEP protocol." ::= { hh3cPKINotifications 9 } hh3cPKIGetCrlFailScep NOTIFICATION-TYPE OBJECTS { hh3cPKIDomainName, hh3cPKIVrfName, hh3cPKICertUrl } STATUS current DESCRIPTION "This notification is generated when the CRL fails to be obtained through the SCEP protocol." ::= { hh3cPKINotifications 10 } hh3cPKILocalCertInvalid NOTIFICATION-TYPE OBJECTS { hh3cPKIDomainName, hh3cPKILocalCertIssuer, hh3cPKILocalCertSubject, hh3cPKILocalCertStartTime, hh3cPKILocalCertFinishTime } STATUS current DESCRIPTION "This notification is generated when the local certificate is invalid." ::= { hh3cPKINotifications 11 } hh3cPKILocalCertValid NOTIFICATION-TYPE OBJECTS { hh3cPKIDomainName, hh3cPKILocalCertIssuer, hh3cPKILocalCertSubject, hh3cPKILocalCertStartTime, hh3cPKILocalCertFinishTime } STATUS current DESCRIPTION "This notification is generated when the local certificate is valid." ::= { hh3cPKINotifications 12 } hh3cPKIGetLocalCertSucLdap NOTIFICATION-TYPE OBJECTS { hh3cPKIDomainName, hh3cPKIVrfName, hh3cPKICertUrl, hh3cPKIEntityName, hh3cPKICertSave } STATUS current DESCRIPTION "This notification is generated when the local certificate is successfully obtained through the LDAP protocol." ::= { hh3cPKINotifications 13 } hh3cPKIGetLocalCertFailLdap NOTIFICATION-TYPE OBJECTS { hh3cPKIDomainName, hh3cPKIVrfName, hh3cPKICertUrl, hh3cPKIEntityName, hh3cPKICertSave } STATUS current DESCRIPTION "This notification is generated when the local certificate fails to be obtained through the LDAP protocol." ::= { hh3cPKINotifications 14 } hh3cPKIGetLocalCertSucScep NOTIFICATION-TYPE OBJECTS { hh3cPKIDomainName, hh3cPKIVrfName, hh3cPKICertUrl, hh3cPKICertSave, hh3cPKICertUpdateTime } STATUS current DESCRIPTION "This notification is generated when the local certificate is successfully obtained through the SCEP protocol. When the local certificate is not obtained through renewal, hh3cPKICertUpdateTime is set to all zeros." ::= { hh3cPKINotifications 15 } hh3cPKIGetLocalCertFailScep NOTIFICATION-TYPE OBJECTS { hh3cPKIDomainName, hh3cPKIVrfName, hh3cPKICertUrl, hh3cPKICertSave, hh3cPKICertUpdateTime } STATUS current DESCRIPTION "This notification is generated when the local certificate fails to be obtained through the SCEP protocol. When the local certificate is not obtained through renewal, hh3cPKICertUpdateTime is set to all zeros." ::= { hh3cPKINotifications 16 } hh3cPKILocalCertNearlyExpired NOTIFICATION-TYPE OBJECTS { hh3cPKIDomainName, hh3cPKILocalCertIssuer, hh3cPKILocalCertSubject, hh3cPKILocalCertStartTime, hh3cPKILocalCertFinishTime } STATUS current DESCRIPTION "This notification is generated when the local certificate is about to expire." ::= { hh3cPKINotifications 17 } hh3cPKILocalCertHasExpired NOTIFICATION-TYPE OBJECTS { hh3cPKIDomainName, hh3cPKILocalCertIssuer, hh3cPKILocalCertSubject, hh3cPKILocalCertStartTime, hh3cPKILocalCertFinishTime } STATUS current DESCRIPTION "This notification is generated when the local certificate has expired." ::= { hh3cPKINotifications 18 } hh3cPKICrlHasExpired NOTIFICATION-TYPE OBJECTS { hh3cPKICrlIssuer, hh3cPKICrlStartTime, hh3cPKICrlFinishTime } STATUS current DESCRIPTION "This notification is generated when the CRL expires." ::= { hh3cPKINotifications 19 } hh3cPKIWriteToFlashFail NOTIFICATION-TYPE STATUS current DESCRIPTION "This notification is generated in case of failure to write CRL or certificate to flash." ::= { hh3cPKINotifications 20 } -- ======================================= -- Conformance Information -- ======================================= hh3cPKIConformance OBJECT IDENTIFIER ::= { hh3cPKIMonitor 2 } hh3cPKICompliances OBJECT IDENTIFIER ::= { hh3cPKIConformance 1 } hh3cPKIGroups OBJECT IDENTIFIER ::= { hh3cPKIConformance 2 } -- ======================================= -- Compliance Statements -- ======================================= hh3cPKICompliance MODULE-COMPLIANCE STATUS current DESCRIPTION " " MODULE -- this module MANDATORY-GROUPS { hh3cPKITrapObjectGroup, hh3cPKITrapCntlGroup, hh3cPKITrapGroup } ::= { hh3cPKICompliances 1 } hh3cPKITrapObjectGroup OBJECT-GROUP OBJECTS { hh3cPKICACertIssuer, hh3cPKICACertSubject, hh3cPKICACertStartTime, hh3cPKICACertFinishTime, hh3cPKICrlIssuer, hh3cPKICrlStartTime, hh3cPKICrlFinishTime, hh3cPKIDomainName, hh3cPKICrlUrl, hh3cPKIVrfName, hh3cPKICertUrl, hh3cPKILocalCertIssuer, hh3cPKILocalCertSubject, hh3cPKILocalCertStartTime, hh3cPKILocalCertFinishTime, hh3cPKIEntityName, hh3cPKICertSave, hh3cPKICertUpdateTime } STATUS current DESCRIPTION "The group contains all of trap objects of PKI module." ::= { hh3cPKIGroups 1 } hh3cPKITrapCntlGroup OBJECT-GROUP OBJECTS { hh3cPKITrapGlobalCntl, hh3cPKICACertInvalidTrapCntl, hh3cPKICACertValidTrapCntl, hh3cPKICrlInvalidTrapCntl, hh3cPKICrlValidTrapCntl, hh3cPKIGetCrlSucHttpTrapCntl, hh3cPKIGetCrlFailHttpTrapCntl, hh3cPKIGetCrlSucLdapCntl, hh3cPKIGetCrlFailLdapTrapCntl, hh3cPKIGetCrlSucScepTrapCntl, hh3cPKIGetCrlFailScepTrapCntl, hh3cPKILocCertInvalidTrapCntl, hh3cPKILocCertValidTrapCntl, hh3cPKIGetLocCertSucLdapTrapCntl, hh3cPKIGetLocCertFailLdapTrapCntl, hh3cPKIGetLocCeSucScepTrapCntl, hh3cPKIGetLocCeFailScepTrapCntl, hh3cPKILocCertNearExpirTrapCntl, hh3cPKILocCertHasExpirTrapCntl, hh3cPKICrlHasExpiredTrapCntl, hh3cPKIWriteToFlashFailTrapCntl } STATUS current DESCRIPTION "The group contains all of trap switches of PKI module." ::= { hh3cPKIGroups 2 } hh3cPKITrapGroup NOTIFICATION-GROUP NOTIFICATIONS { hh3cPKICACertInvalid, hh3cPKICACertValid, hh3cPKICrlInvalid, hh3cPKICrlValid, hh3cPKIGetCrlSucHttp, hh3cPKIGetCrlFailHttp, hh3cPKIGetCrlSucLdap, hh3cPKIGetCrlFailLdap, hh3cPKIGetCrlSucScep, hh3cPKIGetCrlFailScep, hh3cPKILocalCertInvalid, hh3cPKILocalCertValid, hh3cPKIGetLocalCertSucLdap, hh3cPKIGetLocalCertFailLdap, hh3cPKIGetLocalCertSucScep, hh3cPKIGetLocalCertFailScep, hh3cPKILocalCertNearlyExpired, hh3cPKILocalCertHasExpired, hh3cPKICrlHasExpired, hh3cPKIWriteToFlashFail } STATUS current DESCRIPTION "The group contains all of trap of PKI module." ::= { hh3cPKIGroups 3 } END