From 34e71a5b684b800657167ecc8b23a6ef8a72a265 Mon Sep 17 00:00:00 2001
From: evitayan <evitayan@google.com>
Date: Tue, 5 May 2020 17:52:11 -0700
Subject: [PATCH] Cleanup of IkeSessionPskTest

- Add java doc in IkeSessionTestBase about the necessity to use
  different addresses and Networks in each test
- Use ArrayTrackRecord in Test Session Callback to retrieve the
  latest result.
- Verify that IpSecTransform pair is created and deleted

Bug: 148689509
Test: atest CtsIkeTestCases
Change-Id: Ib747c8cdfe1827e8df2aa7544e28e98a177d3d1c
---
 .../net/ipsec/ike/cts/IkeSessionPskTest.java  | 51 +++++++++++--------
 .../net/ipsec/ike/cts/IkeSessionTestBase.java | 19 ++++---
 .../net/ipsec/ike/cts/IkeTunUtils.java        |  4 +-
 3 files changed, 44 insertions(+), 30 deletions(-)

diff --git a/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionPskTest.java b/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionPskTest.java
index 336d12dad1..fb93398b26 100644
--- a/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionPskTest.java
+++ b/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionPskTest.java
@@ -99,19 +99,17 @@ public class IkeSessionPskTest extends IkeSessionTestBase {
                     .addInternalAddressRequest(AF_INET6)
                     .build();
 
-    private IkeSessionParams createIkeSessionParams(InetAddress mRemoteAddress) {
-        return new IkeSessionParams.Builder(sContext)
-                .setNetwork(mTunNetwork)
-                .setServerHostname(mRemoteAddress.getHostAddress())
-                .addSaProposal(SaProposalTest.buildIkeSaProposalWithNormalModeCipher())
-                .addSaProposal(SaProposalTest.buildIkeSaProposalWithCombinedModeCipher())
-                .setLocalIdentification(new IkeFqdnIdentification(LOCAL_HOSTNAME))
-                .setRemoteIdentification(new IkeFqdnIdentification(REMOTE_HOSTNAME))
-                .setAuthPsk(IKE_PSK)
-                .build();
-    }
-
-    private IkeSession openIkeSession(IkeSessionParams ikeParams) {
+    private IkeSession openIkeSessionWithRemoteAddress(InetAddress remoteAddress) {
+        IkeSessionParams ikeParams =
+                new IkeSessionParams.Builder(sContext)
+                        .setNetwork(mTunNetwork)
+                        .setServerHostname(remoteAddress.getHostAddress())
+                        .addSaProposal(SaProposalTest.buildIkeSaProposalWithNormalModeCipher())
+                        .addSaProposal(SaProposalTest.buildIkeSaProposalWithCombinedModeCipher())
+                        .setLocalIdentification(new IkeFqdnIdentification(LOCAL_HOSTNAME))
+                        .setRemoteIdentification(new IkeFqdnIdentification(REMOTE_HOSTNAME))
+                        .setAuthPsk(IKE_PSK)
+                        .build();
         return new IkeSession(
                 sContext,
                 ikeParams,
@@ -126,7 +124,7 @@ public class IkeSessionPskTest extends IkeSessionTestBase {
         if (!hasTunnelsFeature()) return;
 
         // Open IKE Session
-        IkeSession ikeSession = openIkeSession(createIkeSessionParams(mRemoteAddress));
+        IkeSession ikeSession = openIkeSessionWithRemoteAddress(mRemoteAddress);
         int expectedMsgId = 0;
         mTunUtils.awaitReqAndInjectResp(
                 IKE_INIT_SPI,
@@ -167,6 +165,9 @@ public class IkeSessionPskTest extends IkeSessionTestBase {
         assertTrue(firstChildConfig.getInternalDnsServers().isEmpty());
         assertTrue(firstChildConfig.getInternalDhcpServers().isEmpty());
 
+        assertNotNull(mFirstChildSessionCallback.awaitNextCreatedIpSecTransform());
+        assertNotNull(mFirstChildSessionCallback.awaitNextCreatedIpSecTransform());
+
         // Open additional Child Session
         TestChildSessionCallback additionalChildCb = new TestChildSessionCallback();
         ikeSession.openChildSession(CHILD_PARAMS, additionalChildCb);
@@ -183,9 +184,12 @@ public class IkeSessionPskTest extends IkeSessionTestBase {
                 Arrays.asList(EXPECTED_INBOUND_TS), firstChildConfig.getInboundTrafficSelectors());
         assertEquals(Arrays.asList(DEFAULT_V4_TS), firstChildConfig.getOutboundTrafficSelectors());
         assertTrue(additionalChildConfig.getInternalAddresses().isEmpty());
-        assertTrue(firstChildConfig.getInternalSubnets().isEmpty());
-        assertTrue(firstChildConfig.getInternalDnsServers().isEmpty());
-        assertTrue(firstChildConfig.getInternalDhcpServers().isEmpty());
+        assertTrue(additionalChildConfig.getInternalSubnets().isEmpty());
+        assertTrue(additionalChildConfig.getInternalDnsServers().isEmpty());
+        assertTrue(additionalChildConfig.getInternalDhcpServers().isEmpty());
+
+        assertNotNull(additionalChildCb.awaitNextCreatedIpSecTransform());
+        assertNotNull(additionalChildCb.awaitNextCreatedIpSecTransform());
 
         // Close additional Child Session
         ikeSession.closeChildSession(additionalChildCb);
@@ -195,6 +199,8 @@ public class IkeSessionPskTest extends IkeSessionTestBase {
                 true /* expectedUseEncap */,
                 hexStringToByteArray(SUCCESS_DELETE_CHILD_RESP));
 
+        assertNotNull(additionalChildCb.awaitNextDeletedIpSecTransform());
+        assertNotNull(additionalChildCb.awaitNextDeletedIpSecTransform());
         additionalChildCb.awaitOnClosed();
 
         // Close IKE Session
@@ -205,10 +211,12 @@ public class IkeSessionPskTest extends IkeSessionTestBase {
                 true /* expectedUseEncap */,
                 hexStringToByteArray(SUCCESS_DELETE_IKE_RESP));
 
+        assertNotNull(mFirstChildSessionCallback.awaitNextDeletedIpSecTransform());
+        assertNotNull(mFirstChildSessionCallback.awaitNextDeletedIpSecTransform());
         mFirstChildSessionCallback.awaitOnClosed();
         mIkeSessionCallback.awaitOnClosed();
 
-        // TODO: verify IpSecTransform pair is created and deleted
+        // TODO: verify created and deleted IpSecTransform pair and their directions
     }
 
     @Test
@@ -216,7 +224,7 @@ public class IkeSessionPskTest extends IkeSessionTestBase {
         if (!hasTunnelsFeature()) return;
 
         // Open IKE Session
-        IkeSession ikeSession = openIkeSession(createIkeSessionParams(mRemoteAddress));
+        IkeSession ikeSession = openIkeSessionWithRemoteAddress(mRemoteAddress);
         int expectedMsgId = 0;
         mTunUtils.awaitReqAndInjectResp(
                 IKE_INIT_SPI,
@@ -231,7 +239,6 @@ public class IkeSessionPskTest extends IkeSessionTestBase {
                 hexStringToByteArray(SUCCESS_IKE_AUTH_RESP));
 
         ikeSession.kill();
-
         mFirstChildSessionCallback.awaitOnClosed();
         mIkeSessionCallback.awaitOnClosed();
     }
@@ -242,7 +249,7 @@ public class IkeSessionPskTest extends IkeSessionTestBase {
                 "46B8ECA1E0D72A180000000000000000292022200000000000000024000000080000000E";
 
         // Open IKE Session
-        IkeSession ikeSession = openIkeSession(createIkeSessionParams(mRemoteAddress));
+        IkeSession ikeSession = openIkeSessionWithRemoteAddress(mRemoteAddress);
         int expectedMsgId = 0;
         mTunUtils.awaitReqAndInjectResp(
                 IKE_INIT_SPI,
@@ -250,6 +257,8 @@ public class IkeSessionPskTest extends IkeSessionTestBase {
                 false /* expectedUseEncap */,
                 hexStringToByteArray(ikeInitFailRespHex));
 
+        mFirstChildSessionCallback.awaitOnClosed();
+
         IkeException exception = mIkeSessionCallback.awaitOnClosedException();
         assertNotNull(exception);
         assertTrue(exception instanceof IkeProtocolException);
diff --git a/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionTestBase.java b/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionTestBase.java
index 1c1ffc922f..279d088b3c 100644
--- a/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionTestBase.java
+++ b/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionTestBase.java
@@ -40,7 +40,6 @@ import android.net.ipsec.ike.exceptions.IkeProtocolException;
 import android.os.Binder;
 import android.os.ParcelFileDescriptor;
 import android.platform.test.annotations.AppModeFull;
-import android.util.Log;
 
 import androidx.test.InstrumentationRegistry;
 import androidx.test.ext.junit.runners.AndroidJUnit4;
@@ -66,6 +65,13 @@ import java.util.concurrent.TimeUnit;
  *
  * <p>Subclasses MUST explicitly call #setUpTestNetwork and #tearDownTestNetwork to be able to use
  * the test network
+ *
+ * <p>All IKE Sessions running in test mode will generate SPIs deterministically. That is to say
+ * each IKE Session will always generate the same IKE INIT SPI and test vectors are generated based
+ * on this deterministic IKE SPI. Each test will use different local and remote addresses to avoid
+ * the case that the next test try to allocate the same SPI before the previous test has released
+ * it, since SPI resources are not released in testing thread. Similarly, each test MUST use
+ * different Network instances to avoid sharing the same IkeSocket and hitting IKE SPI collision.
  */
 @RunWith(AndroidJUnit4.class)
 @AppModeFull(reason = "MANAGE_TEST_NETWORKS permission can't be granted to instant apps")
@@ -117,7 +123,7 @@ abstract class IkeSessionTestBase extends IkeTestBase {
         InstrumentationRegistry.getInstrumentation()
                 .getUiAutomation()
                 .adoptShellPermissionIdentity();
-        sTNM = (TestNetworkManager) sContext.getSystemService(Context.TEST_NETWORK_SERVICE);
+        sTNM = sContext.getSystemService(TestNetworkManager.class);
 
         // Under normal circumstances, the MANAGE_IPSEC_TUNNELS appop would be auto-granted, and
         // a standard permission is insufficient. So we shell out the appop, to give us the
@@ -150,10 +156,6 @@ abstract class IkeSessionTestBase extends IkeTestBase {
     @After
     public void tearDown() throws Exception {
         tearDownTestNetwork();
-
-        resetNextAvailableAddress(NEXT_AVAILABLE_IP4_ADDR_LOCAL, INITIAL_AVAILABLE_IP4_ADDR_LOCAL);
-        resetNextAvailableAddress(
-                NEXT_AVAILABLE_IP4_ADDR_REMOTE, INITIAL_AVAILABLE_IP4_ADDR_REMOTE);
     }
 
     void setUpTestNetwork(InetAddress localAddr) throws Exception {
@@ -186,9 +188,8 @@ abstract class IkeSessionTestBase extends IkeTestBase {
                             pkg, // Package name
                             opName, // Appop
                             (allow ? "allow" : "deny")); // Action
-            Log.d("IKE", "CTS setAppOp cmd " + cmd);
 
-            String result = SystemUtil.runShellCommand(cmd);
+            SystemUtil.runShellCommand(cmd);
         }
     }
 
@@ -230,6 +231,7 @@ abstract class IkeSessionTestBase extends IkeTestBase {
         }
     }
 
+    /** Testing callback that allows caller to block current thread until a method get called */
     static class TestIkeSessionCallback implements IkeSessionCallback {
         private CompletableFuture<IkeSessionConfiguration> mFutureIkeConfig =
                 new CompletableFuture<>();
@@ -283,6 +285,7 @@ abstract class IkeSessionTestBase extends IkeTestBase {
         }
     }
 
+    /** Testing callback that allows caller to block current thread until a method get called */
     static class TestChildSessionCallback implements ChildSessionCallback {
         private CompletableFuture<ChildSessionConfiguration> mFutureChildConfig =
                 new CompletableFuture<>();
diff --git a/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeTunUtils.java b/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeTunUtils.java
index 5a8258d57b..f52b88ba3a 100644
--- a/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeTunUtils.java
+++ b/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeTunUtils.java
@@ -121,7 +121,9 @@ public class IkeTunUtils extends TunUtils {
                             + " and message ID "
                             + expectedMsgId);
         }
-        return null;
+
+        throw new IllegalStateException(
+                "Hit an impossible case where fail() didn't throw an exception");
     }
 
     private static boolean isIke(