LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Test building IkeSessionParams with EAP" am: 4f532038f1 am: 8163d0ec62

Browse Source 
Change-Id: I838cff728ca95081189bd715fe8b2ff8870948ad
This commit is contained in:
Yan Yan
2020-04-26 22:00:08 +00:00
committed by Automerger Merge Worker
parent 30717132c4 8163d0ec62
commit 28df18148b
4 changed files with 141 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tests/cts/net/ipsec/Android.bp
View File

@@ -26,6 +26,7 @@ android_test {
srcs: [
"src/**/*.java",
":ike-test-utils",
],
static_libs: [

20
tests/cts/net/ipsec/assets/pem/server-a-self-signed-ca.pem Normal file
View File

@@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDSDCCAjCgAwIBAgIITJQJ6HC1rjwwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UE
BhMCVVMxEDAOBgNVBAoTB0FuZHJvaWQxITAfBgNVBAMTGHJvb3QuY2EudGVzdC5h
bmRyb2lkLm5ldDAeFw0xOTA5MzAxNzU1NTJaFw0yOTA5MjcxNzU1NTJaMEIxCzAJ
BgNVBAYTAlVTMRAwDgYDVQQKEwdBbmRyb2lkMSEwHwYDVQQDExhyb290LmNhLnRl
c3QuYW5kcm9pZC5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCT
q3hGF+JvLaB1xW7KGKmaxiQ7BxX2Sn7cbp7ggoVYXsFlBUuPPv3+Vg5PfPCPhsJ8
/7w4HyKo3uc/vHs5HpQ7rSd9blhAkfmJci2ULLq73FB8Mix4CzPwMx29RrN1X9bU
z4G0vJMczIBGxbZ0uw7n8bKcXBV7AIeax+J8lseEZ3k8iSuBkUJqGIpPFKTqByFZ
A1Lvt47xkON5SZh6c/Oe+o6291wXaCOJUSAKv6PAWZkq9HeD2fqKA/ck9dBaz1M3
YvzQ9V/7so3/dECjAfKia388h1I6XSGNUM+d5hpxMXpAFgG42eUXHpJ10OjDvSwd
7ZSC91/kRQewUomEKBK1AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMB0GA1UdDgQWBBRJn6hHhdeDY/dXpCKUfrFYQhKAGjANBgkqhkiG
9w0BAQsFAAOCAQEAig/94aGfHBhZuvbbhwAK4rUNpizmR567u0ZJ+QUEKyAlo9lT
ZWYHSm7qTAZYvPEjzTQIptnAlxCHePXh3Cfwgo+r82lhG2rcdI03iRyvHWjM8gyk
BXCJTi0Q08JHHpTP6GnAqpz58qEIFkk8P766zNXdhYrGPOydF+p7MFcb1Zv1gum3
zmRLt0XUAMfjPUv1Bl8kTKFxH5lkMBLR1E0jnoJoTTfgRPrf9CuFSoh48n7YhoBT
KV75xZY8b8+SuB0v6BvQmkpKZGoxBjuVsShyG7q1+4JTAtwhiP7BlkDvVkaBEi7t
WIMFp2r2ZDisHgastNaeYFyzHYz9g1FCCrHQ4w==
-----END CERTIFICATE-----

144
tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionParamsTest.java
View File

@@ -17,16 +17,22 @@
package android.net.ipsec.ike.cts;
import static android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_ACCEPT_ANY_REMOTE_ID;
import static android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_EAP_ONLY_AUTH;
import static android.net.ipsec.ike.IkeSessionParams.IkeAuthConfig;
import static android.net.ipsec.ike.IkeSessionParams.IkeAuthDigitalSignRemoteConfig;
import static android.net.ipsec.ike.IkeSessionParams.IkeAuthEapConfig;
import static android.net.ipsec.ike.IkeSessionParams.IkeAuthPskConfig;
import static android.system.OsConstants.AF_INET;
import static android.system.OsConstants.AF_INET6;
import static android.telephony.TelephonyManager.APPTYPE_USIM;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import android.net.eap.EapSessionConfig;
import android.net.ipsec.ike.IkeFqdnIdentification;
import android.net.ipsec.ike.IkeIdentification;
import android.net.ipsec.ike.IkeSaProposal;
@@ -37,10 +43,14 @@ import android.net.ipsec.ike.IkeSessionParams.IkeConfigRequest;
import androidx.test.ext.junit.runners.AndroidJUnit4;
import com.android.internal.net.ipsec.ike.testutils.CertUtils;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import java.net.InetAddress;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
@@ -76,6 +86,29 @@ public final class IkeSessionParamsTest extends IkeSessionParamsTestBase {
private static final IkeIdentification LOCAL_ID = new IkeFqdnIdentification(LOCAL_HOSTNAME);
private static final IkeIdentification REMOTE_ID = new IkeFqdnIdentification(REMOTE_HOSTNAME);
private static final EapSessionConfig EAP_ALL_METHODS_CONFIG =
createEapOnlySafeMethodsBuilder()
.setEapMsChapV2Config(EAP_MSCHAPV2_USERNAME, EAP_MSCHAPV2_PASSWORD)
.build();
private static final EapSessionConfig EAP_ONLY_SAFE_METHODS_CONFIG =
createEapOnlySafeMethodsBuilder().build();
private X509Certificate mServerCaCert;
@Before
public void setUp() throws Exception {
mServerCaCert = CertUtils.createCertFromPemFile("server-a-self-signed-ca.pem");
}
private static EapSessionConfig.Builder createEapOnlySafeMethodsBuilder() {
return new EapSessionConfig.Builder()
.setEapIdentity(EAP_IDENTITY)
.setEapSimConfig(SUB_ID, APPTYPE_USIM)
.setEapAkaConfig(SUB_ID, APPTYPE_USIM)
.setEapAkaPrimeConfig(
SUB_ID, APPTYPE_USIM, NETWORK_NAME, true /* allowMismatchedNetworkNames */);
}
/**
* Create a Builder that has minimum configurations to build an IkeSessionParams.
*
@@ -112,23 +145,6 @@ public final class IkeSessionParamsTest extends IkeSessionParamsTestBase {
assertArrayEquals(IKE_PSK, ((IkeAuthPskConfig) remoteConfig).getPsk());
}
private void verifySpecificPcscfConfigReqs(
HashSet<InetAddress> expectedAddresses, IkeSessionParams sessionParams) {
Set<InetAddress> resultAddresses = new HashSet<>();
for (IkeConfigRequest req : sessionParams.getConfigurationRequests()) {
if (req instanceof ConfigRequestIpv4PcscfServer
&& ((ConfigRequestIpv4PcscfServer) req).getAddress() != null) {
resultAddresses.add(((ConfigRequestIpv4PcscfServer) req).getAddress());
} else if (req instanceof ConfigRequestIpv6PcscfServer
&& ((ConfigRequestIpv6PcscfServer) req).getAddress() != null) {
resultAddresses.add(((ConfigRequestIpv6PcscfServer) req).getAddress());
}
}
assertEquals(expectedAddresses, resultAddresses);
}
@Test
public void testBuildWithMinimumSet() throws Exception {
IkeSessionParams sessionParams = createIkeParamsBuilderMinimum().build();
@@ -232,22 +248,39 @@ public final class IkeSessionParamsTest extends IkeSessionParamsTestBase {
assertFalse(sessionParams.hasIkeOption(IKE_OPTION_ACCEPT_ANY_REMOTE_ID));
}
@Test
public void testBuildWithPsk() throws Exception {
IkeSessionParams sessionParams =
new IkeSessionParams.Builder(sContext)
.setNetwork(sTunNetwork)
.setServerHostname(IPV4_ADDRESS_REMOTE.getHostAddress())
.addSaProposal(SA_PROPOSAL)
.setLocalIdentification(LOCAL_ID)
.setRemoteIdentification(REMOTE_ID)
.setAuthPsk(IKE_PSK)
.build();
/**
* Create a Builder that has minimum configurations to build an IkeSessionParams, except for
* authentication method.
*/
private IkeSessionParams.Builder createIkeParamsBuilderMinimumWithoutAuth() {
return new IkeSessionParams.Builder(sContext)
.setNetwork(sTunNetwork)
.setServerHostname(IPV4_ADDRESS_REMOTE.getHostAddress())
.addSaProposal(SA_PROPOSAL)
.setLocalIdentification(LOCAL_ID)
.setRemoteIdentification(REMOTE_ID);
}
/**
* Verify the minimum configurations to build an IkeSessionParams, except for authentication
* method.
*
* @see #createIkeParamsBuilderMinimumWithoutAuth
*/
private void verifyIkeParamsMinimumWithoutAuth(IkeSessionParams sessionParams) {
assertEquals(sTunNetwork, sessionParams.getNetwork());
assertEquals(IPV4_ADDRESS_REMOTE.getHostAddress(), sessionParams.getServerHostname());
assertEquals(Arrays.asList(SA_PROPOSAL), sessionParams.getSaProposals());
assertEquals(LOCAL_ID, sessionParams.getLocalIdentification());
assertEquals(REMOTE_ID, sessionParams.getRemoteIdentification());
}
@Test
public void testBuildWithPsk() throws Exception {
IkeSessionParams sessionParams =
createIkeParamsBuilderMinimumWithoutAuth().setAuthPsk(IKE_PSK).build();
verifyIkeParamsMinimumWithoutAuth(sessionParams);
IkeAuthConfig localConfig = sessionParams.getLocalAuthConfig();
assertTrue(localConfig instanceof IkeAuthPskConfig);
@@ -257,6 +290,57 @@ public final class IkeSessionParamsTest extends IkeSessionParamsTestBase {
assertArrayEquals(IKE_PSK, ((IkeAuthPskConfig) remoteConfig).getPsk());
}
// TODO(b/148689509): Add tests for building IkeSessionParams using EAP and
// digital-signature-based authentication
@Test
public void testBuildWithEap() throws Exception {
IkeSessionParams sessionParams =
createIkeParamsBuilderMinimumWithoutAuth()
.setAuthEap(mServerCaCert, EAP_ALL_METHODS_CONFIG)
.build();
verifyIkeParamsMinimumWithoutAuth(sessionParams);
IkeAuthConfig localConfig = sessionParams.getLocalAuthConfig();
assertTrue(localConfig instanceof IkeAuthEapConfig);
assertEquals(EAP_ALL_METHODS_CONFIG, ((IkeAuthEapConfig) localConfig).getEapConfig());
IkeAuthConfig remoteConfig = sessionParams.getRemoteAuthConfig();
assertTrue(remoteConfig instanceof IkeAuthDigitalSignRemoteConfig);
assertEquals(
mServerCaCert, ((IkeAuthDigitalSignRemoteConfig) remoteConfig).getRemoteCaCert());
}
@Test
public void testBuildWithEapOnlyAuth() throws Exception {
IkeSessionParams sessionParams =
createIkeParamsBuilderMinimumWithoutAuth()
.setAuthEap(mServerCaCert, EAP_ONLY_SAFE_METHODS_CONFIG)
.addIkeOption(IKE_OPTION_EAP_ONLY_AUTH)
.build();
assertTrue(sessionParams.hasIkeOption(IKE_OPTION_EAP_ONLY_AUTH));
verifyIkeParamsMinimumWithoutAuth(sessionParams);
IkeAuthConfig localConfig = sessionParams.getLocalAuthConfig();
assertTrue(localConfig instanceof IkeAuthEapConfig);
assertEquals(EAP_ONLY_SAFE_METHODS_CONFIG, ((IkeAuthEapConfig) localConfig).getEapConfig());
IkeAuthConfig remoteConfig = sessionParams.getRemoteAuthConfig();
assertTrue(remoteConfig instanceof IkeAuthDigitalSignRemoteConfig);
assertEquals(
mServerCaCert, ((IkeAuthDigitalSignRemoteConfig) remoteConfig).getRemoteCaCert());
}
@Test
public void testThrowBuildEapOnlyAuthWithUnsafeMethod() throws Exception {
try {
IkeSessionParams sessionParams =
createIkeParamsBuilderMinimumWithoutAuth()
.setAuthEap(mServerCaCert, EAP_ALL_METHODS_CONFIG)
.addIkeOption(IKE_OPTION_EAP_ONLY_AUTH)
.build();
fail("Expected to fail because EAP only unsafe method is proposed");
} catch (IllegalArgumentException expected) {
}
}
// TODO(b/148689509): Add tests for building IkeSessionParams using digital-signature-based
// authentication
}

6
tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeTestBase.java
View File

@@ -49,6 +49,12 @@ abstract class IkeTestBase {
static final String LOCAL_RFC822_NAME = "client.test.ike@example.com";
static final byte[] LOCAL_KEY_ID = "Local Key ID".getBytes();
static final int SUB_ID = 1;
static final byte[] EAP_IDENTITY = "test@android.net".getBytes();
static final String NETWORK_NAME = "android.net";
static final String EAP_MSCHAPV2_USERNAME = "username";
static final String EAP_MSCHAPV2_PASSWORD = "password";
static final Inet4Address IPV4_ADDRESS_LOCAL =
(Inet4Address) (InetAddresses.parseNumericAddress("192.0.2.100"));
static final Inet4Address IPV4_ADDRESS_REMOTE =