Make Transforms Unidirectional

Convert the IpSecTransform from being a bi-directional pair of SAs to a unidirectional single SA. This CL also removes the concept of "direction from SAs meaning that a IpSecTransform may now be applied to a socket in either direction. -Make transforms unidirectional -Add Convert allocateSpi() to use destination rather than direction and remote address -Remove directionality from builders for IpSecTransform -Change applyTransportModeTransform() to take a direction in which to apply the transform object. -Additional minor naming updates -Restrict IpSecConfig to only print keys on eng builds -Move DIRECTION constants to IpSecManager -Add sourceAddress parameter to IpSecTransform to provide additional guarantees about the source address of data; (explicit failure rather than implicit failure). -Move SPI to the build() method of IpSecTransform Bug: 71717213 Test: runtest frameworks-net, CTS - IpSecManagerTest Change-Id: I0824b37f443f4b8c62536d9801238c63ed8f2a1c
2018-01-05 19:25:13 -08:00
parent 278fb634c1
commit 3865a008e7
4 changed files with 49 additions and 188 deletions
--- a/tests/net/java/android/net/IpSecManagerTest.java
+++ b/tests/net/java/android/net/IpSecManagerTest.java
@@ -81,15 +81,13 @@ public class IpSecManagerTest {
        IpSecSpiResponse spiResp =
                new IpSecSpiResponse(IpSecManager.Status.OK, resourceId, DROID_SPI);
        when(mMockIpSecService.allocateSecurityParameterIndex(
-                        eq(IpSecTransform.DIRECTION_IN),
                        eq(GOOGLE_DNS_4.getHostAddress()),
                        eq(DROID_SPI),
                        anyObject()))
                .thenReturn(spiResp);

        IpSecManager.SecurityParameterIndex droidSpi =
-                mIpSecManager.allocateSecurityParameterIndex(
-                        IpSecTransform.DIRECTION_IN, GOOGLE_DNS_4, DROID_SPI);
+                mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4, DROID_SPI);
        assertEquals(DROID_SPI, droidSpi.getSpi());

        droidSpi.close();
@@ -103,15 +101,13 @@ public class IpSecManagerTest {
        IpSecSpiResponse spiResp =
                new IpSecSpiResponse(IpSecManager.Status.OK, resourceId, DROID_SPI);
        when(mMockIpSecService.allocateSecurityParameterIndex(
-                        eq(IpSecTransform.DIRECTION_OUT),
                        eq(GOOGLE_DNS_4.getHostAddress()),
                        eq(IpSecManager.INVALID_SECURITY_PARAMETER_INDEX),
                        anyObject()))
                .thenReturn(spiResp);

        IpSecManager.SecurityParameterIndex randomSpi =
-                mIpSecManager.allocateSecurityParameterIndex(
-                        IpSecTransform.DIRECTION_OUT, GOOGLE_DNS_4);
+                mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4);

        assertEquals(DROID_SPI, randomSpi.getSpi());

@@ -124,16 +120,15 @@ public class IpSecManagerTest {
     * Throws resource unavailable exception
     */
    @Test
-    public void testAllocSpiResUnavaiableExeption() throws Exception {
+    public void testAllocSpiResUnavailableException() throws Exception {
        IpSecSpiResponse spiResp =
                new IpSecSpiResponse(IpSecManager.Status.RESOURCE_UNAVAILABLE, 0, 0);
        when(mMockIpSecService.allocateSecurityParameterIndex(
-                        anyInt(), anyString(), anyInt(), anyObject()))
+                        anyString(), anyInt(), anyObject()))
                .thenReturn(spiResp);

        try {
-            mIpSecManager.allocateSecurityParameterIndex(
-                    IpSecTransform.DIRECTION_OUT, GOOGLE_DNS_4);
+            mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4);
            fail("ResourceUnavailableException was not thrown");
        } catch (IpSecManager.ResourceUnavailableException e) {
        }
@@ -143,15 +138,14 @@ public class IpSecManagerTest {
     * Throws spi unavailable exception
     */
    @Test
-    public void testAllocSpiSpiUnavaiableExeption() throws Exception {
+    public void testAllocSpiSpiUnavailableException() throws Exception {
        IpSecSpiResponse spiResp = new IpSecSpiResponse(IpSecManager.Status.SPI_UNAVAILABLE, 0, 0);
        when(mMockIpSecService.allocateSecurityParameterIndex(
-                        anyInt(), anyString(), anyInt(), anyObject()))
+                        anyString(), anyInt(), anyObject()))
                .thenReturn(spiResp);

        try {
-            mIpSecManager.allocateSecurityParameterIndex(
-                    IpSecTransform.DIRECTION_OUT, GOOGLE_DNS_4);
+            mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4);
            fail("ResourceUnavailableException was not thrown");
        } catch (IpSecManager.ResourceUnavailableException e) {
        }
@@ -163,8 +157,7 @@ public class IpSecManagerTest {
    @Test
    public void testRequestAllocInvalidSpi() throws Exception {
        try {
-            mIpSecManager.allocateSecurityParameterIndex(
-                    IpSecTransform.DIRECTION_OUT, GOOGLE_DNS_4, 0);
+            mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4, 0);
            fail("Able to allocate invalid spi");
        } catch (IllegalArgumentException e) {
        }