LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge changes from topic "add-ikev2-vpn-types"

Browse Source 
am: adb79e3b39

Change-Id: I205121bbd8ef8adbe5e7a5ea1c57bbcac0efae0e
This commit is contained in:
Benedict Wong
2020-01-22 22:09:41 -08:00
committed by android-build-merger
parent d2e0f29a08 80240acd3f
commit 6e1557d8ca
4 changed files with 630 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
core/java/android/net/LinkProperties.java
View File

@@ -80,7 +80,8 @@ public final class LinkProperties implements Parcelable {
private final transient boolean mParcelSensitiveFields; private final transient boolean mParcelSensitiveFields;
private static final int MIN_MTU = 68; private static final int MIN_MTU = 68;
private static final int MIN_MTU_V6 = 1280; /* package-visibility - Used in other files (such as Ikev2VpnProfile) as minimum iface MTU. */
static final int MIN_MTU_V6 = 1280;
private static final int MAX_MTU = 10000; private static final int MAX_MTU = 10000;
private static final int INET6_ADDR_LENGTH = 16; private static final int INET6_ADDR_LENGTH = 16;

360
tests/net/java/android/net/Ikev2VpnProfileTest.java Normal file
View File

@@ -0,0 +1,360 @@
/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.net;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import static org.mockito.Mockito.mock;
import android.test.mock.MockContext;
import androidx.test.filters.SmallTest;
import androidx.test.runner.AndroidJUnit4;
import com.android.internal.net.VpnProfile;
import com.android.org.bouncycastle.x509.X509V1CertificateGenerator;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import javax.security.auth.x500.X500Principal;
/** Unit tests for {@link Ikev2VpnProfile.Builder}. */
@SmallTest
@RunWith(AndroidJUnit4.class)
public class Ikev2VpnProfileTest {
private static final String SERVER_ADDR_STRING = "1.2.3.4";
private static final String IDENTITY_STRING = "Identity";
private static final String USERNAME_STRING = "username";
private static final String PASSWORD_STRING = "pa55w0rd";
private static final String EXCL_LIST = "exclList";
private static final byte[] PSK_BYTES = "preSharedKey".getBytes();
private static final int TEST_MTU = 1300;
private final MockContext mMockContext =
new MockContext() {
@Override
public String getOpPackageName() {
return "fooPackage";
}
};
private final ProxyInfo mProxy = new ProxyInfo(SERVER_ADDR_STRING, -1, EXCL_LIST);
private X509Certificate mUserCert;
private X509Certificate mServerRootCa;
private PrivateKey mPrivateKey;
@Before
public void setUp() throws Exception {
mServerRootCa = generateRandomCertAndKeyPair().cert;
final CertificateAndKey userCertKey = generateRandomCertAndKeyPair();
mUserCert = userCertKey.cert;
mPrivateKey = userCertKey.key;
}
private Ikev2VpnProfile.Builder getBuilderWithDefaultOptions() {
final Ikev2VpnProfile.Builder builder =
new Ikev2VpnProfile.Builder(SERVER_ADDR_STRING, IDENTITY_STRING);
builder.setBypassable(true);
builder.setProxy(mProxy);
builder.setMaxMtu(TEST_MTU);
builder.setMetered(true);
return builder;
}
@Test
public void testBuildValidProfileWithOptions() throws Exception {
final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
builder.setAuthUsernamePassword(USERNAME_STRING, PASSWORD_STRING, mServerRootCa);
final Ikev2VpnProfile profile = builder.build();
assertNotNull(profile);
// Check non-auth parameters correctly stored
assertEquals(SERVER_ADDR_STRING, profile.getServerAddr());
assertEquals(IDENTITY_STRING, profile.getUserIdentity());
assertEquals(mProxy, profile.getProxyInfo());
assertTrue(profile.isBypassable());
assertTrue(profile.isMetered());
assertEquals(TEST_MTU, profile.getMaxMtu());
}
@Test
public void testBuildUsernamePasswordProfile() throws Exception {
final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
builder.setAuthUsernamePassword(USERNAME_STRING, PASSWORD_STRING, mServerRootCa);
final Ikev2VpnProfile profile = builder.build();
assertNotNull(profile);
assertEquals(USERNAME_STRING, profile.getUsername());
assertEquals(PASSWORD_STRING, profile.getPassword());
assertEquals(mServerRootCa, profile.getServerRootCaCert());
assertNull(profile.getPresharedKey());
assertNull(profile.getRsaPrivateKey());
assertNull(profile.getUserCert());
}
@Test
public void testBuildDigitalSignatureProfile() throws Exception {
final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
builder.setAuthDigitalSignature(mUserCert, mPrivateKey, mServerRootCa);
final Ikev2VpnProfile profile = builder.build();
assertNotNull(profile);
assertEquals(profile.getUserCert(), mUserCert);
assertEquals(mPrivateKey, profile.getRsaPrivateKey());
assertEquals(profile.getServerRootCaCert(), mServerRootCa);
assertNull(profile.getPresharedKey());
assertNull(profile.getUsername());
assertNull(profile.getPassword());
}
@Test
public void testBuildPresharedKeyProfile() throws Exception {
final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
builder.setAuthPsk(PSK_BYTES);
final Ikev2VpnProfile profile = builder.build();
assertNotNull(profile);
assertArrayEquals(PSK_BYTES, profile.getPresharedKey());
assertNull(profile.getServerRootCaCert());
assertNull(profile.getUsername());
assertNull(profile.getPassword());
assertNull(profile.getRsaPrivateKey());
assertNull(profile.getUserCert());
}
@Test
public void testBuildNoAuthMethodSet() throws Exception {
final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
try {
builder.build();
fail("Expected exception due to lack of auth method");
} catch (IllegalArgumentException expected) {
}
}
@Test
public void testBuildInvalidMtu() throws Exception {
final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
try {
builder.setMaxMtu(500);
fail("Expected exception due to too-small MTU");
} catch (IllegalArgumentException expected) {
}
}
private void verifyVpnProfileCommon(VpnProfile profile) {
assertEquals(SERVER_ADDR_STRING, profile.server);
assertEquals(IDENTITY_STRING, profile.ipsecIdentifier);
assertEquals(mProxy, profile.proxy);
assertTrue(profile.isBypassable);
assertTrue(profile.isMetered);
assertEquals(TEST_MTU, profile.maxMtu);
}
@Test
public void testPskConvertToVpnProfile() throws Exception {
final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
builder.setAuthPsk(PSK_BYTES);
final VpnProfile profile = builder.build().toVpnProfile();
verifyVpnProfileCommon(profile);
assertEquals(Ikev2VpnProfile.encodeForIpsecSecret(PSK_BYTES), profile.ipsecSecret);
// Check nothing else is set
assertEquals("", profile.username);
assertEquals("", profile.password);
assertEquals("", profile.ipsecUserCert);
assertEquals("", profile.ipsecCaCert);
}
@Test
public void testUsernamePasswordConvertToVpnProfile() throws Exception {
final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
builder.setAuthUsernamePassword(USERNAME_STRING, PASSWORD_STRING, mServerRootCa);
final VpnProfile profile = builder.build().toVpnProfile();
verifyVpnProfileCommon(profile);
assertEquals(USERNAME_STRING, profile.username);
assertEquals(PASSWORD_STRING, profile.password);
assertEquals(Ikev2VpnProfile.certificateToPemString(mServerRootCa), profile.ipsecCaCert);
// Check nothing else is set
assertEquals("", profile.ipsecUserCert);
assertEquals("", profile.ipsecSecret);
}
@Test
public void testRsaConvertToVpnProfile() throws Exception {
final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
builder.setAuthDigitalSignature(mUserCert, mPrivateKey, mServerRootCa);
final VpnProfile profile = builder.build().toVpnProfile();
verifyVpnProfileCommon(profile);
assertEquals(Ikev2VpnProfile.certificateToPemString(mUserCert), profile.ipsecUserCert);
assertEquals(
Ikev2VpnProfile.encodeForIpsecSecret(mPrivateKey.getEncoded()),
profile.ipsecSecret);
assertEquals(Ikev2VpnProfile.certificateToPemString(mServerRootCa), profile.ipsecCaCert);
// Check nothing else is set
assertEquals("", profile.username);
assertEquals("", profile.password);
}
@Test
public void testPskFromVpnProfileDiscardsIrrelevantValues() throws Exception {
final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
builder.setAuthPsk(PSK_BYTES);
final VpnProfile profile = builder.build().toVpnProfile();
profile.username = USERNAME_STRING;
profile.password = PASSWORD_STRING;
profile.ipsecCaCert = Ikev2VpnProfile.certificateToPemString(mServerRootCa);
profile.ipsecUserCert = Ikev2VpnProfile.certificateToPemString(mUserCert);
final Ikev2VpnProfile result = Ikev2VpnProfile.fromVpnProfile(profile);
assertNull(result.getUsername());
assertNull(result.getPassword());
assertNull(result.getUserCert());
assertNull(result.getRsaPrivateKey());
assertNull(result.getServerRootCaCert());
}
@Test
public void testUsernamePasswordFromVpnProfileDiscardsIrrelevantValues() throws Exception {
final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
builder.setAuthUsernamePassword(USERNAME_STRING, PASSWORD_STRING, mServerRootCa);
final VpnProfile profile = builder.build().toVpnProfile();
profile.ipsecSecret = new String(PSK_BYTES);
profile.ipsecUserCert = Ikev2VpnProfile.certificateToPemString(mUserCert);
final Ikev2VpnProfile result = Ikev2VpnProfile.fromVpnProfile(profile);
assertNull(result.getPresharedKey());
assertNull(result.getUserCert());
assertNull(result.getRsaPrivateKey());
}
@Test
public void testRsaFromVpnProfileDiscardsIrrelevantValues() throws Exception {
final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
builder.setAuthDigitalSignature(mUserCert, mPrivateKey, mServerRootCa);
final VpnProfile profile = builder.build().toVpnProfile();
profile.username = USERNAME_STRING;
profile.password = PASSWORD_STRING;
final Ikev2VpnProfile result = Ikev2VpnProfile.fromVpnProfile(profile);
assertNull(result.getUsername());
assertNull(result.getPassword());
assertNull(result.getPresharedKey());
}
@Test
public void testPskConversionIsLossless() throws Exception {
final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
builder.setAuthPsk(PSK_BYTES);
final Ikev2VpnProfile ikeProfile = builder.build();
assertEquals(ikeProfile, Ikev2VpnProfile.fromVpnProfile(ikeProfile.toVpnProfile()));
}
@Test
public void testUsernamePasswordConversionIsLossless() throws Exception {
final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
builder.setAuthUsernamePassword(USERNAME_STRING, PASSWORD_STRING, mServerRootCa);
final Ikev2VpnProfile ikeProfile = builder.build();
assertEquals(ikeProfile, Ikev2VpnProfile.fromVpnProfile(ikeProfile.toVpnProfile()));
}
@Test
public void testRsaConversionIsLossless() throws Exception {
final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
builder.setAuthDigitalSignature(mUserCert, mPrivateKey, mServerRootCa);
final Ikev2VpnProfile ikeProfile = builder.build();
assertEquals(ikeProfile, Ikev2VpnProfile.fromVpnProfile(ikeProfile.toVpnProfile()));
}
private static class CertificateAndKey {
public final X509Certificate cert;
public final PrivateKey key;
CertificateAndKey(X509Certificate cert, PrivateKey key) {
this.cert = cert;
this.key = key;
}
}
private static CertificateAndKey generateRandomCertAndKeyPair() throws Exception {
final Date validityBeginDate =
new Date(System.currentTimeMillis() - TimeUnit.DAYS.toMillis(1L));
final Date validityEndDate =
new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(1L));
// Generate a keypair
final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(512);
final KeyPair keyPair = keyPairGenerator.generateKeyPair();
final X500Principal dnName = new X500Principal("CN=test.android.com");
final X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setSubjectDN(dnName);
certGen.setIssuerDN(dnName);
certGen.setNotBefore(validityBeginDate);
certGen.setNotAfter(validityEndDate);
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
final X509Certificate cert = certGen.generate(keyPair.getPrivate(), "AndroidOpenSSL");
return new CertificateAndKey(cert, keyPair.getPrivate());
}
}

83
tests/net/java/android/net/VpnManagerTest.java Normal file
View File

@@ -0,0 +1,83 @@
/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.net;
import static org.mockito.Mockito.mock;
import android.test.mock.MockContext;
import androidx.test.filters.SmallTest;
import androidx.test.runner.AndroidJUnit4;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
/** Unit tests for {@link VpnManager}. */
@SmallTest
@RunWith(AndroidJUnit4.class)
public class VpnManagerTest {
private static final String VPN_PROFILE_KEY = "KEY";
private IConnectivityManager mMockCs;
private VpnManager mVpnManager;
private final MockContext mMockContext =
new MockContext() {
@Override
public String getOpPackageName() {
return "fooPackage";
}
};
@Before
public void setUp() throws Exception {
mMockCs = mock(IConnectivityManager.class);
mVpnManager = new VpnManager(mMockContext, mMockCs);
}
@Test
public void testProvisionVpnProfile() throws Exception {
try {
mVpnManager.provisionVpnProfile(mock(PlatformVpnProfile.class));
} catch (UnsupportedOperationException expected) {
}
}
@Test
public void testDeleteProvisionedVpnProfile() throws Exception {
try {
mVpnManager.deleteProvisionedVpnProfile();
} catch (UnsupportedOperationException expected) {
}
}
@Test
public void testStartProvisionedVpnProfile() throws Exception {
try {
mVpnManager.startProvisionedVpnProfile();
} catch (UnsupportedOperationException expected) {
}
}
@Test
public void testStopProvisionedVpnProfile() throws Exception {
try {
mVpnManager.stopProvisionedVpnProfile();
} catch (UnsupportedOperationException expected) {
}
}
}

185
tests/net/java/com/android/internal/net/VpnProfileTest.java Normal file
View File

@@ -0,0 +1,185 @@
/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.internal.net;
import static com.android.testutils.ParcelUtilsKt.assertParcelSane;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import android.net.IpSecAlgorithm;
import androidx.test.filters.SmallTest;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;
import java.util.Arrays;
/** Unit tests for {@link VpnProfile}. */
@SmallTest
@RunWith(JUnit4.class)
public class VpnProfileTest {
private static final String DUMMY_PROFILE_KEY = "Test";
@Test
public void testDefaults() throws Exception {
final VpnProfile p = new VpnProfile(DUMMY_PROFILE_KEY);
assertEquals(DUMMY_PROFILE_KEY, p.key);
assertEquals("", p.name);
assertEquals(VpnProfile.TYPE_PPTP, p.type);
assertEquals("", p.server);
assertEquals("", p.username);
assertEquals("", p.password);
assertEquals("", p.dnsServers);
assertEquals("", p.searchDomains);
assertEquals("", p.routes);
assertTrue(p.mppe);
assertEquals("", p.l2tpSecret);
assertEquals("", p.ipsecIdentifier);
assertEquals("", p.ipsecSecret);
assertEquals("", p.ipsecUserCert);
assertEquals("", p.ipsecCaCert);
assertEquals("", p.ipsecServerCert);
assertEquals(null, p.proxy);
assertTrue(p.getAllowedAlgorithms() != null && p.getAllowedAlgorithms().isEmpty());
assertFalse(p.isBypassable);
assertFalse(p.isMetered);
assertEquals(1400, p.maxMtu);
assertFalse(p.areAuthParamsInline);
}
private VpnProfile getSampleIkev2Profile(String key) {
final VpnProfile p = new VpnProfile(key);
p.name = "foo";
p.type = VpnProfile.TYPE_IKEV2_IPSEC_USER_PASS;
p.server = "bar";
p.username = "baz";
p.password = "qux";
p.dnsServers = "8.8.8.8";
p.searchDomains = "";
p.routes = "0.0.0.0/0";
p.mppe = false;
p.l2tpSecret = "";
p.ipsecIdentifier = "quux";
p.ipsecSecret = "quuz";
p.ipsecUserCert = "corge";
p.ipsecCaCert = "grault";
p.ipsecServerCert = "garply";
p.proxy = null;
p.setAllowedAlgorithms(
Arrays.asList(
IpSecAlgorithm.AUTH_CRYPT_AES_GCM,
IpSecAlgorithm.AUTH_HMAC_SHA512,
IpSecAlgorithm.CRYPT_AES_CBC));
p.isBypassable = true;
p.isMetered = true;
p.maxMtu = 1350;
p.areAuthParamsInline = true;
// Not saved, but also not compared.
p.saveLogin = true;
return p;
}
@Test
public void testEquals() {
assertEquals(
getSampleIkev2Profile(DUMMY_PROFILE_KEY), getSampleIkev2Profile(DUMMY_PROFILE_KEY));
final VpnProfile modified = getSampleIkev2Profile(DUMMY_PROFILE_KEY);
modified.maxMtu--;
assertNotEquals(getSampleIkev2Profile(DUMMY_PROFILE_KEY), modified);
}
@Test
public void testParcelUnparcel() {
assertParcelSane(getSampleIkev2Profile(DUMMY_PROFILE_KEY), 22);
}
@Test
public void testSetInvalidAlgorithmValueDelimiter() {
final VpnProfile profile = getSampleIkev2Profile(DUMMY_PROFILE_KEY);
try {
profile.setAllowedAlgorithms(
Arrays.asList("test" + VpnProfile.VALUE_DELIMITER + "test"));
fail("Expected failure due to value separator in algorithm name");
} catch (IllegalArgumentException expected) {
}
}
@Test
public void testSetInvalidAlgorithmListDelimiter() {
final VpnProfile profile = getSampleIkev2Profile(DUMMY_PROFILE_KEY);
try {
profile.setAllowedAlgorithms(
Arrays.asList("test" + VpnProfile.LIST_DELIMITER + "test"));
fail("Expected failure due to value separator in algorithm name");
} catch (IllegalArgumentException expected) {
}
}
@Test
public void testEncodeDecode() {
final VpnProfile profile = getSampleIkev2Profile(DUMMY_PROFILE_KEY);
final VpnProfile decoded = VpnProfile.decode(DUMMY_PROFILE_KEY, profile.encode());
assertEquals(profile, decoded);
}
@Test
public void testEncodeDecodeTooManyValues() {
final VpnProfile profile = getSampleIkev2Profile(DUMMY_PROFILE_KEY);
final byte[] tooManyValues =
(new String(profile.encode()) + VpnProfile.VALUE_DELIMITER + "invalid").getBytes();
assertNull(VpnProfile.decode(DUMMY_PROFILE_KEY, tooManyValues));
}
@Test
public void testEncodeDecodeInvalidNumberOfValues() {
final VpnProfile profile = getSampleIkev2Profile(DUMMY_PROFILE_KEY);
final String encoded = new String(profile.encode());
final byte[] tooFewValues =
encoded.substring(0, encoded.lastIndexOf(VpnProfile.VALUE_DELIMITER)).getBytes();
assertNull(VpnProfile.decode(DUMMY_PROFILE_KEY, tooFewValues));
}
@Test
public void testEncodeDecodeLoginsNotSaved() {
final VpnProfile profile = getSampleIkev2Profile(DUMMY_PROFILE_KEY);
profile.saveLogin = false;
final VpnProfile decoded = VpnProfile.decode(DUMMY_PROFILE_KEY, profile.encode());
assertNotEquals(profile, decoded);
// Add the username/password back, everything else must be equal.
decoded.username = profile.username;
decoded.password = profile.password;
assertEquals(profile, decoded);
}
}