LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge changes from topic "ipsec-svc-cleanup"

Browse Source 
am: 9778c7884f

Change-Id: Ide81ae76bd05ba3a2cc7c06c072306d30a489057
This commit is contained in:
nharold
2017-10-04 20:24:10 +00:00
committed by android-build-merger
parent ca67954314 f69cb0a207
commit 83d7776121
3 changed files with 397 additions and 197 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
tests/net/java/android/net/IpSecConfigTest.java Normal file
View File

@@ -0,0 +1,98 @@
/*
* Copyright (C) 2017 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.net;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import android.os.Parcel;
import android.support.test.filters.SmallTest;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;
/** Unit tests for {@link IpSecConfig}. */
@SmallTest
@RunWith(JUnit4.class)
public class IpSecConfigTest {
@Test
public void testDefaults() throws Exception {
IpSecConfig c = new IpSecConfig();
assertEquals(IpSecTransform.MODE_TRANSPORT, c.getMode());
assertEquals("", c.getLocalAddress());
assertEquals("", c.getRemoteAddress());
assertNull(c.getNetwork());
assertEquals(IpSecTransform.ENCAP_NONE, c.getEncapType());
assertEquals(IpSecManager.INVALID_RESOURCE_ID, c.getEncapSocketResourceId());
assertEquals(0, c.getEncapRemotePort());
assertEquals(0, c.getNattKeepaliveInterval());
for (int direction :
new int[] {IpSecTransform.DIRECTION_OUT, IpSecTransform.DIRECTION_IN}) {
assertNull(c.getEncryption(direction));
assertNull(c.getAuthentication(direction));
assertEquals(IpSecManager.INVALID_RESOURCE_ID, c.getSpiResourceId(direction));
}
}
@Test
public void testParcelUnparcel() throws Exception {
assertParcelingIsLossless(new IpSecConfig());
IpSecConfig c = new IpSecConfig();
c.setMode(IpSecTransform.MODE_TUNNEL);
c.setLocalAddress("0.0.0.0");
c.setRemoteAddress("1.2.3.4");
c.setEncapType(android.system.OsConstants.UDP_ENCAP_ESPINUDP);
c.setEncapSocketResourceId(7);
c.setEncapRemotePort(22);
c.setNattKeepaliveInterval(42);
c.setEncryption(
IpSecTransform.DIRECTION_OUT,
new IpSecAlgorithm(
IpSecAlgorithm.CRYPT_AES_CBC,
new byte[] {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF}));
c.setAuthentication(
IpSecTransform.DIRECTION_OUT,
new IpSecAlgorithm(
IpSecAlgorithm.AUTH_HMAC_SHA1,
new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 0}));
c.setSpiResourceId(IpSecTransform.DIRECTION_OUT, 1984);
c.setEncryption(
IpSecTransform.DIRECTION_IN,
new IpSecAlgorithm(
IpSecAlgorithm.CRYPT_AES_CBC,
new byte[] {2, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF}));
c.setAuthentication(
IpSecTransform.DIRECTION_IN,
new IpSecAlgorithm(
IpSecAlgorithm.AUTH_HMAC_SHA1,
new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 1}));
c.setSpiResourceId(IpSecTransform.DIRECTION_IN, 99);
assertParcelingIsLossless(c);
}
private void assertParcelingIsLossless(IpSecConfig ci) throws Exception {
Parcel p = Parcel.obtain();
ci.writeToParcel(p, 0);
p.setDataPosition(0);
IpSecConfig co = IpSecConfig.CREATOR.createFromParcel(p);
assertTrue(IpSecConfig.equals(co, ci));
}
}

276
tests/net/java/com/android/server/IpSecServiceParameterizedTest.java Normal file
View File

@@ -0,0 +1,276 @@
/*
* Copyright (C) 2017 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.server;
import static org.junit.Assert.assertEquals;
import static org.mockito.Matchers.anyInt;
import static org.mockito.Matchers.anyLong;
import static org.mockito.Matchers.anyString;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import android.content.Context;
import android.net.INetd;
import android.net.IpSecAlgorithm;
import android.net.IpSecConfig;
import android.net.IpSecManager;
import android.net.IpSecSpiResponse;
import android.net.IpSecTransform;
import android.net.IpSecTransformResponse;
import android.net.NetworkUtils;
import android.os.Binder;
import android.os.ParcelFileDescriptor;
import android.support.test.filters.SmallTest;
import android.system.OsConstants;
import java.net.Socket;
import java.util.Arrays;
import java.util.Collection;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
/** Unit tests for {@link IpSecService}. */
@SmallTest
@RunWith(Parameterized.class)
public class IpSecServiceParameterizedTest {
private static final int DROID_SPI = 0xD1201D;
private static final int DROID_SPI2 = DROID_SPI + 1;
private final String mRemoteAddr;
@Parameterized.Parameters
public static Collection ipSecConfigs() {
return Arrays.asList(new Object[][] {{"8.8.4.4"}, {"2601::10"}});
}
private static final byte[] CRYPT_KEY = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
};
private static final byte[] AUTH_KEY = {
0x7A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7F,
0x7A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7F
};
Context mMockContext;
INetd mMockNetd;
IpSecService.IpSecServiceConfiguration mMockIpSecSrvConfig;
IpSecService mIpSecService;
public IpSecServiceParameterizedTest(String remoteAddr) {
mRemoteAddr = remoteAddr;
}
@Before
public void setUp() throws Exception {
mMockContext = mock(Context.class);
mMockNetd = mock(INetd.class);
mMockIpSecSrvConfig = mock(IpSecService.IpSecServiceConfiguration.class);
mIpSecService = new IpSecService(mMockContext, mMockIpSecSrvConfig);
// Injecting mock netd
when(mMockIpSecSrvConfig.getNetdInstance()).thenReturn(mMockNetd);
}
@Test
public void testIpSecServiceReserveSpi() throws Exception {
when(mMockNetd.ipSecAllocateSpi(
anyInt(),
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
eq(mRemoteAddr),
eq(DROID_SPI)))
.thenReturn(DROID_SPI);
IpSecSpiResponse spiResp =
mIpSecService.reserveSecurityParameterIndex(
IpSecTransform.DIRECTION_OUT, mRemoteAddr, DROID_SPI, new Binder());
assertEquals(IpSecManager.Status.OK, spiResp.status);
assertEquals(DROID_SPI, spiResp.spi);
}
@Test
public void testReleaseSecurityParameterIndex() throws Exception {
when(mMockNetd.ipSecAllocateSpi(
anyInt(),
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
eq(mRemoteAddr),
eq(DROID_SPI)))
.thenReturn(DROID_SPI);
IpSecSpiResponse spiResp =
mIpSecService.reserveSecurityParameterIndex(
IpSecTransform.DIRECTION_OUT, mRemoteAddr, DROID_SPI, new Binder());
mIpSecService.releaseSecurityParameterIndex(spiResp.resourceId);
verify(mMockNetd)
.ipSecDeleteSecurityAssociation(
eq(spiResp.resourceId), anyInt(), anyString(), anyString(), eq(DROID_SPI));
}
IpSecConfig buildIpSecConfig() throws Exception {
IpSecManager ipSecManager = new IpSecManager(mIpSecService);
// Mocking the netd to allocate SPI
when(mMockNetd.ipSecAllocateSpi(anyInt(), anyInt(), anyString(), anyString(), anyInt()))
.thenReturn(DROID_SPI)
.thenReturn(DROID_SPI2);
IpSecAlgorithm encryptAlgo = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY);
IpSecAlgorithm authAlgo =
new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, AUTH_KEY, AUTH_KEY.length * 8);
/** Allocate and add SPI records in the IpSecService through IpSecManager interface. */
IpSecManager.SecurityParameterIndex outSpi =
ipSecManager.reserveSecurityParameterIndex(
IpSecTransform.DIRECTION_OUT,
NetworkUtils.numericToInetAddress(mRemoteAddr));
IpSecManager.SecurityParameterIndex inSpi =
ipSecManager.reserveSecurityParameterIndex(
IpSecTransform.DIRECTION_IN,
NetworkUtils.numericToInetAddress(mRemoteAddr));
IpSecConfig config = new IpSecConfig();
config.setSpiResourceId(IpSecTransform.DIRECTION_IN, inSpi.getResourceId());
config.setSpiResourceId(IpSecTransform.DIRECTION_OUT, outSpi.getResourceId());
config.setEncryption(IpSecTransform.DIRECTION_OUT, encryptAlgo);
config.setAuthentication(IpSecTransform.DIRECTION_OUT, authAlgo);
config.setEncryption(IpSecTransform.DIRECTION_IN, encryptAlgo);
config.setAuthentication(IpSecTransform.DIRECTION_IN, authAlgo);
config.setRemoteAddress(mRemoteAddr);
return config;
}
@Test
public void testCreateTransportModeTransform() throws Exception {
IpSecConfig ipSecConfig = buildIpSecConfig();
IpSecTransformResponse createTransformResp =
mIpSecService.createTransportModeTransform(ipSecConfig, new Binder());
assertEquals(IpSecManager.Status.OK, createTransformResp.status);
verify(mMockNetd)
.ipSecAddSecurityAssociation(
eq(createTransformResp.resourceId),
anyInt(),
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
anyString(),
anyLong(),
eq(DROID_SPI),
eq(IpSecAlgorithm.AUTH_HMAC_SHA256),
eq(AUTH_KEY),
anyInt(),
eq(IpSecAlgorithm.CRYPT_AES_CBC),
eq(CRYPT_KEY),
anyInt(),
anyInt(),
anyInt(),
anyInt());
verify(mMockNetd)
.ipSecAddSecurityAssociation(
eq(createTransformResp.resourceId),
anyInt(),
eq(IpSecTransform.DIRECTION_IN),
anyString(),
anyString(),
anyLong(),
eq(DROID_SPI2),
eq(IpSecAlgorithm.AUTH_HMAC_SHA256),
eq(AUTH_KEY),
anyInt(),
eq(IpSecAlgorithm.CRYPT_AES_CBC),
eq(CRYPT_KEY),
anyInt(),
anyInt(),
anyInt(),
anyInt());
}
@Test
public void testDeleteTransportModeTransform() throws Exception {
IpSecConfig ipSecConfig = buildIpSecConfig();
IpSecTransformResponse createTransformResp =
mIpSecService.createTransportModeTransform(ipSecConfig, new Binder());
mIpSecService.deleteTransportModeTransform(createTransformResp.resourceId);
verify(mMockNetd)
.ipSecDeleteSecurityAssociation(
eq(createTransformResp.resourceId),
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
anyString(),
eq(DROID_SPI));
verify(mMockNetd)
.ipSecDeleteSecurityAssociation(
eq(createTransformResp.resourceId),
eq(IpSecTransform.DIRECTION_IN),
anyString(),
anyString(),
eq(DROID_SPI2));
}
@Test
public void testApplyTransportModeTransform() throws Exception {
IpSecConfig ipSecConfig = buildIpSecConfig();
IpSecTransformResponse createTransformResp =
mIpSecService.createTransportModeTransform(ipSecConfig, new Binder());
ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket());
int resourceId = createTransformResp.resourceId;
mIpSecService.applyTransportModeTransform(pfd, resourceId);
verify(mMockNetd)
.ipSecApplyTransportModeTransform(
eq(pfd.getFileDescriptor()),
eq(resourceId),
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
anyString(),
eq(DROID_SPI));
verify(mMockNetd)
.ipSecApplyTransportModeTransform(
eq(pfd.getFileDescriptor()),
eq(resourceId),
eq(IpSecTransform.DIRECTION_IN),
anyString(),
anyString(),
eq(DROID_SPI2));
}
@Test
public void testRemoveTransportModeTransform() throws Exception {
ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket());
mIpSecService.removeTransportModeTransform(pfd, 1);
verify(mMockNetd).ipSecRemoveTransportModeTransform(pfd.getFileDescriptor());
}
}

220
tests/net/java/com/android/server/IpSecServiceTest.java
View File

@@ -23,34 +23,28 @@ import static android.system.OsConstants.SOCK_DGRAM;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;
import static org.mockito.Matchers.anyInt;
import static org.mockito.Matchers.anyLong;
import static org.mockito.Matchers.anyObject;
import static org.mockito.Matchers.anyString;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import android.content.Context;
import android.net.INetd;
import android.net.IpSecAlgorithm;
import android.net.IpSecConfig;
import android.net.IpSecManager;
import android.net.IpSecSpiResponse;
import android.net.IpSecTransform;
import android.net.IpSecTransformResponse;
import android.net.IpSecUdpEncapResponse;
import android.os.Binder;
import android.os.ParcelFileDescriptor;
import android.support.test.filters.SmallTest;
import android.system.ErrnoException;
import android.system.Os;
import java.io.FileDescriptor;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.UnknownHostException;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -62,13 +56,8 @@ import org.junit.runners.JUnit4;
public class IpSecServiceTest {
private static final int DROID_SPI = 0xD1201D;
private static final int DROID_SPI2 = DROID_SPI + 1;
private static final int TEST_UDP_ENCAP_INVALID_PORT = 100;
private static final int TEST_UDP_ENCAP_PORT_OUT_RANGE = 100000;
private static final int TEST_UDP_ENCAP_PORT = 34567;
private static final String IPV4_LOOPBACK = "127.0.0.1";
private static final String IPV4_ADDR = "192.168.0.2";
private static final InetAddress INADDR_ANY;
@@ -80,21 +69,6 @@ public class IpSecServiceTest {
}
}
private static final int[] DIRECTIONS =
new int[] {IpSecTransform.DIRECTION_OUT, IpSecTransform.DIRECTION_IN};
private static final byte[] CRYPT_KEY = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
};
private static final byte[] AUTH_KEY = {
0x7A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7F,
0x7A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7F
};
Context mMockContext;
INetd mMockNetd;
IpSecService.IpSecServiceConfiguration mMockIpSecSrvConfig;
@@ -117,44 +91,6 @@ public class IpSecServiceTest {
assertNotNull(ipSecSrv);
}
@Test
public void testIpSecServiceReserveSpi() throws Exception {
when(mMockNetd.ipSecAllocateSpi(
anyInt(),
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
eq(IPV4_LOOPBACK),
eq(DROID_SPI)))
.thenReturn(DROID_SPI);
IpSecSpiResponse spiResp =
mIpSecService.reserveSecurityParameterIndex(
IpSecTransform.DIRECTION_OUT, IPV4_LOOPBACK, DROID_SPI, new Binder());
assertEquals(IpSecManager.Status.OK, spiResp.status);
assertEquals(DROID_SPI, spiResp.spi);
}
@Test
public void testReleaseSecurityParameterIndex() throws Exception {
when(mMockNetd.ipSecAllocateSpi(
anyInt(),
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
eq(IPV4_LOOPBACK),
eq(DROID_SPI)))
.thenReturn(DROID_SPI);
IpSecSpiResponse spiResp =
mIpSecService.reserveSecurityParameterIndex(
IpSecTransform.DIRECTION_OUT, IPV4_LOOPBACK, DROID_SPI, new Binder());
mIpSecService.releaseSecurityParameterIndex(spiResp.resourceId);
verify(mMockNetd)
.ipSecDeleteSecurityAssociation(
eq(spiResp.resourceId), anyInt(), anyString(), anyString(), eq(DROID_SPI));
}
@Test
public void testReleaseInvalidSecurityParameterIndex() throws Exception {
try {
@@ -285,108 +221,6 @@ public class IpSecServiceTest {
}
}
IpSecConfig buildIpSecConfig() throws Exception {
IpSecManager ipSecManager = new IpSecManager(mIpSecService);
// Mocking the netd to allocate SPI
when(mMockNetd.ipSecAllocateSpi(anyInt(), anyInt(), anyString(), anyString(), anyInt()))
.thenReturn(DROID_SPI)
.thenReturn(DROID_SPI2);
IpSecAlgorithm encryptAlgo = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY);
IpSecAlgorithm authAlgo =
new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, AUTH_KEY, AUTH_KEY.length * 8);
InetAddress localAddr = InetAddress.getByAddress(new byte[] {127, 0, 0, 1});
/** Allocate and add SPI records in the IpSecService through IpSecManager interface. */
IpSecManager.SecurityParameterIndex outSpi =
ipSecManager.reserveSecurityParameterIndex(IpSecTransform.DIRECTION_OUT, localAddr);
IpSecManager.SecurityParameterIndex inSpi =
ipSecManager.reserveSecurityParameterIndex(IpSecTransform.DIRECTION_IN, localAddr);
IpSecConfig ipSecConfig =
new IpSecTransform.Builder(mMockContext)
.setSpi(IpSecTransform.DIRECTION_OUT, outSpi)
.setSpi(IpSecTransform.DIRECTION_IN, inSpi)
.setEncryption(IpSecTransform.DIRECTION_OUT, encryptAlgo)
.setAuthentication(IpSecTransform.DIRECTION_OUT, authAlgo)
.setEncryption(IpSecTransform.DIRECTION_IN, encryptAlgo)
.setAuthentication(IpSecTransform.DIRECTION_IN, authAlgo)
.getIpSecConfig();
return ipSecConfig;
}
@Test
public void testCreateTransportModeTransform() throws Exception {
IpSecConfig ipSecConfig = buildIpSecConfig();
IpSecTransformResponse createTransformResp =
mIpSecService.createTransportModeTransform(ipSecConfig, new Binder());
assertEquals(IpSecManager.Status.OK, createTransformResp.status);
verify(mMockNetd)
.ipSecAddSecurityAssociation(
eq(createTransformResp.resourceId),
anyInt(),
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
anyString(),
anyLong(),
eq(DROID_SPI),
eq(IpSecAlgorithm.AUTH_HMAC_SHA256),
eq(AUTH_KEY),
anyInt(),
eq(IpSecAlgorithm.CRYPT_AES_CBC),
eq(CRYPT_KEY),
anyInt(),
anyInt(),
anyInt(),
anyInt());
verify(mMockNetd)
.ipSecAddSecurityAssociation(
eq(createTransformResp.resourceId),
anyInt(),
eq(IpSecTransform.DIRECTION_IN),
anyString(),
anyString(),
anyLong(),
eq(DROID_SPI2),
eq(IpSecAlgorithm.AUTH_HMAC_SHA256),
eq(AUTH_KEY),
anyInt(),
eq(IpSecAlgorithm.CRYPT_AES_CBC),
eq(CRYPT_KEY),
anyInt(),
anyInt(),
anyInt(),
anyInt());
}
@Test
public void testDeleteTransportModeTransform() throws Exception {
IpSecConfig ipSecConfig = buildIpSecConfig();
IpSecTransformResponse createTransformResp =
mIpSecService.createTransportModeTransform(ipSecConfig, new Binder());
mIpSecService.deleteTransportModeTransform(createTransformResp.resourceId);
verify(mMockNetd)
.ipSecDeleteSecurityAssociation(
eq(createTransformResp.resourceId),
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
anyString(),
eq(DROID_SPI));
verify(mMockNetd)
.ipSecDeleteSecurityAssociation(
eq(createTransformResp.resourceId),
eq(IpSecTransform.DIRECTION_IN),
anyString(),
anyString(),
eq(DROID_SPI2));
}
@Test
public void testDeleteInvalidTransportModeTransform() throws Exception {
try {
@@ -396,35 +230,6 @@ public class IpSecServiceTest {
}
}
@Test
public void testApplyTransportModeTransform() throws Exception {
IpSecConfig ipSecConfig = buildIpSecConfig();
IpSecTransformResponse createTransformResp =
mIpSecService.createTransportModeTransform(ipSecConfig, new Binder());
ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket());
int resourceId = createTransformResp.resourceId;
mIpSecService.applyTransportModeTransform(pfd, resourceId);
verify(mMockNetd)
.ipSecApplyTransportModeTransform(
eq(pfd.getFileDescriptor()),
eq(resourceId),
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
anyString(),
eq(DROID_SPI));
verify(mMockNetd)
.ipSecApplyTransportModeTransform(
eq(pfd.getFileDescriptor()),
eq(resourceId),
eq(IpSecTransform.DIRECTION_IN),
anyString(),
anyString(),
eq(DROID_SPI2));
}
@Test
public void testRemoveTransportModeTransform() throws Exception {
ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket());
@@ -432,4 +237,25 @@ public class IpSecServiceTest {
verify(mMockNetd).ipSecRemoveTransportModeTransform(pfd.getFileDescriptor());
}
@Test
public void testValidateIpAddresses() throws Exception {
String[] invalidAddresses =
new String[] {"www.google.com", "::", "2001::/64", "0.0.0.0", ""};
for (String address : invalidAddresses) {
try {
IpSecSpiResponse spiResp =
mIpSecService.reserveSecurityParameterIndex(
IpSecTransform.DIRECTION_OUT, address, DROID_SPI, new Binder());
fail("Invalid address was passed through IpSecService validation: " + address);
} catch (IllegalArgumentException e) {
} catch (Exception e) {
fail(
"Invalid InetAddress was not caught in validation: "
+ address
+ ", Exception: "
+ e);
}
}
}
}