diff options
author | evitayan <evitayan@google.com> | 2019-09-25 11:24:40 -0700 |
---|---|---|
committer | evitayan <evitayan@google.com> | 2019-10-07 11:57:57 -0700 |
commit | 3e766d2d6c3754e24454d6db9c02ad31e6846791 (patch) | |
tree | ec450c23fe67b6755db5648ddb53c3a564e2c5ec /tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java | |
parent | 7b28df935eab7255e03f6553de7241ddc90b751f (diff) | |
download | ike-3e766d2d6c3754e24454d6db9c02ad31e6846791.tar.gz |
Authenticate remote side using digital signature
Bug: 124233517
Test: atest FrameworksIkeTests(new tests passed)
Change-Id: Icf0f64a69b3349967ccd59ae52ecbdb4dd7b4e58
Diffstat (limited to 'tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java')
-rw-r--r-- | tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java | 49 |
1 files changed, 28 insertions, 21 deletions
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java index e34b12b8..afb07ed9 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java @@ -99,6 +99,7 @@ import com.android.ike.ikev2.exceptions.UnsupportedCriticalPayloadException; import com.android.ike.ikev2.message.IkeAuthDigitalSignPayload; import com.android.ike.ikev2.message.IkeAuthPayload; import com.android.ike.ikev2.message.IkeAuthPskPayload; +import com.android.ike.ikev2.message.IkeCertX509CertPayload; import com.android.ike.ikev2.message.IkeDeletePayload; import com.android.ike.ikev2.message.IkeEapPayload; import com.android.ike.ikev2.message.IkeHeader; @@ -125,6 +126,7 @@ import com.android.ike.ikev2.message.IkeSaPayload.PrfTransform; import com.android.ike.ikev2.message.IkeSkfPayload; import com.android.ike.ikev2.message.IkeTestUtils; import com.android.ike.ikev2.message.IkeTsPayload; +import com.android.ike.ikev2.testutils.CertUtils; import com.android.ike.ikev2.testutils.MockIpSecTestUtils; import com.android.ike.ikev2.utils.Retransmitter; import com.android.ike.ikev2.utils.Retransmitter.IBackoffTimeoutCalculator; @@ -286,6 +288,9 @@ public final class IkeSessionStateMachineTest { private IkeEapAuthenticatorFactory mMockEapAuthenticatorFactory; private EapAuthenticator mMockEapAuthenticator; + private X509Certificate mRootCertificate; + private X509Certificate mServerEndCertificate; + private ArgumentCaptor<IkeMessage> mIkeMessageCaptor = ArgumentCaptor.forClass(IkeMessage.class); private ArgumentCaptor<IkeSaRecordConfig> mIkeSaRecordConfigCaptor = @@ -611,6 +616,9 @@ public final class IkeSessionStateMachineTest { when(mMockEapAuthenticatorFactory.newEapAuthenticator(any(), any(), any(), any())) .thenReturn(mMockEapAuthenticator); + mRootCertificate = CertUtils.createCertFromPemFile("self-signed-ca-a.pem"); + mServerEndCertificate = CertUtils.createCertFromPemFile("end-cert-a.pem"); + mPsk = TestUtils.hexStringToByteArray(PSK_HEX_STRING); mChildSessionOptions = buildChildSessionOptions(); @@ -731,7 +739,7 @@ public final class IkeSessionStateMachineTest { private IkeSessionOptions buildIkeSessionOptionsEap() throws Exception { return buildIkeSessionOptionsCommon() - .setAuthEap(mock(X509Certificate.class), mEapSessionConfig) + .setAuthEap(mRootCertificate, mEapSessionConfig) .build(); } @@ -1996,6 +2004,20 @@ public final class IkeSessionStateMachineTest { return spyAuthPayload; } + private IkeAuthDigitalSignPayload makeSpyDigitalSignAuthPayload() throws Exception { + IkeAuthDigitalSignPayload spyAuthPayload = + spy( + (IkeAuthDigitalSignPayload) + IkeTestUtils.hexStringToIkePayload( + IkePayload.PAYLOAD_TYPE_AUTH, + true /*isResp*/, + GENERIC_DIGITAL_SIGN_AUTH_RESP_HEX_STRING)); + doNothing() + .when(spyAuthPayload) + .verifyInboundSignature(any(), any(), any(), any(), any(), any()); + return spyAuthPayload; + } + private IkeIdPayload makeRespIdPayload() throws Exception { return (IkeIdPayload) IkeTestUtils.hexStringToIkePayload( @@ -2086,28 +2108,15 @@ public final class IkeSessionStateMachineTest { mockIkeInitAndTransitionToIkeAuth(mIkeSessionStateMachine.mCreateIkeLocalIkeAuth); verifyRetransmissionStarted(); - // Build IKE AUTH response with EAP Payload and ID-Responder Payload. - - // TODO: Also include Cert Payload. + // Build IKE AUTH response with EAP. Auth, ID-Resp and Cert payloads. List<IkePayload> authRelatedPayloads = new LinkedList<>(); authRelatedPayloads.add(new IkeEapPayload(EAP_DUMMY_MSG)); + authRelatedPayloads.add(makeSpyDigitalSignAuthPayload()); + authRelatedPayloads.add(makeRespIdPayload()); - IkeAuthDigitalSignPayload authPayload = - (IkeAuthDigitalSignPayload) - IkeTestUtils.hexStringToIkePayload( - IkePayload.PAYLOAD_TYPE_AUTH, - true /*isResp*/, - GENERIC_DIGITAL_SIGN_AUTH_RESP_HEX_STRING); - authRelatedPayloads.add(authPayload); - - IkeIdPayload respIdPayload = - (IkeIdPayload) - IkeTestUtils.hexStringToIkePayload( - IkePayload.PAYLOAD_TYPE_ID_RESPONDER, - true /*isResp*/, - ID_PAYLOAD_RESPONDER_HEX_STRING); - authRelatedPayloads.add(respIdPayload); + IkeCertX509CertPayload certPayload = new IkeCertX509CertPayload(mServerEndCertificate); + authRelatedPayloads.add(certPayload); // Send IKE AUTH response to IKE state machine mIkeSessionStateMachine.sendMessage( @@ -2127,8 +2136,6 @@ public final class IkeSessionStateMachineTest { verifyRetransmissionStopped(); assertNotNull(mIkeSessionStateMachine.mInitIdPayload); assertNotNull(mIkeSessionStateMachine.mRespIdPayload); - - // TODO: Verify authentication is done } private IEapCallback verifyEapAuthenticatorCreatedAndGetCallback() { |