Support IkeSessionOptions for basic IKE SA setup

Bug: 122735723
Test: FrameworksIkeTests IkeSessionOptionsTest
Change-Id: I9904699dec9dfd83c5846fec3e278d86013f7091

3 files changed, 118 insertions, 15 deletions

diff --git a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java
new file mode 100644
index 00000000..bdaf135a
--- /dev/null
+++ b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.ike.ikev2;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.fail;
+
+import android.content.Context;
+import android.net.IpSecManager;
+import android.net.IpSecManager.UdpEncapsulationSocket;
+
+import androidx.test.InstrumentationRegistry;
+
+import libcore.net.InetAddressUtils;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.net.Inet4Address;
+
+public final class IkeSessionOptionsTest {
+    private static final Inet4Address IPV4_ADDRESS =
+            (Inet4Address) (InetAddressUtils.parseNumericAddress("192.0.2.100"));
+
+    private UdpEncapsulationSocket mUdpEncapSocket;
+
+    @Before
+    public void setUp() throws Exception {
+        Context context = InstrumentationRegistry.getContext();
+        IpSecManager ipSecManager = (IpSecManager) context.getSystemService(Context.IPSEC_SERVICE);
+        mUdpEncapSocket = ipSecManager.openUdpEncapsulationSocket();
+    }
+
+    @After
+    public void tearDown() throws Exception {
+        mUdpEncapSocket.close();
+    }
+
+    @Test
+    public void testBuild() throws Exception {
+        SaProposal saProposal =
+                SaProposal.Builder.newIkeSaProposalBuilder()
+                        .addEncryptionAlgorithm(
+                                SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8,
+                                SaProposal.KEY_LEN_AES_128)
+                        .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC)
+                        .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
+                        .build();
+
+        IkeSessionOptions sessionOptions =
+                new IkeSessionOptions.Builder(IPV4_ADDRESS, mUdpEncapSocket)
+                        .addSaProposal(saProposal)
+                        .build();
+
+        assertEquals(IPV4_ADDRESS, sessionOptions.getServerAddress());
+        assertEquals(mUdpEncapSocket, sessionOptions.getUdpEncapsulationSocket());
+        assertArrayEquals(new SaProposal[] {saProposal}, sessionOptions.getSaProposals());
+        assertFalse(sessionOptions.isIkeFragmentationSupported());
+    }
+
+    @Test
+    public void testBuildWithoutSaProposal() throws Exception {
+        try {
+            new IkeSessionOptions.Builder(IPV4_ADDRESS, mUdpEncapSocket).build();
+            fail("Expected to fail due to absence of SA proposal.");
+        } catch (IllegalArgumentException expected) {
+        }
+    }
+
+    @Test
+    public void testBuildWithChildSaProposal() throws Exception {
+        SaProposal saProposal =
+                SaProposal.Builder.newChildSaProposalBuilder(true)
+                        .addEncryptionAlgorithm(
+                                SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8,
+                                SaProposal.KEY_LEN_AES_128)
+                        .build();
+        try {
+            new IkeSessionOptions.Builder(IPV4_ADDRESS, mUdpEncapSocket)
+                    .addSaProposal(saProposal)
+                    .build();
+            fail("Expected to fail due to wrong type of SA proposal.");
+        } catch (IllegalArgumentException expected) {
+        }
+    }
+}
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java b/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java
index 2ce2a9d9..428c028d 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java
@@ -64,7 +64,7 @@ public final class SaProposalTest {
                         .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
                         .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC)
                         .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
-                        .buildOrThrow();
+                        .build();
 
         assertEquals(IkePayload.PROTOCOL_ID_IKE, proposal.mProtocolId);
         assertArrayEquals(
@@ -87,7 +87,7 @@ public final class SaProposalTest {
                                 SaProposal.KEY_LEN_AES_128)
                         .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC)
                         .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
-                        .buildOrThrow();
+                        .build();
 
         assertEquals(IkePayload.PROTOCOL_ID_IKE, proposal.mProtocolId);
         assertArrayEquals(
@@ -107,7 +107,7 @@ public final class SaProposalTest {
                                 SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8,
                                 SaProposal.KEY_LEN_AES_128)
                         .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE)
-                        .buildOrThrow();
+                        .build();
 
         assertEquals(IkePayload.PROTOCOL_ID_ESP, proposal.mProtocolId);
         assertArrayEquals(
@@ -127,7 +127,7 @@ public final class SaProposalTest {
                 builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES)
                         .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE)
                         .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
-                        .buildOrThrow();
+                        .build();
 
         assertEquals(IkePayload.PROTOCOL_ID_ESP, proposal.mProtocolId);
         assertArrayEquals(
@@ -143,7 +143,7 @@ public final class SaProposalTest {
     public void testBuildEncryptAlgosWithNoAlgorithm() throws Exception {
         Builder builder = Builder.newIkeSaProposalBuilder();
         try {
-            builder.buildOrThrow();
+            builder.build();
             fail("Expected to fail when no encryption algorithm is proposed.");
         } catch (IllegalArgumentException expected) {
 
@@ -179,7 +179,7 @@ public final class SaProposalTest {
     public void testBuildIkeProposalWithoutPrf() throws Exception {
         Builder builder = Builder.newIkeSaProposalBuilder();
         try {
-            builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES).buildOrThrow();
+            builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES).build();
             fail("Expected to fail when PRF is not provided in IKE SA proposal.");
         } catch (IllegalArgumentException expected) {
 
@@ -192,7 +192,7 @@ public final class SaProposalTest {
         try {
             builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES)
                     .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1)
-                    .buildOrThrow();
+                    .build();
 
             fail("Expected to fail when PRF is provided in Child SA proposal.");
         } catch (IllegalArgumentException expected) {
@@ -209,7 +209,7 @@ public final class SaProposalTest {
             builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12)
                     .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE)
                     .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
-                    .buildOrThrow();
+                    .build();
 
             fail("Expected to fail when not-none integrity algorithm is proposed with AEAD");
         } catch (IllegalArgumentException expected) {
@@ -225,7 +225,7 @@ public final class SaProposalTest {
         try {
             builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES)
                     .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1)
-                    .buildOrThrow();
+                    .build();
 
             fail(
                     "Expected to fail when"
@@ -245,7 +245,7 @@ public final class SaProposalTest {
                     .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1)
                     .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE)
                     .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
-                    .buildOrThrow();
+                    .build();
 
             fail(
                     "Expected to fail when none-value integrity algorithm is proposed"
@@ -262,7 +262,7 @@ public final class SaProposalTest {
             builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES)
                     .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
                     .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC)
-                    .buildOrThrow();
+                    .build();
 
             fail("Expected to fail when no DH Group is proposed in IKE SA proposal.");
         } catch (IllegalArgumentException expected) {
@@ -279,7 +279,7 @@ public final class SaProposalTest {
                     .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC)
                     .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
                     .addDhGroup(SaProposal.DH_GROUP_NONE)
-                    .buildOrThrow();
+                    .build();
 
             fail("Expected to fail when none-value DH Group is proposed in IKE SA proposal.");
         } catch (IllegalArgumentException expected) {
@@ -295,7 +295,7 @@ public final class SaProposalTest {
             builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES)
                     .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
                     .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
-                    .buildOrThrow();
+                    .build();
 
             fail(
                     "Expected to fail when"
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java
index b0d927d8..2a47362c 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java
@@ -153,7 +153,7 @@ public final class IkeSaPayloadTest {
                         .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
                         .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
                         .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1)
-                        .buildOrThrow();
+                        .build();
 
         mSaProposalTwo =
                 SaProposal.Builder.newIkeSaProposalBuilder()
@@ -166,7 +166,7 @@ public final class IkeSaPayloadTest {
                         .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC)
                         .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
                         .addDhGroup(SaProposal.DH_GROUP_2048_BIT_MODP)
-                        .buildOrThrow();
+                        .build();
         mTwoSaProposalsArray = new SaProposal[] {mSaProposalOne, mSaProposalTwo};
     }