diff options
author | evitayan <evitayan@google.com> | 2019-10-18 17:56:05 -0700 |
---|---|---|
committer | evitayan <evitayan@google.com> | 2019-10-31 10:54:21 -0700 |
commit | 922bd137cd4bfe5a959ff5883455dc5ebf858135 (patch) | |
tree | 95fd63c38c769574fcfd50b7e69b91e1531ca58f /tests/iketests/src/java/com | |
parent | 819c419ff9a87355a0cfa2776cd9afe324158667 (diff) | |
download | ike-922bd137cd4bfe5a959ff5883455dc5ebf858135.tar.gz |
Support setting auth method to digital signature
This commit adds interface to configure AUTH method to digital
signature.
Bug: 142139930
Test: atest FrameworksIkeTests(new tests added)
Change-Id: I6d499ac6c1cdf01c64891d855405b29518ea86d0
Diffstat (limited to 'tests/iketests/src/java/com')
-rw-r--r-- | tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java | 71 |
1 files changed, 68 insertions, 3 deletions
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java index 7abcc581..88ff2f1d 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java @@ -17,6 +17,7 @@ package com.android.ike.ikev2; import static com.android.ike.ikev2.IkeSessionOptions.IkeAuthConfig; +import static com.android.ike.ikev2.IkeSessionOptions.IkeAuthDigitalSignLocalConfig; import static com.android.ike.ikev2.IkeSessionOptions.IkeAuthDigitalSignRemoteConfig; import static com.android.ike.ikev2.IkeSessionOptions.IkeAuthEapConfig; import static com.android.ike.ikev2.IkeSessionOptions.IkeAuthPskConfig; @@ -44,7 +45,10 @@ import org.junit.Before; import org.junit.Test; import java.net.Inet4Address; +import java.security.PrivateKey; import java.security.cert.X509Certificate; +import java.security.interfaces.DSAPrivateKey; +import java.security.interfaces.RSAPrivateKey; public final class IkeSessionOptionsTest { private static final String PSK_HEX_STRING = "6A756E69706572313233"; @@ -60,6 +64,10 @@ public final class IkeSessionOptionsTest { private IkeIdentification mLocalIdentification; private IkeIdentification mRemoteIdentification; + private X509Certificate mMockServerCaCert; + private X509Certificate mMockClientEndCert; + private PrivateKey mMockRsaPrivateKey; + @Before public void setUp() throws Exception { Context context = InstrumentationRegistry.getContext(); @@ -76,6 +84,10 @@ public final class IkeSessionOptionsTest { .build(); mLocalIdentification = new IkeIpv4AddrIdentification(LOCAL_IPV4_ADDRESS); mRemoteIdentification = new IkeIpv4AddrIdentification(REMOTE_IPV4_ADDRESS); + + mMockServerCaCert = mock(X509Certificate.class); + mMockClientEndCert = mock(X509Certificate.class); + mMockRsaPrivateKey = mock(RSAPrivateKey.class); } @After @@ -121,7 +133,6 @@ public final class IkeSessionOptionsTest { @Test public void testBuildWithEap() throws Exception { - X509Certificate mockCert = mock(X509Certificate.class); EapSessionConfig eapConfig = mock(EapSessionConfig.class); IkeSessionOptions sessionOptions = @@ -131,7 +142,7 @@ public final class IkeSessionOptionsTest { .addSaProposal(mIkeSaProposal) .setLocalIdentification(mLocalIdentification) .setRemoteIdentification(mRemoteIdentification) - .setAuthEap(mockCert, eapConfig) + .setAuthEap(mMockServerCaCert, eapConfig) .build(); verifyIkeSessionOptionsCommon(sessionOptions); @@ -145,11 +156,65 @@ public final class IkeSessionOptionsTest { assertTrue(remoteConfig instanceof IkeAuthDigitalSignRemoteConfig); assertEquals(IkeSessionOptions.IKE_AUTH_METHOD_PUB_KEY_SIGNATURE, remoteConfig.mAuthMethod); assertEquals( - mockCert, + mMockServerCaCert, + ((IkeAuthDigitalSignRemoteConfig) remoteConfig).mTrustAnchor.getTrustedCert()); + } + + @Test + public void testBuildWithDigitalSignatureAuth() throws Exception { + IkeSessionOptions sessionOptions = + new IkeSessionOptions.Builder() + .setServerAddress(REMOTE_IPV4_ADDRESS) + .setUdpEncapsulationSocket(mUdpEncapSocket) + .addSaProposal(mIkeSaProposal) + .setLocalIdentification(mLocalIdentification) + .setRemoteIdentification(mRemoteIdentification) + .setAuthDigitalSignature( + mMockServerCaCert, mMockClientEndCert, mMockRsaPrivateKey) + .build(); + + verifyIkeSessionOptionsCommon(sessionOptions); + + IkeAuthConfig localConfig = sessionOptions.getLocalAuthConfig(); + assertTrue(localConfig instanceof IkeAuthDigitalSignLocalConfig); + + IkeAuthDigitalSignLocalConfig localAuthConfig = (IkeAuthDigitalSignLocalConfig) localConfig; + assertEquals( + IkeSessionOptions.IKE_AUTH_METHOD_PUB_KEY_SIGNATURE, localAuthConfig.mAuthMethod); + assertEquals(mMockClientEndCert, localAuthConfig.mEndCert); + assertTrue(localAuthConfig.mIntermediateCerts.isEmpty()); + assertEquals(mMockRsaPrivateKey, localAuthConfig.mPrivateKey); + + IkeAuthConfig remoteConfig = sessionOptions.getRemoteAuthConfig(); + assertTrue(remoteConfig instanceof IkeAuthDigitalSignRemoteConfig); + assertEquals(IkeSessionOptions.IKE_AUTH_METHOD_PUB_KEY_SIGNATURE, remoteConfig.mAuthMethod); + assertEquals( + mMockServerCaCert, ((IkeAuthDigitalSignRemoteConfig) remoteConfig).mTrustAnchor.getTrustedCert()); } @Test + public void testBuildWithDsaDigitalSignatureAuth() throws Exception { + try { + IkeSessionOptions sessionOptions = + new IkeSessionOptions.Builder() + .setServerAddress(REMOTE_IPV4_ADDRESS) + .setUdpEncapsulationSocket(mUdpEncapSocket) + .addSaProposal(mIkeSaProposal) + .setLocalIdentification(mLocalIdentification) + .setRemoteIdentification(mRemoteIdentification) + .setAuthDigitalSignature( + mMockServerCaCert, + mMockClientEndCert, + mock(DSAPrivateKey.class)) + .build(); + fail("Expected to fail because DSA is not supported"); + } catch (IllegalArgumentException expected) { + + } + } + + @Test public void testBuildWithoutSaProposal() throws Exception { try { new IkeSessionOptions.Builder() |