diff options
Diffstat (limited to 'tests/iketests/src/java/com')
-rw-r--r-- | tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java | 76 |
1 files changed, 70 insertions, 6 deletions
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java b/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java index 86967f53..9aca851e 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java @@ -16,6 +16,8 @@ package com.android.ike.ikev2; +import static android.system.OsConstants.AF_INET; + import static com.android.ike.ikev2.ChildSessionStateMachine.CMD_FORCE_TRANSITION; import static com.android.ike.ikev2.IkeSessionStateMachine.CMD_LOCAL_REQUEST_REKEY_CHILD; import static com.android.ike.ikev2.IkeSessionStateMachine.IKE_EXCHANGE_SUBTYPE_DELETE_CHILD; @@ -27,6 +29,7 @@ import static com.android.ike.ikev2.exceptions.IkeProtocolException.ERROR_TYPE_T import static com.android.ike.ikev2.message.IkeHeader.EXCHANGE_TYPE_CREATE_CHILD_SA; import static com.android.ike.ikev2.message.IkeHeader.EXCHANGE_TYPE_INFORMATIONAL; import static com.android.ike.ikev2.message.IkeNotifyPayload.NOTIFY_TYPE_REKEY_SA; +import static com.android.ike.ikev2.message.IkePayload.PAYLOAD_TYPE_CP; import static com.android.ike.ikev2.message.IkePayload.PAYLOAD_TYPE_DELETE; import static com.android.ike.ikev2.message.IkePayload.PAYLOAD_TYPE_KE; import static com.android.ike.ikev2.message.IkePayload.PAYLOAD_TYPE_NONCE; @@ -64,6 +67,7 @@ import android.content.Context; import android.net.IpSecManager; import android.net.IpSecManager.UdpEncapsulationSocket; import android.net.IpSecTransform; +import android.net.LinkAddress; import android.os.test.TestLooper; import androidx.test.InstrumentationRegistry; @@ -84,6 +88,10 @@ import com.android.ike.ikev2.exceptions.IkeInternalException; import com.android.ike.ikev2.exceptions.InvalidKeException; import com.android.ike.ikev2.exceptions.InvalidSyntaxException; import com.android.ike.ikev2.exceptions.NoValidProposalChosenException; +import com.android.ike.ikev2.message.IkeConfigPayload; +import com.android.ike.ikev2.message.IkeConfigPayload.ConfigAttribute; +import com.android.ike.ikev2.message.IkeConfigPayload.ConfigAttributeIpv4Address; +import com.android.ike.ikev2.message.IkeConfigPayload.ConfigAttributeIpv4Netmask; import com.android.ike.ikev2.message.IkeDeletePayload; import com.android.ike.ikev2.message.IkeKePayload; import com.android.ike.ikev2.message.IkeMessage; @@ -113,6 +121,7 @@ import java.net.Inet4Address; import java.net.InetAddress; import java.security.GeneralSecurityException; import java.util.ArrayList; +import java.util.Arrays; import java.util.LinkedList; import java.util.List; import java.util.concurrent.Executor; @@ -124,6 +133,10 @@ public final class ChildSessionStateMachineTest { (Inet4Address) (InetAddressUtils.parseNumericAddress("192.0.2.200")); private static final Inet4Address REMOTE_ADDRESS = (Inet4Address) (InetAddressUtils.parseNumericAddress("192.0.2.100")); + private static final Inet4Address INTERNAL_ADDRESS = + (Inet4Address) (InetAddressUtils.parseNumericAddress("203.0.113.100")); + + private static final int IPV4_PREFIX_LEN = 32; private static final String IKE_AUTH_RESP_SA_PAYLOAD = "2c00002c0000002801030403cae7019f0300000c0100000c800e0080" @@ -188,6 +201,9 @@ public final class ChildSessionStateMachineTest { ArgumentCaptor.forClass(ChildSaRecordConfig.class); private ArgumentCaptor<List<IkePayload>> mPayloadListCaptor = ArgumentCaptor.forClass(List.class); + private ArgumentCaptor<ChildSessionConfiguration> mChildConfigCaptor = + ArgumentCaptor.forClass(ChildSessionConfiguration.class); + private ArgumentMatcher<ChildLocalRequest> mRekeyChildLocalReqMatcher = (argument) -> { return CMD_LOCAL_REQUEST_REKEY_CHILD == argument.procedureType @@ -269,7 +285,11 @@ public final class ChildSessionStateMachineTest { } private ChildSessionOptions buildChildSessionOptions() throws Exception { - return new TunnelModeChildSessionOptions.Builder().addSaProposal(buildSaProposal()).build(); + return new TunnelModeChildSessionOptions.Builder() + .addSaProposal(buildSaProposal()) + .addInternalAddressRequest(AF_INET, 1) + .addInternalAddressRequest(INTERNAL_ADDRESS, IPV4_PREFIX_LEN) + .build(); } private void setUpChildSaRecords() { @@ -321,6 +341,17 @@ public final class ChildSessionStateMachineTest { // Build Nonce Payloads mFirstSaReqPayloads.add(new IkeNoncePayload()); mFirstSaRespPayloads.add(new IkeNoncePayload()); + + // Build Config Request Payload + List<ConfigAttribute> attrReqList = new LinkedList<>(); + attrReqList.add(new ConfigAttributeIpv4Address(INTERNAL_ADDRESS)); + attrReqList.add(new ConfigAttributeIpv4Netmask()); + mFirstSaReqPayloads.add(new IkeConfigPayload(false /*isReply*/, attrReqList)); + + // Build Config Reply Payload + List<ConfigAttribute> attrRespList = new LinkedList<>(); + attrRespList.add(new ConfigAttributeIpv4Address(INTERNAL_ADDRESS)); + mFirstSaRespPayloads.add(new IkeConfigPayload(true /*isReply*/, attrRespList)); } private ChildSaRecord makeSpyChildSaRecord(int inboundSpi, int outboundSpi) { @@ -444,7 +475,29 @@ public final class ChildSessionStateMachineTest { verify(mSpyUserCbExecutor).execute(any(Runnable.class)); verifyNotifyUsersCreateIpSecSa(mSpyCurrentChildSaRecord, true /*expectInbound*/); verifyNotifyUsersCreateIpSecSa(mSpyCurrentChildSaRecord, false /*expectInbound*/); - verify(mMockChildSessionCallback).onOpened(); + verify(mMockChildSessionCallback).onOpened(mChildConfigCaptor.capture()); + + // Verify Child Session Configuration + ChildSessionConfiguration sessionConfig = mChildConfigCaptor.getValue(); + verifyTsList( + Arrays.asList(mChildSessionOptions.getLocalTrafficSelectors()), + sessionConfig.getInboundTrafficSelectors()); + verifyTsList( + Arrays.asList(mChildSessionOptions.getRemoteTrafficSelectors()), + sessionConfig.getOutboundTrafficSelectors()); + + List<LinkAddress> addrList = sessionConfig.getInternalAddressList(); + assertEquals(1, addrList.size()); + assertEquals(INTERNAL_ADDRESS, addrList.get(0).getAddress()); + assertEquals(IPV4_PREFIX_LEN, addrList.get(0).getPrefixLength()); + } + + private void verifyTsList( + List<IkeTrafficSelector> expectedList, List<IkeTrafficSelector> tsList) { + assertEquals(expectedList.size(), tsList.size()); + for (int i = 0; i < expectedList.size(); i++) { + assertEquals(expectedList.get(i), tsList.get(i)); + } } @Test @@ -467,7 +520,8 @@ public final class ChildSessionStateMachineTest { quitAndVerify(); } - private void verifyOutboundCreatePayloadTypes(List<IkePayload> outboundPayloads) { + private void verifyOutboundCreatePayloadTypes( + List<IkePayload> outboundPayloads, boolean isRekey) { assertNotNull( IkePayload.getPayloadForTypeInProvidedList( PAYLOAD_TYPE_SA, IkeSaPayload.class, outboundPayloads)); @@ -483,6 +537,16 @@ public final class ChildSessionStateMachineTest { assertNull( IkePayload.getPayloadForTypeInProvidedList( PAYLOAD_TYPE_KE, IkeKePayload.class, outboundPayloads)); + + IkeConfigPayload configPayload = + IkePayload.getPayloadForTypeInProvidedList( + PAYLOAD_TYPE_CP, IkeConfigPayload.class, outboundPayloads); + if (isRekey) { + assertNull(configPayload); + } else { + assertNotNull(configPayload); + assertEquals(IkeConfigPayload.CONFIG_TYPE_REQUEST, configPayload.configType); + } } @Test @@ -503,7 +567,7 @@ public final class ChildSessionStateMachineTest { eq(mChildSessionStateMachine)); List<IkePayload> reqPayloadList = mPayloadListCaptor.getValue(); - verifyOutboundCreatePayloadTypes(reqPayloadList); + verifyOutboundCreatePayloadTypes(reqPayloadList, false /*isRekey*/); assertTrue( IkePayload.getPayloadListForTypeInProvidedList( PAYLOAD_TYPE_NOTIFY, IkeNotifyPayload.class, reqPayloadList) @@ -841,7 +905,7 @@ public final class ChildSessionStateMachineTest { // Verify outbound payload list List<IkePayload> reqPayloadList = mPayloadListCaptor.getValue(); - verifyOutboundCreatePayloadTypes(reqPayloadList); + verifyOutboundCreatePayloadTypes(reqPayloadList, true /*isRekey*/); verifyOutboundRekeySaPayload(reqPayloadList, false /*isResp*/); verifyOutboundRekeyNotifyPayload(reqPayloadList); @@ -1177,7 +1241,7 @@ public final class ChildSessionStateMachineTest { mPayloadListCaptor.capture(), eq(mChildSessionStateMachine)); List<IkePayload> respPayloadList = mPayloadListCaptor.getValue(); - verifyOutboundCreatePayloadTypes(respPayloadList); + verifyOutboundCreatePayloadTypes(respPayloadList, true /*isRekey*/); verifyOutboundRekeySaPayload(respPayloadList, true /*isResp*/); verifyOutboundRekeyNotifyPayload(respPayloadList); |