Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 1 | // Copyright (c) 2013 The Chromium OS Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "shill/eap_credentials.h" |
| 6 | |
| 7 | #include <base/stl_util.h> |
| 8 | #include <chromeos/dbus/service_constants.h> |
| 9 | #include <gtest/gtest.h> |
| 10 | |
| 11 | #include "shill/key_value_store.h" |
| 12 | #include "shill/mock_certificate_file.h" |
| 13 | #include "shill/mock_event_dispatcher.h" |
| 14 | #include "shill/mock_log.h" |
| 15 | #include "shill/mock_metrics.h" |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 16 | #include "shill/mock_property_store.h" |
| 17 | #include "shill/mock_store.h" |
| 18 | #include "shill/technology.h" |
| 19 | #include "shill/wpa_supplicant.h" |
| 20 | |
| 21 | using base::FilePath; |
| 22 | using std::map; |
| 23 | using std::string; |
| 24 | using std::vector; |
| 25 | using testing::_; |
| 26 | using testing::AnyNumber; |
| 27 | using testing::DoAll; |
| 28 | using testing::HasSubstr; |
| 29 | using testing::Mock; |
| 30 | using testing::Return; |
| 31 | using testing::SetArgumentPointee; |
| 32 | |
| 33 | namespace shill { |
| 34 | |
| 35 | class EapCredentialsTest : public testing::Test { |
| 36 | public: |
| 37 | EapCredentialsTest() {} |
| 38 | virtual ~EapCredentialsTest() {} |
| 39 | |
| 40 | protected: |
| 41 | void PopulateSupplicantProperties() { |
Paul Stewart | c350e68 | 2014-06-19 15:44:30 -0700 | [diff] [blame] | 42 | eap_.PopulateSupplicantProperties(&certificate_file_, ¶ms_); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 43 | } |
| 44 | |
| 45 | void SetAnonymousIdentity(const string &anonymous_identity) { |
| 46 | eap_.anonymous_identity_ = anonymous_identity; |
| 47 | } |
| 48 | void SetCACertNSS(const string &ca_cert_nss) { |
| 49 | eap_.ca_cert_nss_ = ca_cert_nss; |
| 50 | } |
Paul Stewart | b3008ea | 2013-06-28 14:51:54 -0700 | [diff] [blame] | 51 | void SetCACertPEM(const vector<string> &ca_cert_pem) { |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 52 | eap_.ca_cert_pem_ = ca_cert_pem; |
| 53 | } |
| 54 | void SetClientCert(const string &client_cert) { |
| 55 | eap_.client_cert_ = client_cert; |
| 56 | } |
| 57 | void SetCertId(const string &cert_id) { |
| 58 | eap_.cert_id_ = cert_id; |
| 59 | } |
Paul Stewart | 416a981 | 2013-08-27 09:38:54 -0700 | [diff] [blame] | 60 | void SetCACertId(const string &ca_cert_id) { |
| 61 | eap_.ca_cert_id_ = ca_cert_id; |
| 62 | } |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 63 | void SetEap(const string &eap) { |
| 64 | eap_.eap_ = eap; |
| 65 | } |
| 66 | void SetIdentity(const string &identity) { |
| 67 | eap_.identity_ = identity; |
| 68 | } |
| 69 | void SetInnerEap(const string &inner_eap) { |
| 70 | eap_.inner_eap_ = inner_eap; |
| 71 | } |
| 72 | void SetKeyId(const string &key_id) { |
| 73 | eap_.key_id_ = key_id; |
| 74 | } |
| 75 | const string &GetPassword() { |
| 76 | return eap_.password_; |
| 77 | } |
| 78 | void SetPassword(const string &password) { |
| 79 | eap_.password_ = password; |
| 80 | } |
| 81 | void SetPrivateKey(const string &private_key) { |
| 82 | eap_.private_key_ = private_key; |
| 83 | } |
| 84 | void SetPin(const string &pin) { |
| 85 | eap_.pin_ = pin; |
| 86 | } |
| 87 | void SetUseSystemCAs(bool use_system_cas) { |
| 88 | eap_.use_system_cas_ = use_system_cas; |
| 89 | } |
| 90 | bool IsReset() { |
| 91 | return |
| 92 | eap_.anonymous_identity_.empty() && |
| 93 | eap_.cert_id_.empty() && |
| 94 | eap_.client_cert_.empty() && |
| 95 | eap_.identity_.empty() && |
| 96 | eap_.key_id_.empty() && |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 97 | eap_.password_.empty() && |
| 98 | eap_.pin_.empty() && |
| 99 | eap_.private_key_.empty() && |
| 100 | eap_.private_key_password_.empty() && |
| 101 | eap_.ca_cert_.empty() && |
| 102 | eap_.ca_cert_id_.empty() && |
| 103 | eap_.ca_cert_nss_.empty() && |
| 104 | eap_.ca_cert_pem_.empty() && |
| 105 | eap_.eap_.empty() && |
| 106 | eap_.inner_eap_.empty() && |
| 107 | eap_.subject_match_.empty() && |
| 108 | eap_.use_system_cas_; |
| 109 | } |
| 110 | |
Paul Stewart | 9956dc7 | 2013-04-23 14:06:17 -0700 | [diff] [blame] | 111 | const string &GetKeyManagement() { |
| 112 | return eap_.key_management_; |
| 113 | } |
mukesh agrawal | bebf1b8 | 2013-04-23 15:06:33 -0700 | [diff] [blame] | 114 | bool SetEapPassword(const string &password, Error *error) { |
| 115 | return eap_.SetEapPassword(password, error); |
| 116 | } |
| 117 | bool SetEapPrivateKeyPassword(const string &password, Error *error) { |
| 118 | return eap_.SetEapPrivateKeyPassword(password, error); |
| 119 | } |
Paul Stewart | 9956dc7 | 2013-04-23 14:06:17 -0700 | [diff] [blame] | 120 | |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 121 | EapCredentials eap_; |
| 122 | MockCertificateFile certificate_file_; |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 123 | map<string, ::DBus::Variant> params_; |
| 124 | }; |
| 125 | |
| 126 | TEST_F(EapCredentialsTest, PropertyStore) { |
| 127 | PropertyStore store; |
| 128 | eap_.InitPropertyStore(&store); |
| 129 | const string kIdentity("Cross-Eyed Mary"); |
| 130 | Error error; |
Ben Chan | 783f00b | 2013-09-20 13:50:34 -0700 | [diff] [blame] | 131 | EXPECT_TRUE(store.SetStringProperty(kEapIdentityProperty, kIdentity, &error)); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 132 | EXPECT_EQ(kIdentity, eap_.identity()); |
| 133 | } |
| 134 | |
| 135 | TEST_F(EapCredentialsTest, Connectable) { |
| 136 | // Empty EAP credentials should not make a 802.1x network connectable. |
| 137 | EXPECT_FALSE(eap_.IsConnectable()); |
| 138 | |
| 139 | // Identity alone is not enough. |
| 140 | SetIdentity("Steel Monkey"); |
| 141 | EXPECT_FALSE(eap_.IsConnectable()); |
| 142 | |
| 143 | // Set a password. |
| 144 | SetPassword("Angry Tapir"); |
| 145 | |
| 146 | // Empty "EAP" parameter is treated like "not EAP-TLS", and connectable. |
| 147 | EXPECT_TRUE(eap_.IsConnectable()); |
| 148 | |
| 149 | // Some other non-TLS EAP type. |
| 150 | SetEap("DodgeBall"); |
| 151 | EXPECT_TRUE(eap_.IsConnectable()); |
| 152 | |
| 153 | // EAP-TLS requires certificate parameters, and cares not for passwords. |
| 154 | SetEap("TLS"); |
| 155 | EXPECT_FALSE(eap_.IsConnectable()); |
| 156 | |
| 157 | // Clearing the password won't help. |
| 158 | SetPassword(""); |
| 159 | EXPECT_FALSE(eap_.IsConnectable()); |
| 160 | |
| 161 | // A client cert by itself doesn't help. |
| 162 | SetClientCert("client-cert"); |
| 163 | EXPECT_FALSE(eap_.IsConnectable()); |
| 164 | |
| 165 | // A client cert and key will, however. |
| 166 | SetPrivateKey("client-cert"); |
| 167 | EXPECT_TRUE(eap_.IsConnectable()); |
| 168 | |
| 169 | // A key-id (and cert) doesn't work. |
| 170 | SetKeyId("client-key-id"); |
| 171 | EXPECT_FALSE(eap_.IsConnectable()); |
| 172 | |
| 173 | // We need a PIN for the key id in addition. |
| 174 | SetPin("pin"); |
| 175 | EXPECT_TRUE(eap_.IsConnectable()); |
| 176 | |
| 177 | // If we clear the "EAP" property, we just assume these valid certificate |
| 178 | // credentials are the ones to be used. |
| 179 | SetEap(""); |
| 180 | EXPECT_TRUE(eap_.IsConnectable()); |
| 181 | |
| 182 | // Check that clearing the certificate parameter breaks us again. |
| 183 | SetClientCert(""); |
| 184 | EXPECT_FALSE(eap_.IsConnectable()); |
| 185 | |
| 186 | // Setting the cert-id will fix things. |
| 187 | SetCertId("client-cert-id"); |
| 188 | EXPECT_TRUE(eap_.IsConnectable()); |
| 189 | } |
| 190 | |
| 191 | TEST_F(EapCredentialsTest, ConnectableUsingPassphrase) { |
| 192 | EXPECT_FALSE(eap_.IsConnectableUsingPassphrase()); |
| 193 | |
| 194 | // No password. |
| 195 | SetIdentity("TestIdentity"); |
| 196 | EXPECT_FALSE(eap_.IsConnectableUsingPassphrase()); |
| 197 | |
| 198 | // Success. |
| 199 | SetPassword("TestPassword"); |
| 200 | EXPECT_TRUE(eap_.IsConnectableUsingPassphrase()); |
| 201 | |
| 202 | // Clear identity. |
| 203 | SetIdentity(""); |
| 204 | EXPECT_FALSE(eap_.IsConnectableUsingPassphrase()); |
| 205 | } |
| 206 | |
| 207 | TEST_F(EapCredentialsTest, IsEapAuthenticationProperty) { |
| 208 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty( |
Ben Chan | 783f00b | 2013-09-20 13:50:34 -0700 | [diff] [blame] | 209 | kEapAnonymousIdentityProperty)); |
Ben Chan | 011e666 | 2014-05-07 11:03:25 -0700 | [diff] [blame] | 210 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty(kEapCertIdProperty)); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 211 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty( |
Ben Chan | 011e666 | 2014-05-07 11:03:25 -0700 | [diff] [blame] | 212 | kEapClientCertProperty)); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 213 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty( |
Ben Chan | 783f00b | 2013-09-20 13:50:34 -0700 | [diff] [blame] | 214 | kEapIdentityProperty)); |
Ben Chan | 011e666 | 2014-05-07 11:03:25 -0700 | [diff] [blame] | 215 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty(kEapKeyIdProperty)); |
Ben Chan | 783f00b | 2013-09-20 13:50:34 -0700 | [diff] [blame] | 216 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty(kEapKeyMgmtProperty)); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 217 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty( |
Ben Chan | 783f00b | 2013-09-20 13:50:34 -0700 | [diff] [blame] | 218 | kEapPasswordProperty)); |
Ben Chan | 011e666 | 2014-05-07 11:03:25 -0700 | [diff] [blame] | 219 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty(kEapPinProperty)); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 220 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty( |
Ben Chan | 783f00b | 2013-09-20 13:50:34 -0700 | [diff] [blame] | 221 | kEapPrivateKeyProperty)); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 222 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty( |
Ben Chan | 783f00b | 2013-09-20 13:50:34 -0700 | [diff] [blame] | 223 | kEapPrivateKeyPasswordProperty)); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 224 | |
| 225 | // It's easier to test that this function returns TRUE in every situation |
| 226 | // that it should, than to test all the cases it should return FALSE in. |
Ben Chan | 783f00b | 2013-09-20 13:50:34 -0700 | [diff] [blame] | 227 | EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty(kEapCaCertProperty)); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 228 | EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty( |
Ben Chan | 011e666 | 2014-05-07 11:03:25 -0700 | [diff] [blame] | 229 | kEapCaCertIdProperty)); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 230 | EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty( |
Ben Chan | 783f00b | 2013-09-20 13:50:34 -0700 | [diff] [blame] | 231 | kEapCaCertNssProperty)); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 232 | EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty( |
| 233 | kEapCaCertPemProperty)); |
Ben Chan | 011e666 | 2014-05-07 11:03:25 -0700 | [diff] [blame] | 234 | EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty(kEapMethodProperty)); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 235 | EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty( |
Ben Chan | 783f00b | 2013-09-20 13:50:34 -0700 | [diff] [blame] | 236 | kEapPhase2AuthProperty)); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 237 | EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty( |
Ben Chan | 011e666 | 2014-05-07 11:03:25 -0700 | [diff] [blame] | 238 | kEapUseSystemCasProperty)); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 239 | EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty( |
| 240 | kEapRemoteCertificationProperty)); |
| 241 | EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty( |
| 242 | kEapSubjectMatchProperty)); |
| 243 | } |
| 244 | |
| 245 | TEST_F(EapCredentialsTest, LoadAndSave) { |
| 246 | MockStore store; |
| 247 | // For the values we're not testing... |
| 248 | EXPECT_CALL(store, GetCryptedString(_, _, _)).WillRepeatedly(Return(false)); |
| 249 | EXPECT_CALL(store, GetString(_, _, _)).WillRepeatedly(Return(false)); |
| 250 | |
| 251 | const string kId("storage-id"); |
| 252 | const string kIdentity("Purple Onion"); |
| 253 | EXPECT_CALL(store, GetCryptedString( |
| 254 | kId, EapCredentials::kStorageEapIdentity, _)) |
| 255 | .WillOnce(DoAll(SetArgumentPointee<2>(kIdentity), Return(true))); |
| 256 | const string kManagement("Shave and a Haircut"); |
| 257 | EXPECT_CALL(store, GetString( |
| 258 | kId, EapCredentials::kStorageEapKeyManagement, _)) |
| 259 | .WillOnce(DoAll(SetArgumentPointee<2>(kManagement), Return(true))); |
| 260 | const string kPassword("Two Bits"); |
| 261 | EXPECT_CALL(store, GetCryptedString( |
| 262 | kId, EapCredentials::kStorageEapPassword, _)) |
| 263 | .WillOnce(DoAll(SetArgumentPointee<2>(kPassword), Return(true))); |
| 264 | |
| 265 | eap_.Load(&store, kId); |
| 266 | Mock::VerifyAndClearExpectations(&store); |
| 267 | |
| 268 | EXPECT_EQ(kIdentity, eap_.identity()); |
| 269 | EXPECT_EQ(kManagement, eap_.key_management()); |
| 270 | EXPECT_EQ(kPassword, GetPassword()); |
| 271 | |
| 272 | // Authentication properties are deleted from the store if they are empty, |
| 273 | // so we expect the fields that we haven't set to be deleted. |
| 274 | EXPECT_CALL(store, DeleteKey(_, _)).Times(AnyNumber()); |
| 275 | EXPECT_CALL(store, SetCryptedString(_, _, _)).Times(0); |
| 276 | EXPECT_CALL(store, DeleteKey(kId, EapCredentials::kStorageEapIdentity)); |
| 277 | EXPECT_CALL(store, SetString( |
| 278 | kId, EapCredentials::kStorageEapKeyManagement, kManagement)); |
| 279 | EXPECT_CALL(store, DeleteKey(kId, EapCredentials::kStorageEapPassword)); |
| 280 | eap_.Save(&store, kId, false); |
| 281 | Mock::VerifyAndClearExpectations(&store); |
| 282 | |
| 283 | // Authentication properties are deleted from the store if they are empty, |
| 284 | // so we expect the fields that we haven't set to be deleted. |
| 285 | EXPECT_CALL(store, DeleteKey(_, _)).Times(AnyNumber()); |
| 286 | EXPECT_CALL(store, SetCryptedString( |
| 287 | kId, EapCredentials::kStorageEapIdentity, kIdentity)); |
| 288 | EXPECT_CALL(store, SetString( |
| 289 | kId, EapCredentials::kStorageEapKeyManagement, kManagement)); |
| 290 | EXPECT_CALL(store, SetCryptedString( |
| 291 | kId, EapCredentials::kStorageEapPassword, kPassword)); |
| 292 | eap_.Save(&store, kId, true); |
| 293 | } |
| 294 | |
| 295 | TEST_F(EapCredentialsTest, OutputConnectionMetrics) { |
| 296 | Error unused_error; |
Ben Chan | 783f00b | 2013-09-20 13:50:34 -0700 | [diff] [blame] | 297 | SetEap(kEapMethodPEAP); |
| 298 | SetInnerEap(kEapPhase2AuthPEAPMSCHAPV2); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 299 | |
| 300 | MockEventDispatcher dispatcher; |
| 301 | MockMetrics metrics(&dispatcher); |
| 302 | EXPECT_CALL(metrics, SendEnumToUMA("Network.Shill.Wifi.EapOuterProtocol", |
| 303 | Metrics::kEapOuterProtocolPeap, |
| 304 | Metrics::kEapOuterProtocolMax)); |
| 305 | EXPECT_CALL(metrics, SendEnumToUMA("Network.Shill.Wifi.EapInnerProtocol", |
| 306 | Metrics::kEapInnerProtocolPeapMschapv2, |
| 307 | Metrics::kEapInnerProtocolMax)); |
| 308 | eap_.OutputConnectionMetrics(&metrics, Technology::kWifi); |
| 309 | } |
| 310 | |
| 311 | TEST_F(EapCredentialsTest, PopulateSupplicantProperties) { |
| 312 | SetIdentity("testidentity"); |
| 313 | SetPin("xxxx"); |
| 314 | PopulateSupplicantProperties(); |
| 315 | // Test that only non-empty 802.1x properties are populated. |
| 316 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapIdentity)); |
| 317 | EXPECT_FALSE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapKeyId)); |
| 318 | EXPECT_FALSE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapCaCert)); |
| 319 | |
| 320 | // Test that CA path is set by default. |
| 321 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyCaPath)); |
| 322 | |
| 323 | // Test that hardware-backed security arguments are not set, since |
| 324 | // neither key-id nor cert-id were set. |
| 325 | EXPECT_FALSE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapPin)); |
| 326 | EXPECT_FALSE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEngine)); |
| 327 | EXPECT_FALSE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEngineId)); |
| 328 | } |
| 329 | |
| 330 | TEST_F(EapCredentialsTest, PopulateSupplicantPropertiesNoSystemCAs) { |
| 331 | SetIdentity("testidentity"); |
| 332 | SetUseSystemCAs(false); |
| 333 | PopulateSupplicantProperties(); |
| 334 | // Test that CA path is not set if use_system_cas is explicitly false. |
| 335 | EXPECT_FALSE(ContainsKey(params_, WPASupplicant::kNetworkPropertyCaPath)); |
| 336 | } |
| 337 | |
| 338 | TEST_F(EapCredentialsTest, PopulateSupplicantPropertiesUsingHardwareAuth) { |
| 339 | SetIdentity("testidentity"); |
| 340 | SetKeyId("key_id"); |
| 341 | SetPin("xxxx"); |
Paul Stewart | 416a981 | 2013-08-27 09:38:54 -0700 | [diff] [blame] | 342 | SetEap("PEAP"); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 343 | PopulateSupplicantProperties(); |
Paul Stewart | 416a981 | 2013-08-27 09:38:54 -0700 | [diff] [blame] | 344 | // Test that EAP engine parameters are not set if the authentication type |
| 345 | // is not one that accepts a client certificate. |
| 346 | EXPECT_FALSE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapPin)); |
| 347 | EXPECT_FALSE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapKeyId)); |
| 348 | EXPECT_FALSE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEngine)); |
| 349 | EXPECT_FALSE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEngineId)); |
| 350 | |
| 351 | // Test that EAP engine parameters are set if key_id is set and the |
| 352 | // authentication type accepts a client certificate. |
| 353 | params_.clear(); |
| 354 | SetEap("TLS"); |
| 355 | PopulateSupplicantProperties(); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 356 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapPin)); |
| 357 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapKeyId)); |
| 358 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEngine)); |
| 359 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEngineId)); |
Paul Stewart | 416a981 | 2013-08-27 09:38:54 -0700 | [diff] [blame] | 360 | |
| 361 | // An empty EAP parameter should be considered to be possibly "TLS". |
| 362 | params_.clear(); |
| 363 | SetEap(""); |
| 364 | PopulateSupplicantProperties(); |
| 365 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapPin)); |
| 366 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapKeyId)); |
| 367 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEngine)); |
| 368 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEngineId)); |
| 369 | |
| 370 | // Test that EAP engine parameters are set if ca_cert_id is set even if the |
| 371 | // authentication type does not accept a client certificate. However, |
| 372 | // the client key id should not be provided. |
| 373 | params_.clear(); |
| 374 | SetEap("PEAP"); |
| 375 | SetCACertId("certid"); |
| 376 | PopulateSupplicantProperties(); |
| 377 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapPin)); |
| 378 | EXPECT_FALSE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapKeyId)); |
| 379 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEngine)); |
| 380 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEngineId)); |
| 381 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapCaCertId)); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 382 | } |
| 383 | |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 384 | TEST_F(EapCredentialsTest, PopulateSupplicantPropertiesPEM) { |
Paul Stewart | b3008ea | 2013-06-28 14:51:54 -0700 | [diff] [blame] | 385 | const vector<string> kPemCert{ "-pem-certificate-here-" }; |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 386 | SetCACertPEM(kPemCert); |
| 387 | const string kPEMCertfile("/tmp/pem-cert"); |
| 388 | FilePath pem_cert(kPEMCertfile); |
Paul Stewart | b3008ea | 2013-06-28 14:51:54 -0700 | [diff] [blame] | 389 | EXPECT_CALL(certificate_file_, CreatePEMFromStrings(kPemCert)) |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 390 | .WillOnce(Return(pem_cert)); |
| 391 | |
| 392 | PopulateSupplicantProperties(); |
| 393 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapCaCert)); |
| 394 | if (ContainsKey(params_, WPASupplicant::kNetworkPropertyEapCaCert)) { |
| 395 | EXPECT_EQ(kPEMCertfile, params_[WPASupplicant::kNetworkPropertyEapCaCert] |
| 396 | .reader().get_string()); |
| 397 | } |
| 398 | } |
| 399 | |
| 400 | TEST_F(EapCredentialsTest, PopulateWiMaxProperties) { |
| 401 | { |
| 402 | KeyValueStore parameters; |
| 403 | eap_.PopulateWiMaxProperties(¶meters); |
| 404 | |
| 405 | EXPECT_FALSE(parameters.ContainsString( |
| 406 | wimax_manager::kEAPAnonymousIdentity)); |
| 407 | EXPECT_FALSE(parameters.ContainsString( |
| 408 | wimax_manager::kEAPUserIdentity)); |
| 409 | EXPECT_FALSE(parameters.ContainsString( |
| 410 | wimax_manager::kEAPUserPassword)); |
| 411 | } |
| 412 | |
| 413 | const string kAnonymousIdentity("TestAnonymousIdentity"); |
| 414 | SetAnonymousIdentity(kAnonymousIdentity); |
| 415 | const string kIdentity("TestUserIdentity"); |
| 416 | SetIdentity(kIdentity); |
| 417 | const string kPassword("TestPassword"); |
| 418 | SetPassword(kPassword); |
| 419 | |
| 420 | { |
| 421 | KeyValueStore parameters; |
| 422 | eap_.PopulateWiMaxProperties(¶meters); |
| 423 | EXPECT_EQ(kAnonymousIdentity, parameters.LookupString( |
| 424 | wimax_manager::kEAPAnonymousIdentity, "")); |
| 425 | EXPECT_EQ(kIdentity, parameters.LookupString( |
| 426 | wimax_manager::kEAPUserIdentity, "")); |
| 427 | EXPECT_EQ(kPassword, parameters.LookupString( |
| 428 | wimax_manager::kEAPUserPassword, "")); |
| 429 | } |
| 430 | } |
| 431 | |
| 432 | TEST_F(EapCredentialsTest, Reset) { |
| 433 | EXPECT_TRUE(IsReset()); |
Paul Stewart | 9956dc7 | 2013-04-23 14:06:17 -0700 | [diff] [blame] | 434 | EXPECT_TRUE(GetKeyManagement().empty()); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 435 | SetAnonymousIdentity("foo"); |
Paul Stewart | 416a981 | 2013-08-27 09:38:54 -0700 | [diff] [blame] | 436 | SetCACertId("foo"); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 437 | SetCACertNSS("foo"); |
Paul Stewart | b3008ea | 2013-06-28 14:51:54 -0700 | [diff] [blame] | 438 | SetCACertPEM(vector<string>{ "foo" }); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 439 | SetClientCert("foo"); |
| 440 | SetCertId("foo"); |
| 441 | SetEap("foo"); |
| 442 | SetIdentity("foo"); |
| 443 | SetInnerEap("foo"); |
| 444 | SetKeyId("foo"); |
| 445 | SetPassword("foo"); |
| 446 | SetPrivateKey("foo"); |
| 447 | SetPin("foo"); |
| 448 | SetUseSystemCAs(false); |
Ben Chan | cc225ef | 2014-09-30 13:26:51 -0700 | [diff] [blame] | 449 | eap_.SetKeyManagement("foo", nullptr); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 450 | EXPECT_FALSE(IsReset()); |
Paul Stewart | 9956dc7 | 2013-04-23 14:06:17 -0700 | [diff] [blame] | 451 | EXPECT_FALSE(GetKeyManagement().empty()); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 452 | eap_.Reset(); |
| 453 | EXPECT_TRUE(IsReset()); |
Paul Stewart | 9956dc7 | 2013-04-23 14:06:17 -0700 | [diff] [blame] | 454 | EXPECT_FALSE(GetKeyManagement().empty()); |
| 455 | } |
| 456 | |
| 457 | TEST_F(EapCredentialsTest, SetKeyManagement) { |
| 458 | const string kKeyManagement0("foo"); |
Ben Chan | cc225ef | 2014-09-30 13:26:51 -0700 | [diff] [blame] | 459 | eap_.SetKeyManagement(kKeyManagement0, nullptr); |
Paul Stewart | 9956dc7 | 2013-04-23 14:06:17 -0700 | [diff] [blame] | 460 | EXPECT_EQ(kKeyManagement0, GetKeyManagement()); |
| 461 | |
| 462 | const string kKeyManagement1("bar"); |
Ben Chan | cc225ef | 2014-09-30 13:26:51 -0700 | [diff] [blame] | 463 | eap_.SetKeyManagement(kKeyManagement1, nullptr); |
Paul Stewart | 9956dc7 | 2013-04-23 14:06:17 -0700 | [diff] [blame] | 464 | EXPECT_EQ(kKeyManagement1, GetKeyManagement()); |
| 465 | |
| 466 | // We should not be able to set the key management to an empty string. |
Ben Chan | cc225ef | 2014-09-30 13:26:51 -0700 | [diff] [blame] | 467 | eap_.SetKeyManagement("", nullptr); |
Paul Stewart | 9956dc7 | 2013-04-23 14:06:17 -0700 | [diff] [blame] | 468 | EXPECT_EQ(kKeyManagement1, GetKeyManagement()); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 469 | } |
| 470 | |
mukesh agrawal | bebf1b8 | 2013-04-23 15:06:33 -0700 | [diff] [blame] | 471 | // Custom property setters should return false, and make no changes, if |
| 472 | // the new value is the same as the old value. |
| 473 | TEST_F(EapCredentialsTest, CustomSetterNoopChange) { |
| 474 | // SetEapKeyManagement |
| 475 | { |
| 476 | const string kKeyManagement("foo"); |
| 477 | Error error; |
| 478 | // Set to known value. |
| 479 | EXPECT_TRUE(eap_.SetKeyManagement(kKeyManagement, &error)); |
| 480 | EXPECT_TRUE(error.IsSuccess()); |
| 481 | // Set to same value. |
| 482 | EXPECT_FALSE(eap_.SetKeyManagement(kKeyManagement, &error)); |
| 483 | EXPECT_TRUE(error.IsSuccess()); |
| 484 | } |
| 485 | |
| 486 | // SetEapPassword |
| 487 | { |
| 488 | const string kPassword("foo"); |
| 489 | Error error; |
| 490 | // Set to known value. |
| 491 | EXPECT_TRUE(SetEapPassword(kPassword, &error)); |
| 492 | EXPECT_TRUE(error.IsSuccess()); |
| 493 | // Set to same value. |
| 494 | EXPECT_FALSE(SetEapPassword(kPassword, &error)); |
| 495 | EXPECT_TRUE(error.IsSuccess()); |
| 496 | } |
| 497 | |
| 498 | // SetEapPrivateKeyPassword |
| 499 | { |
| 500 | const string kPrivateKeyPassword("foo"); |
| 501 | Error error; |
| 502 | // Set to known value. |
| 503 | EXPECT_TRUE(SetEapPrivateKeyPassword(kPrivateKeyPassword, &error)); |
| 504 | EXPECT_TRUE(error.IsSuccess()); |
| 505 | // Set to same value. |
| 506 | EXPECT_FALSE(SetEapPrivateKeyPassword(kPrivateKeyPassword, &error)); |
| 507 | EXPECT_TRUE(error.IsSuccess()); |
| 508 | } |
| 509 | } |
| 510 | |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 511 | } // namespace shill |