Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 1 | // Copyright (c) 2013 The Chromium OS Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "shill/eap_credentials.h" |
| 6 | |
| 7 | #include <base/stl_util.h> |
| 8 | #include <chromeos/dbus/service_constants.h> |
| 9 | #include <gtest/gtest.h> |
| 10 | |
| 11 | #include "shill/key_value_store.h" |
| 12 | #include "shill/mock_certificate_file.h" |
| 13 | #include "shill/mock_event_dispatcher.h" |
| 14 | #include "shill/mock_log.h" |
| 15 | #include "shill/mock_metrics.h" |
| 16 | #include "shill/mock_nss.h" |
| 17 | #include "shill/mock_property_store.h" |
| 18 | #include "shill/mock_store.h" |
| 19 | #include "shill/technology.h" |
| 20 | #include "shill/wpa_supplicant.h" |
| 21 | |
| 22 | using base::FilePath; |
| 23 | using std::map; |
| 24 | using std::string; |
| 25 | using std::vector; |
| 26 | using testing::_; |
| 27 | using testing::AnyNumber; |
| 28 | using testing::DoAll; |
| 29 | using testing::HasSubstr; |
| 30 | using testing::Mock; |
| 31 | using testing::Return; |
| 32 | using testing::SetArgumentPointee; |
| 33 | |
| 34 | namespace shill { |
| 35 | |
| 36 | class EapCredentialsTest : public testing::Test { |
| 37 | public: |
| 38 | EapCredentialsTest() {} |
| 39 | virtual ~EapCredentialsTest() {} |
| 40 | |
| 41 | protected: |
| 42 | void PopulateSupplicantProperties() { |
| 43 | eap_.PopulateSupplicantProperties(&certificate_file_, &nss_, |
| 44 | nss_identifier_, ¶ms_); |
| 45 | } |
| 46 | |
| 47 | void SetAnonymousIdentity(const string &anonymous_identity) { |
| 48 | eap_.anonymous_identity_ = anonymous_identity; |
| 49 | } |
| 50 | void SetCACertNSS(const string &ca_cert_nss) { |
| 51 | eap_.ca_cert_nss_ = ca_cert_nss; |
| 52 | } |
| 53 | void SetCACertPEM(const string &ca_cert_pem) { |
| 54 | eap_.ca_cert_pem_ = ca_cert_pem; |
| 55 | } |
| 56 | void SetClientCert(const string &client_cert) { |
| 57 | eap_.client_cert_ = client_cert; |
| 58 | } |
| 59 | void SetCertId(const string &cert_id) { |
| 60 | eap_.cert_id_ = cert_id; |
| 61 | } |
| 62 | void SetEap(const string &eap) { |
| 63 | eap_.eap_ = eap; |
| 64 | } |
| 65 | void SetIdentity(const string &identity) { |
| 66 | eap_.identity_ = identity; |
| 67 | } |
| 68 | void SetInnerEap(const string &inner_eap) { |
| 69 | eap_.inner_eap_ = inner_eap; |
| 70 | } |
| 71 | void SetKeyId(const string &key_id) { |
| 72 | eap_.key_id_ = key_id; |
| 73 | } |
| 74 | const string &GetPassword() { |
| 75 | return eap_.password_; |
| 76 | } |
| 77 | void SetPassword(const string &password) { |
| 78 | eap_.password_ = password; |
| 79 | } |
| 80 | void SetPrivateKey(const string &private_key) { |
| 81 | eap_.private_key_ = private_key; |
| 82 | } |
| 83 | void SetPin(const string &pin) { |
| 84 | eap_.pin_ = pin; |
| 85 | } |
| 86 | void SetUseSystemCAs(bool use_system_cas) { |
| 87 | eap_.use_system_cas_ = use_system_cas; |
| 88 | } |
| 89 | bool IsReset() { |
| 90 | return |
| 91 | eap_.anonymous_identity_.empty() && |
| 92 | eap_.cert_id_.empty() && |
| 93 | eap_.client_cert_.empty() && |
| 94 | eap_.identity_.empty() && |
| 95 | eap_.key_id_.empty() && |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 96 | eap_.password_.empty() && |
| 97 | eap_.pin_.empty() && |
| 98 | eap_.private_key_.empty() && |
| 99 | eap_.private_key_password_.empty() && |
| 100 | eap_.ca_cert_.empty() && |
| 101 | eap_.ca_cert_id_.empty() && |
| 102 | eap_.ca_cert_nss_.empty() && |
| 103 | eap_.ca_cert_pem_.empty() && |
| 104 | eap_.eap_.empty() && |
| 105 | eap_.inner_eap_.empty() && |
| 106 | eap_.subject_match_.empty() && |
| 107 | eap_.use_system_cas_; |
| 108 | } |
| 109 | |
Paul Stewart | 9956dc7 | 2013-04-23 14:06:17 -0700 | [diff] [blame] | 110 | const string &GetKeyManagement() { |
| 111 | return eap_.key_management_; |
| 112 | } |
mukesh agrawal | bebf1b8 | 2013-04-23 15:06:33 -0700 | [diff] [blame] | 113 | bool SetEapPassword(const string &password, Error *error) { |
| 114 | return eap_.SetEapPassword(password, error); |
| 115 | } |
| 116 | bool SetEapPrivateKeyPassword(const string &password, Error *error) { |
| 117 | return eap_.SetEapPrivateKeyPassword(password, error); |
| 118 | } |
Paul Stewart | 9956dc7 | 2013-04-23 14:06:17 -0700 | [diff] [blame] | 119 | |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 120 | EapCredentials eap_; |
| 121 | MockCertificateFile certificate_file_; |
| 122 | MockNSS nss_; |
| 123 | vector<char> nss_identifier_; |
| 124 | map<string, ::DBus::Variant> params_; |
| 125 | }; |
| 126 | |
| 127 | TEST_F(EapCredentialsTest, PropertyStore) { |
| 128 | PropertyStore store; |
| 129 | eap_.InitPropertyStore(&store); |
| 130 | const string kIdentity("Cross-Eyed Mary"); |
| 131 | Error error; |
| 132 | EXPECT_TRUE(store.SetStringProperty(flimflam::kEapIdentityProperty, |
| 133 | kIdentity, &error)); |
| 134 | EXPECT_EQ(kIdentity, eap_.identity()); |
| 135 | } |
| 136 | |
| 137 | TEST_F(EapCredentialsTest, Connectable) { |
| 138 | // Empty EAP credentials should not make a 802.1x network connectable. |
| 139 | EXPECT_FALSE(eap_.IsConnectable()); |
| 140 | |
| 141 | // Identity alone is not enough. |
| 142 | SetIdentity("Steel Monkey"); |
| 143 | EXPECT_FALSE(eap_.IsConnectable()); |
| 144 | |
| 145 | // Set a password. |
| 146 | SetPassword("Angry Tapir"); |
| 147 | |
| 148 | // Empty "EAP" parameter is treated like "not EAP-TLS", and connectable. |
| 149 | EXPECT_TRUE(eap_.IsConnectable()); |
| 150 | |
| 151 | // Some other non-TLS EAP type. |
| 152 | SetEap("DodgeBall"); |
| 153 | EXPECT_TRUE(eap_.IsConnectable()); |
| 154 | |
| 155 | // EAP-TLS requires certificate parameters, and cares not for passwords. |
| 156 | SetEap("TLS"); |
| 157 | EXPECT_FALSE(eap_.IsConnectable()); |
| 158 | |
| 159 | // Clearing the password won't help. |
| 160 | SetPassword(""); |
| 161 | EXPECT_FALSE(eap_.IsConnectable()); |
| 162 | |
| 163 | // A client cert by itself doesn't help. |
| 164 | SetClientCert("client-cert"); |
| 165 | EXPECT_FALSE(eap_.IsConnectable()); |
| 166 | |
| 167 | // A client cert and key will, however. |
| 168 | SetPrivateKey("client-cert"); |
| 169 | EXPECT_TRUE(eap_.IsConnectable()); |
| 170 | |
| 171 | // A key-id (and cert) doesn't work. |
| 172 | SetKeyId("client-key-id"); |
| 173 | EXPECT_FALSE(eap_.IsConnectable()); |
| 174 | |
| 175 | // We need a PIN for the key id in addition. |
| 176 | SetPin("pin"); |
| 177 | EXPECT_TRUE(eap_.IsConnectable()); |
| 178 | |
| 179 | // If we clear the "EAP" property, we just assume these valid certificate |
| 180 | // credentials are the ones to be used. |
| 181 | SetEap(""); |
| 182 | EXPECT_TRUE(eap_.IsConnectable()); |
| 183 | |
| 184 | // Check that clearing the certificate parameter breaks us again. |
| 185 | SetClientCert(""); |
| 186 | EXPECT_FALSE(eap_.IsConnectable()); |
| 187 | |
| 188 | // Setting the cert-id will fix things. |
| 189 | SetCertId("client-cert-id"); |
| 190 | EXPECT_TRUE(eap_.IsConnectable()); |
| 191 | } |
| 192 | |
| 193 | TEST_F(EapCredentialsTest, ConnectableUsingPassphrase) { |
| 194 | EXPECT_FALSE(eap_.IsConnectableUsingPassphrase()); |
| 195 | |
| 196 | // No password. |
| 197 | SetIdentity("TestIdentity"); |
| 198 | EXPECT_FALSE(eap_.IsConnectableUsingPassphrase()); |
| 199 | |
| 200 | // Success. |
| 201 | SetPassword("TestPassword"); |
| 202 | EXPECT_TRUE(eap_.IsConnectableUsingPassphrase()); |
| 203 | |
| 204 | // Clear identity. |
| 205 | SetIdentity(""); |
| 206 | EXPECT_FALSE(eap_.IsConnectableUsingPassphrase()); |
| 207 | } |
| 208 | |
| 209 | TEST_F(EapCredentialsTest, IsEapAuthenticationProperty) { |
| 210 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty( |
| 211 | flimflam::kEapAnonymousIdentityProperty)); |
| 212 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty( |
| 213 | flimflam::kEAPCertIDProperty)); |
| 214 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty( |
| 215 | flimflam::kEAPClientCertProperty)); |
| 216 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty( |
| 217 | flimflam::kEapIdentityProperty)); |
| 218 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty( |
| 219 | flimflam::kEAPKeyIDProperty)); |
| 220 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty( |
| 221 | flimflam::kEapKeyMgmtProperty)); |
| 222 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty( |
| 223 | flimflam::kEapPasswordProperty)); |
| 224 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty( |
| 225 | flimflam::kEAPPINProperty)); |
| 226 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty( |
| 227 | flimflam::kEapPrivateKeyProperty)); |
| 228 | EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty( |
| 229 | flimflam::kEapPrivateKeyPasswordProperty)); |
| 230 | |
| 231 | // It's easier to test that this function returns TRUE in every situation |
| 232 | // that it should, than to test all the cases it should return FALSE in. |
| 233 | EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty( |
| 234 | flimflam::kEapCaCertProperty)); |
| 235 | EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty( |
| 236 | flimflam::kEapCaCertIDProperty)); |
| 237 | EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty( |
| 238 | flimflam::kEapCaCertNssProperty)); |
| 239 | EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty( |
| 240 | kEapCaCertPemProperty)); |
| 241 | EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty( |
| 242 | flimflam::kEAPEAPProperty)); |
| 243 | EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty( |
| 244 | flimflam::kEapPhase2AuthProperty)); |
| 245 | EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty( |
| 246 | flimflam::kEapUseSystemCAsProperty)); |
| 247 | EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty( |
| 248 | kEapRemoteCertificationProperty)); |
| 249 | EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty( |
| 250 | kEapSubjectMatchProperty)); |
| 251 | } |
| 252 | |
| 253 | TEST_F(EapCredentialsTest, LoadAndSave) { |
| 254 | MockStore store; |
| 255 | // For the values we're not testing... |
| 256 | EXPECT_CALL(store, GetCryptedString(_, _, _)).WillRepeatedly(Return(false)); |
| 257 | EXPECT_CALL(store, GetString(_, _, _)).WillRepeatedly(Return(false)); |
| 258 | |
| 259 | const string kId("storage-id"); |
| 260 | const string kIdentity("Purple Onion"); |
| 261 | EXPECT_CALL(store, GetCryptedString( |
| 262 | kId, EapCredentials::kStorageEapIdentity, _)) |
| 263 | .WillOnce(DoAll(SetArgumentPointee<2>(kIdentity), Return(true))); |
| 264 | const string kManagement("Shave and a Haircut"); |
| 265 | EXPECT_CALL(store, GetString( |
| 266 | kId, EapCredentials::kStorageEapKeyManagement, _)) |
| 267 | .WillOnce(DoAll(SetArgumentPointee<2>(kManagement), Return(true))); |
| 268 | const string kPassword("Two Bits"); |
| 269 | EXPECT_CALL(store, GetCryptedString( |
| 270 | kId, EapCredentials::kStorageEapPassword, _)) |
| 271 | .WillOnce(DoAll(SetArgumentPointee<2>(kPassword), Return(true))); |
| 272 | |
| 273 | eap_.Load(&store, kId); |
| 274 | Mock::VerifyAndClearExpectations(&store); |
| 275 | |
| 276 | EXPECT_EQ(kIdentity, eap_.identity()); |
| 277 | EXPECT_EQ(kManagement, eap_.key_management()); |
| 278 | EXPECT_EQ(kPassword, GetPassword()); |
| 279 | |
| 280 | // Authentication properties are deleted from the store if they are empty, |
| 281 | // so we expect the fields that we haven't set to be deleted. |
| 282 | EXPECT_CALL(store, DeleteKey(_, _)).Times(AnyNumber()); |
| 283 | EXPECT_CALL(store, SetCryptedString(_, _, _)).Times(0); |
| 284 | EXPECT_CALL(store, DeleteKey(kId, EapCredentials::kStorageEapIdentity)); |
| 285 | EXPECT_CALL(store, SetString( |
| 286 | kId, EapCredentials::kStorageEapKeyManagement, kManagement)); |
| 287 | EXPECT_CALL(store, DeleteKey(kId, EapCredentials::kStorageEapPassword)); |
| 288 | eap_.Save(&store, kId, false); |
| 289 | Mock::VerifyAndClearExpectations(&store); |
| 290 | |
| 291 | // Authentication properties are deleted from the store if they are empty, |
| 292 | // so we expect the fields that we haven't set to be deleted. |
| 293 | EXPECT_CALL(store, DeleteKey(_, _)).Times(AnyNumber()); |
| 294 | EXPECT_CALL(store, SetCryptedString( |
| 295 | kId, EapCredentials::kStorageEapIdentity, kIdentity)); |
| 296 | EXPECT_CALL(store, SetString( |
| 297 | kId, EapCredentials::kStorageEapKeyManagement, kManagement)); |
| 298 | EXPECT_CALL(store, SetCryptedString( |
| 299 | kId, EapCredentials::kStorageEapPassword, kPassword)); |
| 300 | eap_.Save(&store, kId, true); |
| 301 | } |
| 302 | |
| 303 | TEST_F(EapCredentialsTest, OutputConnectionMetrics) { |
| 304 | Error unused_error; |
| 305 | SetEap(flimflam::kEapMethodPEAP); |
| 306 | SetInnerEap(flimflam::kEapPhase2AuthPEAPMSCHAPV2); |
| 307 | |
| 308 | MockEventDispatcher dispatcher; |
| 309 | MockMetrics metrics(&dispatcher); |
| 310 | EXPECT_CALL(metrics, SendEnumToUMA("Network.Shill.Wifi.EapOuterProtocol", |
| 311 | Metrics::kEapOuterProtocolPeap, |
| 312 | Metrics::kEapOuterProtocolMax)); |
| 313 | EXPECT_CALL(metrics, SendEnumToUMA("Network.Shill.Wifi.EapInnerProtocol", |
| 314 | Metrics::kEapInnerProtocolPeapMschapv2, |
| 315 | Metrics::kEapInnerProtocolMax)); |
| 316 | eap_.OutputConnectionMetrics(&metrics, Technology::kWifi); |
| 317 | } |
| 318 | |
| 319 | TEST_F(EapCredentialsTest, PopulateSupplicantProperties) { |
| 320 | SetIdentity("testidentity"); |
| 321 | SetPin("xxxx"); |
| 322 | PopulateSupplicantProperties(); |
| 323 | // Test that only non-empty 802.1x properties are populated. |
| 324 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapIdentity)); |
| 325 | EXPECT_FALSE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapKeyId)); |
| 326 | EXPECT_FALSE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapCaCert)); |
| 327 | |
| 328 | // Test that CA path is set by default. |
| 329 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyCaPath)); |
| 330 | |
| 331 | // Test that hardware-backed security arguments are not set, since |
| 332 | // neither key-id nor cert-id were set. |
| 333 | EXPECT_FALSE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapPin)); |
| 334 | EXPECT_FALSE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEngine)); |
| 335 | EXPECT_FALSE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEngineId)); |
| 336 | } |
| 337 | |
| 338 | TEST_F(EapCredentialsTest, PopulateSupplicantPropertiesNoSystemCAs) { |
| 339 | SetIdentity("testidentity"); |
| 340 | SetUseSystemCAs(false); |
| 341 | PopulateSupplicantProperties(); |
| 342 | // Test that CA path is not set if use_system_cas is explicitly false. |
| 343 | EXPECT_FALSE(ContainsKey(params_, WPASupplicant::kNetworkPropertyCaPath)); |
| 344 | } |
| 345 | |
| 346 | TEST_F(EapCredentialsTest, PopulateSupplicantPropertiesUsingHardwareAuth) { |
| 347 | SetIdentity("testidentity"); |
| 348 | SetKeyId("key_id"); |
| 349 | SetPin("xxxx"); |
| 350 | PopulateSupplicantProperties(); |
| 351 | // Test that EAP engine parameters set if key_id is set. |
| 352 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapPin)); |
| 353 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapKeyId)); |
| 354 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEngine)); |
| 355 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEngineId)); |
| 356 | } |
| 357 | |
| 358 | TEST_F(EapCredentialsTest, PopulateSupplicantPropertiesNSS) { |
| 359 | const string kNSSNickname("nss_nickname"); |
| 360 | SetCACertNSS(kNSSNickname); |
| 361 | const string kNSSCertfile("/tmp/nss-cert"); |
| 362 | FilePath nss_cert(kNSSCertfile); |
| 363 | nss_identifier_ = vector<char>(1, 'a'); |
| 364 | EXPECT_CALL(nss_, GetDERCertfile(kNSSNickname, nss_identifier_)) |
| 365 | .WillOnce(Return(nss_cert)); |
| 366 | PopulateSupplicantProperties(); |
| 367 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapCaCert)); |
| 368 | if (ContainsKey(params_, WPASupplicant::kNetworkPropertyEapCaCert)) { |
| 369 | EXPECT_EQ(kNSSCertfile, params_[WPASupplicant::kNetworkPropertyEapCaCert] |
| 370 | .reader().get_string()); |
| 371 | } |
| 372 | } |
| 373 | |
| 374 | TEST_F(EapCredentialsTest, PopulateSupplicantPropertiesPEM) { |
| 375 | const string kPemCert("-pem-certificate-here-"); |
| 376 | SetCACertPEM(kPemCert); |
| 377 | const string kPEMCertfile("/tmp/pem-cert"); |
| 378 | FilePath pem_cert(kPEMCertfile); |
| 379 | EXPECT_CALL(certificate_file_, CreateDERFromString(kPemCert)) |
| 380 | .WillOnce(Return(pem_cert)); |
| 381 | |
| 382 | PopulateSupplicantProperties(); |
| 383 | EXPECT_TRUE(ContainsKey(params_, WPASupplicant::kNetworkPropertyEapCaCert)); |
| 384 | if (ContainsKey(params_, WPASupplicant::kNetworkPropertyEapCaCert)) { |
| 385 | EXPECT_EQ(kPEMCertfile, params_[WPASupplicant::kNetworkPropertyEapCaCert] |
| 386 | .reader().get_string()); |
| 387 | } |
| 388 | } |
| 389 | |
| 390 | TEST_F(EapCredentialsTest, PopulateWiMaxProperties) { |
| 391 | { |
| 392 | KeyValueStore parameters; |
| 393 | eap_.PopulateWiMaxProperties(¶meters); |
| 394 | |
| 395 | EXPECT_FALSE(parameters.ContainsString( |
| 396 | wimax_manager::kEAPAnonymousIdentity)); |
| 397 | EXPECT_FALSE(parameters.ContainsString( |
| 398 | wimax_manager::kEAPUserIdentity)); |
| 399 | EXPECT_FALSE(parameters.ContainsString( |
| 400 | wimax_manager::kEAPUserPassword)); |
| 401 | } |
| 402 | |
| 403 | const string kAnonymousIdentity("TestAnonymousIdentity"); |
| 404 | SetAnonymousIdentity(kAnonymousIdentity); |
| 405 | const string kIdentity("TestUserIdentity"); |
| 406 | SetIdentity(kIdentity); |
| 407 | const string kPassword("TestPassword"); |
| 408 | SetPassword(kPassword); |
| 409 | |
| 410 | { |
| 411 | KeyValueStore parameters; |
| 412 | eap_.PopulateWiMaxProperties(¶meters); |
| 413 | EXPECT_EQ(kAnonymousIdentity, parameters.LookupString( |
| 414 | wimax_manager::kEAPAnonymousIdentity, "")); |
| 415 | EXPECT_EQ(kIdentity, parameters.LookupString( |
| 416 | wimax_manager::kEAPUserIdentity, "")); |
| 417 | EXPECT_EQ(kPassword, parameters.LookupString( |
| 418 | wimax_manager::kEAPUserPassword, "")); |
| 419 | } |
| 420 | } |
| 421 | |
| 422 | TEST_F(EapCredentialsTest, Reset) { |
| 423 | EXPECT_TRUE(IsReset()); |
Paul Stewart | 9956dc7 | 2013-04-23 14:06:17 -0700 | [diff] [blame] | 424 | EXPECT_TRUE(GetKeyManagement().empty()); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 425 | SetAnonymousIdentity("foo"); |
| 426 | SetCACertNSS("foo"); |
| 427 | SetCACertPEM("foo"); |
| 428 | SetClientCert("foo"); |
| 429 | SetCertId("foo"); |
| 430 | SetEap("foo"); |
| 431 | SetIdentity("foo"); |
| 432 | SetInnerEap("foo"); |
| 433 | SetKeyId("foo"); |
| 434 | SetPassword("foo"); |
| 435 | SetPrivateKey("foo"); |
| 436 | SetPin("foo"); |
| 437 | SetUseSystemCAs(false); |
Paul Stewart | 9956dc7 | 2013-04-23 14:06:17 -0700 | [diff] [blame] | 438 | eap_.SetKeyManagement("foo", NULL); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 439 | EXPECT_FALSE(IsReset()); |
Paul Stewart | 9956dc7 | 2013-04-23 14:06:17 -0700 | [diff] [blame] | 440 | EXPECT_FALSE(GetKeyManagement().empty()); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 441 | eap_.Reset(); |
| 442 | EXPECT_TRUE(IsReset()); |
Paul Stewart | 9956dc7 | 2013-04-23 14:06:17 -0700 | [diff] [blame] | 443 | EXPECT_FALSE(GetKeyManagement().empty()); |
| 444 | } |
| 445 | |
| 446 | TEST_F(EapCredentialsTest, SetKeyManagement) { |
| 447 | const string kKeyManagement0("foo"); |
| 448 | eap_.SetKeyManagement(kKeyManagement0, NULL); |
| 449 | EXPECT_EQ(kKeyManagement0, GetKeyManagement()); |
| 450 | |
| 451 | const string kKeyManagement1("bar"); |
| 452 | eap_.SetKeyManagement(kKeyManagement1, NULL); |
| 453 | EXPECT_EQ(kKeyManagement1, GetKeyManagement()); |
| 454 | |
| 455 | // We should not be able to set the key management to an empty string. |
| 456 | eap_.SetKeyManagement("", NULL); |
| 457 | EXPECT_EQ(kKeyManagement1, GetKeyManagement()); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 458 | } |
| 459 | |
mukesh agrawal | bebf1b8 | 2013-04-23 15:06:33 -0700 | [diff] [blame] | 460 | // Custom property setters should return false, and make no changes, if |
| 461 | // the new value is the same as the old value. |
| 462 | TEST_F(EapCredentialsTest, CustomSetterNoopChange) { |
| 463 | // SetEapKeyManagement |
| 464 | { |
| 465 | const string kKeyManagement("foo"); |
| 466 | Error error; |
| 467 | // Set to known value. |
| 468 | EXPECT_TRUE(eap_.SetKeyManagement(kKeyManagement, &error)); |
| 469 | EXPECT_TRUE(error.IsSuccess()); |
| 470 | // Set to same value. |
| 471 | EXPECT_FALSE(eap_.SetKeyManagement(kKeyManagement, &error)); |
| 472 | EXPECT_TRUE(error.IsSuccess()); |
| 473 | } |
| 474 | |
| 475 | // SetEapPassword |
| 476 | { |
| 477 | const string kPassword("foo"); |
| 478 | Error error; |
| 479 | // Set to known value. |
| 480 | EXPECT_TRUE(SetEapPassword(kPassword, &error)); |
| 481 | EXPECT_TRUE(error.IsSuccess()); |
| 482 | // Set to same value. |
| 483 | EXPECT_FALSE(SetEapPassword(kPassword, &error)); |
| 484 | EXPECT_TRUE(error.IsSuccess()); |
| 485 | } |
| 486 | |
| 487 | // SetEapPrivateKeyPassword |
| 488 | { |
| 489 | const string kPrivateKeyPassword("foo"); |
| 490 | Error error; |
| 491 | // Set to known value. |
| 492 | EXPECT_TRUE(SetEapPrivateKeyPassword(kPrivateKeyPassword, &error)); |
| 493 | EXPECT_TRUE(error.IsSuccess()); |
| 494 | // Set to same value. |
| 495 | EXPECT_FALSE(SetEapPrivateKeyPassword(kPrivateKeyPassword, &error)); |
| 496 | EXPECT_TRUE(error.IsSuccess()); |
| 497 | } |
| 498 | } |
| 499 | |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 500 | } // namespace shill |