Gitiles
Code Review Sign In
gerrit.opencord.org / aaa / 001ae11c3b94e248bbea3e8f36f89fe7cd1677b6 / . / app / src / test / java / org / opencord / aaa / impl / AaaStatisticsTest.java
blob: cdf0ede649faff92a2b858746e137d32366b69a4 [file] [log] [blame]
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]1/*
2 * Copyright 2015-present Open Networking Foundation
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16package org.opencord.aaa.impl;
17
18import com.google.common.base.Charsets;
19import org.junit.After;
20import org.junit.Before;
21import org.junit.Test;
22import org.onlab.junit.TestUtils;
23import org.onlab.packet.BasePacket;
24import org.onlab.packet.DeserializationException;
25import org.onlab.packet.EAP;
26import org.onlab.packet.Ethernet;
Sonal Kasliwal6f2246d2020-01-30 08:42:42 +0000[diff] [blame]27import org.onlab.packet.Ip4Address;
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]28import org.onlab.packet.IpAddress;
29import org.onlab.packet.RADIUS;
30import org.onlab.packet.RADIUSAttribute;
31import org.onosproject.core.ApplicationId;
32import org.onosproject.core.CoreServiceAdapter;
33import org.onosproject.event.DefaultEventSinkRegistry;
34import org.onosproject.event.Event;
35import org.onosproject.event.EventDeliveryService;
36import org.onosproject.event.EventSink;
Sonal Kasliwal6f2246d2020-01-30 08:42:42 +0000[diff] [blame]37import org.onosproject.net.AnnotationKeys;
38import org.onosproject.net.Annotations;
39import org.onosproject.net.DefaultAnnotations;
40import org.onosproject.net.DefaultDevice;
41import org.onosproject.net.DefaultPort;
42import org.onosproject.net.Device;
43import org.onosproject.net.DeviceId;
44import org.onosproject.net.Port;
45import org.onosproject.net.SparseAnnotations;
46import org.onosproject.net.Port.Type;
47import org.onosproject.net.PortNumber;
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]48import org.onosproject.net.config.Config;
49import org.onosproject.net.config.NetworkConfigRegistryAdapter;
Sonal Kasliwal6f2246d2020-01-30 08:42:42 +0000[diff] [blame]50import org.onosproject.net.device.DeviceEvent;
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]51import org.onosproject.net.packet.DefaultInboundPacket;
52import org.onosproject.net.packet.InboundPacket;
53import org.onosproject.net.packet.PacketContext;
54import org.onosproject.net.packet.PacketService;
55import org.opencord.aaa.AaaConfig;
Sonal Kasliwal6f2246d2020-01-30 08:42:42 +0000[diff] [blame]56import org.opencord.aaa.AaaSupplicantMachineStats;
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]57import org.slf4j.Logger;
58
59import java.lang.reflect.Field;
60import java.net.InetAddress;
61import java.net.UnknownHostException;
62import java.nio.ByteBuffer;
63
64import static com.google.common.base.Preconditions.checkState;
65import static org.hamcrest.Matchers.is;
66import static org.hamcrest.Matchers.notNullValue;
Sonal Kasliwal6f2246d2020-01-30 08:42:42 +0000[diff] [blame]67import static org.junit.Assert.assertEquals;
Shubham Sharmac7aa6202019-12-12 10:19:10 +0000[diff] [blame]68import static org.junit.Assert.assertNotEquals;
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]69import static org.junit.Assert.assertThat;
70import static org.onosproject.net.NetTestTools.connectPoint;
71import static org.slf4j.LoggerFactory.getLogger;
72
73/**
74 * Set of tests of the ONOS application component for AAA Statistics.
75 */
76public class AaaStatisticsTest extends AaaTestBase {
77
78 static final String BAD_IP_ADDRESS = "198.51.100.0";
Shubham Sharmac7aa6202019-12-12 10:19:10 +0000[diff] [blame]79 static final Long ZERO = (long) 0;
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]80
81 private final Logger log = getLogger(getClass());
82 private AaaManager aaaManager;
83 private AaaStatisticsManager aaaStatisticsManager;
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]84 private AaaSupplicantMachineStatsManager aaaSupplicantStatsManager;
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]85
86 class AaaManagerWithoutRadiusServer extends AaaManager {
87 protected void sendRadiusPacket(RADIUS radiusPacket, InboundPacket inPkt) {
88 super.sendRadiusPacket(radiusPacket, inPkt);
89 aaaManager.aaaStatisticsManager.putOutgoingIdentifierToMap(radiusPacket.getIdentifier());
90 savePacket(radiusPacket);
91 }
92
93 // changed the configuration of parent method to protected
94 protected void configureRadiusCommunication() {
95 PacketService pktService = new MockPacketService();
96 ApplicationId appId = new CoreServiceAdapter().registerApplication("org.opencord.aaa");
97 aaaManager.impl = new TestSocketBasedRadiusCommunicator(appId, pktService, aaaManager);
98 }
99 }
100
101 /**
102 * Mocks the AAAConfig class to force usage of an unroutable address for the
103 * RADIUS server.
104 */
105 static class MockAaaConfig extends AaaConfig {
106 @Override
107 public InetAddress radiusIp() {
108 try {
109 return InetAddress.getByName(BAD_IP_ADDRESS);
110 } catch (UnknownHostException ex) {
111 throw new IllegalStateException(ex);
112 }
113 }
114 }
115
116 /**
117 * Mocks the network config registry.
118 */
119 @SuppressWarnings("unchecked")
120 private static final class TestNetworkConfigRegistry extends NetworkConfigRegistryAdapter {
121 @Override
122 public <S, C extends Config<S>> C getConfig(S subject, Class<C> configClass) {
123 AaaConfig aaaConfig = new MockAaaConfig();
124 return (C) aaaConfig;
125 }
126 }
127
128 public static class TestEventDispatcher extends DefaultEventSinkRegistry implements EventDeliveryService {
129
130 @Override
131 @SuppressWarnings("unchecked")
132 public synchronized void post(Event event) {
133 EventSink sink = getSink(event.getClass());
134 checkState(sink != null, "No sink for event %s", event);
135 sink.process(event);
136 }
137
138 @Override
139 public void setDispatchTimeLimit(long millis) {
140 }
141
142 @Override
143 public long getDispatchTimeLimit() {
144 return 0;
145 }
146 }
147
148 /**
149 * Constructs an Ethernet packet containing a RADIUS challenge packet.
150 *
151 * @param challengeCode
152 * code to use in challenge packet
153 * @param challengeType
154 * type to use in challenge packet
155 * @return Ethernet packet
156 */
157 private RADIUS constructRadiusCodeAccessChallengePacket(byte challengeCode, byte challengeType) {
158
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]159 String challenge = "12345678901234567";
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]160
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]161 EAP eap = new EAP(challengeType, (byte) 4, challengeType,
162 challenge.getBytes(Charsets.US_ASCII));
163 eap.setIdentifier((byte) 4);
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]164
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]165 RADIUS radius = new RADIUS();
166 radius.setCode(challengeCode);
167 radius.setIdentifier((byte) 4);
168 radius.setAttribute(RADIUSAttribute.RADIUS_ATTR_STATE,
169 challenge.getBytes(Charsets.US_ASCII));
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]170
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]171 radius.setPayload(eap);
172 radius.setAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE,
173 eap.serialize());
174 radius.setAttribute(RADIUSAttribute.RADIUS_ATTR_MESSAGE_AUTH,
175 aaaManager.radiusSecret.getBytes());
176 return radius;
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]177 }
178
179 public static void injectEventDispatcher(Object manager, EventDeliveryService svc) {
180 Class mc = manager.getClass();
181 for (Field f : mc.getSuperclass().getDeclaredFields()) {
182 if (f.getType().equals(EventDeliveryService.class)) {
183 try {
184 TestUtils.setField(manager, f.getName(), svc);
185 } catch (TestUtils.TestUtilsException e) {
186 throw new IllegalArgumentException("Unable to inject reference", e);
187 }
188 break;
189 }
190 }
191 }
192
193/**
194 * Set up the services required by the AAA application.
195 */
196 @Before
197 public void setUp() {
198 aaaManager = new AaaManagerWithoutRadiusServer();
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]199 aaaManager.radiusOperationalStatusService = new RadiusOperationalStatusManager();
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]200 aaaManager.netCfgService = new TestNetworkConfigRegistry();
201 aaaManager.coreService = new CoreServiceAdapter();
202 aaaManager.packetService = new MockPacketService();
203 aaaManager.deviceService = new TestDeviceService();
204 aaaManager.sadisService = new MockSadisService();
205 aaaManager.cfgService = new MockCfgService();
206 aaaStatisticsManager = new AaaStatisticsManager();
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]207 aaaSupplicantStatsManager = new AaaSupplicantMachineStatsManager();
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]208 TestUtils.setField(aaaStatisticsManager, "eventDispatcher", new TestEventDispatcher());
209 aaaStatisticsManager.activate();
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]210 TestUtils.setField(aaaSupplicantStatsManager, "eventDispatcher", new TestEventDispatcher());
211 aaaSupplicantStatsManager.activate();
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]212 aaaManager.aaaStatisticsManager = this.aaaStatisticsManager;
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]213 aaaManager.aaaSupplicantStatsManager = this.aaaSupplicantStatsManager;
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]214 TestUtils.setField(aaaManager, "eventDispatcher", new TestEventDispatcher());
215 aaaManager.activate(new AaaTestBase.MockComponentContext());
216 }
217
218/**
219 * Tear down the AAA application.
220 */
221@After
222public void tearDown() {
223 aaaManager.deactivate(new AaaTestBase.MockComponentContext());
224}
225
226/**
227 * Extracts the RADIUS packet from a packet sent by the supplicant.
228 *
229 * @param radius
230 * RADIUS packet sent by the supplicant
231 * @throws DeserializationException
232 * if deserialization of the packet contents fails.
233 */
234private void checkRadiusPacketFromSupplicant(RADIUS radius) throws DeserializationException {
235 assertThat(radius, notNullValue());
236 EAP eap = radius.decapsulateMessage();
237 assertThat(eap, notNullValue());
238}
239
240/**
241 * Fetches the sent packet at the given index. The requested packet must be the
242 * last packet on the list.
243 *
244 * @param index
245 * index into sent packets array
246 * @return packet
247 */
248private BasePacket fetchPacket(int index) {
249 BasePacket packet = savedPackets.get(index);
250 assertThat(packet, notNullValue());
251 return packet;
252}
253
254 /** Tests the authentication path through the AAA application.
255 * And counts the aaa Stats for successful transmission.
256 * @throws DeserializationException
257 * if packed deserialization fails.
258 */
259 @Test
260 public void testAaaStatisticsForAcceptedPackets() throws Exception {
261
262 // (1) Supplicant start up
263 Ethernet startPacket = constructSupplicantStartPacket();
264 sendPacket(startPacket);
265
266 Ethernet responsePacket = (Ethernet) fetchPacket(0);
267 checkRadiusPacket(aaaManager, responsePacket, EAP.ATTR_IDENTITY);
268
269 // (2) Supplicant identify
270
271 Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null);
272 sendPacket(identifyPacket);
273
274 RADIUS radiusIdentifyPacket = (RADIUS) fetchPacket(1);
275 checkRadiusPacketFromSupplicant(radiusIdentifyPacket);
276
277 assertThat(radiusIdentifyPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST));
278 assertThat(new String(radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_USERNAME).getValue()),
279 is("testuser"));
280 IpAddress nasIp = IpAddress.valueOf(IpAddress.Version.INET,
281 radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP).getValue());
282 assertThat(nasIp.toString(), is(aaaManager.nasIpAddress.getHostAddress()));
283
284 // State machine should have been created by now
285
286 StateMachine stateMachine = StateMachine.lookupStateMachineBySessionId(SESSION_ID);
287 assertThat(stateMachine, notNullValue());
288 assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
289
290 // (3) RADIUS MD5 challenge
291
292 RADIUS radiusCodeAccessChallengePacket = constructRadiusCodeAccessChallengePacket(
293 RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_MD5);
294 aaaManager.handleRadiusPacket(radiusCodeAccessChallengePacket);
295
296 Ethernet radiusChallengeMD5Packet = (Ethernet) fetchPacket(2);
297 checkRadiusPacket(aaaManager, radiusChallengeMD5Packet, EAP.ATTR_MD5);
298
299 // (4) Supplicant MD5 response
300
301 Ethernet md5RadiusPacket = constructSupplicantIdentifyPacket(stateMachine, EAP.ATTR_MD5,
302 stateMachine.challengeIdentifier(), radiusChallengeMD5Packet);
303 sendPacket(md5RadiusPacket);
304
305 RADIUS responseMd5RadiusPacket = (RADIUS) fetchPacket(3);
306
307 checkRadiusPacketFromSupplicant(responseMd5RadiusPacket);
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]308 assertThat(responseMd5RadiusPacket.getIdentifier(), is((byte) 9));
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]309 assertThat(responseMd5RadiusPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST));
310
311 // State machine should be in pending state
312
313 assertThat(stateMachine, notNullValue());
314 assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
315
316 // (5) RADIUS Success
317
318 RADIUS successPacket =
319 constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_ACCEPT, EAP.SUCCESS);
320 aaaManager.handleRadiusPacket((successPacket));
321 Ethernet supplicantSuccessPacket = (Ethernet) fetchPacket(4);
322
323 checkRadiusPacket(aaaManager, supplicantSuccessPacket, EAP.SUCCESS);
324
325 // State machine should be in authorized state
326
327 assertThat(stateMachine, notNullValue());
328 assertThat(stateMachine.state(), is(StateMachine.STATE_AUTHORIZED));
329
Shubham Sharmac7aa6202019-12-12 10:19:10 +0000[diff] [blame]330 //Check for increase of Stats
331 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolResIdentityMsgTrans(), ZERO);
332 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolAuthSuccessTrans(), ZERO);
333 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolStartReqTrans(), ZERO);
334 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolTransRespNotNak(), ZERO);
335 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapPktTxauthChooseEap(), ZERO);
Shubham Sharma001ae112020-01-28 10:04:01 +0000[diff] [blame^]336 assertNotEquals(aaaStatisticsManager.getAaaStats().getValidEapolFramesRx(), ZERO);
337 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolFramesTx(), ZERO);
338 assertNotEquals(aaaStatisticsManager.getAaaStats().getReqEapFramesTx(), ZERO);
339 assertNotEquals(aaaStatisticsManager.getAaaStats().getRequestIdFramesTx(), ZERO);
340 assertEquals(aaaStatisticsManager.getAaaStats().getInvalidBodyLength(), ZERO);
341 assertEquals(aaaStatisticsManager.getAaaStats().getInvalidPktType(), ZERO);
342 assertEquals(aaaStatisticsManager.getAaaStats().getPendingResSupp(), ZERO);
343 // Counts the aaa Statistics count and displays in the log
344 countAaaStatistics();
Shubham Sharmac7aa6202019-12-12 10:19:10 +0000[diff] [blame]345
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]346 }
347
Shubham Sharma001ae112020-01-28 10:04:01 +0000[diff] [blame^]348 /** Tests invalid packets reaching AAA.
349 * And counts the aaa Stats for successful transmission.
350 * @throws DeserializationException
351 * if packed deserialization fails.
352 */
353 @Test
354 public void testStatisticsForInvalidPackets() throws Exception {
355
356 //Test Authenticator State Machine Status. Should be Pending
357 // (1) Supplicant start up
358 Ethernet startPacket = constructSupplicantStartPacket();
359 sendPacket(startPacket);
360
361 Ethernet responsePacket = (Ethernet) fetchPacket(0);
362 checkRadiusPacket(aaaManager, responsePacket, EAP.ATTR_IDENTITY);
363
364 // (2) Supplicant identify
365
366 Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null);
367 sendPacket(identifyPacket);
368
369 RADIUS radiusIdentifyPacket = (RADIUS) fetchPacket(1);
370 checkRadiusPacketFromSupplicant(radiusIdentifyPacket);
371
372 assertThat(radiusIdentifyPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST));
373 assertThat(new String(radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_USERNAME).getValue()),
374 is("testuser"));
375 IpAddress nasIp = IpAddress.valueOf(IpAddress.Version.INET,
376 radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP).getValue());
377 assertThat(nasIp.toString(), is(aaaManager.nasIpAddress.getHostAddress()));
378
379 // State machine should have been created by now
380
381 StateMachine stateMachine = StateMachine.lookupStateMachineBySessionId(SESSION_ID);
382 assertThat(stateMachine, notNullValue());
383 assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
384
385 // (3) RADIUS NAK challenge
386
387 RADIUS radiusCodeAccessChallengePacket = constructRadiusCodeAccessChallengePacket(
388 RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_NAK);
389 aaaManager.handleRadiusPacket(radiusCodeAccessChallengePacket);
390
391 Ethernet radiusChallengeNakPacket = (Ethernet) fetchPacket(2);
392 checkRadiusPacket(aaaManager, radiusChallengeNakPacket, EAP.ATTR_NAK);
393
394 // (4) Supplicant NAK response
395
396 Ethernet nakRadiusPacket = constructSupplicantIdentifyPacket(stateMachine, EAP.ATTR_NAK,
397 stateMachine.challengeIdentifier(), radiusChallengeNakPacket);
398 sendPacket(nakRadiusPacket);
399
400 //Statistic Should be increased.
401 assertNotEquals(aaaStatisticsManager.getAaaStats().getPendingResSupp(), ZERO);
402
403 //Test if packet with invalid eapol type recieved.
404 // Supplicant ASF Packet
405 Ethernet invalidPacket = constructSupplicantAsfPacket();
406 sendPacket(invalidPacket);
407
408 //Statistic Should be increased.
409 assertNotEquals(aaaStatisticsManager.getAaaStats().getInvalidPktType(), ZERO);
410 assertNotEquals(aaaStatisticsManager.getAaaStats().getAccessRequestsTx(), ZERO);
411 assertNotEquals(aaaStatisticsManager.getAaaStats().getChallengeResponsesRx(), ZERO);
412 assertNotEquals(aaaStatisticsManager.getAaaStats().getDroppedResponsesRx(), ZERO);
413 assertNotEquals(aaaStatisticsManager.getAaaStats().getInvalidValidatorsRx(), ZERO);
414 assertNotEquals(aaaStatisticsManager.getAaaStats().getPendingRequests(), ZERO);
415
416 // Counts the aaa Statistics count and displays in the log
417 countAaaStatistics();
418 }
419
420
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]421 /** Tests the count for defected packets.
422 *
423 * @throws DeserializationException
424 * if packed deserialization fails.
425 */
426 @Test
427 public void testAaaStatisticsForDefectivePackets() throws Exception {
428 // (1) Supplicant start up
429 Ethernet startPacket = constructSupplicantStartPacket();
430 sendPacket(startPacket);
431
432 // (2) Supplicant identify
433
434 Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null);
435 sendPacket(identifyPacket);
436
437 RADIUS radiusIdentifyPacket = (RADIUS) fetchPacket(1);
438
439 checkRadiusPacketFromSupplicant(radiusIdentifyPacket);
440
441 // Calling the mock test socket based to handle packet
442 aaaManager.impl.handlePacketFromServer(null);
443 // State machine should have been created by now
444
445 StateMachine stateMachine = StateMachine.lookupStateMachineBySessionId(SESSION_ID);
446
447 // (3) RADIUS MD5 challenge
448
449 RADIUS radiusCodeAccessChallengePacket = constructRadiusCodeAccessChallengePacket(
450 RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_MD5);
451 aaaManager.handleRadiusPacket(radiusCodeAccessChallengePacket);
452
453 Ethernet radiusChallengeMD5Packet = (Ethernet) fetchPacket(2);
454
455 // (4) Supplicant MD5 response
456
457 Ethernet md5RadiusPacket = constructSupplicantIdentifyPacket(stateMachine, EAP.ATTR_MD5,
458 stateMachine.challengeIdentifier(), radiusChallengeMD5Packet);
459 sendPacket(md5RadiusPacket);
460 aaaManager.aaaStatisticsManager.calculatePacketRoundtripTime();
461 // (5) RADIUS Rejected
462
463 RADIUS rejectedPacket =
464 constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_REJECT, EAP.FAILURE);
465 aaaManager.handleRadiusPacket((rejectedPacket));
466 Ethernet supplicantRejectedPacket = (Ethernet) fetchPacket(4);
467
468 checkRadiusPacket(aaaManager, supplicantRejectedPacket, EAP.FAILURE);
469
470 // State machine should be in unauthorized state
471 assertThat(stateMachine, notNullValue());
472 assertThat(stateMachine.state(), is(StateMachine.STATE_UNAUTHORIZED));
473 // Calculated the total round trip time
474 aaaManager.aaaStatisticsManager.calculatePacketRoundtripTime();
Shubham Sharmac7aa6202019-12-12 10:19:10 +0000[diff] [blame]475
476 //Check for increase of Stats
477 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolResIdentityMsgTrans(), ZERO);
478 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolAuthFailureTrans(), ZERO);
479 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolStartReqTrans(), ZERO);
480 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapPktTxauthChooseEap(), ZERO);
481 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolTransRespNotNak(), ZERO);
482
Shubham Sharma1bd890d2019-12-18 07:09:59 +0000[diff] [blame]483 assertNotEquals(aaaStatisticsManager.getAaaStats().getAccessRequestsTx(), ZERO);
484 assertNotEquals(aaaStatisticsManager.getAaaStats().getChallengeResponsesRx(), ZERO);
485 assertNotEquals(aaaStatisticsManager.getAaaStats().getDroppedResponsesRx(), ZERO);
486 assertNotEquals(aaaStatisticsManager.getAaaStats().getInvalidValidatorsRx(), ZERO);
487 assertNotEquals(aaaStatisticsManager.getAaaStats().getPendingRequests(), ZERO);
488 assertNotEquals(aaaStatisticsManager.getAaaStats().getRejectResponsesRx(), ZERO);
489 assertNotEquals(aaaStatisticsManager.getAaaStats().getRequestRttMilis(), ZERO);
490 assertNotEquals(aaaStatisticsManager.getAaaStats().getUnknownTypeRx(), ZERO);
491
Shubham Sharmac7aa6202019-12-12 10:19:10 +0000[diff] [blame]492 // Counts the aaa Statistics count
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]493 countAaaStatistics();
494
495 }
496
497 /*
498 * Tests the retransmitted packet and malformed packet count
499 *
500 * @throws DeserializationException
501 * if packed deserialization fails.
502 */
503 @Test
504 public void testRequestRetransmittedCount() throws Exception {
505
506 // (1) Supplicant start up
507 Ethernet startPacket = constructSupplicantStartPacket();
508 sendPacket(startPacket);
509
510 // (2) Supplicant identify
511
512 Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null);
513 sendPacket(identifyPacket);
514
515 RADIUS radiusIdentifyPacket = (RADIUS) fetchPacket(1);
516 checkRadiusPacketFromSupplicant(radiusIdentifyPacket);
517
518 // again creating pending state for same packet
519 constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null);
520 sendPacket(identifyPacket);
521 aaaManager.impl.handlePacketFromServer(null);
522 aaaManager.aaaStatisticsManager.calculatePacketRoundtripTime();
523
524 // creating malformed packet
525 final ByteBuffer byteBuffer = ByteBuffer.wrap(startPacket.serialize());
526 InboundPacket inPacket = new DefaultInboundPacket(connectPoint("1", 1),
527 startPacket, byteBuffer);
528
529 PacketContext context = new TestPacketContext(127L, inPacket, null, false);
530 aaaManager.impl.handlePacketFromServer(context);
Shubham Sharmac7aa6202019-12-12 10:19:10 +0000[diff] [blame]531
532 // Check for increase of Stats
533 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolResIdentityMsgTrans(), ZERO);
534 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolStartReqTrans(), ZERO);
535
Shubham Sharma1bd890d2019-12-18 07:09:59 +0000[diff] [blame]536 assertNotEquals(aaaStatisticsManager.getAaaStats().getAccessRequestsTx(), ZERO);
537 assertNotEquals(aaaStatisticsManager.getAaaStats().getDroppedResponsesRx(), ZERO);
538 assertNotEquals(aaaStatisticsManager.getAaaStats().getPendingRequests(), ZERO);
539 assertNotEquals(aaaStatisticsManager.getAaaStats().getMalformedResponsesRx(), ZERO);
540 assertNotEquals(aaaStatisticsManager.getAaaStats().getRequestReTx(), ZERO);
541 assertNotEquals(aaaStatisticsManager.getAaaStats().getRequestRttMilis(), ZERO);
542 assertNotEquals(aaaStatisticsManager.getAaaStats().getUnknownTypeRx(), ZERO);
543 assertNotEquals(aaaStatisticsManager.getAaaStats().getUnknownServerRx(), ZERO);
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]544
Shubham Sharma1bd890d2019-12-18 07:09:59 +0000[diff] [blame]545 countAaaStatistics();
546 }
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]547
Shubham Sharmac7aa6202019-12-12 10:19:10 +0000[diff] [blame]548 /** Tests the authentication path through the AAA application.
549 * And counts the aaa Stats for logoff transactionXZ.
550 * @throws DeserializationException
551 * if packed deserialization fails.
552 */
553 @Test
554 public void testAaaStatisticsForLogoffPackets() throws Exception {
555
556 // (1) Supplicant start up
557 Ethernet startPacket = constructSupplicantStartPacket();
558 sendPacket(startPacket);
559
560 Ethernet responsePacket = (Ethernet) fetchPacket(0);
561 checkRadiusPacket(aaaManager, responsePacket, EAP.ATTR_IDENTITY);
562
563 // (2) Supplicant identify
564
565 Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null);
566 sendPacket(identifyPacket);
567
568 RADIUS radiusIdentifyPacket = (RADIUS) fetchPacket(1);
569 checkRadiusPacketFromSupplicant(radiusIdentifyPacket);
570
571 assertThat(radiusIdentifyPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST));
572 assertThat(new String(radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_USERNAME).getValue()),
573 is("testuser"));
574 IpAddress nasIp = IpAddress.valueOf(IpAddress.Version.INET,
575 radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP).getValue());
576 assertThat(nasIp.toString(), is(aaaManager.nasIpAddress.getHostAddress()));
577
578 // State machine should have been created by now
579
580 StateMachine stateMachine = StateMachine.lookupStateMachineBySessionId(SESSION_ID);
581 assertThat(stateMachine, notNullValue());
582 assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
583
584 // (3) RADIUS MD5 challenge
585
586 RADIUS radiusCodeAccessChallengePacket = constructRadiusCodeAccessChallengePacket(
587 RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_MD5);
588 aaaManager.handleRadiusPacket(radiusCodeAccessChallengePacket);
589
590 Ethernet radiusChallengeMD5Packet = (Ethernet) fetchPacket(2);
591 checkRadiusPacket(aaaManager, radiusChallengeMD5Packet, EAP.ATTR_MD5);
592
593 // (4) Supplicant MD5 response
594
595 Ethernet md5RadiusPacket = constructSupplicantIdentifyPacket(stateMachine, EAP.ATTR_MD5,
596 stateMachine.challengeIdentifier(), radiusChallengeMD5Packet);
597 sendPacket(md5RadiusPacket);
598
599 RADIUS responseMd5RadiusPacket = (RADIUS) fetchPacket(3);
600
601 checkRadiusPacketFromSupplicant(responseMd5RadiusPacket);
602 assertThat(responseMd5RadiusPacket.getIdentifier(), is((byte) 9));
603 assertThat(responseMd5RadiusPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST));
604
605 // State machine should be in pending state
606
607 assertThat(stateMachine, notNullValue());
608 assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
609
610 // (5) RADIUS Success
611
612 RADIUS successPacket =
613 constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_ACCEPT, EAP.SUCCESS);
614 aaaManager.handleRadiusPacket((successPacket));
615 Ethernet supplicantSuccessPacket = (Ethernet) fetchPacket(4);
616
617 checkRadiusPacket(aaaManager, supplicantSuccessPacket, EAP.SUCCESS);
618
619 // State machine should be in authorized state
620
621 assertThat(stateMachine, notNullValue());
622 assertThat(stateMachine.state(), is(StateMachine.STATE_AUTHORIZED));
623
624 // Supplicant trigger EAP Logoff
625 Ethernet loggoffPacket = constructSupplicantLogoffPacket();
626 sendPacket(loggoffPacket);
627
628 // State machine should be in logoff state
629 assertThat(stateMachine, notNullValue());
630 assertThat(stateMachine.state(), is(StateMachine.STATE_IDLE));
631
632 //Check for increase in stats
633 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolLogoffRx(), ZERO);
634 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolResIdentityMsgTrans(), ZERO);
635 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolAuthSuccessTrans(), ZERO);
636 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolStartReqTrans(), ZERO);
637 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolTransRespNotNak(), ZERO);
638 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapPktTxauthChooseEap(), ZERO);
Shubham Sharma001ae112020-01-28 10:04:01 +0000[diff] [blame^]639 assertNotEquals(aaaStatisticsManager.getAaaStats().getAuthStateIdle(), ZERO);
640 // Counts the aaa Statistics count
Shubham Sharmac7aa6202019-12-12 10:19:10 +0000[diff] [blame]641 countAaaStatistics();
642
643 }
644
Arjun E Kac463f62020-02-03 14:05:45 +0000[diff] [blame]645 /** Tests the authentication path through the AAA application.
646 * And counts the aaa Stats for timeout.
647 * @throws DeserializationException
648 * if packed deserialization fails.
649 */
650 @Test
651 public void testAaaStatisticsForTimeoutPackets() throws Exception {
652
653 // (1) Supplicant start up
654 Ethernet startPacket = constructSupplicantStartPacket();
655 sendPacket(startPacket);
656
657 Ethernet responsePacket = (Ethernet) fetchPacket(0);
658 checkRadiusPacket(aaaManager, responsePacket, EAP.ATTR_IDENTITY);
659
660 // (2) Supplicant identify
661
662 Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null);
663 sendPacket(identifyPacket);
664
665 RADIUS radiusIdentifyPacket = (RADIUS) fetchPacket(1);
666 checkRadiusPacketFromSupplicant(radiusIdentifyPacket);
667
668 assertThat(radiusIdentifyPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST));
669 assertThat(new String(radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_USERNAME).getValue()),
670 is("testuser"));
671 IpAddress nasIp = IpAddress.valueOf(IpAddress.Version.INET,
672 radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP).getValue());
673 assertThat(nasIp.toString(), is(aaaManager.nasIpAddress.getHostAddress()));
674
675 // State machine should have been created by now
676
677 StateMachine stateMachine = StateMachine.lookupStateMachineBySessionId(SESSION_ID);
678 assertThat(stateMachine, notNullValue());
679 assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
680 Thread.sleep((aaaManager.cleanupTimerTimeOutInMins / 2) + 1);
681
682 // State machine should be in timeout state
683 assertThat(stateMachine, notNullValue());
684 assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
685
686 //Check for increase in stats
687 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolResIdentityMsgTrans(), ZERO);
688 assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolStartReqTrans(), ZERO);
689 countAaaStatistics();
690
691 }
692
Sonal Kasliwal6f2246d2020-01-30 08:42:42 +0000[diff] [blame]693
694 /** Tests the authentication path through the AAA application.
695 * And counts the aaa Stats for logoff transactionXZ.
696 * @throws DeserializationException
697 * if packed deserialization fails.
698 */
699 @Test
700 public void testAaaSuplicantStatsForEapolLogOff() throws Exception {
701
702 // (1) Supplicant start up
703 Ethernet startPacket = constructSupplicantStartPacket();
704 sendPacket(startPacket);
705
706 Ethernet responsePacket = (Ethernet) fetchPacket(0);
707 checkRadiusPacket(aaaManager, responsePacket, EAP.ATTR_IDENTITY);
708
709 // (2) Supplicant identify
710
711 Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null);
712 sendPacket(identifyPacket);
713
714 RADIUS radiusIdentifyPacket = (RADIUS) fetchPacket(1);
715 checkRadiusPacketFromSupplicant(radiusIdentifyPacket);
716
717 // State machine should have been created by now
718
719 StateMachine stateMachine = StateMachine.lookupStateMachineBySessionId(SESSION_ID);
720
721 // (3) RADIUS MD5 challenge
722
723 RADIUS radiusCodeAccessChallengePacket = constructRadiusCodeAccessChallengePacket(
724 RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_MD5);
725 aaaManager.handleRadiusPacket(radiusCodeAccessChallengePacket);
726
727 Ethernet radiusChallengeMD5Packet = (Ethernet) fetchPacket(2);
728 checkRadiusPacket(aaaManager, radiusChallengeMD5Packet, EAP.ATTR_MD5);
729
730 // (4) Supplicant MD5 response
731
732 Ethernet md5RadiusPacket = constructSupplicantIdentifyPacket(stateMachine, EAP.ATTR_MD5,
733 stateMachine.challengeIdentifier(), radiusChallengeMD5Packet);
734 sendPacket(md5RadiusPacket);
735
736 RADIUS responseMd5RadiusPacket = (RADIUS) fetchPacket(3);
737
738 checkRadiusPacketFromSupplicant(responseMd5RadiusPacket);
739
740 // (5) RADIUS Success
741
742 RADIUS successPacket =
743 constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_ACCEPT, EAP.SUCCESS);
744 aaaManager.handleRadiusPacket((successPacket));
745 Ethernet supplicantSuccessPacket = (Ethernet) fetchPacket(4);
746
747 checkRadiusPacket(aaaManager, supplicantSuccessPacket, EAP.SUCCESS);
748
749 // Supplicant trigger EAP Logoff
750 Ethernet loggoffPacket = constructSupplicantLogoffPacket();
751 sendPacket(loggoffPacket);
752 AaaSupplicantMachineStats aaaSupplicantObj = aaaSupplicantStatsManager.getSupplicantStats(stateMachine);
753
754 // Check the aaa supplicant stats.
755 assertEquals(aaaSupplicantObj.getSessionTerminateReason(), "SUPPLICANT_LOGOFF");
756 assertEquals(aaaSupplicantObj.getEapolType(), "EAPOL_LOGOFF");
757 assertNotEquals(aaaSupplicantObj.getSessionDuration(), 0);
758 assertEquals(aaaSupplicantObj.getSessionName(), "testuser");
759 assertEquals(aaaSupplicantObj.getSessionId(), SESSION_ID);
760 assertEquals(aaaSupplicantObj.getSrcMacAddress(), serverMac.toString());
761 assertNotEquals(aaaSupplicantObj.getTotalFramesReceived(), 0);
762 assertNotEquals(aaaSupplicantObj.getTotalFramesSent(), 0);
763 assertNotEquals(aaaSupplicantObj.getTotalPacketsRecieved(), 0);
764 assertNotEquals(aaaSupplicantObj.getTotalPacketsSent(), 0);
765 }
766
767
768 @Test
769 public void testAaaSuplicantStatsForPortRemoved() throws Exception {
770
771 // (1) Supplicant start up
772 Ethernet startPacket = constructSupplicantStartPacket();
773 sendPacket(startPacket);
774
775 Ethernet responsePacket = (Ethernet) fetchPacket(0);
776 checkRadiusPacket(aaaManager, responsePacket, EAP.ATTR_IDENTITY);
777
778 // (2) Supplicant identify
779
780 Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null);
781 sendPacket(identifyPacket);
782
783 RADIUS radiusIdentifyPacket = (RADIUS) fetchPacket(1);
784 checkRadiusPacketFromSupplicant(radiusIdentifyPacket);
785
786 // State machine should have been created by now
787 StateMachine stateMachine = StateMachine.lookupStateMachineBySessionId(SESSION_ID);
788
789 // Device configuration
790 DeviceId deviceId = DeviceId.deviceId("of:1");
791 // Source ip address of two different device.
792 Ip4Address sourceIp = Ip4Address.valueOf("10.177.125.4");
793 DefaultAnnotations.Builder annotationsBuilder = DefaultAnnotations.builder()
794 .set(AnnotationKeys.MANAGEMENT_ADDRESS, sourceIp.toString());
795 SparseAnnotations annotations = annotationsBuilder.build();
796 Annotations[] deviceAnnotations = {annotations };
797 Device deviceA = new DefaultDevice(null, deviceId, Device.Type.OTHER, "", "", "", "", null, deviceAnnotations);
798 Port port =
799 new DefaultPort(null, PortNumber.portNumber(1), true, Type.COPPER, DefaultPort.DEFAULT_SPEED, annotations);
800 DeviceEvent deviceEvent = new DeviceEvent(DeviceEvent.Type.PORT_REMOVED, deviceA, port);
801 aaaManager.deviceListener.event(deviceEvent);
802 AaaSupplicantMachineStats aaaSupplicantObj = aaaSupplicantStatsManager.getSupplicantStats(stateMachine);
803
804 // Check the aaa supplicant stats.
805 assertEquals(aaaSupplicantObj.getSessionTerminateReason(), "PORT_REMOVED");
806 assertEquals(aaaSupplicantObj.getEapolType(), "EAPOL_PACKET");
807 assertNotEquals(aaaSupplicantObj.getSessionDuration(), 0);
808 assertEquals(aaaSupplicantObj.getSessionName(), "testuser");
809 assertEquals(aaaSupplicantObj.getSessionId(), SESSION_ID);
810 assertEquals(aaaSupplicantObj.getSrcMacAddress(), serverMac.toString());
811 assertEquals(aaaSupplicantObj.getTotalFramesReceived(), 0);
812 assertEquals(aaaSupplicantObj.getTotalFramesSent(), 0);
813 assertEquals(aaaSupplicantObj.getTotalPacketsRecieved(), 0);
814 assertEquals(aaaSupplicantObj.getTotalPacketsSent(), 0);
815 }
816
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]817 // Calculates the AAA statistics count.
818 public void countAaaStatistics() {
819 assertThat(aaaStatisticsManager.getAaaStats().getAcceptResponsesRx(), notNullValue());
820 assertThat(aaaStatisticsManager.getAaaStats().getAccessRequestsTx(), notNullValue());
821 assertThat(aaaStatisticsManager.getAaaStats().getChallengeResponsesRx(), notNullValue());
822 assertThat(aaaStatisticsManager.getAaaStats().getDroppedResponsesRx(), notNullValue());
823 assertThat(aaaStatisticsManager.getAaaStats().getInvalidValidatorsRx(), notNullValue());
824 assertThat(aaaStatisticsManager.getAaaStats().getMalformedResponsesRx(), notNullValue());
825 assertThat(aaaStatisticsManager.getAaaStats().getPendingRequests(), notNullValue());
826 assertThat(aaaStatisticsManager.getAaaStats().getRejectResponsesRx(), notNullValue());
827 assertThat(aaaStatisticsManager.getAaaStats().getRequestReTx(), notNullValue());
828 assertThat(aaaStatisticsManager.getAaaStats().getRequestRttMilis(), notNullValue());
829 assertThat(aaaStatisticsManager.getAaaStats().getUnknownServerRx(), notNullValue());
830 assertThat(aaaStatisticsManager.getAaaStats().getUnknownTypeRx(), notNullValue());
Shubham Sharmac7aa6202019-12-12 10:19:10 +0000[diff] [blame]831
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]832 }
833
834 /*
835 * Mock implementation of SocketBasedRadiusCommunicator class.
836 *
837 */
838 class TestSocketBasedRadiusCommunicator extends SocketBasedRadiusCommunicator {
839
840 TestSocketBasedRadiusCommunicator(ApplicationId appId, PacketService pktService, AaaManager aaaManager) {
841 super(appId, pktService, aaaManager);
842 }
843
844 // Implementation of socketBasedRadiusCommunicator--> run() method
845 public void handlePacketFromServer(PacketContext context) {
846
847 RADIUS incomingPkt = (RADIUS) fetchPacket(savedPackets.size() - 1);
848 try {
849 if (context == null) {
850 aaaStatisticsManager.handleRoundtripTime(incomingPkt.getIdentifier());
851 aaaManager.handleRadiusPacket(incomingPkt);
852 } else if (null != context) {
853 aaaManager.checkForPacketFromUnknownServer("100.100.100.0");
854 aaaStatisticsManager.handleRoundtripTime(incomingPkt.getIdentifier());
855 aaaManager.handleRadiusPacket(incomingPkt);
856 incomingPkt =
857 RADIUS.deserializer().deserialize(incomingPkt.generateAuthCode(), 0, 1);
858 }
859 } catch (DeserializationException dex) {
860 aaaManager.aaaStatisticsManager.getAaaStats().increaseMalformedResponsesRx();
861 aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
862 log.error("Cannot deserialize packet", dex);
863 } catch (StateMachineException sme) {
864 log.error("Illegal state machine operation", sme);
865 }
866
867 }
868
869 }
870
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]871}