Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2015-present Open Networking Foundation |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | package org.opencord.aaa.impl; |
| 17 | |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 18 | import org.junit.After; |
| 19 | import org.junit.Before; |
| 20 | import org.junit.Test; |
| 21 | import org.onlab.junit.TestUtils; |
| 22 | import org.onlab.packet.BasePacket; |
| 23 | import org.onlab.packet.DeserializationException; |
| 24 | import org.onlab.packet.EAP; |
| 25 | import org.onlab.packet.Ethernet; |
| 26 | import org.onlab.packet.IpAddress; |
| 27 | import org.onlab.packet.RADIUS; |
| 28 | import org.onlab.packet.RADIUSAttribute; |
| 29 | import org.onosproject.core.ApplicationId; |
| 30 | import org.onosproject.core.CoreServiceAdapter; |
| 31 | import org.onosproject.event.DefaultEventSinkRegistry; |
| 32 | import org.onosproject.event.Event; |
| 33 | import org.onosproject.event.EventDeliveryService; |
| 34 | import org.onosproject.event.EventSink; |
| 35 | import org.onosproject.net.config.Config; |
| 36 | import org.onosproject.net.config.NetworkConfigRegistryAdapter; |
| 37 | import org.onosproject.net.packet.DefaultInboundPacket; |
| 38 | import org.onosproject.net.packet.InboundPacket; |
| 39 | import org.onosproject.net.packet.PacketContext; |
| 40 | import org.onosproject.net.packet.PacketService; |
| 41 | import org.opencord.aaa.AaaConfig; |
| 42 | import org.slf4j.Logger; |
| 43 | |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 44 | import java.net.InetAddress; |
| 45 | import java.net.UnknownHostException; |
| 46 | import java.nio.ByteBuffer; |
| 47 | |
| 48 | import static com.google.common.base.Preconditions.checkState; |
| 49 | import static org.hamcrest.Matchers.is; |
| 50 | import static org.hamcrest.Matchers.notNullValue; |
Shubham Sharma | 2b3fb69 | 2019-12-12 10:19:10 +0000 | [diff] [blame] | 51 | import static org.junit.Assert.assertNotEquals; |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 52 | import static org.junit.Assert.assertThat; |
| 53 | import static org.onosproject.net.NetTestTools.connectPoint; |
| 54 | import static org.slf4j.LoggerFactory.getLogger; |
| 55 | |
| 56 | /** |
| 57 | * Set of tests of the ONOS application component for AAA Statistics. |
| 58 | */ |
| 59 | public class AaaStatisticsTest extends AaaTestBase { |
| 60 | |
| 61 | static final String BAD_IP_ADDRESS = "198.51.100.0"; |
Shubham Sharma | 2b3fb69 | 2019-12-12 10:19:10 +0000 | [diff] [blame] | 62 | static final Long ZERO = (long) 0; |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 63 | |
| 64 | private final Logger log = getLogger(getClass()); |
| 65 | private AaaManager aaaManager; |
| 66 | private AaaStatisticsManager aaaStatisticsManager; |
Kartikey Dubey | adeb26e | 2019-10-01 12:18:35 +0000 | [diff] [blame] | 67 | private AaaSupplicantMachineStatsManager aaaSupplicantStatsManager; |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 68 | |
| 69 | class AaaManagerWithoutRadiusServer extends AaaManager { |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 70 | protected void sendRadiusPacket(RADIUS radiusPacket, InboundPacket inPkt) { |
| 71 | super.sendRadiusPacket(radiusPacket, inPkt); |
| 72 | aaaManager.aaaStatisticsManager.putOutgoingIdentifierToMap(radiusPacket.getIdentifier()); |
| 73 | savePacket(radiusPacket); |
| 74 | } |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 75 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 76 | // changed the configuration of parent method to protected |
| 77 | protected void configureRadiusCommunication() { |
| 78 | PacketService pktService = new MockPacketService(); |
| 79 | ApplicationId appId = new CoreServiceAdapter().registerApplication("org.opencord.aaa"); |
| 80 | aaaManager.impl = new TestSocketBasedRadiusCommunicator(appId, pktService, aaaManager); |
| 81 | } |
| 82 | } |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 83 | |
| 84 | /** |
| 85 | * Mocks the AAAConfig class to force usage of an unroutable address for the |
| 86 | * RADIUS server. |
| 87 | */ |
| 88 | static class MockAaaConfig extends AaaConfig { |
| 89 | @Override |
| 90 | public InetAddress radiusIp() { |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 91 | try { |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 92 | return InetAddress.getByName(BAD_IP_ADDRESS); |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 93 | } catch (UnknownHostException ex) { |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 94 | throw new IllegalStateException(ex); |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 95 | } |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 96 | } |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 97 | } |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 98 | |
| 99 | /** |
| 100 | * Mocks the network config registry. |
| 101 | */ |
| 102 | @SuppressWarnings("unchecked") |
| 103 | private static final class TestNetworkConfigRegistry extends NetworkConfigRegistryAdapter { |
| 104 | @Override |
| 105 | public <S, C extends Config<S>> C getConfig(S subject, Class<C> configClass) { |
| 106 | AaaConfig aaaConfig = new MockAaaConfig(); |
| 107 | return (C) aaaConfig; |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 108 | } |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 109 | } |
| 110 | |
| 111 | public static class TestEventDispatcher extends DefaultEventSinkRegistry implements EventDeliveryService { |
| 112 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 113 | @Override |
| 114 | @SuppressWarnings("unchecked") |
| 115 | public synchronized void post(Event event) { |
| 116 | EventSink sink = getSink(event.getClass()); |
| 117 | checkState(sink != null, "No sink for event %s", event); |
| 118 | sink.process(event); |
| 119 | } |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 120 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 121 | @Override |
| 122 | public void setDispatchTimeLimit(long millis) { |
| 123 | } |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 124 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 125 | @Override |
| 126 | public long getDispatchTimeLimit() { |
| 127 | return 0; |
| 128 | } |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 129 | } |
| 130 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 131 | /** |
| 132 | * Set up the services required by the AAA application. |
| 133 | */ |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 134 | @Before |
| 135 | public void setUp() { |
| 136 | aaaManager = new AaaManagerWithoutRadiusServer(); |
Shubham Sharma | 4900ce6 | 2019-06-19 14:18:50 +0000 | [diff] [blame] | 137 | aaaManager.radiusOperationalStatusService = new RadiusOperationalStatusManager(); |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 138 | aaaManager.netCfgService = new TestNetworkConfigRegistry(); |
| 139 | aaaManager.coreService = new CoreServiceAdapter(); |
| 140 | aaaManager.packetService = new MockPacketService(); |
| 141 | aaaManager.deviceService = new TestDeviceService(); |
| 142 | aaaManager.sadisService = new MockSadisService(); |
| 143 | aaaManager.cfgService = new MockCfgService(); |
| 144 | aaaStatisticsManager = new AaaStatisticsManager(); |
Kartikey Dubey | adeb26e | 2019-10-01 12:18:35 +0000 | [diff] [blame] | 145 | aaaSupplicantStatsManager = new AaaSupplicantMachineStatsManager(); |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 146 | TestUtils.setField(aaaStatisticsManager, "eventDispatcher", new TestEventDispatcher()); |
| 147 | aaaStatisticsManager.activate(); |
Kartikey Dubey | adeb26e | 2019-10-01 12:18:35 +0000 | [diff] [blame] | 148 | TestUtils.setField(aaaSupplicantStatsManager, "eventDispatcher", new TestEventDispatcher()); |
| 149 | aaaSupplicantStatsManager.activate(); |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 150 | aaaManager.aaaStatisticsManager = this.aaaStatisticsManager; |
Kartikey Dubey | adeb26e | 2019-10-01 12:18:35 +0000 | [diff] [blame] | 151 | aaaManager.aaaSupplicantStatsManager = this.aaaSupplicantStatsManager; |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 152 | TestUtils.setField(aaaManager, "eventDispatcher", new TestEventDispatcher()); |
| 153 | aaaManager.activate(new AaaTestBase.MockComponentContext()); |
| 154 | } |
| 155 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 156 | /** |
| 157 | * Tear down the AAA application. |
| 158 | */ |
| 159 | @After |
| 160 | public void tearDown() { |
| 161 | aaaManager.deactivate(new AaaTestBase.MockComponentContext()); |
| 162 | } |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 163 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 164 | /** |
| 165 | * Extracts the RADIUS packet from a packet sent by the supplicant. |
| 166 | * |
| 167 | * @param radius RADIUS packet sent by the supplicant |
| 168 | * @throws DeserializationException if deserialization of the packet contents fails. |
| 169 | */ |
| 170 | private void checkRadiusPacketFromSupplicant(RADIUS radius) throws DeserializationException { |
| 171 | assertThat(radius, notNullValue()); |
| 172 | EAP eap = radius.decapsulateMessage(); |
| 173 | assertThat(eap, notNullValue()); |
| 174 | } |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 175 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 176 | /** |
| 177 | * Fetches the sent packet at the given index. The requested packet must be the |
| 178 | * last packet on the list. |
| 179 | * |
| 180 | * @param index index into sent packets array |
| 181 | * @return packet |
| 182 | */ |
| 183 | private BasePacket fetchPacket(int index) { |
| 184 | BasePacket packet = savedPackets.get(index); |
| 185 | assertThat(packet, notNullValue()); |
| 186 | return packet; |
| 187 | } |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 188 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 189 | /** |
| 190 | * Tests the authentication path through the AAA application. |
| 191 | * And counts the aaa Stats for successful transmission. |
| 192 | * |
| 193 | * @throws DeserializationException if packed deserialization fails. |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 194 | */ |
| 195 | @Test |
| 196 | public void testAaaStatisticsForAcceptedPackets() throws Exception { |
| 197 | |
| 198 | // (1) Supplicant start up |
| 199 | Ethernet startPacket = constructSupplicantStartPacket(); |
| 200 | sendPacket(startPacket); |
| 201 | |
| 202 | Ethernet responsePacket = (Ethernet) fetchPacket(0); |
| 203 | checkRadiusPacket(aaaManager, responsePacket, EAP.ATTR_IDENTITY); |
| 204 | |
| 205 | // (2) Supplicant identify |
| 206 | |
| 207 | Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null); |
| 208 | sendPacket(identifyPacket); |
| 209 | |
| 210 | RADIUS radiusIdentifyPacket = (RADIUS) fetchPacket(1); |
| 211 | checkRadiusPacketFromSupplicant(radiusIdentifyPacket); |
| 212 | |
| 213 | assertThat(radiusIdentifyPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST)); |
| 214 | assertThat(new String(radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_USERNAME).getValue()), |
| 215 | is("testuser")); |
| 216 | IpAddress nasIp = IpAddress.valueOf(IpAddress.Version.INET, |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 217 | radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP).getValue()); |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 218 | assertThat(nasIp.toString(), is(aaaManager.nasIpAddress.getHostAddress())); |
| 219 | |
| 220 | // State machine should have been created by now |
| 221 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 222 | StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID); |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 223 | assertThat(stateMachine, notNullValue()); |
| 224 | assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING)); |
| 225 | |
| 226 | // (3) RADIUS MD5 challenge |
| 227 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 228 | RADIUS radiusCodeAccessChallengePacket = constructRadiusCodeAccessChallengePacket( |
| 229 | RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_MD5, radiusIdentifyPacket.getIdentifier(), |
| 230 | aaaManager.radiusSecret.getBytes()); |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 231 | aaaManager.handleRadiusPacket(radiusCodeAccessChallengePacket); |
| 232 | |
| 233 | Ethernet radiusChallengeMD5Packet = (Ethernet) fetchPacket(2); |
| 234 | checkRadiusPacket(aaaManager, radiusChallengeMD5Packet, EAP.ATTR_MD5); |
| 235 | |
| 236 | // (4) Supplicant MD5 response |
| 237 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 238 | Ethernet md5RadiusPacket = constructSupplicantIdentifyPacket(stateMachine, EAP.ATTR_MD5, |
| 239 | stateMachine.challengeIdentifier(), radiusChallengeMD5Packet); |
| 240 | sendPacket(md5RadiusPacket); |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 241 | |
| 242 | RADIUS responseMd5RadiusPacket = (RADIUS) fetchPacket(3); |
| 243 | |
| 244 | checkRadiusPacketFromSupplicant(responseMd5RadiusPacket); |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 245 | //assertThat(responseMd5RadiusPacket.getIdentifier(), is((byte) 9)); |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 246 | assertThat(responseMd5RadiusPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST)); |
| 247 | |
| 248 | // State machine should be in pending state |
| 249 | |
| 250 | assertThat(stateMachine, notNullValue()); |
| 251 | assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING)); |
| 252 | |
| 253 | // (5) RADIUS Success |
| 254 | |
| 255 | RADIUS successPacket = |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 256 | constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_ACCEPT, EAP.SUCCESS, |
| 257 | responseMd5RadiusPacket.getIdentifier(), aaaManager.radiusSecret.getBytes()); |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 258 | aaaManager.handleRadiusPacket((successPacket)); |
| 259 | Ethernet supplicantSuccessPacket = (Ethernet) fetchPacket(4); |
| 260 | |
| 261 | checkRadiusPacket(aaaManager, supplicantSuccessPacket, EAP.SUCCESS); |
| 262 | |
| 263 | // State machine should be in authorized state |
| 264 | |
| 265 | assertThat(stateMachine, notNullValue()); |
| 266 | assertThat(stateMachine.state(), is(StateMachine.STATE_AUTHORIZED)); |
| 267 | |
Shubham Sharma | 2b3fb69 | 2019-12-12 10:19:10 +0000 | [diff] [blame] | 268 | //Check for increase of Stats |
| 269 | assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolResIdentityMsgTrans(), ZERO); |
| 270 | assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolAuthSuccessTrans(), ZERO); |
| 271 | assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolStartReqTrans(), ZERO); |
| 272 | assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolTransRespNotNak(), ZERO); |
| 273 | assertNotEquals(aaaStatisticsManager.getAaaStats().getEapPktTxauthChooseEap(), ZERO); |
| 274 | |
Shubham Sharma | 80214c6 | 2019-12-18 07:09:59 +0000 | [diff] [blame] | 275 | assertNotEquals(aaaStatisticsManager.getAaaStats().getAcceptResponsesRx(), ZERO); |
| 276 | assertNotEquals(aaaStatisticsManager.getAaaStats().getAccessRequestsTx(), ZERO); |
| 277 | assertNotEquals(aaaStatisticsManager.getAaaStats().getChallengeResponsesRx(), ZERO); |
| 278 | assertNotEquals(aaaStatisticsManager.getAaaStats().getDroppedResponsesRx(), ZERO); |
| 279 | assertNotEquals(aaaStatisticsManager.getAaaStats().getInvalidValidatorsRx(), ZERO); |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 280 | |
Shubham Sharma | 80214c6 | 2019-12-18 07:09:59 +0000 | [diff] [blame] | 281 | // Counts the aaa Statistics count and displays in the log |
| 282 | countAaaStatistics(); |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 283 | } |
| 284 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 285 | /** |
| 286 | * Tests the count for defected packets. |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 287 | * |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 288 | * @throws DeserializationException if packed deserialization fails. |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 289 | */ |
| 290 | @Test |
| 291 | public void testAaaStatisticsForDefectivePackets() throws Exception { |
| 292 | // (1) Supplicant start up |
| 293 | Ethernet startPacket = constructSupplicantStartPacket(); |
| 294 | sendPacket(startPacket); |
| 295 | |
| 296 | // (2) Supplicant identify |
| 297 | |
| 298 | Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null); |
| 299 | sendPacket(identifyPacket); |
| 300 | |
| 301 | RADIUS radiusIdentifyPacket = (RADIUS) fetchPacket(1); |
| 302 | |
| 303 | checkRadiusPacketFromSupplicant(radiusIdentifyPacket); |
| 304 | |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 305 | // State machine should have been created by now |
| 306 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 307 | StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID); |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 308 | |
| 309 | // (3) RADIUS MD5 challenge |
| 310 | |
| 311 | RADIUS radiusCodeAccessChallengePacket = constructRadiusCodeAccessChallengePacket( |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 312 | RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_MD5, radiusIdentifyPacket.getIdentifier(), |
| 313 | aaaManager.radiusSecret.getBytes()); |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 314 | aaaManager.handleRadiusPacket(radiusCodeAccessChallengePacket); |
| 315 | |
| 316 | Ethernet radiusChallengeMD5Packet = (Ethernet) fetchPacket(2); |
| 317 | |
| 318 | // (4) Supplicant MD5 response |
| 319 | |
| 320 | Ethernet md5RadiusPacket = constructSupplicantIdentifyPacket(stateMachine, EAP.ATTR_MD5, |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 321 | stateMachine.challengeIdentifier(), radiusChallengeMD5Packet); |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 322 | sendPacket(md5RadiusPacket); |
| 323 | aaaManager.aaaStatisticsManager.calculatePacketRoundtripTime(); |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 324 | |
| 325 | RADIUS responseMd5RadiusPacket = (RADIUS) fetchPacket(3); |
| 326 | |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 327 | // (5) RADIUS Rejected |
| 328 | |
| 329 | RADIUS rejectedPacket = |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 330 | constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_REJECT, EAP.FAILURE, |
| 331 | responseMd5RadiusPacket.getIdentifier(), aaaManager.radiusSecret.getBytes()); |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 332 | aaaManager.handleRadiusPacket((rejectedPacket)); |
| 333 | Ethernet supplicantRejectedPacket = (Ethernet) fetchPacket(4); |
| 334 | |
| 335 | checkRadiusPacket(aaaManager, supplicantRejectedPacket, EAP.FAILURE); |
| 336 | |
| 337 | // State machine should be in unauthorized state |
| 338 | assertThat(stateMachine, notNullValue()); |
| 339 | assertThat(stateMachine.state(), is(StateMachine.STATE_UNAUTHORIZED)); |
| 340 | // Calculated the total round trip time |
| 341 | aaaManager.aaaStatisticsManager.calculatePacketRoundtripTime(); |
Shubham Sharma | 2b3fb69 | 2019-12-12 10:19:10 +0000 | [diff] [blame] | 342 | |
| 343 | //Check for increase of Stats |
| 344 | assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolResIdentityMsgTrans(), ZERO); |
| 345 | assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolAuthFailureTrans(), ZERO); |
| 346 | assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolStartReqTrans(), ZERO); |
| 347 | assertNotEquals(aaaStatisticsManager.getAaaStats().getEapPktTxauthChooseEap(), ZERO); |
| 348 | assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolTransRespNotNak(), ZERO); |
| 349 | |
Shubham Sharma | 80214c6 | 2019-12-18 07:09:59 +0000 | [diff] [blame] | 350 | assertNotEquals(aaaStatisticsManager.getAaaStats().getAccessRequestsTx(), ZERO); |
| 351 | assertNotEquals(aaaStatisticsManager.getAaaStats().getChallengeResponsesRx(), ZERO); |
| 352 | assertNotEquals(aaaStatisticsManager.getAaaStats().getDroppedResponsesRx(), ZERO); |
| 353 | assertNotEquals(aaaStatisticsManager.getAaaStats().getInvalidValidatorsRx(), ZERO); |
Shubham Sharma | 80214c6 | 2019-12-18 07:09:59 +0000 | [diff] [blame] | 354 | assertNotEquals(aaaStatisticsManager.getAaaStats().getRejectResponsesRx(), ZERO); |
Shubham Sharma | 80214c6 | 2019-12-18 07:09:59 +0000 | [diff] [blame] | 355 | |
Shubham Sharma | 2b3fb69 | 2019-12-12 10:19:10 +0000 | [diff] [blame] | 356 | // Counts the aaa Statistics count |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 357 | countAaaStatistics(); |
| 358 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 359 | } |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 360 | |
| 361 | /* |
| 362 | * Tests the retransmitted packet and malformed packet count |
| 363 | * |
| 364 | * @throws DeserializationException |
| 365 | * if packed deserialization fails. |
| 366 | */ |
| 367 | @Test |
| 368 | public void testRequestRetransmittedCount() throws Exception { |
| 369 | |
| 370 | // (1) Supplicant start up |
| 371 | Ethernet startPacket = constructSupplicantStartPacket(); |
| 372 | sendPacket(startPacket); |
| 373 | |
| 374 | // (2) Supplicant identify |
| 375 | |
| 376 | Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null); |
| 377 | sendPacket(identifyPacket); |
| 378 | |
| 379 | RADIUS radiusIdentifyPacket = (RADIUS) fetchPacket(1); |
| 380 | checkRadiusPacketFromSupplicant(radiusIdentifyPacket); |
| 381 | |
| 382 | // again creating pending state for same packet |
| 383 | constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null); |
| 384 | sendPacket(identifyPacket); |
| 385 | aaaManager.impl.handlePacketFromServer(null); |
| 386 | aaaManager.aaaStatisticsManager.calculatePacketRoundtripTime(); |
| 387 | |
| 388 | // creating malformed packet |
| 389 | final ByteBuffer byteBuffer = ByteBuffer.wrap(startPacket.serialize()); |
| 390 | InboundPacket inPacket = new DefaultInboundPacket(connectPoint("1", 1), |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 391 | startPacket, byteBuffer); |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 392 | |
| 393 | PacketContext context = new TestPacketContext(127L, inPacket, null, false); |
| 394 | aaaManager.impl.handlePacketFromServer(context); |
Shubham Sharma | 2b3fb69 | 2019-12-12 10:19:10 +0000 | [diff] [blame] | 395 | |
| 396 | // Check for increase of Stats |
| 397 | assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolResIdentityMsgTrans(), ZERO); |
| 398 | assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolStartReqTrans(), ZERO); |
| 399 | |
Shubham Sharma | 80214c6 | 2019-12-18 07:09:59 +0000 | [diff] [blame] | 400 | assertNotEquals(aaaStatisticsManager.getAaaStats().getAccessRequestsTx(), ZERO); |
| 401 | assertNotEquals(aaaStatisticsManager.getAaaStats().getDroppedResponsesRx(), ZERO); |
| 402 | assertNotEquals(aaaStatisticsManager.getAaaStats().getPendingRequests(), ZERO); |
| 403 | assertNotEquals(aaaStatisticsManager.getAaaStats().getMalformedResponsesRx(), ZERO); |
| 404 | assertNotEquals(aaaStatisticsManager.getAaaStats().getRequestReTx(), ZERO); |
| 405 | assertNotEquals(aaaStatisticsManager.getAaaStats().getUnknownTypeRx(), ZERO); |
| 406 | assertNotEquals(aaaStatisticsManager.getAaaStats().getUnknownServerRx(), ZERO); |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 407 | |
Shubham Sharma | 80214c6 | 2019-12-18 07:09:59 +0000 | [diff] [blame] | 408 | countAaaStatistics(); |
| 409 | } |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 410 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 411 | /** |
| 412 | * Tests the authentication path through the AAA application. |
| 413 | * And counts the aaa Stats for logoff transactionXZ. |
| 414 | * |
| 415 | * @throws DeserializationException if packed deserialization fails. |
Shubham Sharma | 2b3fb69 | 2019-12-12 10:19:10 +0000 | [diff] [blame] | 416 | */ |
| 417 | @Test |
| 418 | public void testAaaStatisticsForLogoffPackets() throws Exception { |
| 419 | |
| 420 | // (1) Supplicant start up |
| 421 | Ethernet startPacket = constructSupplicantStartPacket(); |
| 422 | sendPacket(startPacket); |
| 423 | |
| 424 | Ethernet responsePacket = (Ethernet) fetchPacket(0); |
| 425 | checkRadiusPacket(aaaManager, responsePacket, EAP.ATTR_IDENTITY); |
| 426 | |
| 427 | // (2) Supplicant identify |
| 428 | |
| 429 | Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null); |
| 430 | sendPacket(identifyPacket); |
| 431 | |
| 432 | RADIUS radiusIdentifyPacket = (RADIUS) fetchPacket(1); |
| 433 | checkRadiusPacketFromSupplicant(radiusIdentifyPacket); |
| 434 | |
| 435 | assertThat(radiusIdentifyPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST)); |
| 436 | assertThat(new String(radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_USERNAME).getValue()), |
| 437 | is("testuser")); |
| 438 | IpAddress nasIp = IpAddress.valueOf(IpAddress.Version.INET, |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 439 | radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP).getValue()); |
Shubham Sharma | 2b3fb69 | 2019-12-12 10:19:10 +0000 | [diff] [blame] | 440 | assertThat(nasIp.toString(), is(aaaManager.nasIpAddress.getHostAddress())); |
| 441 | |
| 442 | // State machine should have been created by now |
| 443 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 444 | //StateMachine stateMachine = StateMachine.lookupStateMachineBySessionId(SESSION_ID); |
| 445 | StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID); |
Shubham Sharma | 2b3fb69 | 2019-12-12 10:19:10 +0000 | [diff] [blame] | 446 | assertThat(stateMachine, notNullValue()); |
| 447 | assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING)); |
| 448 | |
| 449 | // (3) RADIUS MD5 challenge |
| 450 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 451 | RADIUS radiusCodeAccessChallengePacket = constructRadiusCodeAccessChallengePacket( |
| 452 | RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_MD5, |
| 453 | radiusIdentifyPacket.getIdentifier(), aaaManager.radiusSecret.getBytes()); |
Shubham Sharma | 2b3fb69 | 2019-12-12 10:19:10 +0000 | [diff] [blame] | 454 | aaaManager.handleRadiusPacket(radiusCodeAccessChallengePacket); |
| 455 | |
| 456 | Ethernet radiusChallengeMD5Packet = (Ethernet) fetchPacket(2); |
| 457 | checkRadiusPacket(aaaManager, radiusChallengeMD5Packet, EAP.ATTR_MD5); |
| 458 | |
| 459 | // (4) Supplicant MD5 response |
| 460 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 461 | Ethernet md5RadiusPacket = constructSupplicantIdentifyPacket(stateMachine, EAP.ATTR_MD5, |
| 462 | stateMachine.challengeIdentifier(), radiusChallengeMD5Packet); |
| 463 | sendPacket(md5RadiusPacket); |
Shubham Sharma | 2b3fb69 | 2019-12-12 10:19:10 +0000 | [diff] [blame] | 464 | |
| 465 | RADIUS responseMd5RadiusPacket = (RADIUS) fetchPacket(3); |
| 466 | |
| 467 | checkRadiusPacketFromSupplicant(responseMd5RadiusPacket); |
Shubham Sharma | 2b3fb69 | 2019-12-12 10:19:10 +0000 | [diff] [blame] | 468 | assertThat(responseMd5RadiusPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST)); |
| 469 | |
| 470 | // State machine should be in pending state |
| 471 | |
| 472 | assertThat(stateMachine, notNullValue()); |
| 473 | assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING)); |
| 474 | |
| 475 | // (5) RADIUS Success |
| 476 | |
| 477 | RADIUS successPacket = |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 478 | constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_ACCEPT, EAP.SUCCESS, |
| 479 | responseMd5RadiusPacket.getIdentifier(), aaaManager.radiusSecret.getBytes()); |
Shubham Sharma | 2b3fb69 | 2019-12-12 10:19:10 +0000 | [diff] [blame] | 480 | aaaManager.handleRadiusPacket((successPacket)); |
| 481 | Ethernet supplicantSuccessPacket = (Ethernet) fetchPacket(4); |
| 482 | |
| 483 | checkRadiusPacket(aaaManager, supplicantSuccessPacket, EAP.SUCCESS); |
| 484 | |
| 485 | // State machine should be in authorized state |
| 486 | |
| 487 | assertThat(stateMachine, notNullValue()); |
| 488 | assertThat(stateMachine.state(), is(StateMachine.STATE_AUTHORIZED)); |
| 489 | |
| 490 | // Supplicant trigger EAP Logoff |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 491 | Ethernet logoffPacket = constructSupplicantLogoffPacket(); |
| 492 | sendPacket(logoffPacket); |
Shubham Sharma | 2b3fb69 | 2019-12-12 10:19:10 +0000 | [diff] [blame] | 493 | |
| 494 | // State machine should be in logoff state |
| 495 | assertThat(stateMachine, notNullValue()); |
| 496 | assertThat(stateMachine.state(), is(StateMachine.STATE_IDLE)); |
| 497 | |
| 498 | //Check for increase in stats |
| 499 | assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolLogoffRx(), ZERO); |
| 500 | assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolResIdentityMsgTrans(), ZERO); |
| 501 | assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolAuthSuccessTrans(), ZERO); |
| 502 | assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolStartReqTrans(), ZERO); |
| 503 | assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolTransRespNotNak(), ZERO); |
| 504 | assertNotEquals(aaaStatisticsManager.getAaaStats().getEapPktTxauthChooseEap(), ZERO); |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 505 | // Counts the aaa Statistics count |
| 506 | countAaaStatistics(); |
Shubham Sharma | 2b3fb69 | 2019-12-12 10:19:10 +0000 | [diff] [blame] | 507 | |
| 508 | } |
| 509 | |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 510 | // Calculates the AAA statistics count. |
| 511 | public void countAaaStatistics() { |
| 512 | assertThat(aaaStatisticsManager.getAaaStats().getAcceptResponsesRx(), notNullValue()); |
| 513 | assertThat(aaaStatisticsManager.getAaaStats().getAccessRequestsTx(), notNullValue()); |
| 514 | assertThat(aaaStatisticsManager.getAaaStats().getChallengeResponsesRx(), notNullValue()); |
| 515 | assertThat(aaaStatisticsManager.getAaaStats().getDroppedResponsesRx(), notNullValue()); |
| 516 | assertThat(aaaStatisticsManager.getAaaStats().getInvalidValidatorsRx(), notNullValue()); |
| 517 | assertThat(aaaStatisticsManager.getAaaStats().getMalformedResponsesRx(), notNullValue()); |
| 518 | assertThat(aaaStatisticsManager.getAaaStats().getPendingRequests(), notNullValue()); |
| 519 | assertThat(aaaStatisticsManager.getAaaStats().getRejectResponsesRx(), notNullValue()); |
| 520 | assertThat(aaaStatisticsManager.getAaaStats().getRequestReTx(), notNullValue()); |
| 521 | assertThat(aaaStatisticsManager.getAaaStats().getRequestRttMilis(), notNullValue()); |
| 522 | assertThat(aaaStatisticsManager.getAaaStats().getUnknownServerRx(), notNullValue()); |
| 523 | assertThat(aaaStatisticsManager.getAaaStats().getUnknownTypeRx(), notNullValue()); |
Shubham Sharma | 2b3fb69 | 2019-12-12 10:19:10 +0000 | [diff] [blame] | 524 | |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 525 | } |
| 526 | |
| 527 | /* |
| 528 | * Mock implementation of SocketBasedRadiusCommunicator class. |
| 529 | * |
| 530 | */ |
| 531 | class TestSocketBasedRadiusCommunicator extends SocketBasedRadiusCommunicator { |
| 532 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 533 | TestSocketBasedRadiusCommunicator(ApplicationId appId, PacketService pktService, AaaManager aaaManager) { |
| 534 | super(appId, pktService, aaaManager); |
| 535 | } |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 536 | |
| 537 | // Implementation of socketBasedRadiusCommunicator--> run() method |
| 538 | public void handlePacketFromServer(PacketContext context) { |
| 539 | |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 540 | RADIUS incomingPkt = (RADIUS) fetchPacket(savedPackets.size() - 1); |
| 541 | try { |
| 542 | if (context == null) { |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 543 | aaaStatisticsManager.handleRoundtripTime(incomingPkt.getIdentifier()); |
| 544 | aaaManager.handleRadiusPacket(incomingPkt); |
| 545 | } else if (null != context) { |
| 546 | aaaManager.checkForPacketFromUnknownServer("100.100.100.0"); |
| 547 | aaaStatisticsManager.handleRoundtripTime(incomingPkt.getIdentifier()); |
| 548 | aaaManager.handleRadiusPacket(incomingPkt); |
| 549 | incomingPkt = |
| 550 | RADIUS.deserializer().deserialize(incomingPkt.generateAuthCode(), 0, 1); |
| 551 | } |
Jonathan Hart | 612651f | 2019-11-25 09:21:43 -0800 | [diff] [blame^] | 552 | } catch (DeserializationException dex) { |
| 553 | aaaManager.aaaStatisticsManager.getAaaStats().increaseMalformedResponsesRx(); |
| 554 | aaaStatisticsManager.getAaaStats().countDroppedResponsesRx(); |
| 555 | log.error("Cannot deserialize packet", dex); |
| 556 | } |
Shubham Sharma | cf5e503 | 2019-11-26 11:09:21 +0000 | [diff] [blame] | 557 | } |
| 558 | |
| 559 | } |
| 560 | |
Kartikey Dubey | adeb26e | 2019-10-01 12:18:35 +0000 | [diff] [blame] | 561 | } |