Gitiles
Code Review Sign In
gerrit.opencord.org / aaa / 967776aaf0cf6b15ef70e6e88b3be3d407529f2e / . / src / test / java / org / onosproject / aaa / AAATest.java
blob: 860a7dbd4513da24f36756b3edba1da4f54af0ea [file] [log] [blame]
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]1/*
2 * Copyright 2014 Open Networking Laboratory
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16package org.onosproject.aaa;
17
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]18import java.net.InetAddress;
19import java.net.UnknownHostException;
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]20
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]21import org.junit.After;
22import org.junit.Before;
23import org.junit.Test;
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]24import org.onlab.packet.BasePacket;
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]25import org.onlab.packet.DeserializationException;
26import org.onlab.packet.EAP;
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]27import org.onlab.packet.Ethernet;
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]28import org.onlab.packet.IpAddress;
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]29import org.onlab.packet.RADIUS;
30import org.onlab.packet.RADIUSAttribute;
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]31import org.onosproject.core.CoreServiceAdapter;
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]32import org.onosproject.net.config.Config;
33import org.onosproject.net.config.NetworkConfigRegistryAdapter;
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]34
35import com.google.common.base.Charsets;
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]36
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]37import static org.hamcrest.Matchers.is;
38import static org.hamcrest.Matchers.notNullValue;
39import static org.junit.Assert.assertThat;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]40
41/**
42 * Set of tests of the ONOS application component.
43 */
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]44public class AAATest extends AAATestBase {
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]45
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]46 static final String BAD_IP_ADDRESS = "198.51.100.0";
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]47
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]48 private AAA aaa;
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]49
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]50 class AAAWithoutRadiusServer extends AAA {
51 protected void sendRADIUSPacket(RADIUS radiusPacket) {
52 savePacket(radiusPacket);
53 }
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]54 }
55
56 /**
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]57 * Mocks the AAAConfig class to force usage of an unroutable address for the
58 * RADIUS server.
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]59 */
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]60 static class MockAAAConfig extends AAAConfig {
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]61 @Override
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]62 public InetAddress radiusIp() {
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]63 try {
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]64 return InetAddress.getByName(BAD_IP_ADDRESS);
65 } catch (UnknownHostException ex) {
66 // can't happen
67 throw new IllegalStateException(ex);
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]68 }
69 }
70 }
71
72 /**
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]73 * Mocks the network config registry.
74 */
75 @SuppressWarnings("unchecked")
76 private static final class TestNetworkConfigRegistry
77 extends NetworkConfigRegistryAdapter {
78 @Override
79 public <S, C extends Config<S>> C getConfig(S subject, Class<C> configClass) {
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]80 AAAConfig aaaConfig = new MockAAAConfig();
81 return (C) aaaConfig;
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]82 }
83 }
84
85 /**
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]86 * Constructs an Ethernet packet containing a RADIUS challenge
87 * packet.
88 *
89 * @param challengeCode code to use in challenge packet
90 * @param challengeType type to use in challenge packet
91 * @return Ethernet packet
92 */
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]93 private RADIUS constructRADIUSCodeAccessChallengePacket(byte challengeCode, byte challengeType) {
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]94
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]95 String challenge = "12345678901234567";
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]96
97 EAP eap = new EAP(challengeType, (byte) 1, challengeType,
98 challenge.getBytes(Charsets.US_ASCII));
99 eap.setIdentifier((byte) 1);
100
101 RADIUS radius = new RADIUS();
102 radius.setCode(challengeCode);
103
104 radius.setAttribute(RADIUSAttribute.RADIUS_ATTR_STATE,
105 challenge.getBytes(Charsets.US_ASCII));
106
107 radius.setPayload(eap);
108 radius.setAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE,
109 eap.serialize());
110
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]111 return radius;
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]112 }
113
114 /**
115 * Sets up the services required by the AAA application.
116 */
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]117 @Before
118 public void setUp() {
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]119 aaa = new AAAWithoutRadiusServer();
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]120 aaa.netCfgService = new TestNetworkConfigRegistry();
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]121 aaa.coreService = new CoreServiceAdapter();
122 aaa.packetService = new MockPacketService();
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]123 aaa.activate();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]124 }
125
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]126 /**
127 * Tears down the AAA application.
128 */
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]129 @After
130 public void tearDown() {
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]131 aaa.deactivate();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]132 }
133
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]134 /**
135 * Extracts the RADIUS packet from a packet sent by the supplicant.
136 *
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]137 * @param radius RADIUS packet sent by the supplicant
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]138 * @throws DeserializationException if deserialization of the packet contents
139 * fails.
140 */
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]141 private void checkRADIUSPacketFromSupplicant(RADIUS radius)
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]142 throws DeserializationException {
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]143 assertThat(radius, notNullValue());
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]144
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]145 EAP eap = radius.decapsulateMessage();
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]146 assertThat(eap, notNullValue());
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]147 }
148
149 /**
150 * Fetches the sent packet at the given index. The requested packet
151 * must be the last packet on the list.
152 *
153 * @param index index into sent packets array
154 * @return packet
155 */
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]156 private BasePacket fetchPacket(int index) {
157 BasePacket packet = savedPackets.get(index);
158 assertThat(packet, notNullValue());
159 return packet;
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]160 }
161
162 /**
163 * Tests the authentication path through the AAA application.
164 *
165 * @throws DeserializationException if packed deserialization fails.
166 */
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]167 @Test
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]168 public void testAuthentication() throws Exception {
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]169
170 // (1) Supplicant start up
171
172 Ethernet startPacket = constructSupplicantStartPacket();
173 sendPacket(startPacket);
174
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]175 Ethernet responsePacket = (Ethernet) fetchPacket(0);
176 checkRadiusPacket(aaa, responsePacket, EAP.ATTR_IDENTITY);
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]177
178 // (2) Supplicant identify
179
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]180 Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null);
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]181 sendPacket(identifyPacket);
182
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]183 RADIUS radiusIdentifyPacket = (RADIUS) fetchPacket(1);
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]184
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]185 checkRADIUSPacketFromSupplicant(radiusIdentifyPacket);
186
187 assertThat(radiusIdentifyPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST));
188 assertThat(new String(radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_USERNAME).getValue()),
189 is("testuser"));
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]190
191 IpAddress nasIp =
192 IpAddress.valueOf(IpAddress.Version.INET,
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]193 radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP)
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]194 .getValue());
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]195 assertThat(nasIp.toString(), is(aaa.nasIpAddress.getHostAddress()));
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]196
197 // State machine should have been created by now
198
199 StateMachine stateMachine =
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]200 StateMachine.lookupStateMachineBySessionId(SESSION_ID);
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]201 assertThat(stateMachine, notNullValue());
202 assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
203
204 // (3) RADIUS MD5 challenge
205
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]206 RADIUS radiusCodeAccessChallengePacket =
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]207 constructRADIUSCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_MD5);
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]208 aaa.radiusListener.handleRadiusPacket(radiusCodeAccessChallengePacket);
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]209
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]210 Ethernet radiusChallengeMD5Packet = (Ethernet) fetchPacket(2);
211 checkRadiusPacket(aaa, radiusChallengeMD5Packet, EAP.ATTR_MD5);
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]212
213 // (4) Supplicant MD5 response
214
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]215 Ethernet md5RadiusPacket =
216 constructSupplicantIdentifyPacket(stateMachine,
217 EAP.ATTR_MD5,
218 stateMachine.challengeIdentifier(),
219 radiusChallengeMD5Packet);
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]220 sendPacket(md5RadiusPacket);
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]221
222 RADIUS responseMd5RadiusPacket = (RADIUS) fetchPacket(3);
223
224 checkRADIUSPacketFromSupplicant(responseMd5RadiusPacket);
225 assertThat(responseMd5RadiusPacket.getIdentifier(), is((byte) 0));
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]226 assertThat(responseMd5RadiusPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST));
227
228 // State machine should be in pending state
229
230 assertThat(stateMachine, notNullValue());
231 assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
232
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]233 // (5) RADIUS Success
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]234
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]235 RADIUS successPacket =
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]236 constructRADIUSCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_ACCEPT, EAP.SUCCESS);
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]237 aaa.radiusListener.handleRadiusPacket((successPacket));
238 Ethernet supplicantSuccessPacket = (Ethernet) fetchPacket(4);
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]239
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]240 checkRadiusPacket(aaa, supplicantSuccessPacket, EAP.SUCCESS);
Ray Milkeyea366452015-09-30 10:56:43 -0700[diff] [blame]241
242 // State machine should be in authorized state
243
244 assertThat(stateMachine, notNullValue());
245 assertThat(stateMachine.state(), is(StateMachine.STATE_AUTHORIZED));
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]246
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]247 }
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]248
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]249 /**
250 * Tests the default configuration.
251 */
252 @Test
253 public void testConfig() {
254 assertThat(aaa.nasIpAddress.getHostAddress(), is(AAAConfig.DEFAULT_NAS_IP));
255 assertThat(aaa.nasMacAddress, is(AAAConfig.DEFAULT_NAS_MAC));
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame^]256 assertThat(aaa.radiusIpAddress.getHostAddress(), is(BAD_IP_ADDRESS));
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]257 assertThat(aaa.radiusMacAddress, is(AAAConfig.DEFAULT_RADIUS_MAC));
258 }
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]259}