Test : Adding CERT based TLS test cases.
Change-Id: Iccfc49e3b11141358215deb316c9935099067f3b
diff --git a/src/test/tls/tlsTest.py b/src/test/tls/tlsTest.py
index 2168640..0fdd4bc 100644
--- a/src/test/tls/tlsTest.py
+++ b/src/test/tls/tlsTest.py
@@ -1,12 +1,12 @@
-#
+#
# Copyright 2016-present Ciena Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -21,42 +21,109 @@
from twisted.internet import defer
from EapTLS import TLSAuthTest
from OnosCtrl import OnosCtrl
+from scapy.all import *
+log.setLevel('INFO')
class eap_auth_exchange(unittest.TestCase):
- app = 'org.onosproject.aaa'
+ app = 'org.onosproject.aaa'
+ TLS_TIMEOUT = 20
+ CLIENT_CERT_INVALID = '''-----BEGIN CERTIFICATE-----
+MIIDvTCCAqWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBizELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTb21ld2hlcmUxEzARBgNVBAoTCkNpZW5h
+IEluYy4xHjAcBgkqhkiG9w0BCQEWD2FkbWluQGNpZW5hLmNvbTEmMCQGA1UEAxMd
+RXhhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTYwMzExMTg1MzM2WhcN
+MTcwMzA2MTg1MzM2WjBnMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNV
+BAoTCkNpZW5hIEluYy4xFzAVBgNVBAMUDnVzZXJAY2llbmEuY29tMR0wGwYJKoZI
+hvcNAQkBFg51c2VyQGNpZW5hLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOxemcBsPn9tZsCa5o2JA6sQDC7A6JgCNXXl2VFzKLNNvB9PS6D7ZBsQ
+5An0zEDMNzi51q7lnrYg1XyiE4S8FzMGAFr94RlGMQJUbRD9V/oqszMX4k++iAOK
+tIA1gr3x7Zi+0tkjVSVzXTmgNnhChAamdMsjYUG5+CY9WAicXyy+VEV3zTphZZDR
+OjcjEp4m/TSXVPYPgYDXI40YZKX5BdvqykWtT/tIgZb48RS1NPyN/XkCYzl3bv21
+qx7Mc0fcEbsJBIIRYTUkfxnsilcnmLxSYO+p+DZ9uBLBzcQt+4Rd5pLSfi21WM39
+2Z2oOi3vs/OYAPAqgmi2JWOv3mePa/8CAwEAAaNPME0wEwYDVR0lBAwwCgYIKwYB
+BQUHAwIwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL3d3dy5leGFtcGxlLmNvbS9l
+eGFtcGxlX2NhLmNybDANBgkqhkiG9w0BAQUFAAOCAQEALBzMPDTIB6sLyPl0T6JV
+MjOkyldAVhXWiQsTjaGQGJUUe1cmUJyZbUZEc13MygXMPOM4x7z6VpXGuq1c/Vxn
+VzQ2fNnbJcIAHi/7G8W5/SQfPesIVDsHTEc4ZspPi5jlS/MVX3HOC+BDbOjdbwqP
+RX0JEr+uOyhjO+lRxG8ilMRACoBUbw1eDuVDoEBgErSUC44pq5ioDw2xelc+Y6hQ
+dmtYwfY0DbvwxHtA495frLyPcastDiT/zre7NL51MyUDPjjYjghNQEwvu66IKbQ3
+T1tJBrgI7/WI+dqhKBFolKGKTDWIHsZXQvZ1snGu/FRYzg1l+R/jT8cRB9BDwhUt
+yg==
+-----END CERTIFICATE-----'''
- def setUp(self):
- self.onos_ctrl = OnosCtrl(self.app)
- self.onos_aaa_config()
+ def setUp(self):
+ self.onos_ctrl = OnosCtrl(self.app)
+ self.onos_aaa_config()
- def onos_aaa_config(self):
- aaa_dict = {'apps' : { 'org.onosproject.aaa' : { 'AAA' : { 'radiusSecret': 'radius_password',
+ def onos_aaa_config(self):
+ aaa_dict = {'apps' : { 'org.onosproject.aaa' : { 'AAA' : { 'radiusSecret': 'radius_password',
'radiusIp': '172.17.0.2' } } } }
- radius_ip = os.getenv('ONOS_AAA_IP') or '172.17.0.2'
- aaa_dict['apps']['org.onosproject.aaa']['AAA']['radiusIp'] = radius_ip
- self.onos_ctrl.activate()
- time.sleep(2)
- self.onos_load_config(aaa_dict)
+ radius_ip = os.getenv('ONOS_AAA_IP') or '172.17.0.2'
+ aaa_dict['apps']['org.onosproject.aaa']['AAA']['radiusIp'] = radius_ip
+ self.onos_ctrl.activate()
+ time.sleep(2)
+ self.onos_load_config(aaa_dict)
- def onos_load_config(self, config):
- status, code = OnosCtrl.config(config)
- if status is False:
- log.info('Configure request for AAA returned status %d' %code)
- assert_equal(status, True)
+ def onos_load_config(self, config):
+ status, code = OnosCtrl.config(config)
+ if status is False:
+ log.info('Configure request for AAA returned status %d' %code)
+ assert_equal(status, True)
time.sleep(3)
- @deferred(20)
- def test_eap_tls(self):
- df = defer.Deferred()
- def eap_tls_verify(df):
- tls = TLSAuthTest()
- tls.runTest()
- df.callback(0)
- reactor.callLater(0, eap_tls_verify, df)
- return df
+ @deferred(TLS_TIMEOUT)
+ def test_eap_tls(self):
+ df = defer.Deferred()
+ def eap_tls_verify(df):
+ tls = TLSAuthTest()
+ tls.runTest()
+ df.callback(0)
+ reactor.callLater(0, eap_tls_verify, df)
+ return df
+
+ @deferred(TLS_TIMEOUT)
+ def test_eap_tls_with_no_cert(self):
+ df = defer.Deferred()
+ def eap_tls_no_cert(df):
+ def tls_no_cert_cb():
+ log.info('TLS authentication failed with no certificate')
+
+ tls = TLSAuthTest(fail_cb = tls_no_cert_cb, client_cert = '')
+ tls.runTest()
+ assert_equal(tls.failTest, True)
+ df.callback(0)
+ reactor.callLater(0, eap_tls_no_cert, df)
+ return df
+
+ @deferred(TLS_TIMEOUT)
+ def test_eap_tls_with_invalid_cert(self):
+ df = defer.Deferred()
+ def eap_tls_invalid_cert(df):
+ def tls_invalid_cert_cb():
+ log.info('TLS authentication failed with invalid certificate')
+
+ tls = TLSAuthTest(fail_cb = tls_invalid_cert_cb,
+ client_cert = self.CLIENT_CERT_INVALID)
+ tls.runTest()
+ assert_equal(tls.failTest, True)
+ df.callback(0)
+ reactor.callLater(0, eap_tls_invalid_cert, df)
+ return df
+
+ @deferred(TLS_TIMEOUT)
+ def test_eap_tls_Nusers_with_same_valid_cert(self):
+ df = defer.Deferred()
+ def eap_tls_Nusers_with_same_valid_cert(df):
+ num_users = 3
+ for i in xrange(num_users):
+ tls = TLSAuthTest(intf = 'veth{}'.format(i*2))
+ tls.runTest()
+ df.callback(0)
+ reactor.callLater(0, eap_tls_Nusers_with_same_valid_cert, df)
+ return df
if __name__ == '__main__':
t = TLSAuthTest()
t.runTest()
-
+