Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / b5b46c68155ba84092e88e41701edbfdf6acfbaa / . / src / test / tls / tlsTest.py
blob: 848aa9bc19dcfd2cd791e6256168a874f9329d0f [file] [log] [blame]
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame]1#
Chetan Gaonkercfcce782016-05-10 10:10:42 -0700[diff] [blame]2# Copyright 2016-present Ciena Corporation
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame]7#
Chetan Gaonkercfcce782016-05-10 10:10:42 -0700[diff] [blame]8# http://www.apache.org/licenses/LICENSE-2.0
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame]9#
Chetan Gaonkercfcce782016-05-10 10:10:42 -0700[diff] [blame]10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]16import unittest
Chetan Gaonker1f7c3f82016-03-08 12:17:37 -0800[diff] [blame]17import time
18import os
19from nose.tools import *
A R Karthick22aa0c62016-05-31 11:17:12 -0700[diff] [blame]20from nose.twistedtools import reactor, deferred
21from twisted.internet import defer
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]22from EapTLS import TLSAuthTest
Chetan Gaonker1f7c3f82016-03-08 12:17:37 -0800[diff] [blame]23from OnosCtrl import OnosCtrl
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame]24from scapy.all import *
25log.setLevel('INFO')
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]26
27class eap_auth_exchange(unittest.TestCase):
Chetan Gaonker1f7c3f82016-03-08 12:17:37 -0800[diff] [blame]28
A.R Karthick95d044e2016-06-10 18:44:36 -0700[diff] [blame]29 app = 'org.opencord.aaa'
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame]30 TLS_TIMEOUT = 20
31 CLIENT_CERT_INVALID = '''-----BEGIN CERTIFICATE-----
A R Karthickaa10a202016-08-15 15:06:21 -0700[diff] [blame]32MIIEyTCCA7GgAwIBAgIJAM6l2jUG56pLMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYD
33VQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVNvbWV3aGVyZTETMBEGA1UE
34ChMKQ2llbmEgSW5jLjEeMBwGCSqGSIb3DQEJARYPYWRtaW5AY2llbmEuY29tMSYw
35JAYDVQQDEx1FeGFtcGxlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjAzMTEx
36ODUzMzVaFw0xNzAzMDYxODUzMzVaMIGLMQswCQYDVQQGEwJVUzELMAkGA1UECBMC
37Q0ExEjAQBgNVBAcTCVNvbWV3aGVyZTETMBEGA1UEChMKQ2llbmEgSW5jLjEeMBwG
38CSqGSIb3DQEJARYPYWRtaW5AY2llbmEuY29tMSYwJAYDVQQDEx1FeGFtcGxlIENl
39cnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
40ggEBAL9Jv54TkqycL3U2Fdd/y5NXdnPVXwAVV3m6I3eIffVCv8eS+mwlbl9dnbjo
41qqlGEgA3sEg5HtnKoW81l3PSyV/YaqzUzbcpDlgWlbNkFQ3nVxh61gSU34Fc4h/W
42plSvCkwGSbV5udLtEe6S9IflP2Fu/eXa9vmUtoPqDk66p9U/nWVf2H1GJy7XanWg
43wke+HpQvbzoSfPJS0e5Rm9KErrzaIkJpqt7soW+OjVJitUax7h45RYY1HHHlbMQ0
44ndWW8UDsCxFQO6d7nsijCzY69Y8HarH4mbVtqhg3KJevxD9UMRy6gdtPMDZLah1c
45LHRu14ucOK4aF8oICOgtcD06auUCAwEAAaOCASwwggEoMB0GA1UdDgQWBBQwEs0m
46c8HARTVp21wtiwgav5biqjCBwAYDVR0jBIG4MIG1gBQwEs0mc8HARTVp21wtiwga
47v5biqqGBkaSBjjCBizELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQH
48EwlTb21ld2hlcmUxEzARBgNVBAoTCkNpZW5hIEluYy4xHjAcBgkqhkiG9w0BCQEW
49D2FkbWluQGNpZW5hLmNvbTEmMCQGA1UEAxMdRXhhbXBsZSBDZXJ0aWZpY2F0ZSBB
50dXRob3JpdHmCCQDOpdo1BueqSzAMBgNVHRMEBTADAQH/MDYGA1UdHwQvMC0wK6Ap
51oCeGJWh0dHA6Ly93d3cuZXhhbXBsZS5jb20vZXhhbXBsZV9jYS5jcmwwDQYJKoZI
52hvcNAQELBQADggEBAK+fyAFO8CbH35P5mOX+5wf7+AeC+5pwaFcoCV0zlfwniANp
53jISgcIX9rcetLxeYRAO5com3+qLdd9dGVNL0kwufH4QhlSPErG7OLHHAs4JWVhUo
54bH3lK9lgFVlnCDBtQhslzqScR64SCicWcQEjv3ZMZsJwYLvl8unSaKz4+LVPeJ2L
55opCpmZw/V/S2NhBbe3QjTiRPmDev2gbaO4GCfi/6sCDU7UO3o8KryrkeeMIiFIej
56gfwn9fovmpeqCEyupy2JNNUTJibEuFknwx7JAX+htPL27nEgwV1FYtwI3qLiZqkM
57729wo9cFSslJNZBu+GsBP5LszQSuvNTDWytV+qY=
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame]58-----END CERTIFICATE-----'''
Chetan Gaonker1f7c3f82016-03-08 12:17:37 -0800[diff] [blame]59
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame]60 def setUp(self):
61 self.onos_ctrl = OnosCtrl(self.app)
62 self.onos_aaa_config()
Chetan Gaonker1f7c3f82016-03-08 12:17:37 -0800[diff] [blame]63
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame]64 def onos_aaa_config(self):
65 aaa_dict = {'apps' : { 'org.onosproject.aaa' : { 'AAA' : { 'radiusSecret': 'radius_password',
Chetan Gaonker1f7c3f82016-03-08 12:17:37 -0800[diff] [blame]66 'radiusIp': '172.17.0.2' } } } }
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame]67 radius_ip = os.getenv('ONOS_AAA_IP') or '172.17.0.2'
68 aaa_dict['apps']['org.onosproject.aaa']['AAA']['radiusIp'] = radius_ip
69 self.onos_ctrl.activate()
70 time.sleep(2)
71 self.onos_load_config(aaa_dict)
Chetan Gaonker1f7c3f82016-03-08 12:17:37 -0800[diff] [blame]72
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame]73 def onos_load_config(self, config):
74 status, code = OnosCtrl.config(config)
75 if status is False:
76 log.info('Configure request for AAA returned status %d' %code)
77 assert_equal(status, True)
Chetan Gaonker41d2e072016-03-15 16:41:31 -0700[diff] [blame]78 time.sleep(3)
A R Karthick22aa0c62016-05-31 11:17:12 -0700[diff] [blame]79
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame]80 @deferred(TLS_TIMEOUT)
81 def test_eap_tls(self):
82 df = defer.Deferred()
83 def eap_tls_verify(df):
84 tls = TLSAuthTest()
85 tls.runTest()
86 df.callback(0)
87 reactor.callLater(0, eap_tls_verify, df)
88 return df
89
90 @deferred(TLS_TIMEOUT)
91 def test_eap_tls_with_no_cert(self):
92 df = defer.Deferred()
93 def eap_tls_no_cert(df):
94 def tls_no_cert_cb():
95 log.info('TLS authentication failed with no certificate')
96
97 tls = TLSAuthTest(fail_cb = tls_no_cert_cb, client_cert = '')
98 tls.runTest()
99 assert_equal(tls.failTest, True)
100 df.callback(0)
101 reactor.callLater(0, eap_tls_no_cert, df)
102 return df
103
104 @deferred(TLS_TIMEOUT)
105 def test_eap_tls_with_invalid_cert(self):
106 df = defer.Deferred()
107 def eap_tls_invalid_cert(df):
108 def tls_invalid_cert_cb():
109 log.info('TLS authentication failed with invalid certificate')
110
111 tls = TLSAuthTest(fail_cb = tls_invalid_cert_cb,
112 client_cert = self.CLIENT_CERT_INVALID)
113 tls.runTest()
114 assert_equal(tls.failTest, True)
115 df.callback(0)
116 reactor.callLater(0, eap_tls_invalid_cert, df)
117 return df
118
119 @deferred(TLS_TIMEOUT)
120 def test_eap_tls_Nusers_with_same_valid_cert(self):
121 df = defer.Deferred()
122 def eap_tls_Nusers_with_same_valid_cert(df):
123 num_users = 3
124 for i in xrange(num_users):
125 tls = TLSAuthTest(intf = 'veth{}'.format(i*2))
126 tls.runTest()
127 df.callback(0)
128 reactor.callLater(0, eap_tls_Nusers_with_same_valid_cert, df)
129 return df
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]130
131if __name__ == '__main__':
132 t = TLSAuthTest()
133 t.runTest()