Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / d43b7d4b982516680f02065fd93c4bafee8bc988 / . / src / test / tls / tlsTest.py
blob: 0fdd4bc72fec5a999ef913a60a5c072885f72674 [file] [log] [blame]
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame^]1#
Chetan Gaonkercfcce782016-05-10 10:10:42 -0700[diff] [blame]2# Copyright 2016-present Ciena Corporation
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame^]7#
Chetan Gaonkercfcce782016-05-10 10:10:42 -0700[diff] [blame]8# http://www.apache.org/licenses/LICENSE-2.0
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame^]9#
Chetan Gaonkercfcce782016-05-10 10:10:42 -0700[diff] [blame]10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]16import unittest
Chetan Gaonker1f7c3f82016-03-08 12:17:37 -0800[diff] [blame]17import time
18import os
19from nose.tools import *
A R Karthick22aa0c62016-05-31 11:17:12 -0700[diff] [blame]20from nose.twistedtools import reactor, deferred
21from twisted.internet import defer
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]22from EapTLS import TLSAuthTest
Chetan Gaonker1f7c3f82016-03-08 12:17:37 -0800[diff] [blame]23from OnosCtrl import OnosCtrl
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame^]24from scapy.all import *
25log.setLevel('INFO')
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]26
27class eap_auth_exchange(unittest.TestCase):
Chetan Gaonker1f7c3f82016-03-08 12:17:37 -0800[diff] [blame]28
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame^]29 app = 'org.onosproject.aaa'
30 TLS_TIMEOUT = 20
31 CLIENT_CERT_INVALID = '''-----BEGIN CERTIFICATE-----
32MIIDvTCCAqWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBizELMAkGA1UEBhMCVVMx
33CzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTb21ld2hlcmUxEzARBgNVBAoTCkNpZW5h
34IEluYy4xHjAcBgkqhkiG9w0BCQEWD2FkbWluQGNpZW5hLmNvbTEmMCQGA1UEAxMd
35RXhhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTYwMzExMTg1MzM2WhcN
36MTcwMzA2MTg1MzM2WjBnMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNV
37BAoTCkNpZW5hIEluYy4xFzAVBgNVBAMUDnVzZXJAY2llbmEuY29tMR0wGwYJKoZI
38hvcNAQkBFg51c2VyQGNpZW5hLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
39AQoCggEBAOxemcBsPn9tZsCa5o2JA6sQDC7A6JgCNXXl2VFzKLNNvB9PS6D7ZBsQ
405An0zEDMNzi51q7lnrYg1XyiE4S8FzMGAFr94RlGMQJUbRD9V/oqszMX4k++iAOK
41tIA1gr3x7Zi+0tkjVSVzXTmgNnhChAamdMsjYUG5+CY9WAicXyy+VEV3zTphZZDR
42OjcjEp4m/TSXVPYPgYDXI40YZKX5BdvqykWtT/tIgZb48RS1NPyN/XkCYzl3bv21
43qx7Mc0fcEbsJBIIRYTUkfxnsilcnmLxSYO+p+DZ9uBLBzcQt+4Rd5pLSfi21WM39
442Z2oOi3vs/OYAPAqgmi2JWOv3mePa/8CAwEAAaNPME0wEwYDVR0lBAwwCgYIKwYB
45BQUHAwIwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL3d3dy5leGFtcGxlLmNvbS9l
46eGFtcGxlX2NhLmNybDANBgkqhkiG9w0BAQUFAAOCAQEALBzMPDTIB6sLyPl0T6JV
47MjOkyldAVhXWiQsTjaGQGJUUe1cmUJyZbUZEc13MygXMPOM4x7z6VpXGuq1c/Vxn
48VzQ2fNnbJcIAHi/7G8W5/SQfPesIVDsHTEc4ZspPi5jlS/MVX3HOC+BDbOjdbwqP
49RX0JEr+uOyhjO+lRxG8ilMRACoBUbw1eDuVDoEBgErSUC44pq5ioDw2xelc+Y6hQ
50dmtYwfY0DbvwxHtA495frLyPcastDiT/zre7NL51MyUDPjjYjghNQEwvu66IKbQ3
51T1tJBrgI7/WI+dqhKBFolKGKTDWIHsZXQvZ1snGu/FRYzg1l+R/jT8cRB9BDwhUt
52yg==
53-----END CERTIFICATE-----'''
Chetan Gaonker1f7c3f82016-03-08 12:17:37 -0800[diff] [blame]54
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame^]55 def setUp(self):
56 self.onos_ctrl = OnosCtrl(self.app)
57 self.onos_aaa_config()
Chetan Gaonker1f7c3f82016-03-08 12:17:37 -0800[diff] [blame]58
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame^]59 def onos_aaa_config(self):
60 aaa_dict = {'apps' : { 'org.onosproject.aaa' : { 'AAA' : { 'radiusSecret': 'radius_password',
Chetan Gaonker1f7c3f82016-03-08 12:17:37 -0800[diff] [blame]61 'radiusIp': '172.17.0.2' } } } }
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame^]62 radius_ip = os.getenv('ONOS_AAA_IP') or '172.17.0.2'
63 aaa_dict['apps']['org.onosproject.aaa']['AAA']['radiusIp'] = radius_ip
64 self.onos_ctrl.activate()
65 time.sleep(2)
66 self.onos_load_config(aaa_dict)
Chetan Gaonker1f7c3f82016-03-08 12:17:37 -0800[diff] [blame]67
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame^]68 def onos_load_config(self, config):
69 status, code = OnosCtrl.config(config)
70 if status is False:
71 log.info('Configure request for AAA returned status %d' %code)
72 assert_equal(status, True)
Chetan Gaonker41d2e072016-03-15 16:41:31 -0700[diff] [blame]73 time.sleep(3)
A R Karthick22aa0c62016-05-31 11:17:12 -0700[diff] [blame]74
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame^]75 @deferred(TLS_TIMEOUT)
76 def test_eap_tls(self):
77 df = defer.Deferred()
78 def eap_tls_verify(df):
79 tls = TLSAuthTest()
80 tls.runTest()
81 df.callback(0)
82 reactor.callLater(0, eap_tls_verify, df)
83 return df
84
85 @deferred(TLS_TIMEOUT)
86 def test_eap_tls_with_no_cert(self):
87 df = defer.Deferred()
88 def eap_tls_no_cert(df):
89 def tls_no_cert_cb():
90 log.info('TLS authentication failed with no certificate')
91
92 tls = TLSAuthTest(fail_cb = tls_no_cert_cb, client_cert = '')
93 tls.runTest()
94 assert_equal(tls.failTest, True)
95 df.callback(0)
96 reactor.callLater(0, eap_tls_no_cert, df)
97 return df
98
99 @deferred(TLS_TIMEOUT)
100 def test_eap_tls_with_invalid_cert(self):
101 df = defer.Deferred()
102 def eap_tls_invalid_cert(df):
103 def tls_invalid_cert_cb():
104 log.info('TLS authentication failed with invalid certificate')
105
106 tls = TLSAuthTest(fail_cb = tls_invalid_cert_cb,
107 client_cert = self.CLIENT_CERT_INVALID)
108 tls.runTest()
109 assert_equal(tls.failTest, True)
110 df.callback(0)
111 reactor.callLater(0, eap_tls_invalid_cert, df)
112 return df
113
114 @deferred(TLS_TIMEOUT)
115 def test_eap_tls_Nusers_with_same_valid_cert(self):
116 df = defer.Deferred()
117 def eap_tls_Nusers_with_same_valid_cert(df):
118 num_users = 3
119 for i in xrange(num_users):
120 tls = TLSAuthTest(intf = 'veth{}'.format(i*2))
121 tls.runTest()
122 df.callback(0)
123 reactor.callLater(0, eap_tls_Nusers_with_same_valid_cert, df)
124 return df
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]125
126if __name__ == '__main__':
127 t = TLSAuthTest()
128 t.runTest()
ChetanGaonkerd43b7d42016-06-08 11:07:34 -0700[diff] [blame^]129