diff options
Diffstat (limited to 'framework/src/onos/apps/aaa/src/test')
3 files changed, 0 insertions, 634 deletions
diff --git a/framework/src/onos/apps/aaa/src/test/java/org/onosproject/aaa/AAAIntegrationTest.java b/framework/src/onos/apps/aaa/src/test/java/org/onosproject/aaa/AAAIntegrationTest.java deleted file mode 100644 index fb513ced..00000000 --- a/framework/src/onos/apps/aaa/src/test/java/org/onosproject/aaa/AAAIntegrationTest.java +++ /dev/null @@ -1,151 +0,0 @@ -/* - * Copyright 2014 Open Networking Laboratory - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.onosproject.aaa; - -import org.junit.Before; -import org.junit.Ignore; -import org.junit.Test; -import org.onlab.packet.EAP; -import org.onlab.packet.EAPOL; -import org.onlab.packet.Ethernet; -import org.onosproject.core.CoreServiceAdapter; -import org.onosproject.net.config.Config; -import org.onosproject.net.config.NetworkConfigRegistryAdapter; - -import static org.hamcrest.Matchers.is; -import static org.hamcrest.Matchers.notNullValue; -import static org.junit.Assert.assertThat; - -/** - * Set of tests of the ONOS application component. These use an existing RADIUS - * server and sends live packets over the network to it. - */ -@Ignore ("This should not be run as part of the standard build") -public class AAAIntegrationTest extends AAATestBase { - - private AAA aaa; - - /** - * Mocks the network config registry. - */ - @SuppressWarnings("unchecked") - static final class TestNetworkConfigRegistry - extends NetworkConfigRegistryAdapter { - @Override - public <S, C extends Config<S>> C getConfig(S subject, Class<C> configClass) { - return (C) new AAAConfig(); - } - } - - /** - * Sets up the services required by the AAA application. - */ - @Before - public void setUp() { - aaa = new AAA(); - aaa.netCfgService = new TestNetworkConfigRegistry(); - aaa.coreService = new CoreServiceAdapter(); - aaa.packetService = new MockPacketService(); - aaa.activate(); - } - - /** - * Fetches the sent packet at the given index. The requested packet - * must be the last packet on the list. - * - * @param index index into sent packets array - * @return packet - */ - private Ethernet fetchPacket(int index) { - for (int iteration = 0; iteration < 20; iteration++) { - if (savedPackets.size() > index) { - return (Ethernet) savedPackets.get(index); - } else { - try { - Thread.sleep(250); - } catch (Exception ex) { - return null; - } - } - } - return null; - } - - /** - * Tests the authentication path through the AAA application by sending - * packets to the RADIUS server and checking the state machine - * transitions. - * - * @throws Exception when an unhandled error occurs - */ - @Test - public void testAuthentication() throws Exception { - - // (1) Supplicant start up - - Ethernet startPacket = constructSupplicantStartPacket(); - sendPacket(startPacket); - - Ethernet responsePacket = fetchPacket(0); - assertThat(responsePacket, notNullValue()); - checkRadiusPacket(aaa, responsePacket, EAP.REQUEST); - - // (2) Supplicant identify - - Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null); - sendPacket(identifyPacket); - - // State machine should have been created by now - - StateMachine stateMachine = - StateMachine.lookupStateMachineBySessionId(SESSION_ID); - assertThat(stateMachine, notNullValue()); - assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING)); - - // (3) RADIUS MD5 challenge - - Ethernet radiusChallengeMD5Packet = fetchPacket(1); - assertThat(radiusChallengeMD5Packet, notNullValue()); - checkRadiusPacket(aaa, radiusChallengeMD5Packet, EAP.REQUEST); - - - // (4) Supplicant MD5 response - - Ethernet md5RadiusPacket = - constructSupplicantIdentifyPacket(stateMachine, - EAP.ATTR_MD5, - stateMachine.challengeIdentifier(), - radiusChallengeMD5Packet); - sendPacket(md5RadiusPacket); - - - // (5) RADIUS Success - - Ethernet successRadiusPacket = fetchPacket(2); - assertThat(successRadiusPacket, notNullValue()); - EAPOL successEAPOL = (EAPOL) successRadiusPacket.getPayload(); - EAP successEAP = (EAP) successEAPOL.getPayload(); - assertThat(successEAP.getCode(), is(EAP.SUCCESS)); - - // State machine should be in authorized state - - assertThat(stateMachine, notNullValue()); - assertThat(stateMachine.state(), is(StateMachine.STATE_AUTHORIZED)); - - } - -} - diff --git a/framework/src/onos/apps/aaa/src/test/java/org/onosproject/aaa/AAATest.java b/framework/src/onos/apps/aaa/src/test/java/org/onosproject/aaa/AAATest.java deleted file mode 100644 index 860a7dbd..00000000 --- a/framework/src/onos/apps/aaa/src/test/java/org/onosproject/aaa/AAATest.java +++ /dev/null @@ -1,259 +0,0 @@ -/* - * Copyright 2014 Open Networking Laboratory - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.onosproject.aaa; - -import java.net.InetAddress; -import java.net.UnknownHostException; - -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.onlab.packet.BasePacket; -import org.onlab.packet.DeserializationException; -import org.onlab.packet.EAP; -import org.onlab.packet.Ethernet; -import org.onlab.packet.IpAddress; -import org.onlab.packet.RADIUS; -import org.onlab.packet.RADIUSAttribute; -import org.onosproject.core.CoreServiceAdapter; -import org.onosproject.net.config.Config; -import org.onosproject.net.config.NetworkConfigRegistryAdapter; - -import com.google.common.base.Charsets; - -import static org.hamcrest.Matchers.is; -import static org.hamcrest.Matchers.notNullValue; -import static org.junit.Assert.assertThat; - -/** - * Set of tests of the ONOS application component. - */ -public class AAATest extends AAATestBase { - - static final String BAD_IP_ADDRESS = "198.51.100.0"; - - private AAA aaa; - - class AAAWithoutRadiusServer extends AAA { - protected void sendRADIUSPacket(RADIUS radiusPacket) { - savePacket(radiusPacket); - } - } - - /** - * Mocks the AAAConfig class to force usage of an unroutable address for the - * RADIUS server. - */ - static class MockAAAConfig extends AAAConfig { - @Override - public InetAddress radiusIp() { - try { - return InetAddress.getByName(BAD_IP_ADDRESS); - } catch (UnknownHostException ex) { - // can't happen - throw new IllegalStateException(ex); - } - } - } - - /** - * Mocks the network config registry. - */ - @SuppressWarnings("unchecked") - private static final class TestNetworkConfigRegistry - extends NetworkConfigRegistryAdapter { - @Override - public <S, C extends Config<S>> C getConfig(S subject, Class<C> configClass) { - AAAConfig aaaConfig = new MockAAAConfig(); - return (C) aaaConfig; - } - } - - /** - * Constructs an Ethernet packet containing a RADIUS challenge - * packet. - * - * @param challengeCode code to use in challenge packet - * @param challengeType type to use in challenge packet - * @return Ethernet packet - */ - private RADIUS constructRADIUSCodeAccessChallengePacket(byte challengeCode, byte challengeType) { - - String challenge = "12345678901234567"; - - EAP eap = new EAP(challengeType, (byte) 1, challengeType, - challenge.getBytes(Charsets.US_ASCII)); - eap.setIdentifier((byte) 1); - - RADIUS radius = new RADIUS(); - radius.setCode(challengeCode); - - radius.setAttribute(RADIUSAttribute.RADIUS_ATTR_STATE, - challenge.getBytes(Charsets.US_ASCII)); - - radius.setPayload(eap); - radius.setAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE, - eap.serialize()); - - return radius; - } - - /** - * Sets up the services required by the AAA application. - */ - @Before - public void setUp() { - aaa = new AAAWithoutRadiusServer(); - aaa.netCfgService = new TestNetworkConfigRegistry(); - aaa.coreService = new CoreServiceAdapter(); - aaa.packetService = new MockPacketService(); - aaa.activate(); - } - - /** - * Tears down the AAA application. - */ - @After - public void tearDown() { - aaa.deactivate(); - } - - /** - * Extracts the RADIUS packet from a packet sent by the supplicant. - * - * @param radius RADIUS packet sent by the supplicant - * @throws DeserializationException if deserialization of the packet contents - * fails. - */ - private void checkRADIUSPacketFromSupplicant(RADIUS radius) - throws DeserializationException { - assertThat(radius, notNullValue()); - - EAP eap = radius.decapsulateMessage(); - assertThat(eap, notNullValue()); - } - - /** - * Fetches the sent packet at the given index. The requested packet - * must be the last packet on the list. - * - * @param index index into sent packets array - * @return packet - */ - private BasePacket fetchPacket(int index) { - BasePacket packet = savedPackets.get(index); - assertThat(packet, notNullValue()); - return packet; - } - - /** - * Tests the authentication path through the AAA application. - * - * @throws DeserializationException if packed deserialization fails. - */ - @Test - public void testAuthentication() throws Exception { - - // (1) Supplicant start up - - Ethernet startPacket = constructSupplicantStartPacket(); - sendPacket(startPacket); - - Ethernet responsePacket = (Ethernet) fetchPacket(0); - checkRadiusPacket(aaa, responsePacket, EAP.ATTR_IDENTITY); - - // (2) Supplicant identify - - Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null); - sendPacket(identifyPacket); - - RADIUS radiusIdentifyPacket = (RADIUS) fetchPacket(1); - - checkRADIUSPacketFromSupplicant(radiusIdentifyPacket); - - assertThat(radiusIdentifyPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST)); - assertThat(new String(radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_USERNAME).getValue()), - is("testuser")); - - IpAddress nasIp = - IpAddress.valueOf(IpAddress.Version.INET, - radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP) - .getValue()); - assertThat(nasIp.toString(), is(aaa.nasIpAddress.getHostAddress())); - - // State machine should have been created by now - - StateMachine stateMachine = - StateMachine.lookupStateMachineBySessionId(SESSION_ID); - assertThat(stateMachine, notNullValue()); - assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING)); - - // (3) RADIUS MD5 challenge - - RADIUS radiusCodeAccessChallengePacket = - constructRADIUSCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_MD5); - aaa.radiusListener.handleRadiusPacket(radiusCodeAccessChallengePacket); - - Ethernet radiusChallengeMD5Packet = (Ethernet) fetchPacket(2); - checkRadiusPacket(aaa, radiusChallengeMD5Packet, EAP.ATTR_MD5); - - // (4) Supplicant MD5 response - - Ethernet md5RadiusPacket = - constructSupplicantIdentifyPacket(stateMachine, - EAP.ATTR_MD5, - stateMachine.challengeIdentifier(), - radiusChallengeMD5Packet); - sendPacket(md5RadiusPacket); - - RADIUS responseMd5RadiusPacket = (RADIUS) fetchPacket(3); - - checkRADIUSPacketFromSupplicant(responseMd5RadiusPacket); - assertThat(responseMd5RadiusPacket.getIdentifier(), is((byte) 0)); - assertThat(responseMd5RadiusPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST)); - - // State machine should be in pending state - - assertThat(stateMachine, notNullValue()); - assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING)); - - // (5) RADIUS Success - - RADIUS successPacket = - constructRADIUSCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_ACCEPT, EAP.SUCCESS); - aaa.radiusListener.handleRadiusPacket((successPacket)); - Ethernet supplicantSuccessPacket = (Ethernet) fetchPacket(4); - - checkRadiusPacket(aaa, supplicantSuccessPacket, EAP.SUCCESS); - - // State machine should be in authorized state - - assertThat(stateMachine, notNullValue()); - assertThat(stateMachine.state(), is(StateMachine.STATE_AUTHORIZED)); - - } - - /** - * Tests the default configuration. - */ - @Test - public void testConfig() { - assertThat(aaa.nasIpAddress.getHostAddress(), is(AAAConfig.DEFAULT_NAS_IP)); - assertThat(aaa.nasMacAddress, is(AAAConfig.DEFAULT_NAS_MAC)); - assertThat(aaa.radiusIpAddress.getHostAddress(), is(BAD_IP_ADDRESS)); - assertThat(aaa.radiusMacAddress, is(AAAConfig.DEFAULT_RADIUS_MAC)); - } -} diff --git a/framework/src/onos/apps/aaa/src/test/java/org/onosproject/aaa/AAATestBase.java b/framework/src/onos/apps/aaa/src/test/java/org/onosproject/aaa/AAATestBase.java deleted file mode 100644 index dffcba2f..00000000 --- a/framework/src/onos/apps/aaa/src/test/java/org/onosproject/aaa/AAATestBase.java +++ /dev/null @@ -1,224 +0,0 @@ -/* - * Copyright 2015 Open Networking Laboratory - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.onosproject.aaa; - -import java.nio.ByteBuffer; -import java.security.MessageDigest; -import java.util.LinkedList; -import java.util.List; - -import org.onlab.packet.BasePacket; -import org.onlab.packet.EAP; -import org.onlab.packet.EAPOL; -import org.onlab.packet.EthType; -import org.onlab.packet.Ethernet; -import org.onlab.packet.MacAddress; -import org.onosproject.net.packet.DefaultInboundPacket; -import org.onosproject.net.packet.DefaultPacketContext; -import org.onosproject.net.packet.InboundPacket; -import org.onosproject.net.packet.OutboundPacket; -import org.onosproject.net.packet.PacketContext; -import org.onosproject.net.packet.PacketProcessor; -import org.onosproject.net.packet.PacketServiceAdapter; - -import static org.hamcrest.Matchers.instanceOf; -import static org.hamcrest.Matchers.is; -import static org.hamcrest.Matchers.notNullValue; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.fail; -import static org.onosproject.net.NetTestTools.connectPoint; - -/** - * Common methods for AAA app testing. - */ -public class AAATestBase { - - MacAddress clientMac = MacAddress.valueOf("1a:1a:1a:1a:1a:1a"); - MacAddress serverMac = MacAddress.valueOf("2a:2a:2a:2a:2a:2a"); - - // Our session id will be the device ID ("of:1") with the port ("1") concatenated - static final String SESSION_ID = "of:11"; - - List<BasePacket> savedPackets = new LinkedList<>(); - PacketProcessor packetProcessor; - - /** - * Saves the given packet onto the saved packets list. - * - * @param packet packet to save - */ - void savePacket(BasePacket packet) { - savedPackets.add(packet); - } - - /** - * Keeps a reference to the PacketProcessor and saves the OutboundPackets. - */ - class MockPacketService extends PacketServiceAdapter { - - @Override - public void addProcessor(PacketProcessor processor, int priority) { - packetProcessor = processor; - } - - @Override - public void emit(OutboundPacket packet) { - try { - Ethernet eth = Ethernet.deserializer().deserialize(packet.data().array(), - 0, packet.data().array().length); - savePacket(eth); - } catch (Exception e) { - fail(e.getMessage()); - } - } - } - - /** - * Mocks the DefaultPacketContext. - */ - final class TestPacketContext extends DefaultPacketContext { - - private TestPacketContext(long time, InboundPacket inPkt, - OutboundPacket outPkt, boolean block) { - super(time, inPkt, outPkt, block); - } - - @Override - public void send() { - // We don't send anything out. - } - } - - /** - * Sends an Ethernet packet to the process method of the Packet Processor. - * - * @param reply Ethernet packet - */ - void sendPacket(Ethernet reply) { - final ByteBuffer byteBuffer = ByteBuffer.wrap(reply.serialize()); - InboundPacket inPacket = new DefaultInboundPacket(connectPoint("1", 1), - reply, - byteBuffer); - - PacketContext context = new TestPacketContext(127L, inPacket, null, false); - packetProcessor.process(context); - } - - /** - * Constructs an Ethernet packet containing identification payload. - * - * @return Ethernet packet - */ - Ethernet constructSupplicantIdentifyPacket(StateMachine stateMachine, - byte type, - byte id, - Ethernet radiusChallenge) - throws Exception { - Ethernet eth = new Ethernet(); - eth.setDestinationMACAddress(clientMac.toBytes()); - eth.setSourceMACAddress(serverMac.toBytes()); - eth.setEtherType(EthType.EtherType.EAPOL.ethType().toShort()); - eth.setVlanID((short) 2); - - String username = "testuser"; - byte[] data = username.getBytes(); - - - if (type == EAP.ATTR_MD5) { - String password = "testpassword"; - EAPOL eapol = (EAPOL) radiusChallenge.getPayload(); - EAP eap = (EAP) eapol.getPayload(); - - byte[] identifier = new byte[password.length() + eap.getData().length]; - - identifier[0] = stateMachine.challengeIdentifier(); - System.arraycopy(password.getBytes(), 0, identifier, 1, password.length()); - System.arraycopy(eap.getData(), 1, identifier, 1 + password.length(), 16); - - MessageDigest md = MessageDigest.getInstance("MD5"); - byte[] hash = md.digest(identifier); - data = new byte[17]; - data[0] = (byte) 16; - System.arraycopy(hash, 0, data, 1, 16); - } - EAP eap = new EAP(EAP.RESPONSE, (byte) 1, type, - data); - eap.setIdentifier(id); - - // eapol header - EAPOL eapol = new EAPOL(); - eapol.setEapolType(EAPOL.EAPOL_PACKET); - eapol.setPacketLength(eap.getLength()); - - // eap part - eapol.setPayload(eap); - - eth.setPayload(eapol); - eth.setPad(true); - return eth; - } - - /** - * Constructs an Ethernet packet containing a EAPOL_START Payload. - * - * @return Ethernet packet - */ - Ethernet constructSupplicantStartPacket() { - Ethernet eth = new Ethernet(); - eth.setDestinationMACAddress(clientMac.toBytes()); - eth.setSourceMACAddress(serverMac.toBytes()); - eth.setEtherType(EthType.EtherType.EAPOL.ethType().toShort()); - eth.setVlanID((short) 2); - - EAP eap = new EAP(EAPOL.EAPOL_START, (byte) 2, EAPOL.EAPOL_START, null); - - // eapol header - EAPOL eapol = new EAPOL(); - eapol.setEapolType(EAPOL.EAPOL_START); - eapol.setPacketLength(eap.getLength()); - - // eap part - eapol.setPayload(eap); - - eth.setPayload(eapol); - eth.setPad(true); - return eth; - } - - /** - * Checks the contents of a RADIUS packet being sent to the RADIUS server. - * - * @param radiusPacket packet to check - * @param code expected code - */ - void checkRadiusPacket(AAA aaa, Ethernet radiusPacket, byte code) { - - assertThat(radiusPacket.getSourceMAC(), - is(MacAddress.valueOf(aaa.nasMacAddress))); - assertThat(radiusPacket.getDestinationMAC(), is(serverMac)); - - assertThat(radiusPacket.getPayload(), instanceOf(EAPOL.class)); - EAPOL eapol = (EAPOL) radiusPacket.getPayload(); - assertThat(eapol, notNullValue()); - - assertThat(eapol.getEapolType(), is(EAPOL.EAPOL_PACKET)); - assertThat(eapol.getPayload(), instanceOf(EAP.class)); - EAP eap = (EAP) eapol.getPayload(); - assertThat(eap, notNullValue()); - - assertThat(eap.getCode(), is(code)); - } -} |