/* * Copyright 2014 Open Networking Laboratory * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.onosproject.aaa; import org.junit.Before; import org.junit.Ignore; import org.junit.Test; import org.onlab.packet.EAP; import org.onlab.packet.EAPOL; import org.onlab.packet.Ethernet; import org.onosproject.core.CoreServiceAdapter; import org.onosproject.net.config.Config; import org.onosproject.net.config.NetworkConfigRegistryAdapter; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.notNullValue; import static org.junit.Assert.assertThat; /** * Set of tests of the ONOS application component. These use an existing RADIUS * server and sends live packets over the network to it. */ @Ignore ("This should not be run as part of the standard build") public class AaaIntegrationTest extends AaaTestBase { private AaaManager aaa; /** * Mocks the network config registry. */ @SuppressWarnings("unchecked") static final class TestNetworkConfigRegistry extends NetworkConfigRegistryAdapter { @Override public > C getConfig(S subject, Class configClass) { return (C) new AaaConfig(); } } /** * Sets up the services required by the AAA application. */ @Before public void setUp() { aaa = new AaaManager(); aaa.netCfgService = new TestNetworkConfigRegistry(); aaa.coreService = new CoreServiceAdapter(); aaa.packetService = new MockPacketService(); aaa.activate(); } /** * Fetches the sent packet at the given index. The requested packet * must be the last packet on the list. * * @param index index into sent packets array * @return packet */ private Ethernet fetchPacket(int index) { for (int iteration = 0; iteration < 20; iteration++) { if (savedPackets.size() > index) { return (Ethernet) savedPackets.get(index); } else { try { Thread.sleep(250); } catch (Exception ex) { return null; } } } return null; } /** * Tests the authentication path through the AAA application by sending * packets to the RADIUS server and checking the state machine * transitions. * * @throws Exception when an unhandled error occurs */ @Test public void testAuthentication() throws Exception { // (1) Supplicant start up Ethernet startPacket = constructSupplicantStartPacket(); sendPacket(startPacket); Ethernet responsePacket = fetchPacket(0); assertThat(responsePacket, notNullValue()); checkRadiusPacket(aaa, responsePacket, EAP.REQUEST); // (2) Supplicant identify Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null); sendPacket(identifyPacket); // State machine should have been created by now StateMachine stateMachine = StateMachine.lookupStateMachineBySessionId(SESSION_ID); assertThat(stateMachine, notNullValue()); assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING)); // (3) RADIUS MD5 challenge Ethernet radiusChallengeMD5Packet = fetchPacket(1); assertThat(radiusChallengeMD5Packet, notNullValue()); checkRadiusPacket(aaa, radiusChallengeMD5Packet, EAP.REQUEST); // (4) Supplicant MD5 response Ethernet md5RadiusPacket = constructSupplicantIdentifyPacket(stateMachine, EAP.ATTR_MD5, stateMachine.challengeIdentifier(), radiusChallengeMD5Packet); sendPacket(md5RadiusPacket); // (5) RADIUS Success Ethernet successRadiusPacket = fetchPacket(2); assertThat(successRadiusPacket, notNullValue()); EAPOL successEapol = (EAPOL) successRadiusPacket.getPayload(); EAP successEap = (EAP) successEapol.getPayload(); assertThat(successEap.getCode(), is(EAP.SUCCESS)); // State machine should be in authorized state assertThat(stateMachine, notNullValue()); assertThat(stateMachine.state(), is(StateMachine.STATE_AUTHORIZED)); } }