Require MOBIKE for IkeSessionParams in VCN configs.
This CL updates VcnGatewayConnectionConfigs to require
IkeTunnelConnectionParams with MOBIKE enabled for the
IkeSessionParams. This is necessary for VCNs - without it,
they do not support IPsec mobility (one of the main features
of the VCN).
Bug: 187851560
Test: atest FrameworksVcnTests CtsVcnTestCases
Change-Id: I94db52a8c42d9fa4681fefb8f787f006933caa18
diff --git a/Vcn/framework-b/src/android/net/vcn/VcnGatewayConnectionConfig.java b/Vcn/framework-b/src/android/net/vcn/VcnGatewayConnectionConfig.java
index be308d0..2df3e6c 100644
--- a/Vcn/framework-b/src/android/net/vcn/VcnGatewayConnectionConfig.java
+++ b/Vcn/framework-b/src/android/net/vcn/VcnGatewayConnectionConfig.java
@@ -15,6 +15,8 @@
*/
package android.net.vcn;
+import static android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_MOBIKE;
+
import static com.android.internal.annotations.VisibleForTesting.Visibility;
import android.annotation.IntDef;
@@ -433,6 +435,8 @@
* distinguish between VcnGatewayConnectionConfigs configured on a single {@link
* VcnConfig}. This will be used as the identifier in VcnStatusCallback invocations.
* @param tunnelConnectionParams the IKE tunnel connection configuration
+ * @throws IllegalArgumentException if the provided IkeTunnelConnectionParams is not
+ * configured to support MOBIKE
* @see IkeTunnelConnectionParams
* @see VcnManager.VcnStatusCallback#onGatewayConnectionError
*/
@@ -441,6 +445,10 @@
@NonNull IkeTunnelConnectionParams tunnelConnectionParams) {
Objects.requireNonNull(gatewayConnectionName, "gatewayConnectionName was null");
Objects.requireNonNull(tunnelConnectionParams, "tunnelConnectionParams was null");
+ if (!tunnelConnectionParams.getIkeSessionParams().hasIkeOption(IKE_OPTION_MOBIKE)) {
+ throw new IllegalArgumentException(
+ "MOBIKE must be configured for the provided IkeSessionParams");
+ }
mGatewayConnectionName = gatewayConnectionName;
mTunnelConnectionParams = tunnelConnectionParams;
diff --git a/Vcn/tests/unit/java/android/net/vcn/VcnGatewayConnectionConfigTest.java b/Vcn/tests/unit/java/android/net/vcn/VcnGatewayConnectionConfigTest.java
index 9410886..c59dcf8 100644
--- a/Vcn/tests/unit/java/android/net/vcn/VcnGatewayConnectionConfigTest.java
+++ b/Vcn/tests/unit/java/android/net/vcn/VcnGatewayConnectionConfigTest.java
@@ -16,13 +16,17 @@
package android.net.vcn;
+import static android.net.ipsec.ike.IkeSessionParams.IKE_OPTION_MOBIKE;
+
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import android.net.NetworkCapabilities;
+import android.net.ipsec.ike.IkeSessionParams;
import android.net.ipsec.ike.IkeTunnelConnectionParams;
+import android.net.vcn.persistablebundleutils.IkeSessionParamsUtilsTest;
import android.net.vcn.persistablebundleutils.TunnelConnectionParamsUtilsTest;
import androidx.test.filters.SmallTest;
@@ -120,6 +124,21 @@
}
@Test
+ public void testBuilderRequiresMobikeEnabled() {
+ try {
+ final IkeSessionParams ikeParams =
+ IkeSessionParamsUtilsTest.createBuilderMinimum()
+ .removeIkeOption(IKE_OPTION_MOBIKE)
+ .build();
+ final IkeTunnelConnectionParams tunnelParams =
+ TunnelConnectionParamsUtilsTest.buildTestParams(ikeParams);
+ new VcnGatewayConnectionConfig.Builder(GATEWAY_CONNECTION_NAME_PREFIX, tunnelParams);
+ fail("Expected exception due to MOBIKE not enabled");
+ } catch (IllegalArgumentException e) {
+ }
+ }
+
+ @Test
public void testBuilderRequiresNonEmptyExposedCaps() {
try {
newBuilder()
diff --git a/Vcn/tests/unit/java/android/net/vcn/persistablebundleutils/IkeSessionParamsUtilsTest.java b/Vcn/tests/unit/java/android/net/vcn/persistablebundleutils/IkeSessionParamsUtilsTest.java
index 393787f..f385113 100644
--- a/Vcn/tests/unit/java/android/net/vcn/persistablebundleutils/IkeSessionParamsUtilsTest.java
+++ b/Vcn/tests/unit/java/android/net/vcn/persistablebundleutils/IkeSessionParamsUtilsTest.java
@@ -52,8 +52,8 @@
@RunWith(AndroidJUnit4.class)
@SmallTest
public class IkeSessionParamsUtilsTest {
- // Package private for use in EncryptedTunnelParamsUtilsTest
- static IkeSessionParams.Builder createBuilderMinimum() {
+ // Public for use in VcnGatewayConnectionConfigTest, EncryptedTunnelParamsUtilsTest
+ public static IkeSessionParams.Builder createBuilderMinimum() {
final InetAddress serverAddress = InetAddresses.parseNumericAddress("192.0.2.100");
// TODO: b/185941731 Make sure all valid IKE_OPTIONS are added and validated.
@@ -63,6 +63,7 @@
.setLocalIdentification(new IkeFqdnIdentification("client.test.android.net"))
.setRemoteIdentification(new IkeFqdnIdentification("server.test.android.net"))
.addIkeOption(IkeSessionParams.IKE_OPTION_FORCE_PORT_4500)
+ .addIkeOption(IkeSessionParams.IKE_OPTION_MOBIKE)
.setAuthPsk("psk".getBytes());
}
diff --git a/Vcn/tests/unit/java/android/net/vcn/persistablebundleutils/TunnelConnectionParamsUtilsTest.java b/Vcn/tests/unit/java/android/net/vcn/persistablebundleutils/TunnelConnectionParamsUtilsTest.java
index 0c8ad32..f9dc9eb 100644
--- a/Vcn/tests/unit/java/android/net/vcn/persistablebundleutils/TunnelConnectionParamsUtilsTest.java
+++ b/Vcn/tests/unit/java/android/net/vcn/persistablebundleutils/TunnelConnectionParamsUtilsTest.java
@@ -18,6 +18,7 @@
import static org.junit.Assert.assertEquals;
+import android.net.ipsec.ike.IkeSessionParams;
import android.net.ipsec.ike.IkeTunnelConnectionParams;
import androidx.test.filters.SmallTest;
@@ -31,9 +32,13 @@
public class TunnelConnectionParamsUtilsTest {
// Public for use in VcnGatewayConnectionConfigTest
public static IkeTunnelConnectionParams buildTestParams() {
+ return buildTestParams(IkeSessionParamsUtilsTest.createBuilderMinimum().build());
+ }
+
+ // Public for use in VcnGatewayConnectionConfigTest
+ public static IkeTunnelConnectionParams buildTestParams(IkeSessionParams params) {
return new IkeTunnelConnectionParams(
- IkeSessionParamsUtilsTest.createBuilderMinimum().build(),
- TunnelModeChildSessionParamsUtilsTest.createBuilderMinimum().build());
+ params, TunnelModeChildSessionParamsUtilsTest.createBuilderMinimum().build());
}
@Test
