Google Git
Sign in
android / platform / packages / modules / IPsec / 06f3de2cf990e6a136774521cdbc2eef98d99cde / . / tests / iketests / src / java / com / android / internal / net / ipsec / ike / message / IkeIdPayloadTest.java
blob: 385f9eb579181b554846cc1b5f41bbe382680e94 [file] [log] [blame]
/*
* Copyright (C) 2018 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.internal.net.ipsec.test.ike.message;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
import android.net.InetAddresses;
import android.net.ipsec.test.ike.IkeDerAsn1DnIdentification;
import android.net.ipsec.test.ike.IkeFqdnIdentification;
import android.net.ipsec.test.ike.IkeIdentification;
import android.net.ipsec.test.ike.IkeIpv4AddrIdentification;
import android.net.ipsec.test.ike.IkeIpv6AddrIdentification;
import android.net.ipsec.test.ike.IkeKeyIdIdentification;
import android.net.ipsec.test.ike.IkeRfc822AddrIdentification;
import android.net.ipsec.test.ike.exceptions.AuthenticationFailedException;
import android.os.PersistableBundle;
import com.android.internal.net.TestUtils;
import com.android.internal.net.ipsec.test.ike.testutils.CertUtils;
import org.junit.BeforeClass;
import org.junit.Test;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.nio.ByteBuffer;
import java.security.cert.X509Certificate;
import javax.security.auth.x500.X500Principal;
public final class IkeIdPayloadTest {
private static final String IPV4_ADDR_ID_PAYLOAD_RESPONDER_HEX_STRING =
"2700000c01000000c0000264";
private static final String IPV4_ADDR_ID_PAYLOAD_RESPONDER_BODY_HEX_STRING = "01000000c0000264";
private static final String IPV4_ADDR_STRING = "192.0.2.100";
private static final String IPV6_ADDR_ID_PAYLOAD_RESPONDER_HEX_STRING =
"27000018050000000000200100000db80000000000000001";
private static final String IPV6_ADDR_ID_PAYLOAD_RESPONDER_BODY_HEX_STRING =
"050000000000200100000db80000000000000001";
private static final String IPV6_ADDR_STRING = "0:2001:0:db8::1";
private static final String FQDN_ID_PAYLOAD_HEX_STRING =
"2500001702000000696B652E616E64726F69642E6E6574";
private static final String FQDN_ID_PAYLOAD_BODY_HEX_STRING =
"02000000696B652E616E64726F69642E6E6574";
private static final String FQDN = "ike.android.net";
private static final String RFC822_ADDR_ID_PAYLOAD_HEX_STRING =
"2500001e03000000616e64726f6964696b65406578616d706c652e636f6d";
private static final String RFC822_ADDR_ID_PAYLOAD_BODY_HEX_STRING =
"03000000616e64726f6964696b65406578616d706c652e636f6d";
private static final String RFC822_NAME = "androidike@example.com";
private static final String KEY_ID_PAYLOAD_HEX_STRING =
"250000170b000000616E64726F6964496B654B65794964";
private static final String KEY_ID_PAYLOAD_BODY_HEX_STRING =
"0b000000616E64726F6964496B654B65794964";
private static final byte[] KEY_ID = "androidIkeKeyId".getBytes();
private static final String ASN1_DN_PAYLOAD_HEX_STRING =
"25000051090000003047310b30090603550406130255533110300e060355"
+ "040a1307416e64726f6964312630240603550403131d736d616c6c2e7365"
+ "727665722e746573742e616e64726f69642e6e6574";
private static final String ASN1_DN_PAYLOAD_BODY_HEX_STRING =
"090000003047310b30090603550406130255533110300e060355040a1307"
+ "416e64726f6964312630240603550403131d736d616c6c2e736572766572"
+ "2e746573742e616e64726f69642e6e6574";
private static final String ASN1_DN_INVALID_PAYLOAD_BODY_HEX_STRING = "090000001010101010";
private static final String ASN1_DN_STRING =
"CN=small.server.test.android.net, O=Android, C=US";
private static final int ID_TYPE_OFFSET = 0;
private static X509Certificate sEndCertWithSanDns;
private static X509Certificate sEndCertWithSanIp;
private static final String CERT_SAN_DNS = "server.test.android.net";
private static final Inet4Address CERT_SAN_IP =
(Inet4Address) InetAddresses.parseNumericAddress("192.168.43.138");
@BeforeClass
public static void setUpBeforeClass() throws Exception {
sEndCertWithSanDns = CertUtils.createCertFromPemFile("end-cert-a.pem");
sEndCertWithSanIp = CertUtils.createCertFromPemFile("end-cert-small.pem");
}
@Test
public void testDecodeIpv4AddrIdPayload() throws Exception {
byte[] inputPacket =
TestUtils.hexStringToByteArray(IPV4_ADDR_ID_PAYLOAD_RESPONDER_BODY_HEX_STRING);
IkeIdPayload payload = new IkeIdPayload(false, inputPacket, false);
assertEquals(IkePayload.PAYLOAD_TYPE_ID_RESPONDER, payload.payloadType);
assertEquals(IkeIdentification.ID_TYPE_IPV4_ADDR, payload.ikeId.idType);
IkeIpv4AddrIdentification ikeId = (IkeIpv4AddrIdentification) payload.ikeId;
Inet4Address expectedAddr = (Inet4Address) Inet4Address.getByName(IPV4_ADDR_STRING);
assertEquals(expectedAddr, ikeId.ipv4Address);
}
@Test
public void testDecodeIpv6AddrIdPayload() throws Exception {
byte[] inputPacket =
TestUtils.hexStringToByteArray(IPV6_ADDR_ID_PAYLOAD_RESPONDER_BODY_HEX_STRING);
IkeIdPayload payload = new IkeIdPayload(false, inputPacket, false);
assertEquals(IkePayload.PAYLOAD_TYPE_ID_RESPONDER, payload.payloadType);
assertEquals(IkeIdentification.ID_TYPE_IPV6_ADDR, payload.ikeId.idType);
IkeIpv6AddrIdentification ikeId = (IkeIpv6AddrIdentification) payload.ikeId;
Inet6Address expectedAddr = (Inet6Address) Inet6Address.getByName(IPV6_ADDR_STRING);
assertEquals(expectedAddr, ikeId.ipv6Address);
}
@Test
public void testDecodeFqdnIdPayload() throws Exception {
byte[] inputPacket = TestUtils.hexStringToByteArray(FQDN_ID_PAYLOAD_BODY_HEX_STRING);
IkeIdPayload payload =
new IkeIdPayload(false /*critical*/, inputPacket, false /*isInitiator*/);
assertEquals(IkePayload.PAYLOAD_TYPE_ID_RESPONDER, payload.payloadType);
assertArrayEquals(inputPacket, payload.getEncodedPayloadBody());
assertEquals(IkeIdentification.ID_TYPE_FQDN, payload.ikeId.idType);
IkeFqdnIdentification ikeId = (IkeFqdnIdentification) payload.ikeId;
assertEquals(FQDN, ikeId.fqdn);
}
@Test
public void testDecodeRfc822AddrIdPayload() throws Exception {
byte[] inputPacket = TestUtils.hexStringToByteArray(RFC822_ADDR_ID_PAYLOAD_BODY_HEX_STRING);
IkeIdPayload payload =
new IkeIdPayload(false /*critical*/, inputPacket, true /*isInitiator*/);
assertEquals(IkePayload.PAYLOAD_TYPE_ID_INITIATOR, payload.payloadType);
assertEquals(IkeIdentification.ID_TYPE_RFC822_ADDR, payload.ikeId.idType);
IkeRfc822AddrIdentification ikeId = (IkeRfc822AddrIdentification) payload.ikeId;
assertEquals(RFC822_NAME, ikeId.rfc822Name);
}
@Test
public void testDecodeKeyIdPayload() throws Exception {
byte[] inputPacket = TestUtils.hexStringToByteArray(KEY_ID_PAYLOAD_BODY_HEX_STRING);
IkeIdPayload payload =
new IkeIdPayload(false /*critical*/, inputPacket, true /*isInitiator*/);
assertEquals(IkePayload.PAYLOAD_TYPE_ID_INITIATOR, payload.payloadType);
assertEquals(IkeIdentification.ID_TYPE_KEY_ID, payload.ikeId.idType);
IkeKeyIdIdentification ikeId = (IkeKeyIdIdentification) payload.ikeId;
assertArrayEquals(KEY_ID, ikeId.keyId);
}
@Test
public void testDecodeDerAsn1DnIdPayload() throws Exception {
byte[] inputPacket = TestUtils.hexStringToByteArray(ASN1_DN_PAYLOAD_BODY_HEX_STRING);
IkeIdPayload payload =
new IkeIdPayload(false /*critical*/, inputPacket, true /*isInitiator*/);
assertEquals(IkePayload.PAYLOAD_TYPE_ID_INITIATOR, payload.payloadType);
assertEquals(IkeIdentification.ID_TYPE_DER_ASN1_DN, payload.ikeId.idType);
IkeDerAsn1DnIdentification ikeId = (IkeDerAsn1DnIdentification) payload.ikeId;
X500Principal expectedAsn1Dn = new X500Principal(ASN1_DN_STRING);
assertEquals(expectedAsn1Dn, ikeId.derAsn1Dn);
}
@Test
public void testDecodeInvalidDerAsn1DnIdPayload() throws Exception {
try {
byte[] inputPacket =
TestUtils.hexStringToByteArray(ASN1_DN_INVALID_PAYLOAD_BODY_HEX_STRING);
new IkeIdPayload(false /*critical*/, inputPacket, true /*isInitiator*/);
fail("Expected to fail due to incorrect formed DN");
} catch (AuthenticationFailedException expected) {
}
}
@Test
public void testDecodeUnsupportedIdType() throws Exception {
byte[] inputPacket =
TestUtils.hexStringToByteArray(IPV4_ADDR_ID_PAYLOAD_RESPONDER_BODY_HEX_STRING);
inputPacket[ID_TYPE_OFFSET] = 0;
try {
new IkeIdPayload(false, inputPacket, true);
fail("Expected AuthenticationFailedException: ID Type is unsupported.");
} catch (AuthenticationFailedException expected) {
}
}
@Test
public void testConstructAndEncodeIpv4AddrIdPayload() throws Exception {
Inet4Address ipv4Address = (Inet4Address) Inet4Address.getByName(IPV4_ADDR_STRING);
IkeIdPayload payload = new IkeIdPayload(false, new IkeIpv4AddrIdentification(ipv4Address));
ByteBuffer inputBuffer = ByteBuffer.allocate(payload.getPayloadLength());
payload.encodeToByteBuffer(IkePayload.PAYLOAD_TYPE_AUTH, inputBuffer);
byte[] expectedBytes =
TestUtils.hexStringToByteArray(IPV4_ADDR_ID_PAYLOAD_RESPONDER_HEX_STRING);
assertArrayEquals(expectedBytes, inputBuffer.array());
}
@Test
public void testConstructAndEncodeIpv6AddrIdPayload() throws Exception {
Inet6Address ipv6Address = (Inet6Address) Inet6Address.getByName(IPV6_ADDR_STRING);
IkeIdPayload payload = new IkeIdPayload(false, new IkeIpv6AddrIdentification(ipv6Address));
ByteBuffer inputBuffer = ByteBuffer.allocate(payload.getPayloadLength());
payload.encodeToByteBuffer(IkePayload.PAYLOAD_TYPE_AUTH, inputBuffer);
byte[] expectedBytes =
TestUtils.hexStringToByteArray(IPV6_ADDR_ID_PAYLOAD_RESPONDER_HEX_STRING);
assertArrayEquals(expectedBytes, inputBuffer.array());
}
@Test
public void testConstructAndEncodeFqdnIdPayload() throws Exception {
IkeIdPayload payload =
new IkeIdPayload(false /*isInitiator*/, new IkeFqdnIdentification(FQDN));
ByteBuffer inputBuffer = ByteBuffer.allocate(payload.getPayloadLength());
payload.encodeToByteBuffer(IkePayload.PAYLOAD_TYPE_CERT, inputBuffer);
byte[] expectedBytes = TestUtils.hexStringToByteArray(FQDN_ID_PAYLOAD_HEX_STRING);
assertArrayEquals(expectedBytes, inputBuffer.array());
}
@Test
public void testConstructAndEncodeRfc822AddrIdPayload() throws Exception {
IkeIdPayload payload =
new IkeIdPayload(
true /*isInitiator*/, new IkeRfc822AddrIdentification(RFC822_NAME));
ByteBuffer inputBuffer = ByteBuffer.allocate(payload.getPayloadLength());
payload.encodeToByteBuffer(IkePayload.PAYLOAD_TYPE_CERT, inputBuffer);
byte[] expectedBytes = TestUtils.hexStringToByteArray(RFC822_ADDR_ID_PAYLOAD_HEX_STRING);
assertArrayEquals(expectedBytes, inputBuffer.array());
}
@Test
public void testConstructAndEncodeKeyIdPayload() throws Exception {
IkeIdPayload payload =
new IkeIdPayload(true /*isInitiator*/, new IkeKeyIdIdentification(KEY_ID));
ByteBuffer inputBuffer = ByteBuffer.allocate(payload.getPayloadLength());
payload.encodeToByteBuffer(IkePayload.PAYLOAD_TYPE_CERT, inputBuffer);
byte[] expectedBytes = TestUtils.hexStringToByteArray(KEY_ID_PAYLOAD_HEX_STRING);
assertArrayEquals(expectedBytes, inputBuffer.array());
}
@Test
public void testConstructAndEncodeDerAsn1DnIdPayload() throws Exception {
X500Principal asnDn = new X500Principal(ASN1_DN_STRING);
IkeIdPayload payload =
new IkeIdPayload(true /*isInitiator*/, new IkeDerAsn1DnIdentification(asnDn));
ByteBuffer inputBuffer = ByteBuffer.allocate(payload.getPayloadLength());
payload.encodeToByteBuffer(IkePayload.PAYLOAD_TYPE_CERT, inputBuffer);
byte[] expectedBytes = TestUtils.hexStringToByteArray(ASN1_DN_PAYLOAD_HEX_STRING);
assertArrayEquals(expectedBytes, inputBuffer.array());
}
private static void verifyPersistableBundleEncodeDecodeIsLossless(IkeIdentification id) {
PersistableBundle bundle = id.toPersistableBundle();
IkeIdentification result = IkeIdentification.fromPersistableBundle(bundle);
assertEquals(result, id);
}
@Test
public void testPersistableBundleEncodeDecodeIpv4AddressId() throws Exception {
Inet4Address ipv4Address = (Inet4Address) InetAddress.getByName(IPV4_ADDR_STRING);
verifyPersistableBundleEncodeDecodeIsLossless(new IkeIpv4AddrIdentification(ipv4Address));
}
@Test
public void testPersistableBundleEncodeDecodeIpv6AddressId() throws Exception {
Inet6Address ipv6Address = (Inet6Address) InetAddress.getByName(IPV6_ADDR_STRING);
verifyPersistableBundleEncodeDecodeIsLossless(new IkeIpv6AddrIdentification(ipv6Address));
}
@Test
public void testPersistableBundleEncodeDecodeRfc822AddrId() throws Exception {
verifyPersistableBundleEncodeDecodeIsLossless(new IkeFqdnIdentification(FQDN));
}
@Test
public void testPersistableBundleEncodeDecodeFqdnId() throws Exception {
verifyPersistableBundleEncodeDecodeIsLossless(new IkeRfc822AddrIdentification(RFC822_NAME));
}
@Test
public void testPersistableBundleEncodeDecodeKeyId() throws Exception {
verifyPersistableBundleEncodeDecodeIsLossless(new IkeKeyIdIdentification(KEY_ID));
}
@Test
public void testPersistableBundleEncodeDecodeDerAsn1DnId() throws Exception {
verifyPersistableBundleEncodeDecodeIsLossless(
new IkeDerAsn1DnIdentification(new X500Principal(ASN1_DN_STRING)));
}
@Test
public void validatCertSanDns() throws Exception {
IkeIdPayload payload =
new IkeIdPayload(false /*isInitiator*/, new IkeFqdnIdentification(CERT_SAN_DNS));
payload.validateEndCertIdOrThrow(sEndCertWithSanDns);
}
@Test
public void validatCertSanIp() throws Exception {
IkeIdPayload payload =
new IkeIdPayload(false /*isInitiator*/, new IkeIpv4AddrIdentification(CERT_SAN_IP));
payload.validateEndCertIdOrThrow(sEndCertWithSanIp);
}
@Test
public void testThrowWhenCertAndIdMismtached() throws Exception {
IkeIdPayload payload =
new IkeIdPayload(false /*isInitiator*/, new IkeIpv4AddrIdentification(CERT_SAN_IP));
try {
payload.validateEndCertIdOrThrow(sEndCertWithSanDns);
fail("Expected to fail because ID and certificate are mismatched");
} catch (Exception expected) {
}
}
}