OLD | NEW |
1 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
4 | 4 |
5 # Try 802.1x authentication. The supplicant must be restarted between | 5 # Try 802.1x authentication. The supplicant must be restarted between |
6 # trials because it is "sticky" with regards to various parameters | 6 # trials because it is "sticky" with regards to various parameters |
7 # related to certificate authentication. A thread is currently afoot | 7 # related to certificate authentication. A thread is currently afoot |
8 # in the hostap mailing list about this, but for the time being we will | 8 # in the hostap mailing list about this, but for the time being we will |
9 # do supplicant restarts to test. | 9 # do supplicant restarts to test. |
10 | 10 |
11 { "name":"Check1x_AES", | 11 { "name":"Check1x_AES", |
12 "steps":[ # Channel [any] | 12 "steps":[ # Channel [any] |
13 [ "create", { "type":"hostap" } ], | 13 [ "create", { "type":"hostap" } ], |
| 14 [ "install_files", { "system" : "router", |
| 15 "files" : |
| 16 { "/tmp/hostapd_ca_cert" : |
| 17 site_eap_certs.ca_cert_1, |
| 18 "/tmp/hostapd_server_cert" : |
| 19 site_eap_certs.server_cert_1, |
| 20 "/tmp/hostapd_private_key" : |
| 21 site_eap_certs.server_private_key_1, |
| 22 "/tmp/hostapd_eap_user_file" : |
| 23 "* TLS"} } ], |
14 [ "config", { "channel":"2412", "mode":"11g", | 24 [ "config", { "channel":"2412", "mode":"11g", |
15 "wpa":"1", "wpa_key_mgmt":"WPA-EAP", | 25 "wpa":"1", "wpa_key_mgmt":"WPA-EAP", |
16 "wpa_pairwise":"CCMP", "ieee8021x":"1", | 26 "wpa_pairwise":"CCMP", "ieee8021x":"1", |
17 "eap-tls":"cert1" } ], | 27 "eap_server" : "1", |
18 [ "connect", { "security":"802_1x", "eap-tls":"cert1" } ], | 28 "ca_cert" : "/tmp/hostapd_ca_cert", |
| 29 "server_cert" : "/tmp/hostapd_server_cert", |
| 30 "private_key" : "/tmp/hostapd_private_key", |
| 31 "eap_user_file" : "/tmp/hostapd_eap_user_file"} ], |
| 32 [ "install_files", { "system" : "client", |
| 33 "files" : |
| 34 { "/tmp/pkg-client.pem" : |
| 35 site_eap_certs.client_cert_1 + "\n" + |
| 36 site_eap_certs.client_private_key_1, |
| 37 "/tmp/pkg-client-other.pem" : |
| 38 site_eap_certs.client_cert_2 + "\n" + |
| 39 site_eap_certs.client_private_key_2, |
| 40 "/tmp/ca-cert.pem" : |
| 41 site_eap_certs.ca_cert_1, |
| 42 "/tmp/ca-cert-other.pem" : |
| 43 site_eap_certs.ca_cert_2} } ], |
| 44 [ "connect",» { "security":"802_1x", |
| 45 "psk" : "EAP-TLS:chromeos:/tmp/pkg-client.pem"} ], |
| 46 |
19 [ "client_ping", { "count":"10" } ], | 47 [ "client_ping", { "count":"10" } ], |
20 [ "disconnect" ], | 48 [ "disconnect" ], |
21 | 49 |
22 [ "restart_supplicant" ], | 50 [ "restart_supplicant" ], |
23 [ "config", { "ssid_suffix":"t1" } ], | 51 [ "config", { "ssid_suffix":"t1" } ], |
24 [ "connect", { "security":"802_1x", "eap-tls":"cert1", | 52 [ "connect", { "security":"802_1x", |
25 "server-auth":"cert1" } ], | 53 "psk" : "EAP-TLS:chromeos:" |
| 54 "/tmp/pkg-client.pem:/tmp/ca-cert.pem"} ], |
26 [ "client_ping", { "count":"10" } ], | 55 [ "client_ping", { "count":"10" } ], |
27 [ "disconnect" ], | 56 [ "disconnect" ], |
28 | 57 |
29 # Ensure authentication fails if server's cert doesn't match our CA cert | 58 # Ensure authentication fails if server's cert doesn't match our CA cert |
30 [ "restart_supplicant" ], | 59 [ "restart_supplicant" ], |
31 [ "config", { "ssid_suffix":"t2" } ], | 60 [ "config", { "ssid_suffix":"t2" } ], |
32 [ "!connect", { "security":"802_1x", "eap-tls":"cert1", | 61 [ "!connect", { "security":"802_1x", |
33 "server-auth":"cert2" }, | 62 "psk" : "EAP-TLS:chromeos:" |
| 63 "/tmp/pkg-client.pem:/tmp/ca-cert-other.pem"}, |
34 "TLS: Certificate verification failed"], | 64 "TLS: Certificate verification failed"], |
35 | 65 |
36 # Try authenticating using the wrong client certiificate | 66 # Try authenticating using the wrong client certiificate |
37 [ "restart_supplicant" ], | 67 [ "restart_supplicant" ], |
38 [ "config", { "ssid_suffix":"t3" } ], | 68 [ "config", { "ssid_suffix":"t3" } ], |
39 [ "!connect", { "security":"802_1x", "eap-tls":"cert2", | 69 [ "!connect", { "security":"802_1x", |
40 "server-auth":"cert1" }, | 70 "psk" : "EAP-TLS:chromeos:" |
| 71 "/tmp/pkg-client-other.pem:/tmp/ca-cert.pem"}, |
41 "SSL: SSL3 alert: read " | 72 "SSL: SSL3 alert: read " |
42 "\(remote end reported an error\):fatal:unknown CA" ], | 73 "\(remote end reported an error\):fatal:unknown CA" ], |
43 [ "disconnect" ], | 74 [ "disconnect" ], |
44 | 75 |
45 [ "destroy" ], | 76 [ "destroy" ], |
46 ], | 77 ], |
47 } | 78 } |
OLD | NEW |