| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "base/command_line.h" |
| 6 #include "base/file_util.h" |
| 7 #include "chromeos/process_mock.h" |
| 8 #include "chromeos/syslog_logging.h" |
| 9 #include "chromeos/test_helpers.h" |
| 10 #include "gflags/gflags.h" |
| 11 #include "gtest/gtest.h" |
| 12 #include "vpn-manager/ipsec_manager.h" |
| 13 |
| 14 using ::chromeos::FindLog; |
| 15 using ::chromeos::ProcessMock; |
| 16 using ::testing::_; |
| 17 using ::testing::InSequence; |
| 18 using ::testing::Return; |
| 19 |
| 20 DECLARE_string(local); |
| 21 |
| 22 class IpsecManagerTest : public ::testing::Test { |
| 23 public: |
| 24 void SetUp() { |
| 25 file_util::GetCurrentDirectory(&test_path_); |
| 26 test_path_ = test_path_.Append("test"); |
| 27 file_util::Delete(test_path_, true); |
| 28 file_util::CreateDirectory(test_path_); |
| 29 remote_ = "1.2.3.4"; |
| 30 psk_file_ = test_path_.Append("psk").value();; |
| 31 server_ca_file_ = test_path_.Append("server.ca").value(); |
| 32 client_key_file_ = test_path_.Append("client.key").value(); |
| 33 client_cert_file_ = test_path_.Append("client.cert").value(); |
| 34 WriteFile(psk_file_, "secret"); |
| 35 WriteFile(server_ca_file_, ""); |
| 36 WriteFile(client_key_file_, ""); |
| 37 WriteFile(client_cert_file_, ""); |
| 38 chromeos::ClearLog(); |
| 39 starter_ = new ProcessMock; |
| 40 ipsec_.starter_.reset(starter_); |
| 41 ipsec_.ipsec_group_ = getgid(); |
| 42 } |
| 43 |
| 44 bool MockStarterStart(); |
| 45 |
| 46 protected: |
| 47 void WriteFile(const std::string& file_path, const char* contents) { |
| 48 file_util::WriteFile(FilePath(file_path), contents, strlen(contents)); |
| 49 } |
| 50 |
| 51 void DoInitialize(bool use_psk); |
| 52 |
| 53 void CheckStarter(const std::string& actual); |
| 54 |
| 55 IpsecManager ipsec_; |
| 56 FilePath test_path_; |
| 57 std::string remote_; |
| 58 std::string psk_file_; |
| 59 std::string server_ca_file_; |
| 60 std::string client_key_file_; |
| 61 std::string client_cert_file_; |
| 62 ProcessMock* starter_; |
| 63 }; |
| 64 |
| 65 void IpsecManagerTest::DoInitialize(bool use_psk) { |
| 66 if (use_psk) { |
| 67 ASSERT_TRUE(ipsec_.Initialize(1, remote_, psk_file_, "", "", "")); |
| 68 } else { |
| 69 ASSERT_TRUE(ipsec_.Initialize(1, remote_, "", server_ca_file_, |
| 70 client_key_file_, client_cert_file_)); |
| 71 } |
| 72 } |
| 73 |
| 74 TEST_F(IpsecManagerTest, InitializeBadRemote) { |
| 75 EXPECT_FALSE(ipsec_.Initialize(1, "", psk_file_, "", "", "")); |
| 76 EXPECT_TRUE(FindLog("Missing remote")); |
| 77 } |
| 78 |
| 79 TEST_F(IpsecManagerTest, InitializeNoAuth) { |
| 80 EXPECT_FALSE(ipsec_.Initialize(1, remote_, "", "", "", "")); |
| 81 EXPECT_TRUE(FindLog("Must specify either PSK or certificates")); |
| 82 } |
| 83 |
| 84 TEST_F(IpsecManagerTest, InitializePSK) { |
| 85 DoInitialize(true); |
| 86 } |
| 87 |
| 88 TEST_F(IpsecManagerTest, InitializeCerts) { |
| 89 DoInitialize(false); |
| 90 } |
| 91 |
| 92 TEST_F(IpsecManagerTest, InitializeNotBoth) { |
| 93 EXPECT_FALSE(ipsec_.Initialize(1, remote_, |
| 94 psk_file_, |
| 95 server_ca_file_, |
| 96 client_key_file_, |
| 97 client_cert_file_)); |
| 98 EXPECT_TRUE(FindLog("Specified both PSK and certificates")); |
| 99 } |
| 100 |
| 101 TEST_F(IpsecManagerTest, InitializeUnsupportedVersion) { |
| 102 EXPECT_FALSE(ipsec_.Initialize(3, remote_, psk_file_, "", "", "")); |
| 103 EXPECT_TRUE(FindLog("Unsupported IKE version")); |
| 104 } |
| 105 |
| 106 TEST_F(IpsecManagerTest, FormatPsk) { |
| 107 const char kLocal[] = "5.6.7.8"; |
| 108 FilePath input(test_path_.Append("psk")); |
| 109 const char psk[] = "pAssword\n"; |
| 110 file_util::WriteFile(input, psk, strlen(psk)); |
| 111 ServiceManager::temp_path_ = test_path_; |
| 112 FilePath output; |
| 113 DoInitialize(true); |
| 114 FLAGS_local = std::string(kLocal); |
| 115 std::string formatted; |
| 116 EXPECT_TRUE(ipsec_.FormatPsk(input, &formatted)); |
| 117 EXPECT_EQ("5.6.7.8 1.2.3.4 : PSK \"pAssword\"\n", formatted); |
| 118 } |
| 119 |
| 120 bool IpsecManagerTest::MockStarterStart() { |
| 121 EXPECT_TRUE(NULL != getenv("IPSEC_MANAGER_PID")); |
| 122 return true; |
| 123 } |
| 124 |
| 125 TEST_F(IpsecManagerTest, StartStarter) { |
| 126 InSequence unused; |
| 127 const int kMockFd = 123; |
| 128 DoInitialize(true); |
| 129 ipsec_.starter_pid_file_ = test_path_.Append("starter_pid").value(); |
| 130 // File must exist. |
| 131 file_util::WriteFile(FilePath(ipsec_.starter_pid_file_), "", 0); |
| 132 |
| 133 // Test that it attempts to kill any running starter. |
| 134 EXPECT_CALL(*starter_, ResetPidByFile(ipsec_.starter_pid_file_)). |
| 135 WillOnce(Return(true)); |
| 136 EXPECT_CALL(*starter_, pid()).WillOnce(Return(1)); |
| 137 EXPECT_CALL(*starter_, Reset(0)); |
| 138 |
| 139 EXPECT_CALL(*starter_, AddArg(IPSEC_STARTER)); |
| 140 EXPECT_CALL(*starter_, AddArg("--nofork")); |
| 141 EXPECT_CALL(*starter_, RedirectUsingPipe(STDERR_FILENO, false)); |
| 142 EXPECT_CALL(*starter_, Start()).WillOnce(Invoke( |
| 143 this, &IpsecManagerTest::MockStarterStart)); |
| 144 EXPECT_CALL(*starter_, GetPipe(STDERR_FILENO)).WillOnce(Return(kMockFd)); |
| 145 EXPECT_CALL(*starter_, pid()); |
| 146 EXPECT_TRUE(ipsec_.StartStarter()); |
| 147 EXPECT_EQ(kMockFd, ipsec_.output_fd()); |
| 148 } |
| 149 |
| 150 void IpsecManagerTest::CheckStarter(const std::string& actual) { |
| 151 const char kExpected[] = |
| 152 "config setup\n" |
| 153 "\tcharonstart=no\n" |
| 154 "conn managed\n" |
| 155 "\tkeyexchange=ikev1\n" |
| 156 "\tauthby=psk\n" |
| 157 "\tpfs=no\n" |
| 158 "\trekey=no\n" |
| 159 "\tleft=%defaultroute\n" |
| 160 "\tleftprotoport=17/1701\n" |
| 161 "\tleftupdown=/usr/libexec/l2tpipsec_vpn/pluto_updown\n" |
| 162 "\tright=1.2.3.4\n" |
| 163 "\trightprotoport=17/1701\n" |
| 164 "\tauto=start\n"; |
| 165 EXPECT_EQ(kExpected, actual); |
| 166 } |
| 167 |
| 168 TEST_F(IpsecManagerTest, FormatStarterConfigFile) { |
| 169 DoInitialize(true); |
| 170 CheckStarter(ipsec_.FormatStarterConfigFile()); |
| 171 } |
| 172 |
| 173 TEST_F(IpsecManagerTest, WriteConfigFiles) { |
| 174 DoInitialize(true); |
| 175 FilePath container = test_path_.Append("etc"); |
| 176 ASSERT_TRUE(file_util::CreateDirectory(container)); |
| 177 ipsec_.stateful_container_ = container.value(); |
| 178 EXPECT_TRUE(ipsec_.WriteConfigFiles()); |
| 179 std::string conf_contents; |
| 180 ASSERT_TRUE(file_util::ReadFileToString( |
| 181 container.Append("ipsec.conf"), &conf_contents)); |
| 182 CheckStarter(conf_contents); |
| 183 ASSERT_TRUE(file_util::PathExists(container.Append("ipsec.secrets"))); |
| 184 } |
| 185 |
| 186 int main(int argc, char** argv) { |
| 187 SetUpTests(&argc, argv, true); |
| 188 return RUN_ALL_TESTS(); |
| 189 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6508016:
vpn-manager: Add l2tp/ipsec vpn manager (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/vpn-manager.git@master