| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "base/command_line.h" |
| 6 #include "base/file_util.h" |
| 7 #include "chromeos/process_mock.h" |
| 8 #include "chromeos/syslog_logging.h" |
| 9 #include "chromeos/test_helpers.h" |
| 10 #include "gflags/gflags.h" |
| 11 #include "gtest/gtest.h" |
| 12 #include "vpn-manager/ipsec_manager.h" |
| 13 |
| 14 using ::chromeos::FindLog; |
| 15 using ::chromeos::ProcessMock; |
| 16 using ::testing::_; |
| 17 using ::testing::InSequence; |
| 18 using ::testing::Return; |
| 19 |
| 20 const int kMockFd = 123; |
| 21 |
| 22 const int kMockStarterPid = 10001; |
| 23 |
| 24 DECLARE_int32(ipsec_timeout); |
| 25 DECLARE_string(local); |
| 26 |
| 27 class IpsecManagerTest : public ::testing::Test { |
| 28 public: |
| 29 void SetUp() { |
| 30 file_util::GetCurrentDirectory(&test_path_); |
| 31 test_path_ = test_path_.Append("test"); |
| 32 file_util::Delete(test_path_, true); |
| 33 file_util::CreateDirectory(test_path_); |
| 34 stateful_container_ = test_path_.Append("etc"); |
| 35 file_util::CreateDirectory(stateful_container_); |
| 36 remote_ = "1.2.3.4"; |
| 37 ServiceManager::temp_path_ = new FilePath(test_path_); |
| 38 psk_file_ = test_path_.Append("psk").value(); |
| 39 server_ca_file_ = test_path_.Append("server.ca").value(); |
| 40 client_key_file_ = test_path_.Append("client.key").value(); |
| 41 client_cert_file_ = test_path_.Append("client.cert").value(); |
| 42 ipsec_up_file_ = test_path_.Append("ipsec-up").value(); |
| 43 WriteFile(psk_file_, "secret"); |
| 44 WriteFile(server_ca_file_, ""); |
| 45 WriteFile(client_key_file_, ""); |
| 46 WriteFile(client_cert_file_, ""); |
| 47 chromeos::ClearLog(); |
| 48 starter_ = new ProcessMock; |
| 49 ipsec_.starter_.reset(starter_); |
| 50 ipsec_.stateful_container_ = stateful_container_.value(); |
| 51 ipsec_.ipsec_group_ = getgid(); |
| 52 ipsec_.ipsec_up_file_ = ipsec_up_file_; |
| 53 } |
| 54 |
| 55 void TearDown() { |
| 56 // Removes and deletes temp path. |
| 57 ServiceManager::DeleteTemp(); |
| 58 } |
| 59 |
| 60 void SetStartStarterExpectations(bool already_running); |
| 61 |
| 62 protected: |
| 63 void WriteFile(const std::string& file_path, const char* contents) { |
| 64 file_util::WriteFile(FilePath(file_path), contents, strlen(contents)); |
| 65 } |
| 66 |
| 67 void DoInitialize(int ike_version, bool use_psk); |
| 68 |
| 69 IpsecManager ipsec_; |
| 70 FilePath stateful_container_; |
| 71 FilePath test_path_; |
| 72 std::string remote_; |
| 73 std::string psk_file_; |
| 74 std::string server_ca_file_; |
| 75 std::string client_key_file_; |
| 76 std::string client_cert_file_; |
| 77 std::string ipsec_up_file_; |
| 78 ProcessMock* starter_; |
| 79 }; |
| 80 |
| 81 void IpsecManagerTest::DoInitialize(int ike_version, bool use_psk) { |
| 82 if (use_psk) { |
| 83 ASSERT_TRUE(ipsec_.Initialize(ike_version, remote_, psk_file_, "", "", "")); |
| 84 } else { |
| 85 ASSERT_TRUE(ipsec_.Initialize(ike_version, remote_, "", server_ca_file_, |
| 86 client_key_file_, client_cert_file_)); |
| 87 } |
| 88 } |
| 89 |
| 90 void IpsecManagerTest::SetStartStarterExpectations(bool already_running) { |
| 91 if (already_running) { |
| 92 ipsec_.starter_pid_file_ = test_path_.Append("starter_pid").value(); |
| 93 // File must exist. |
| 94 file_util::WriteFile(FilePath(ipsec_.starter_pid_file_), "", 0); |
| 95 // Test that it attempts to kill the running starter. |
| 96 EXPECT_CALL(*starter_, ResetPidByFile(ipsec_.starter_pid_file_)). |
| 97 WillOnce(Return(true)); |
| 98 EXPECT_CALL(*starter_, pid()).WillOnce(Return(1)); |
| 99 EXPECT_CALL(*starter_, Reset(0)); |
| 100 } |
| 101 |
| 102 EXPECT_CALL(*starter_, AddArg(IPSEC_STARTER)); |
| 103 EXPECT_CALL(*starter_, AddArg("--nofork")); |
| 104 EXPECT_CALL(*starter_, RedirectUsingPipe(STDERR_FILENO, false)); |
| 105 EXPECT_CALL(*starter_, Start()).WillOnce(Return(true)); |
| 106 EXPECT_CALL(*starter_, GetPipe(STDERR_FILENO)).WillOnce(Return(kMockFd)); |
| 107 EXPECT_CALL(*starter_, pid()).WillOnce(Return(kMockStarterPid)); |
| 108 } |
| 109 |
| 110 TEST_F(IpsecManagerTest, InitializeBadRemote) { |
| 111 EXPECT_FALSE(ipsec_.Initialize(1, "", psk_file_, "", "", "")); |
| 112 EXPECT_TRUE(FindLog("Missing remote")); |
| 113 } |
| 114 |
| 115 TEST_F(IpsecManagerTest, InitializeNoAuth) { |
| 116 EXPECT_FALSE(ipsec_.Initialize(1, remote_, "", "", "", "")); |
| 117 EXPECT_TRUE(FindLog("Must specify either PSK or certificates")); |
| 118 } |
| 119 |
| 120 TEST_F(IpsecManagerTest, InitializeNotBoth) { |
| 121 EXPECT_FALSE(ipsec_.Initialize(1, remote_, |
| 122 psk_file_, |
| 123 server_ca_file_, |
| 124 client_key_file_, |
| 125 client_cert_file_)); |
| 126 EXPECT_TRUE(FindLog("Specified both PSK and certificates")); |
| 127 } |
| 128 |
| 129 TEST_F(IpsecManagerTest, InitializeUnsupportedVersion) { |
| 130 EXPECT_FALSE(ipsec_.Initialize(3, remote_, psk_file_, "", "", "")); |
| 131 EXPECT_TRUE(FindLog("Unsupported IKE version")); |
| 132 } |
| 133 |
| 134 TEST_F(IpsecManagerTest, PollWaitIfNotUpYet) { |
| 135 ipsec_.start_ticks_ = base::TimeTicks::Now(); |
| 136 EXPECT_EQ(1000, ipsec_.Poll()); |
| 137 } |
| 138 |
| 139 TEST_F(IpsecManagerTest, PollTimeoutWaiting) { |
| 140 ipsec_.start_ticks_ = base::TimeTicks::Now() - |
| 141 base::TimeDelta::FromSeconds(FLAGS_ipsec_timeout + 1); |
| 142 EXPECT_EQ(1000, ipsec_.Poll()); |
| 143 EXPECT_TRUE(FindLog("IPsec connection timed out")); |
| 144 EXPECT_TRUE(ipsec_.was_stopped_); |
| 145 } |
| 146 |
| 147 TEST_F(IpsecManagerTest, PollTransitionToUp) { |
| 148 ipsec_.start_ticks_ = base::TimeTicks::Now(); |
| 149 WriteFile(ipsec_up_file_, ""); |
| 150 EXPECT_FALSE(ipsec_.is_running_); |
| 151 EXPECT_EQ(-1, ipsec_.Poll()); |
| 152 EXPECT_TRUE(FindLog("IPsec connection now up")); |
| 153 EXPECT_TRUE(ipsec_.is_running_); |
| 154 } |
| 155 |
| 156 TEST_F(IpsecManagerTest, PollNothingIfRunning) { |
| 157 ipsec_.is_running_ = true; |
| 158 EXPECT_EQ(-1, ipsec_.Poll()); |
| 159 } |
| 160 |
| 161 class IpsecManagerTestIkeV1Psk : public IpsecManagerTest { |
| 162 public: |
| 163 void SetUp() { |
| 164 IpsecManagerTest::SetUp(); |
| 165 DoInitialize(1, true); |
| 166 } |
| 167 |
| 168 protected: |
| 169 void CheckStarter(const std::string& actual); |
| 170 }; |
| 171 |
| 172 TEST_F(IpsecManagerTestIkeV1Psk, Initialize) { |
| 173 } |
| 174 |
| 175 TEST_F(IpsecManagerTestIkeV1Psk, FormatPsk) { |
| 176 const char kLocal[] = "5.6.7.8"; |
| 177 FilePath input(test_path_.Append("psk")); |
| 178 const char psk[] = "pAssword\n"; |
| 179 file_util::WriteFile(input, psk, strlen(psk)); |
| 180 FilePath output; |
| 181 FLAGS_local = std::string(kLocal); |
| 182 std::string formatted; |
| 183 EXPECT_TRUE(ipsec_.FormatPsk(input, &formatted)); |
| 184 EXPECT_EQ("5.6.7.8 1.2.3.4 : PSK \"pAssword\"\n", formatted); |
| 185 } |
| 186 |
| 187 TEST_F(IpsecManagerTestIkeV1Psk, StartStarterNotYetRunning) { |
| 188 InSequence unused; |
| 189 SetStartStarterExpectations(false); |
| 190 EXPECT_TRUE(ipsec_.StartStarter()); |
| 191 EXPECT_EQ(kMockFd, ipsec_.output_fd()); |
| 192 EXPECT_EQ("ipsec[10001]: ", ipsec_.ipsec_prefix_); |
| 193 } |
| 194 |
| 195 TEST_F(IpsecManagerTestIkeV1Psk, StartStarterAlreadyRunning) { |
| 196 InSequence unused; |
| 197 SetStartStarterExpectations(true); |
| 198 EXPECT_TRUE(ipsec_.StartStarter()); |
| 199 EXPECT_EQ(kMockFd, ipsec_.output_fd()); |
| 200 EXPECT_EQ("ipsec[10001]: ", ipsec_.ipsec_prefix_); |
| 201 } |
| 202 |
| 203 void IpsecManagerTestIkeV1Psk::CheckStarter(const std::string& actual) { |
| 204 const char kExpected[] = |
| 205 "config setup\n" |
| 206 "\tcharonstart=no\n" |
| 207 "conn managed\n" |
| 208 "\tkeyexchange=ikev1\n" |
| 209 "\tauthby=psk\n" |
| 210 "\tpfs=no\n" |
| 211 "\trekey=no\n" |
| 212 "\tleft=%defaultroute\n" |
| 213 "\tleftprotoport=17/1701\n" |
| 214 "\tleftupdown=/usr/libexec/l2tpipsec_vpn/pluto_updown\n" |
| 215 "\tright=1.2.3.4\n" |
| 216 "\trightprotoport=17/1701\n" |
| 217 "\tauto=start\n"; |
| 218 EXPECT_EQ(kExpected, actual); |
| 219 } |
| 220 |
| 221 TEST_F(IpsecManagerTestIkeV1Psk, FormatStarterConfigFile) { |
| 222 CheckStarter(ipsec_.FormatStarterConfigFile()); |
| 223 } |
| 224 |
| 225 TEST_F(IpsecManagerTestIkeV1Psk, Start) { |
| 226 InSequence unused; |
| 227 SetStartStarterExpectations(false); |
| 228 EXPECT_TRUE(ipsec_.Start()); |
| 229 EXPECT_FALSE(ipsec_.start_ticks_.is_null()); |
| 230 } |
| 231 |
| 232 TEST_F(IpsecManagerTestIkeV1Psk, WriteConfigFiles) { |
| 233 EXPECT_TRUE(ipsec_.WriteConfigFiles()); |
| 234 std::string conf_contents; |
| 235 ASSERT_TRUE(file_util::ReadFileToString( |
| 236 stateful_container_.Append("ipsec.conf"), &conf_contents)); |
| 237 CheckStarter(conf_contents); |
| 238 ASSERT_TRUE(file_util::PathExists(stateful_container_.Append( |
| 239 "ipsec.secrets"))); |
| 240 } |
| 241 |
| 242 class IpsecManagerTestIkeV1Certs : public IpsecManagerTest { |
| 243 public: |
| 244 void SetUp() { |
| 245 IpsecManagerTest::SetUp(); |
| 246 DoInitialize(1, false); |
| 247 } |
| 248 }; |
| 249 |
| 250 TEST_F(IpsecManagerTestIkeV1Certs, Initialize) { |
| 251 DoInitialize(1, false); |
| 252 } |
| 253 |
| 254 |
| 255 int main(int argc, char** argv) { |
| 256 SetUpTests(&argc, argv, true); |
| 257 return RUN_ALL_TESTS(); |
| 258 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6508016:
vpn-manager: Add l2tp/ipsec vpn manager (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/vpn-manager.git@master