Chromium Code Reviews Chromium Code Reviews
Issue 6508016:
vpn-manager: Add l2tp/ipsec vpn manager (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/vpn-manager.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "base/command_line.h" | |
| 6 #include "base/file_util.h" | |
| 7 #include "chromeos/process_mock.h" | |
| 8 #include "chromeos/syslog_logging.h" | |
| 9 #include "chromeos/test_helpers.h" | |
| 10 #include "gflags/gflags.h" | |
| 11 #include "gtest/gtest.h" | |
| 12 #include "vpn-manager/ipsec_manager.h" | |
|
petkov
2011/03/11 19:12:53
add blank line before
kmixter1
2011/03/11 20:53:04
Since right now I'm considering these not system l
| |
| 13 | |
| 14 using ::chromeos::FindLog; | |
| 15 using ::chromeos::ProcessMock; | |
| 16 using ::testing::_; | |
| 17 using ::testing::InSequence; | |
| 18 using ::testing::Return; | |
| 19 | |
| 20 const int kMockFd = 123; | |
| 21 | |
| 22 const int kMockStarterPid = 10001; | |
| 23 | |
| 24 DECLARE_int32(ipsec_timeout); | |
| 25 | |
| 26 class IpsecManagerTest : public ::testing::Test { | |
| 27 public: | |
| 28 void SetUp() { | |
| 29 file_util::GetCurrentDirectory(&test_path_); | |
| 30 test_path_ = test_path_.Append("test"); | |
| 31 file_util::Delete(test_path_, true); | |
| 32 file_util::CreateDirectory(test_path_); | |
| 33 stateful_container_ = test_path_.Append("etc"); | |
| 34 file_util::CreateDirectory(stateful_container_); | |
| 35 remote_ = "1.2.3.4"; | |
| 36 ServiceManager::temp_path_ = new FilePath(test_path_); | |
| 37 psk_file_ = test_path_.Append("psk").value(); | |
| 38 server_ca_file_ = test_path_.Append("server.ca").value(); | |
| 39 client_key_file_ = test_path_.Append("client.key").value(); | |
| 40 client_cert_file_ = test_path_.Append("client.cert").value(); | |
| 41 ipsec_run_path_ = test_path_.Append("run").value(); | |
| 42 ipsec_up_file_ = FilePath(ipsec_run_path_).Append("up").value(); | |
| 43 WriteFile(psk_file_, "secret"); | |
| 44 WriteFile(server_ca_file_, ""); | |
| 45 WriteFile(client_key_file_, ""); | |
| 46 WriteFile(client_cert_file_, ""); | |
| 47 chromeos::ClearLog(); | |
| 48 starter_ = new ProcessMock; | |
| 49 ipsec_.starter_.reset(starter_); | |
| 50 ipsec_.stateful_container_ = stateful_container_.value(); | |
| 51 ipsec_.ipsec_group_ = getgid(); | |
| 52 ipsec_.ipsec_run_path_ = ipsec_run_path_; | |
| 53 ipsec_.ipsec_up_file_ = ipsec_up_file_; | |
| 54 ipsec_.force_local_address_ = "5.6.7.8"; | |
| 55 } | |
| 56 | |
| 57 void SetStartStarterExpectations(bool already_running); | |
| 58 | |
| 59 protected: | |
| 60 void WriteFile(const std::string& file_path, const char* contents) { | |
| 61 if (file_util::WriteFile(FilePath(file_path), contents, | |
| 62 strlen(contents)) < 0) { | |
| 63 LOG(ERROR) << "Unable to create " << file_path; | |
| 64 } | |
| 65 } | |
| 66 | |
| 67 void DoInitialize(int ike_version, bool use_psk); | |
| 68 | |
| 69 IpsecManager ipsec_; | |
| 70 FilePath stateful_container_; | |
| 71 FilePath test_path_; | |
| 72 std::string remote_; | |
| 73 std::string psk_file_; | |
| 74 std::string server_ca_file_; | |
| 75 std::string client_key_file_; | |
| 76 std::string client_cert_file_; | |
| 77 std::string ipsec_run_path_; | |
| 78 std::string ipsec_up_file_; | |
| 79 ProcessMock* starter_; | |
| 80 }; | |
| 81 | |
| 82 void IpsecManagerTest::DoInitialize(int ike_version, bool use_psk) { | |
| 83 if (use_psk) { | |
| 84 ASSERT_TRUE(ipsec_.Initialize(ike_version, remote_, psk_file_, "", "", "")); | |
| 85 } else { | |
| 86 ASSERT_TRUE(ipsec_.Initialize(ike_version, remote_, "", server_ca_file_, | |
| 87 client_key_file_, client_cert_file_)); | |
| 88 } | |
| 89 } | |
| 90 | |
| 91 void IpsecManagerTest::SetStartStarterExpectations(bool already_running) { | |
| 92 if (already_running) { | |
| 93 ipsec_.starter_pid_file_ = test_path_.Append("starter_pid").value(); | |
| 94 // File must exist. | |
| 95 file_util::WriteFile(FilePath(ipsec_.starter_pid_file_), "", 0); | |
| 96 // Test that it attempts to kill the running starter. | |
| 97 EXPECT_CALL(*starter_, ResetPidByFile(ipsec_.starter_pid_file_)). | |
| 98 WillOnce(Return(true)); | |
| 99 EXPECT_CALL(*starter_, pid()).WillOnce(Return(1)); | |
| 100 EXPECT_CALL(*starter_, Reset(0)); | |
| 101 } | |
| 102 | |
| 103 EXPECT_CALL(*starter_, AddArg(IPSEC_STARTER)); | |
| 104 EXPECT_CALL(*starter_, AddArg("--nofork")); | |
| 105 EXPECT_CALL(*starter_, RedirectUsingPipe(STDERR_FILENO, false)); | |
| 106 EXPECT_CALL(*starter_, Start()).WillOnce(Return(true)); | |
| 107 EXPECT_CALL(*starter_, GetPipe(STDERR_FILENO)).WillOnce(Return(kMockFd)); | |
| 108 EXPECT_CALL(*starter_, pid()).WillOnce(Return(kMockStarterPid)); | |
| 109 } | |
| 110 | |
| 111 TEST_F(IpsecManagerTest, InitializeBadRemote) { | |
| 112 EXPECT_FALSE(ipsec_.Initialize(1, "", psk_file_, "", "", "")); | |
| 113 EXPECT_TRUE(FindLog("Missing remote")); | |
| 114 } | |
| 115 | |
| 116 TEST_F(IpsecManagerTest, InitializeNoAuth) { | |
| 117 EXPECT_FALSE(ipsec_.Initialize(1, remote_, "", "", "", "")); | |
| 118 EXPECT_TRUE(FindLog("Must specify either PSK or certificates")); | |
| 119 } | |
| 120 | |
| 121 TEST_F(IpsecManagerTest, InitializeNotBoth) { | |
| 122 EXPECT_FALSE(ipsec_.Initialize(1, remote_, | |
| 123 | |
| 124 psk_file_, | |
| 125 server_ca_file_, | |
| 126 client_key_file_, | |
| 127 client_cert_file_)); | |
| 128 EXPECT_TRUE(FindLog("Specified both PSK and certificates")); | |
| 129 } | |
| 130 | |
| 131 TEST_F(IpsecManagerTest, InitializeUnsupportedVersion) { | |
| 132 EXPECT_FALSE(ipsec_.Initialize(3, remote_, psk_file_, "", "", "")); | |
| 133 EXPECT_TRUE(FindLog("Unsupported IKE version")); | |
| 134 } | |
| 135 | |
| 136 TEST_F(IpsecManagerTest, CreateIpsecRunDirectory) { | |
| 137 EXPECT_TRUE(ipsec_.CreateIpsecRunDirectory()); | |
| 138 struct stat stat_buffer; | |
| 139 ASSERT_EQ(0, stat(ipsec_run_path_.c_str(), &stat_buffer)); | |
| 140 EXPECT_EQ(0, stat_buffer.st_mode & (S_IWOTH | S_IXOTH | S_IROTH)); | |
| 141 } | |
| 142 | |
| 143 TEST_F(IpsecManagerTest, PollWaitIfNotUpYet) { | |
| 144 ipsec_.start_ticks_ = base::TimeTicks::Now(); | |
| 145 EXPECT_EQ(1000, ipsec_.Poll()); | |
| 146 } | |
| 147 | |
| 148 TEST_F(IpsecManagerTest, PollTimeoutWaiting) { | |
| 149 ipsec_.start_ticks_ = base::TimeTicks::Now() - | |
| 150 base::TimeDelta::FromSeconds(FLAGS_ipsec_timeout + 1); | |
| 151 EXPECT_EQ(1000, ipsec_.Poll()); | |
| 152 EXPECT_TRUE(FindLog("IPsec connection timed out")); | |
| 153 EXPECT_TRUE(ipsec_.was_stopped()); | |
| 154 } | |
| 155 | |
| 156 TEST_F(IpsecManagerTest, PollTransitionToUp) { | |
| 157 ipsec_.start_ticks_ = base::TimeTicks::Now(); | |
| 158 EXPECT_TRUE(ipsec_.CreateIpsecRunDirectory()); | |
| 159 EXPECT_TRUE(file_util::PathExists(FilePath(ipsec_run_path_))); | |
| 160 WriteFile(ipsec_up_file_, ""); | |
| 161 EXPECT_FALSE(ipsec_.is_running()); | |
| 162 EXPECT_EQ(-1, ipsec_.Poll()); | |
| 163 EXPECT_TRUE(FindLog("IPsec connection now up")); | |
| 164 EXPECT_TRUE(ipsec_.is_running()); | |
| 165 } | |
| 166 | |
| 167 TEST_F(IpsecManagerTest, PollNothingIfRunning) { | |
| 168 ipsec_.is_running_ = true; | |
| 169 EXPECT_EQ(-1, ipsec_.Poll()); | |
| 170 } | |
| 171 | |
| 172 class IpsecManagerTestIkeV1Psk : public IpsecManagerTest { | |
| 173 public: | |
| 174 void SetUp() { | |
| 175 IpsecManagerTest::SetUp(); | |
| 176 DoInitialize(1, true); | |
| 177 } | |
| 178 | |
| 179 protected: | |
| 180 void CheckStarter(const std::string& actual); | |
| 181 }; | |
| 182 | |
| 183 TEST_F(IpsecManagerTestIkeV1Psk, Initialize) { | |
| 184 } | |
| 185 | |
| 186 TEST_F(IpsecManagerTestIkeV1Psk, GetLocalAddressForRemote) { | |
| 187 ipsec_.force_local_address_ = NULL; | |
| 188 std::string local_address; | |
| 189 EXPECT_TRUE(ipsec_.GetLocalAddressForRemote("127.0.0.1", &local_address)); | |
| 190 EXPECT_EQ("127.0.0.1", local_address); | |
| 191 } | |
| 192 | |
| 193 TEST_F(IpsecManagerTestIkeV1Psk, FormatPsk) { | |
| 194 FilePath input(test_path_.Append("psk")); | |
| 195 const char psk[] = "pAssword\n"; | |
| 196 file_util::WriteFile(input, psk, strlen(psk)); | |
| 197 FilePath output; | |
| 198 std::string formatted; | |
| 199 EXPECT_TRUE(ipsec_.FormatPsk(input, &formatted)); | |
| 200 EXPECT_EQ("5.6.7.8 1.2.3.4 : PSK \"pAssword\"\n", formatted); | |
| 201 } | |
| 202 | |
| 203 TEST_F(IpsecManagerTestIkeV1Psk, StartStarterNotYetRunning) { | |
| 204 InSequence unused; | |
| 205 SetStartStarterExpectations(false); | |
| 206 EXPECT_TRUE(ipsec_.StartStarter()); | |
| 207 EXPECT_EQ(kMockFd, ipsec_.output_fd()); | |
| 208 EXPECT_EQ("ipsec[10001]: ", ipsec_.ipsec_prefix_); | |
| 209 } | |
| 210 | |
| 211 TEST_F(IpsecManagerTestIkeV1Psk, StartStarterAlreadyRunning) { | |
| 212 InSequence unused; | |
| 213 SetStartStarterExpectations(true); | |
| 214 EXPECT_TRUE(ipsec_.StartStarter()); | |
| 215 EXPECT_EQ(kMockFd, ipsec_.output_fd()); | |
| 216 EXPECT_EQ("ipsec[10001]: ", ipsec_.ipsec_prefix_); | |
| 217 } | |
| 218 | |
| 219 void IpsecManagerTestIkeV1Psk::CheckStarter(const std::string& actual) { | |
| 220 const char kExpected[] = | |
| 221 "config setup\n" | |
| 222 "\tcharonstart=no\n" | |
| 223 "conn managed\n" | |
| 224 "\tkeyexchange=ikev1\n" | |
| 225 "\tauthby=psk\n" | |
| 226 "\tpfs=no\n" | |
| 227 "\trekey=no\n" | |
| 228 "\tleft=%defaultroute\n" | |
| 229 "\tleftprotoport=17/1701\n" | |
| 230 "\tleftupdown=/usr/libexec/l2tpipsec_vpn/pluto_updown\n" | |
| 231 "\tright=1.2.3.4\n" | |
| 232 "\trightprotoport=17/1701\n" | |
| 233 "\tauto=start\n"; | |
| 234 EXPECT_EQ(kExpected, actual); | |
| 235 } | |
| 236 | |
| 237 TEST_F(IpsecManagerTestIkeV1Psk, FormatStarterConfigFile) { | |
| 238 CheckStarter(ipsec_.FormatStarterConfigFile()); | |
| 239 } | |
| 240 | |
| 241 TEST_F(IpsecManagerTestIkeV1Psk, Start) { | |
| 242 InSequence unused; | |
| 243 SetStartStarterExpectations(false); | |
| 244 EXPECT_TRUE(ipsec_.Start()); | |
| 245 EXPECT_FALSE(ipsec_.start_ticks_.is_null()); | |
| 246 } | |
| 247 | |
| 248 TEST_F(IpsecManagerTestIkeV1Psk, WriteConfigFiles) { | |
| 249 EXPECT_TRUE(ipsec_.WriteConfigFiles()); | |
| 250 std::string conf_contents; | |
| 251 ASSERT_TRUE(file_util::ReadFileToString( | |
| 252 stateful_container_.Append("ipsec.conf"), &conf_contents)); | |
| 253 CheckStarter(conf_contents); | |
| 254 ASSERT_TRUE(file_util::PathExists(stateful_container_.Append( | |
| 255 "ipsec.secrets"))); | |
| 256 } | |
| 257 | |
| 258 class IpsecManagerTestIkeV1Certs : public IpsecManagerTest { | |
| 259 public: | |
| 260 void SetUp() { | |
| 261 IpsecManagerTest::SetUp(); | |
| 262 DoInitialize(1, false); | |
| 263 } | |
| 264 }; | |
| 265 | |
| 266 TEST_F(IpsecManagerTestIkeV1Certs, Initialize) { | |
| 267 DoInitialize(1, false); | |
| 268 } | |
| 269 | |
| 270 | |
| 271 int main(int argc, char** argv) { | |
| 272 SetUpTests(&argc, argv, true); | |
| 273 return RUN_ALL_TESTS(); | |
| 274 } | |
| OLD | NEW |
