Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(565)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: ipsec_manager_test.cc

Issue 6508016: vpn-manager: Add l2tp/ipsec vpn manager (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vpn-manager.git@master
Patch Set: respond to petkov Created 9 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « ipsec_manager.cc ('k') | l2tp_manager.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/command_line.h"
6 #include "base/file_util.h"
7 #include "chromeos/process_mock.h"
8 #include "chromeos/syslog_logging.h"
9 #include "chromeos/test_helpers.h"
10 #include "gflags/gflags.h"
11 #include "gtest/gtest.h"
12 #include "vpn-manager/ipsec_manager.h"
13
14 using ::chromeos::FindLog;
15 using ::chromeos::ProcessMock;
16 using ::testing::_;
17 using ::testing::InSequence;
18 using ::testing::Return;
19
20 const int kMockFd = 123;
21
22 const int kMockStarterPid = 10001;
23
24 DECLARE_int32(ipsec_timeout);
25
26 class IpsecManagerTest : public ::testing::Test {
27 public:
28 void SetUp() {
29 file_util::GetCurrentDirectory(&test_path_);
30 test_path_ = test_path_.Append("test");
31 file_util::Delete(test_path_, true);
32 file_util::CreateDirectory(test_path_);
33 stateful_container_ = test_path_.Append("etc");
34 file_util::CreateDirectory(stateful_container_);
35 remote_ = "1.2.3.4";
36 ServiceManager::temp_path_ = new FilePath(test_path_);
37 psk_file_ = test_path_.Append("psk").value();
38 server_ca_file_ = test_path_.Append("server.ca").value();
39 client_key_file_ = test_path_.Append("client.key").value();
40 client_cert_file_ = test_path_.Append("client.cert").value();
41 ipsec_run_path_ = test_path_.Append("run").value();
42 ipsec_up_file_ = FilePath(ipsec_run_path_).Append("up").value();
43 WriteFile(psk_file_, "secret");
44 WriteFile(server_ca_file_, "");
45 WriteFile(client_key_file_, "");
46 WriteFile(client_cert_file_, "");
47 chromeos::ClearLog();
48 starter_ = new ProcessMock;
49 ipsec_.starter_.reset(starter_);
50 ipsec_.stateful_container_ = stateful_container_.value();
51 ipsec_.ipsec_group_ = getgid();
52 ipsec_.ipsec_run_path_ = ipsec_run_path_;
53 ipsec_.ipsec_up_file_ = ipsec_up_file_;
54 ipsec_.force_local_address_ = "5.6.7.8";
55 }
56
57 void SetStartStarterExpectations(bool already_running);
58
59 protected:
60 void WriteFile(const std::string& file_path, const char* contents) {
61 if (file_util::WriteFile(FilePath(file_path), contents,
62 strlen(contents)) < 0) {
63 LOG(ERROR) << "Unable to create " << file_path;
64 }
65 }
66
67 void DoInitialize(int ike_version, bool use_psk);
68
69 IpsecManager ipsec_;
70 FilePath stateful_container_;
71 FilePath test_path_;
72 std::string remote_;
73 std::string psk_file_;
74 std::string server_ca_file_;
75 std::string client_key_file_;
76 std::string client_cert_file_;
77 std::string ipsec_run_path_;
78 std::string ipsec_up_file_;
79 ProcessMock* starter_;
80 };
81
82 void IpsecManagerTest::DoInitialize(int ike_version, bool use_psk) {
83 if (use_psk) {
84 ASSERT_TRUE(ipsec_.Initialize(ike_version, remote_, psk_file_, "", "", ""));
85 } else {
86 ASSERT_TRUE(ipsec_.Initialize(ike_version, remote_, "", server_ca_file_,
87 client_key_file_, client_cert_file_));
88 }
89 }
90
91 void IpsecManagerTest::SetStartStarterExpectations(bool already_running) {
92 if (already_running) {
93 ipsec_.starter_pid_file_ = test_path_.Append("starter_pid").value();
94 // File must exist.
95 file_util::WriteFile(FilePath(ipsec_.starter_pid_file_), "", 0);
96 // Test that it attempts to kill the running starter.
97 EXPECT_CALL(*starter_, ResetPidByFile(ipsec_.starter_pid_file_)).
98 WillOnce(Return(true));
99 EXPECT_CALL(*starter_, pid()).WillOnce(Return(1));
100 EXPECT_CALL(*starter_, Reset(0));
101 }
102
103 EXPECT_CALL(*starter_, AddArg(IPSEC_STARTER));
104 EXPECT_CALL(*starter_, AddArg("--nofork"));
105 EXPECT_CALL(*starter_, RedirectUsingPipe(STDERR_FILENO, false));
106 EXPECT_CALL(*starter_, Start()).WillOnce(Return(true));
107 EXPECT_CALL(*starter_, GetPipe(STDERR_FILENO)).WillOnce(Return(kMockFd));
108 EXPECT_CALL(*starter_, pid()).WillOnce(Return(kMockStarterPid));
109 }
110
111 TEST_F(IpsecManagerTest, InitializeBadRemote) {
112 EXPECT_FALSE(ipsec_.Initialize(1, "", psk_file_, "", "", ""));
113 EXPECT_TRUE(FindLog("Missing remote"));
114 }
115
116 TEST_F(IpsecManagerTest, InitializeNoAuth) {
117 EXPECT_FALSE(ipsec_.Initialize(1, remote_, "", "", "", ""));
118 EXPECT_TRUE(FindLog("Must specify either PSK or certificates"));
119 }
120
121 TEST_F(IpsecManagerTest, InitializeNotBoth) {
122 EXPECT_FALSE(ipsec_.Initialize(1, remote_,
123
124 psk_file_,
125 server_ca_file_,
126 client_key_file_,
127 client_cert_file_));
128 EXPECT_TRUE(FindLog("Specified both PSK and certificates"));
129 }
130
131 TEST_F(IpsecManagerTest, InitializeUnsupportedVersion) {
132 EXPECT_FALSE(ipsec_.Initialize(3, remote_, psk_file_, "", "", ""));
133 EXPECT_TRUE(FindLog("Unsupported IKE version"));
134 }
135
136 TEST_F(IpsecManagerTest, CreateIpsecRunDirectory) {
137 EXPECT_TRUE(ipsec_.CreateIpsecRunDirectory());
138 struct stat stat_buffer;
139 ASSERT_EQ(0, stat(ipsec_run_path_.c_str(), &stat_buffer));
140 EXPECT_EQ(0, stat_buffer.st_mode & (S_IWOTH | S_IXOTH | S_IROTH));
141 }
142
143 TEST_F(IpsecManagerTest, PollWaitIfNotUpYet) {
144 ipsec_.start_ticks_ = base::TimeTicks::Now();
145 EXPECT_EQ(1000, ipsec_.Poll());
146 }
147
148 TEST_F(IpsecManagerTest, PollTimeoutWaiting) {
149 ipsec_.start_ticks_ = base::TimeTicks::Now() -
150 base::TimeDelta::FromSeconds(FLAGS_ipsec_timeout + 1);
151 EXPECT_EQ(1000, ipsec_.Poll());
152 EXPECT_TRUE(FindLog("IPsec connection timed out"));
153 EXPECT_TRUE(ipsec_.was_stopped());
154 }
155
156 TEST_F(IpsecManagerTest, PollTransitionToUp) {
157 ipsec_.start_ticks_ = base::TimeTicks::Now();
158 EXPECT_TRUE(ipsec_.CreateIpsecRunDirectory());
159 EXPECT_TRUE(file_util::PathExists(FilePath(ipsec_run_path_)));
160 WriteFile(ipsec_up_file_, "");
161 EXPECT_FALSE(ipsec_.is_running());
162 EXPECT_EQ(-1, ipsec_.Poll());
163 EXPECT_TRUE(FindLog("IPsec connection now up"));
164 EXPECT_TRUE(ipsec_.is_running());
165 }
166
167 TEST_F(IpsecManagerTest, PollNothingIfRunning) {
168 ipsec_.is_running_ = true;
169 EXPECT_EQ(-1, ipsec_.Poll());
170 }
171
172 class IpsecManagerTestIkeV1Psk : public IpsecManagerTest {
173 public:
174 void SetUp() {
175 IpsecManagerTest::SetUp();
176 DoInitialize(1, true);
177 }
178
179 protected:
180 void CheckStarter(const std::string& actual);
181 };
182
183 TEST_F(IpsecManagerTestIkeV1Psk, Initialize) {
184 }
185
186 TEST_F(IpsecManagerTestIkeV1Psk, GetLocalAddressForRemote) {
187 ipsec_.force_local_address_ = NULL;
188 std::string local_address;
189 EXPECT_TRUE(ipsec_.GetLocalAddressForRemote("127.0.0.1", &local_address));
190 EXPECT_EQ("127.0.0.1", local_address);
191 }
192
193 TEST_F(IpsecManagerTestIkeV1Psk, FormatPsk) {
194 FilePath input(test_path_.Append("psk"));
195 const char psk[] = "pAssword\n";
196 file_util::WriteFile(input, psk, strlen(psk));
197 FilePath output;
198 std::string formatted;
199 EXPECT_TRUE(ipsec_.FormatPsk(input, &formatted));
200 EXPECT_EQ("5.6.7.8 1.2.3.4 : PSK \"pAssword\"\n", formatted);
201 }
202
203 TEST_F(IpsecManagerTestIkeV1Psk, StartStarterNotYetRunning) {
204 InSequence unused;
205 SetStartStarterExpectations(false);
206 EXPECT_TRUE(ipsec_.StartStarter());
207 EXPECT_EQ(kMockFd, ipsec_.output_fd());
208 EXPECT_EQ("ipsec[10001]: ", ipsec_.ipsec_prefix_);
209 }
210
211 TEST_F(IpsecManagerTestIkeV1Psk, StartStarterAlreadyRunning) {
212 InSequence unused;
213 SetStartStarterExpectations(true);
214 EXPECT_TRUE(ipsec_.StartStarter());
215 EXPECT_EQ(kMockFd, ipsec_.output_fd());
216 EXPECT_EQ("ipsec[10001]: ", ipsec_.ipsec_prefix_);
217 }
218
219 void IpsecManagerTestIkeV1Psk::CheckStarter(const std::string& actual) {
220 const char kExpected[] =
221 "config setup\n"
222 "\tcharonstart=no\n"
223 "conn managed\n"
224 "\tkeyexchange=ikev1\n"
225 "\tauthby=psk\n"
226 "\tpfs=no\n"
227 "\trekey=no\n"
228 "\tleft=%defaultroute\n"
229 "\tleftprotoport=17/1701\n"
230 "\tleftupdown=/usr/libexec/l2tpipsec_vpn/pluto_updown\n"
231 "\tright=1.2.3.4\n"
232 "\trightprotoport=17/1701\n"
233 "\tauto=start\n";
234 EXPECT_EQ(kExpected, actual);
235 }
236
237 TEST_F(IpsecManagerTestIkeV1Psk, FormatStarterConfigFile) {
238 CheckStarter(ipsec_.FormatStarterConfigFile());
239 }
240
241 TEST_F(IpsecManagerTestIkeV1Psk, Start) {
242 InSequence unused;
243 SetStartStarterExpectations(false);
244 EXPECT_TRUE(ipsec_.Start());
245 EXPECT_FALSE(ipsec_.start_ticks_.is_null());
246 }
247
248 TEST_F(IpsecManagerTestIkeV1Psk, WriteConfigFiles) {
249 EXPECT_TRUE(ipsec_.WriteConfigFiles());
250 std::string conf_contents;
251 ASSERT_TRUE(file_util::ReadFileToString(
252 stateful_container_.Append("ipsec.conf"), &conf_contents));
253 CheckStarter(conf_contents);
254 ASSERT_TRUE(file_util::PathExists(stateful_container_.Append(
255 "ipsec.secrets")));
256 }
257
258 class IpsecManagerTestIkeV1Certs : public IpsecManagerTest {
259 public:
260 void SetUp() {
261 IpsecManagerTest::SetUp();
262 DoInitialize(1, false);
263 }
264 };
265
266 TEST_F(IpsecManagerTestIkeV1Certs, Initialize) {
267 DoInitialize(1, false);
268 }
269
270
271 int main(int argc, char** argv) {
272 SetUpTests(&argc, argv, true);
273 return RUN_ALL_TESTS();
274 }
OLDNEW
« no previous file with comments | « ipsec_manager.cc ('k') | l2tp_manager.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698