Add automated StrongSwan test

server/site_wifitest.py

 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 import common, datetime, fnmatch, logging, os, re, string, threading, time
 
 from autotest_lib.server import autotest, hosts, subcommand
 from autotest_lib.server import site_bsd_router
 from autotest_lib.server import site_linux_router
 from autotest_lib.server import site_linux_server
@@ skipping 125 matching lines @@
             self.server = hosts.create_host(server['addr'])
             self.server_at = autotest.Autotest(self.server)
             # if not specified assume the same as the control address
             self.server_wifi_ip = server.get('wifi_addr', self.server.ip)
             self.__server_discover_commands(server)
         else:
             self.server = None
             # NB: wifi address must be set if not reachable from control
             self.server_wifi_ip = server['wifi_addr']
 
-        # hosting_server is a machine which hosts network services,
-        # such as VPN.
+        # The 'hosting_server' is a machine which hosts network
+        # services, such as OpenVPN or StrongSwan.
         self.hosting_server = site_linux_server.LinuxServer(self.server, server)
 
         # potential bg thread for ping untilstop
         self.ping_thread = None
 
         # potential bg thread for client network monitoring
         self.client_netdump_thread = None
         self.__client_discover_commands(client)
         self.profile_create({'name':'test'})
         self.profile_push({'name':'test'})
@@ skipping 1075 matching lines @@
               'remote-cert-tls' : optional
                     If provided, this option can be 'server', 'client' or
                     'none'.
                     If not specified, the default is 'none'.
                     The value provided is passed directly to 'connect-vpn'.
         """
         self.vpn_client_kill({}) # Must be first.  Relies on self.vpn_kind.
         self.vpn_kind = params.get('kind', None)
         vpn_host_ip   = params.get('vpn-host-ip', self.server_wifi_ip)
 
-        # Must get 'ca_certificate', 'client-certificate' and 'client-key'.
-        cert_pathnames = params.get('files', {})
-
         # Starting up the VPN client may cause the DUT's routing table (esp.
         # the default route) to change.  Set up a host route backwards so
         # we don't lose our control connection in that event.
-        __add_host_route(self.client)
+        self.__add_host_route(self.client)
 
         if self.vpn_kind is None:
             raise error.TestFail('No VPN kind specified for this test.')
         elif self.vpn_kind == 'openvpn':
+            # 'ca_certificate', 'client-certificate' and 'client-key'.
+            cert_pathnames         = params.get('files', {})
             remote_cert_tls_option = ""
             remote_cert_tls        = params.get('remote-cert-tls', None)
 
             if remote_cert_tls is not None:
                 remote_cert_tls_option = "--remote-cert-tls " + remote_cert_tls
 
-            # connect-vpn openvpn [options] <name> <host-ip> <domain> \
-            #                               <cafile> <certfile> <key-file>
             result = self.client.run('%s/test/connect-vpn '
                                      '--verbose '
                                      '%s '
                                      'openvpn vpn-name %s vpn-domain '
                                      '%s '   # ca certificate
                                      '%s '   # client certificate
                                      '%s' %  # client key
                                      (self.client_cmd_flimflam_lib,
                                       remote_cert_tls_option,
                                       vpn_host_ip,
                                       cert_pathnames['ca-certificate'],
                                       cert_pathnames['client-certificate'],
                                       cert_pathnames['client-key']))
+        elif self.vpn_kind == 'l2tpipsec-psk': # aka 'strongswan'
+            result = self.client.run('%s/test/connect-vpn '
+                                     '--verbose '
+                                     'l2tpipsec-psk vpn-name %s vpn-domain '
+                                     'password chapuser chapsecret'  %
+                                     (self.client_cmd_flimflam_lib,
+                                      vpn_host_ip))
+        elif self.vpn_kind == 'l2tpipsec-cert': # aka 'strongswan'
+            # 'ca_certificate', 'client-certificate' and 'client-key'.
+            cert_pathnames         = params.get('files', {})
+            result = self.client.run('%s/test/connect-vpn '
+                                     '--verbose '
+                                     'l2tpipsec-cert vpn-name %s vpn-domain '
+                                     '%s '   # ca certificate
+                                     '%s '   # client certificate
+                                     '%s' %  # client key
+                                     (self.client_cmd_flimflam_lib,
+                                      vpn_host_ip,
+                                      cert_pathnames['ca-certificate'],
+                                      cert_pathnames['client-certificate'],
+                                      cert_pathnames['client-key']))
         else:
             raise error.TestFail('(internal error): No launch case '
                                  'for VPN kind (%s)' % self.vpn_kind)
 
     def vpn_client_kill(self, params):
         """ Kill the VPN client if it's running. """
         if self.vpn_kind is not None:
             if self.vpn_kind == 'openvpn':
                 self.client.run("pkill openvpn")
+            elif (self.vpn_kind == 'l2tpipsec-psk' or  # aka 'strongswan'
+                  self.vpn_kind == 'l2tpipsec-cert'):
+                self.client.run("/usr/sbin/ipsec stop")
             else:
                 raise error.TestFail('(internal error): No kill case '
                                      'for VPN kind (%s)' % self.vpn_kind)
             self.vpn_kind = None
 
-        __del_host_route(self.client)
+        self.__del_host_route(self.client)
 
     def __add_host_route(self, host):
         # What is the local address we use to get to the test host?
         local_ip = site_host_route.LocalHostRoute(host.ip).route_info["src"]
 
         # How does the test host currently get to this local address?
         host_route = site_host_route.RemoteHostRoute(host, local_ip).route_info
 
         # Flatten the returned dict into a single string
         route_args = " ".join(" ".join(x) for x in host_route.iteritems())
 
         self.host_route_args[host.ip] = "%s %s" % (local_ip, route_args)
         host.run("ip route add %s" % self.host_route_args[host.ip])
 
     def __del_host_route(self, host):
-        if host.ip not in self.host_route_args:
-            return
-
-        host.run("ip route del %s" % self.host_route_args.pop(host.ip))
+        if host.ip in self.host_route_args:
+            host.run("ip route del %s" % self.host_route_args.pop(host.ip))
 
     def host_route_cleanup(self, params):
         for host in (self.client, self.server, self.router):
             self.__del_host_route(host)
 
 
 class HelperThread(threading.Thread):
     # Class that wraps a ping command in a thread so it can run in the bg.
     def __init__(self, client, cmd):
         threading.Thread.__init__(self)
@@ skipping 120 matching lines @@
     except error.TestFail:
       if 'expect_failure' in testcase:
         self.expect_failure(name, testcase['expect_failure'])
       else:
         raise
     except Exception, e:
       if 'expect_failure' in testcase:
         self.expect_failure(name, testcase['expect_failure'])
       else:
         raise