Gitiles
Code Review Sign In
review.blissroms.org / packages_modules_Connectivity / 8cffed6c00874d49a5d1d3ab8d0f2df7dd247a98 / . / tests / unit / java / android / net / Ikev2VpnProfileTest.java
blob: e12e961fd60f821d89b0ac35936c10861774a73d [file] [log] [blame]
Benedict Wong56420432019-11-01 16:45:08 -0700[diff] [blame]1/*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.net;
18
Chiachang Wang69aa9882022-03-31 14:45:59 +0800[diff] [blame]19import static android.net.cts.util.IkeSessionTestUtils.CHILD_PARAMS;
chiachangwang476e2a02022-04-14 21:31:26 +0800[diff] [blame]20import static android.net.cts.util.IkeSessionTestUtils.IKE_PARAMS_V6;
chiachangwang4e953f62022-09-02 03:52:04 +0000[diff] [blame]21import static android.net.cts.util.IkeSessionTestUtils.getTestIkeSessionParams;
Chiachang Wang69aa9882022-03-31 14:45:59 +0800[diff] [blame]22
Chiachang Wang137bbed2022-02-11 15:32:30 +0800[diff] [blame]23import static com.android.testutils.DevSdkIgnoreRuleKt.SC_V2;
24
Benedict Wong56420432019-11-01 16:45:08 -0700[diff] [blame]25import static org.junit.Assert.assertArrayEquals;
26import static org.junit.Assert.assertEquals;
27import static org.junit.Assert.assertNotNull;
28import static org.junit.Assert.assertNull;
29import static org.junit.Assert.assertTrue;
30import static org.junit.Assert.fail;
Benedict Wong56420432019-11-01 16:45:08 -0700[diff] [blame]31
chiachangwang4e953f62022-09-02 03:52:04 +0000[diff] [blame]32import android.net.ipsec.ike.IkeKeyIdIdentification;
Chiachang Wang69aa9882022-03-31 14:45:59 +0800[diff] [blame]33import android.net.ipsec.ike.IkeTunnelConnectionParams;
Remi NGUYEN VAN154cf1d2021-06-29 17:16:28 +0900[diff] [blame]34import android.os.Build;
Benedict Wong56420432019-11-01 16:45:08 -0700[diff] [blame]35import android.test.mock.MockContext;
36
37import androidx.test.filters.SmallTest;
Benedict Wong56420432019-11-01 16:45:08 -0700[diff] [blame]38
39import com.android.internal.net.VpnProfile;
Daulet Zhanguzin9a357a92021-01-25 19:43:53 +0000[diff] [blame]40import com.android.internal.org.bouncycastle.x509.X509V1CertificateGenerator;
Yan Yan86783c32021-04-28 15:16:22 -0700[diff] [blame]41import com.android.net.module.util.ProxyUtils;
Remi NGUYEN VAN154cf1d2021-06-29 17:16:28 +0900[diff] [blame]42import com.android.testutils.DevSdkIgnoreRule;
43import com.android.testutils.DevSdkIgnoreRunner;
Benedict Wong56420432019-11-01 16:45:08 -0700[diff] [blame]44
45import org.junit.Before;
Chiachang Wangaf7c44c2022-01-18 19:19:25 +0800[diff] [blame]46import org.junit.Rule;
Benedict Wong56420432019-11-01 16:45:08 -0700[diff] [blame]47import org.junit.Test;
48import org.junit.runner.RunWith;
49
50import java.math.BigInteger;
51import java.security.KeyPair;
52import java.security.KeyPairGenerator;
53import java.security.PrivateKey;
54import java.security.cert.X509Certificate;
Benedict Wong8e3914c2020-04-09 21:49:05 -0700[diff] [blame]55import java.util.ArrayList;
56import java.util.Arrays;
Benedict Wong56420432019-11-01 16:45:08 -0700[diff] [blame]57import java.util.Date;
Benedict Wong8e3914c2020-04-09 21:49:05 -0700[diff] [blame]58import java.util.List;
Benedict Wong56420432019-11-01 16:45:08 -0700[diff] [blame]59import java.util.concurrent.TimeUnit;
60
61import javax.security.auth.x500.X500Principal;
62
63/** Unit tests for {@link Ikev2VpnProfile.Builder}. */
64@SmallTest
Remi NGUYEN VAN154cf1d2021-06-29 17:16:28 +0900[diff] [blame]65@RunWith(DevSdkIgnoreRunner.class)
66@DevSdkIgnoreRule.IgnoreUpTo(Build.VERSION_CODES.R)
Benedict Wong56420432019-11-01 16:45:08 -0700[diff] [blame]67public class Ikev2VpnProfileTest {
68 private static final String SERVER_ADDR_STRING = "1.2.3.4";
69 private static final String IDENTITY_STRING = "Identity";
70 private static final String USERNAME_STRING = "username";
71 private static final String PASSWORD_STRING = "pa55w0rd";
72 private static final String EXCL_LIST = "exclList";
73 private static final byte[] PSK_BYTES = "preSharedKey".getBytes();
74 private static final int TEST_MTU = 1300;
75
Chiachang Wangaf7c44c2022-01-18 19:19:25 +0800[diff] [blame]76 @Rule
77 public final DevSdkIgnoreRule ignoreRule = new DevSdkIgnoreRule();
78
Benedict Wong56420432019-11-01 16:45:08 -0700[diff] [blame]79 private final MockContext mMockContext =
80 new MockContext() {
81 @Override
82 public String getOpPackageName() {
83 return "fooPackage";
84 }
85 };
Serik Beketayeva9dc6772020-12-06 23:08:08 -0800[diff] [blame]86 private final ProxyInfo mProxy = ProxyInfo.buildDirectProxy(
87 SERVER_ADDR_STRING, -1, ProxyUtils.exclusionStringAsList(EXCL_LIST));
Benedict Wong56420432019-11-01 16:45:08 -0700[diff] [blame]88
89 private X509Certificate mUserCert;
90 private X509Certificate mServerRootCa;
91 private PrivateKey mPrivateKey;
92
93 @Before
94 public void setUp() throws Exception {
95 mServerRootCa = generateRandomCertAndKeyPair().cert;
96
97 final CertificateAndKey userCertKey = generateRandomCertAndKeyPair();
98 mUserCert = userCertKey.cert;
99 mPrivateKey = userCertKey.key;
100 }
101
102 private Ikev2VpnProfile.Builder getBuilderWithDefaultOptions() {
103 final Ikev2VpnProfile.Builder builder =
104 new Ikev2VpnProfile.Builder(SERVER_ADDR_STRING, IDENTITY_STRING);
105
106 builder.setBypassable(true);
107 builder.setProxy(mProxy);
108 builder.setMaxMtu(TEST_MTU);
109 builder.setMetered(true);
110
111 return builder;
112 }
113
114 @Test
115 public void testBuildValidProfileWithOptions() throws Exception {
116 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
117
118 builder.setAuthUsernamePassword(USERNAME_STRING, PASSWORD_STRING, mServerRootCa);
119 final Ikev2VpnProfile profile = builder.build();
120 assertNotNull(profile);
121
122 // Check non-auth parameters correctly stored
123 assertEquals(SERVER_ADDR_STRING, profile.getServerAddr());
124 assertEquals(IDENTITY_STRING, profile.getUserIdentity());
125 assertEquals(mProxy, profile.getProxyInfo());
126 assertTrue(profile.isBypassable());
127 assertTrue(profile.isMetered());
128 assertEquals(TEST_MTU, profile.getMaxMtu());
Benedict Wong8e3914c2020-04-09 21:49:05 -0700[diff] [blame]129 assertEquals(Ikev2VpnProfile.DEFAULT_ALGORITHMS, profile.getAllowedAlgorithms());
Benedict Wong56420432019-11-01 16:45:08 -0700[diff] [blame]130 }
131
132 @Test
133 public void testBuildUsernamePasswordProfile() throws Exception {
134 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
135
136 builder.setAuthUsernamePassword(USERNAME_STRING, PASSWORD_STRING, mServerRootCa);
137 final Ikev2VpnProfile profile = builder.build();
138 assertNotNull(profile);
139
140 assertEquals(USERNAME_STRING, profile.getUsername());
141 assertEquals(PASSWORD_STRING, profile.getPassword());
142 assertEquals(mServerRootCa, profile.getServerRootCaCert());
143
144 assertNull(profile.getPresharedKey());
145 assertNull(profile.getRsaPrivateKey());
146 assertNull(profile.getUserCert());
147 }
148
149 @Test
150 public void testBuildDigitalSignatureProfile() throws Exception {
151 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
152
153 builder.setAuthDigitalSignature(mUserCert, mPrivateKey, mServerRootCa);
154 final Ikev2VpnProfile profile = builder.build();
155 assertNotNull(profile);
156
157 assertEquals(profile.getUserCert(), mUserCert);
158 assertEquals(mPrivateKey, profile.getRsaPrivateKey());
159 assertEquals(profile.getServerRootCaCert(), mServerRootCa);
160
161 assertNull(profile.getPresharedKey());
162 assertNull(profile.getUsername());
163 assertNull(profile.getPassword());
164 }
165
166 @Test
167 public void testBuildPresharedKeyProfile() throws Exception {
168 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
169
170 builder.setAuthPsk(PSK_BYTES);
171 final Ikev2VpnProfile profile = builder.build();
172 assertNotNull(profile);
173
174 assertArrayEquals(PSK_BYTES, profile.getPresharedKey());
175
176 assertNull(profile.getServerRootCaCert());
177 assertNull(profile.getUsername());
178 assertNull(profile.getPassword());
179 assertNull(profile.getRsaPrivateKey());
180 assertNull(profile.getUserCert());
181 }
182
183 @Test
Benedict Wong8e3914c2020-04-09 21:49:05 -0700[diff] [blame]184 public void testBuildWithAllowedAlgorithmsAead() throws Exception {
185 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
186 builder.setAuthPsk(PSK_BYTES);
187
Yan Yan86783c32021-04-28 15:16:22 -0700[diff] [blame]188 List<String> allowedAlgorithms =
189 Arrays.asList(
190 IpSecAlgorithm.AUTH_CRYPT_AES_GCM,
191 IpSecAlgorithm.AUTH_CRYPT_CHACHA20_POLY1305);
Benedict Wong8e3914c2020-04-09 21:49:05 -0700[diff] [blame]192 builder.setAllowedAlgorithms(allowedAlgorithms);
193
194 final Ikev2VpnProfile profile = builder.build();
195 assertEquals(allowedAlgorithms, profile.getAllowedAlgorithms());
196 }
197
198 @Test
199 public void testBuildWithAllowedAlgorithmsNormal() throws Exception {
200 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
201 builder.setAuthPsk(PSK_BYTES);
202
203 List<String> allowedAlgorithms =
Yan Yan86783c32021-04-28 15:16:22 -0700[diff] [blame]204 Arrays.asList(
205 IpSecAlgorithm.AUTH_HMAC_SHA512,
206 IpSecAlgorithm.AUTH_AES_XCBC,
207 IpSecAlgorithm.AUTH_AES_CMAC,
208 IpSecAlgorithm.CRYPT_AES_CBC,
209 IpSecAlgorithm.CRYPT_AES_CTR);
Benedict Wong8e3914c2020-04-09 21:49:05 -0700[diff] [blame]210 builder.setAllowedAlgorithms(allowedAlgorithms);
211
212 final Ikev2VpnProfile profile = builder.build();
213 assertEquals(allowedAlgorithms, profile.getAllowedAlgorithms());
214 }
215
216 @Test
217 public void testSetAllowedAlgorithmsEmptyList() throws Exception {
218 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
219
220 try {
221 builder.setAllowedAlgorithms(new ArrayList<>());
222 fail("Expected exception due to no valid algorithm set");
223 } catch (IllegalArgumentException expected) {
224 }
225 }
226
227 @Test
228 public void testSetAllowedAlgorithmsInvalidList() throws Exception {
229 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
230 List<String> allowedAlgorithms = new ArrayList<>();
231
232 try {
233 builder.setAllowedAlgorithms(Arrays.asList(IpSecAlgorithm.AUTH_HMAC_SHA256));
234 fail("Expected exception due to missing encryption");
235 } catch (IllegalArgumentException expected) {
236 }
237
238 try {
239 builder.setAllowedAlgorithms(Arrays.asList(IpSecAlgorithm.CRYPT_AES_CBC));
240 fail("Expected exception due to missing authentication");
241 } catch (IllegalArgumentException expected) {
242 }
243 }
244
245 @Test
246 public void testSetAllowedAlgorithmsInsecureAlgorithm() throws Exception {
247 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
248 List<String> allowedAlgorithms = new ArrayList<>();
249
250 try {
251 builder.setAllowedAlgorithms(Arrays.asList(IpSecAlgorithm.AUTH_HMAC_MD5));
252 fail("Expected exception due to insecure algorithm");
253 } catch (IllegalArgumentException expected) {
254 }
255
256 try {
257 builder.setAllowedAlgorithms(Arrays.asList(IpSecAlgorithm.AUTH_HMAC_SHA1));
258 fail("Expected exception due to insecure algorithm");
259 } catch (IllegalArgumentException expected) {
260 }
261 }
262
263 @Test
Benedict Wong56420432019-11-01 16:45:08 -0700[diff] [blame]264 public void testBuildNoAuthMethodSet() throws Exception {
265 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
266
267 try {
268 builder.build();
269 fail("Expected exception due to lack of auth method");
270 } catch (IllegalArgumentException expected) {
271 }
272 }
273
Chiachang Wangb4a319b2022-01-06 16:55:41 +0800[diff] [blame]274
Chiachang Wang137bbed2022-02-11 15:32:30 +0800[diff] [blame]275 // TODO: Refer to Build.VERSION_CODES.SC_V2 when it's available in AOSP and mainline branch
276 @DevSdkIgnoreRule.IgnoreUpTo(SC_V2)
Chiachang Wangb4a319b2022-01-06 16:55:41 +0800[diff] [blame]277 @Test
278 public void testBuildExcludeLocalRoutesSet() throws Exception {
279 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
280 builder.setAuthPsk(PSK_BYTES);
Chiachang Wangf8908742022-02-08 15:45:11 +0800[diff] [blame]281 builder.setLocalRoutesExcluded(true);
Chiachang Wangb4a319b2022-01-06 16:55:41 +0800[diff] [blame]282
283 final Ikev2VpnProfile profile = builder.build();
284 assertNotNull(profile);
Chiachang Wangf8908742022-02-08 15:45:11 +0800[diff] [blame]285 assertTrue(profile.areLocalRoutesExcluded());
Chiachang Wangb4a319b2022-01-06 16:55:41 +0800[diff] [blame]286
287 builder.setBypassable(false);
288 try {
289 builder.build();
290 fail("Expected exception because excludeLocalRoutes should be set only"
291 + " on the bypassable VPN");
292 } catch (IllegalArgumentException expected) {
293 }
294 }
295
Benedict Wong56420432019-11-01 16:45:08 -0700[diff] [blame]296 @Test
297 public void testBuildInvalidMtu() throws Exception {
298 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
299
300 try {
301 builder.setMaxMtu(500);
302 fail("Expected exception due to too-small MTU");
303 } catch (IllegalArgumentException expected) {
304 }
305 }
306
307 private void verifyVpnProfileCommon(VpnProfile profile) {
308 assertEquals(SERVER_ADDR_STRING, profile.server);
309 assertEquals(IDENTITY_STRING, profile.ipsecIdentifier);
310 assertEquals(mProxy, profile.proxy);
311 assertTrue(profile.isBypassable);
312 assertTrue(profile.isMetered);
313 assertEquals(TEST_MTU, profile.maxMtu);
314 }
315
316 @Test
317 public void testPskConvertToVpnProfile() throws Exception {
318 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
319
320 builder.setAuthPsk(PSK_BYTES);
321 final VpnProfile profile = builder.build().toVpnProfile();
322
323 verifyVpnProfileCommon(profile);
324 assertEquals(Ikev2VpnProfile.encodeForIpsecSecret(PSK_BYTES), profile.ipsecSecret);
325
326 // Check nothing else is set
327 assertEquals("", profile.username);
328 assertEquals("", profile.password);
329 assertEquals("", profile.ipsecUserCert);
330 assertEquals("", profile.ipsecCaCert);
331 }
332
333 @Test
334 public void testUsernamePasswordConvertToVpnProfile() throws Exception {
335 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
336
337 builder.setAuthUsernamePassword(USERNAME_STRING, PASSWORD_STRING, mServerRootCa);
338 final VpnProfile profile = builder.build().toVpnProfile();
339
340 verifyVpnProfileCommon(profile);
341 assertEquals(USERNAME_STRING, profile.username);
342 assertEquals(PASSWORD_STRING, profile.password);
343 assertEquals(Ikev2VpnProfile.certificateToPemString(mServerRootCa), profile.ipsecCaCert);
344
345 // Check nothing else is set
346 assertEquals("", profile.ipsecUserCert);
347 assertEquals("", profile.ipsecSecret);
348 }
349
350 @Test
351 public void testRsaConvertToVpnProfile() throws Exception {
352 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
353
354 builder.setAuthDigitalSignature(mUserCert, mPrivateKey, mServerRootCa);
355 final VpnProfile profile = builder.build().toVpnProfile();
356
Benedict Wong94d31ad2020-01-17 19:41:38 -0800[diff] [blame]357 final String expectedSecret = Ikev2VpnProfile.PREFIX_INLINE
358 + Ikev2VpnProfile.encodeForIpsecSecret(mPrivateKey.getEncoded());
Benedict Wong56420432019-11-01 16:45:08 -0700[diff] [blame]359 verifyVpnProfileCommon(profile);
360 assertEquals(Ikev2VpnProfile.certificateToPemString(mUserCert), profile.ipsecUserCert);
361 assertEquals(
Benedict Wong94d31ad2020-01-17 19:41:38 -0800[diff] [blame]362 expectedSecret,
Benedict Wong56420432019-11-01 16:45:08 -0700[diff] [blame]363 profile.ipsecSecret);
364 assertEquals(Ikev2VpnProfile.certificateToPemString(mServerRootCa), profile.ipsecCaCert);
365
366 // Check nothing else is set
367 assertEquals("", profile.username);
368 assertEquals("", profile.password);
369 }
370
371 @Test
372 public void testPskFromVpnProfileDiscardsIrrelevantValues() throws Exception {
373 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
374
375 builder.setAuthPsk(PSK_BYTES);
376 final VpnProfile profile = builder.build().toVpnProfile();
377 profile.username = USERNAME_STRING;
378 profile.password = PASSWORD_STRING;
379 profile.ipsecCaCert = Ikev2VpnProfile.certificateToPemString(mServerRootCa);
380 profile.ipsecUserCert = Ikev2VpnProfile.certificateToPemString(mUserCert);
381
382 final Ikev2VpnProfile result = Ikev2VpnProfile.fromVpnProfile(profile);
383 assertNull(result.getUsername());
384 assertNull(result.getPassword());
385 assertNull(result.getUserCert());
386 assertNull(result.getRsaPrivateKey());
387 assertNull(result.getServerRootCaCert());
388 }
389
390 @Test
391 public void testUsernamePasswordFromVpnProfileDiscardsIrrelevantValues() throws Exception {
392 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
393
394 builder.setAuthUsernamePassword(USERNAME_STRING, PASSWORD_STRING, mServerRootCa);
395 final VpnProfile profile = builder.build().toVpnProfile();
396 profile.ipsecSecret = new String(PSK_BYTES);
397 profile.ipsecUserCert = Ikev2VpnProfile.certificateToPemString(mUserCert);
398
399 final Ikev2VpnProfile result = Ikev2VpnProfile.fromVpnProfile(profile);
400 assertNull(result.getPresharedKey());
401 assertNull(result.getUserCert());
402 assertNull(result.getRsaPrivateKey());
403 }
404
405 @Test
406 public void testRsaFromVpnProfileDiscardsIrrelevantValues() throws Exception {
407 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
408
409 builder.setAuthDigitalSignature(mUserCert, mPrivateKey, mServerRootCa);
410 final VpnProfile profile = builder.build().toVpnProfile();
411 profile.username = USERNAME_STRING;
412 profile.password = PASSWORD_STRING;
413
414 final Ikev2VpnProfile result = Ikev2VpnProfile.fromVpnProfile(profile);
415 assertNull(result.getUsername());
416 assertNull(result.getPassword());
417 assertNull(result.getPresharedKey());
418 }
419
420 @Test
421 public void testPskConversionIsLossless() throws Exception {
422 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
423
424 builder.setAuthPsk(PSK_BYTES);
425 final Ikev2VpnProfile ikeProfile = builder.build();
426
427 assertEquals(ikeProfile, Ikev2VpnProfile.fromVpnProfile(ikeProfile.toVpnProfile()));
428 }
429
430 @Test
431 public void testUsernamePasswordConversionIsLossless() throws Exception {
432 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
433
434 builder.setAuthUsernamePassword(USERNAME_STRING, PASSWORD_STRING, mServerRootCa);
435 final Ikev2VpnProfile ikeProfile = builder.build();
436
437 assertEquals(ikeProfile, Ikev2VpnProfile.fromVpnProfile(ikeProfile.toVpnProfile()));
438 }
439
440 @Test
441 public void testRsaConversionIsLossless() throws Exception {
442 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
443
444 builder.setAuthDigitalSignature(mUserCert, mPrivateKey, mServerRootCa);
445 final Ikev2VpnProfile ikeProfile = builder.build();
446
447 assertEquals(ikeProfile, Ikev2VpnProfile.fromVpnProfile(ikeProfile.toVpnProfile()));
448 }
449
Chiachang Wang69aa9882022-03-31 14:45:59 +0800[diff] [blame]450 @Test
chiachangwang4e953f62022-09-02 03:52:04 +0000[diff] [blame]451 public void testBuildWithIkeTunConnParamsConvertToVpnProfile() throws Exception {
452 // Special keyId that contains delimiter character of VpnProfile
453 final byte[] keyId = "foo\0bar".getBytes();
454 final IkeTunnelConnectionParams tunnelParams = new IkeTunnelConnectionParams(
455 getTestIkeSessionParams(true /* testIpv6 */, new IkeKeyIdIdentification(keyId)),
456 CHILD_PARAMS);
457 final Ikev2VpnProfile ikev2VpnProfile = new Ikev2VpnProfile.Builder(tunnelParams).build();
458 final VpnProfile vpnProfile = ikev2VpnProfile.toVpnProfile();
459
460 assertEquals(VpnProfile.TYPE_IKEV2_FROM_IKE_TUN_CONN_PARAMS, vpnProfile.type);
461
462 // Username, password, server, ipsecIdentifier, ipsecCaCert, ipsecSecret, ipsecUserCert and
463 // getAllowedAlgorithms should not be set if IkeTunnelConnectionParams is set.
464 assertEquals("", vpnProfile.server);
465 assertEquals("", vpnProfile.ipsecIdentifier);
466 assertEquals("", vpnProfile.username);
467 assertEquals("", vpnProfile.password);
468 assertEquals("", vpnProfile.ipsecCaCert);
469 assertEquals("", vpnProfile.ipsecSecret);
470 assertEquals("", vpnProfile.ipsecUserCert);
471 assertEquals(0, vpnProfile.getAllowedAlgorithms().size());
472
473 // IkeTunnelConnectionParams should stay the same.
474 assertEquals(tunnelParams, vpnProfile.ikeTunConnParams);
475
476 // Convert to disk-stable format and then back to Ikev2VpnProfile should be the same.
477 final VpnProfile decodedVpnProfile =
478 VpnProfile.decode(vpnProfile.key, vpnProfile.encode());
479 final Ikev2VpnProfile convertedIkev2VpnProfile =
480 Ikev2VpnProfile.fromVpnProfile(decodedVpnProfile);
481 assertEquals(ikev2VpnProfile, convertedIkev2VpnProfile);
482 }
483
484 @Test
Chiachang Wang69aa9882022-03-31 14:45:59 +0800[diff] [blame]485 public void testConversionIsLosslessWithIkeTunConnParams() throws Exception {
486 final IkeTunnelConnectionParams tunnelParams =
chiachangwang476e2a02022-04-14 21:31:26 +0800[diff] [blame]487 new IkeTunnelConnectionParams(IKE_PARAMS_V6, CHILD_PARAMS);
Chiachang Wang69aa9882022-03-31 14:45:59 +0800[diff] [blame]488 // Config authentication related fields is not required while building with
489 // IkeTunnelConnectionParams.
490 final Ikev2VpnProfile ikeProfile = new Ikev2VpnProfile.Builder(tunnelParams).build();
491 assertEquals(ikeProfile, Ikev2VpnProfile.fromVpnProfile(ikeProfile.toVpnProfile()));
492 }
493
494 @Test
chiachangwang015b68b2023-02-15 15:01:28 +0000[diff] [blame]495 public void testAutomaticNattAndIpVersionConversionIsLossless() throws Exception {
496 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
497 builder.setAutomaticNattKeepaliveTimerEnabled(true);
498 builder.setAutomaticIpVersionSelectionEnabled(true);
499
500 builder.setAuthDigitalSignature(mUserCert, mPrivateKey, mServerRootCa);
501 final Ikev2VpnProfile ikeProfile = builder.build();
502
503 assertEquals(ikeProfile, Ikev2VpnProfile.fromVpnProfile(ikeProfile.toVpnProfile()));
504 }
505
506 @Test
507 public void testAutomaticNattAndIpVersionDefaults() throws Exception {
508 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
509
510 builder.setAuthDigitalSignature(mUserCert, mPrivateKey, mServerRootCa);
511 final Ikev2VpnProfile ikeProfile = builder.build();
512
513 assertEquals(false, ikeProfile.isAutomaticNattKeepaliveTimerEnabled());
514 assertEquals(false, ikeProfile.isAutomaticIpVersionSelectionEnabled());
515 }
516
517 @Test
Chiachang Wang69aa9882022-03-31 14:45:59 +0800[diff] [blame]518 public void testEquals() throws Exception {
519 // Verify building without IkeTunnelConnectionParams
520 final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
521 builder.setAuthDigitalSignature(mUserCert, mPrivateKey, mServerRootCa);
522 assertEquals(builder.build(), builder.build());
523
524 // Verify building with IkeTunnelConnectionParams
525 final IkeTunnelConnectionParams tunnelParams =
chiachangwang476e2a02022-04-14 21:31:26 +0800[diff] [blame]526 new IkeTunnelConnectionParams(IKE_PARAMS_V6, CHILD_PARAMS);
Chiachang Wang69aa9882022-03-31 14:45:59 +0800[diff] [blame]527 final IkeTunnelConnectionParams tunnelParams2 =
chiachangwang476e2a02022-04-14 21:31:26 +0800[diff] [blame]528 new IkeTunnelConnectionParams(IKE_PARAMS_V6, CHILD_PARAMS);
Chiachang Wang69aa9882022-03-31 14:45:59 +0800[diff] [blame]529 assertEquals(new Ikev2VpnProfile.Builder(tunnelParams).build(),
530 new Ikev2VpnProfile.Builder(tunnelParams2).build());
531 }
532
chiachangwang715dc5b2022-08-30 10:42:40 +0000[diff] [blame]533 @Test
534 public void testBuildProfileWithNullProxy() throws Exception {
535 final Ikev2VpnProfile ikev2VpnProfile =
536 new Ikev2VpnProfile.Builder(SERVER_ADDR_STRING, IDENTITY_STRING)
537 .setAuthUsernamePassword(USERNAME_STRING, PASSWORD_STRING, mServerRootCa)
538 .build();
539
540 // ProxyInfo should be null for the profile without setting ProxyInfo.
541 assertNull(ikev2VpnProfile.getProxyInfo());
542
543 // ProxyInfo should stay null after performing toVpnProfile() and fromVpnProfile()
544 final VpnProfile vpnProfile = ikev2VpnProfile.toVpnProfile();
545 assertNull(vpnProfile.proxy);
546
547 final Ikev2VpnProfile convertedIkev2VpnProfile = Ikev2VpnProfile.fromVpnProfile(vpnProfile);
548 assertNull(convertedIkev2VpnProfile.getProxyInfo());
549 }
Chiachang Wang69aa9882022-03-31 14:45:59 +0800[diff] [blame]550
Benedict Wong56420432019-11-01 16:45:08 -0700[diff] [blame]551 private static class CertificateAndKey {
552 public final X509Certificate cert;
553 public final PrivateKey key;
554
555 CertificateAndKey(X509Certificate cert, PrivateKey key) {
556 this.cert = cert;
557 this.key = key;
558 }
559 }
560
561 private static CertificateAndKey generateRandomCertAndKeyPair() throws Exception {
562 final Date validityBeginDate =
563 new Date(System.currentTimeMillis() - TimeUnit.DAYS.toMillis(1L));
564 final Date validityEndDate =
565 new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(1L));
566
567 // Generate a keypair
568 final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
569 keyPairGenerator.initialize(512);
570 final KeyPair keyPair = keyPairGenerator.generateKeyPair();
571
572 final X500Principal dnName = new X500Principal("CN=test.android.com");
573 final X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
574 certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
575 certGen.setSubjectDN(dnName);
576 certGen.setIssuerDN(dnName);
577 certGen.setNotBefore(validityBeginDate);
578 certGen.setNotAfter(validityEndDate);
579 certGen.setPublicKey(keyPair.getPublic());
580 certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
581
582 final X509Certificate cert = certGen.generate(keyPair.getPrivate(), "AndroidOpenSSL");
583 return new CertificateAndKey(cert, keyPair.getPrivate());
584 }
585}