1 # Copyright (c) 2013 The Chromium OS Authors. All rights reserved. 2 # Use of this source code is governed by a BSD-style license that can be 3 # found in the LICENSE file. 4 5 from autotest_lib.client.common_lib.cros import site_eap_certs 6 from autotest_lib.client.common_lib.cros.network import xmlrpc_datatypes 7 from autotest_lib.client.common_lib.cros.network import xmlrpc_security_types 8 from autotest_lib.server.cros.network import hostap_config 9 10 11 def get_positive_8021x_test_cases(outer_auth_type, inner_auth_type): 12 """Return a test case asserting that outer/inner auth works. 13 14 @param inner_auth_type one of 15 xmlrpc_security_types.Tunneled1xConfig.LAYER1_TYPE* 16 @param inner_auth_type one of 17 xmlrpc_security_types.Tunneled1xConfig.LAYER2_TYPE* 18 @return list of ap_config, association_params tuples for 19 network_WiFi_SimpleConnect. 20 21 """ 22 eap_config = xmlrpc_security_types.Tunneled1xConfig( 23 site_eap_certs.ca_cert_1, 24 site_eap_certs.server_cert_1, 25 site_eap_certs.server_private_key_1, 26 site_eap_certs.ca_cert_1, 27 'testuser', 28 'password', 29 inner_protocol=inner_auth_type, 30 outer_protocol=outer_auth_type) 31 ap_config = hostap_config.HostapConfig( 32 frequency=2412, 33 mode=hostap_config.HostapConfig.MODE_11G, 34 security_config=eap_config) 35 assoc_params = xmlrpc_datatypes.AssociationParameters( 36 security_config=eap_config) 37 return [(ap_config, assoc_params)] 38 39 40 def get_negative_8021x_test_cases(outer_auth_type, inner_auth_type): 41 """Build a set of test cases for TTLS/PEAP authentication. 42 43 @param inner_auth_type one of 44 xmlrpc_security_types.Tunneled1xConfig.LAYER1_TYPE* 45 @param inner_auth_type one of 46 xmlrpc_security_types.Tunneled1xConfig.LAYER2_TYPE* 47 @return list of ap_config, association_params tuples for 48 network_WiFi_SimpleConnect. 49 50 """ 51 configurations = [] 52 # Bad passwords won't work. 53 eap_config = xmlrpc_security_types.Tunneled1xConfig( 54 site_eap_certs.ca_cert_1, 55 site_eap_certs.server_cert_1, 56 site_eap_certs.server_private_key_1, 57 site_eap_certs.ca_cert_1, 58 'testuser', 59 'password', 60 inner_protocol=inner_auth_type, 61 outer_protocol=outer_auth_type, 62 client_password='wrongpassword') 63 ap_config = hostap_config.HostapConfig( 64 frequency=2412, 65 mode=hostap_config.HostapConfig.MODE_11G, 66 security_config=eap_config) 67 assoc_params = xmlrpc_datatypes.AssociationParameters( 68 security_config=eap_config, 69 expect_failure=True) 70 configurations.append((ap_config, assoc_params)) 71 # If use the wrong CA on the client, it won't trust the server credentials. 72 eap_config = xmlrpc_security_types.Tunneled1xConfig( 73 site_eap_certs.ca_cert_1, 74 site_eap_certs.server_cert_1, 75 site_eap_certs.server_private_key_1, 76 site_eap_certs.ca_cert_2, 77 'testuser', 78 'password', 79 inner_protocol=inner_auth_type, 80 outer_protocol=outer_auth_type) 81 ap_config = hostap_config.HostapConfig( 82 frequency=2412, 83 mode=hostap_config.HostapConfig.MODE_11G, 84 security_config=eap_config) 85 assoc_params = xmlrpc_datatypes.AssociationParameters( 86 security_config=eap_config, 87 expect_failure=True) 88 configurations.append((ap_config, assoc_params)) 89 # And if the server's credentials are good but expired, we also reject it. 90 eap_config = xmlrpc_security_types.Tunneled1xConfig( 91 site_eap_certs.ca_cert_1, 92 site_eap_certs.server_expired_cert, 93 site_eap_certs.server_expired_key, 94 site_eap_certs.ca_cert_1, 95 'testuser', 96 'password', 97 inner_protocol=inner_auth_type, 98 outer_protocol=outer_auth_type) 99 ap_config = hostap_config.HostapConfig( 100 frequency=2412, 101 mode=hostap_config.HostapConfig.MODE_11G, 102 security_config=eap_config) 103 assoc_params = xmlrpc_datatypes.AssociationParameters( 104 security_config=eap_config, 105 expect_failure=True) 106 configurations.append((ap_config, assoc_params)) 107 return configurations 108
