# Copyright (c) 2013 The Chromium OS Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. from autotest_lib.client.common_lib.cros import site_eap_certs from autotest_lib.client.common_lib.cros.network import xmlrpc_datatypes from autotest_lib.client.common_lib.cros.network import xmlrpc_security_types from autotest_lib.server.cros.network import hostap_config def get_positive_8021x_test_cases(outer_auth_type, inner_auth_type): """Return a test case asserting that outer/inner auth works. @param inner_auth_type one of xmlrpc_security_types.Tunneled1xConfig.LAYER1_TYPE* @param inner_auth_type one of xmlrpc_security_types.Tunneled1xConfig.LAYER2_TYPE* @return list of ap_config, association_params tuples for network_WiFi_SimpleConnect. """ eap_config = xmlrpc_security_types.Tunneled1xConfig( site_eap_certs.ca_cert_1, site_eap_certs.server_cert_1, site_eap_certs.server_private_key_1, site_eap_certs.ca_cert_1, 'testuser', 'password', inner_protocol=inner_auth_type, outer_protocol=outer_auth_type) ap_config = hostap_config.HostapConfig( frequency=2412, mode=hostap_config.HostapConfig.MODE_11G, security_config=eap_config) assoc_params = xmlrpc_datatypes.AssociationParameters( security_config=eap_config) return [(ap_config, assoc_params)] def get_negative_8021x_test_cases(outer_auth_type, inner_auth_type): """Build a set of test cases for TTLS/PEAP authentication. @param inner_auth_type one of xmlrpc_security_types.Tunneled1xConfig.LAYER1_TYPE* @param inner_auth_type one of xmlrpc_security_types.Tunneled1xConfig.LAYER2_TYPE* @return list of ap_config, association_params tuples for network_WiFi_SimpleConnect. """ configurations = [] # Bad passwords won't work. eap_config = xmlrpc_security_types.Tunneled1xConfig( site_eap_certs.ca_cert_1, site_eap_certs.server_cert_1, site_eap_certs.server_private_key_1, site_eap_certs.ca_cert_1, 'testuser', 'password', inner_protocol=inner_auth_type, outer_protocol=outer_auth_type, client_password='wrongpassword') ap_config = hostap_config.HostapConfig( frequency=2412, mode=hostap_config.HostapConfig.MODE_11G, security_config=eap_config) assoc_params = xmlrpc_datatypes.AssociationParameters( security_config=eap_config, expect_failure=True) configurations.append((ap_config, assoc_params)) # If use the wrong CA on the client, it won't trust the server credentials. eap_config = xmlrpc_security_types.Tunneled1xConfig( site_eap_certs.ca_cert_1, site_eap_certs.server_cert_1, site_eap_certs.server_private_key_1, site_eap_certs.ca_cert_2, 'testuser', 'password', inner_protocol=inner_auth_type, outer_protocol=outer_auth_type) ap_config = hostap_config.HostapConfig( frequency=2412, mode=hostap_config.HostapConfig.MODE_11G, security_config=eap_config) assoc_params = xmlrpc_datatypes.AssociationParameters( security_config=eap_config, expect_failure=True) configurations.append((ap_config, assoc_params)) # And if the server's credentials are good but expired, we also reject it. eap_config = xmlrpc_security_types.Tunneled1xConfig( site_eap_certs.ca_cert_1, site_eap_certs.server_expired_cert, site_eap_certs.server_expired_key, site_eap_certs.ca_cert_1, 'testuser', 'password', inner_protocol=inner_auth_type, outer_protocol=outer_auth_type) ap_config = hostap_config.HostapConfig( frequency=2412, mode=hostap_config.HostapConfig.MODE_11G, security_config=eap_config) assoc_params = xmlrpc_datatypes.AssociationParameters( security_config=eap_config, expect_failure=True) configurations.append((ap_config, assoc_params)) return configurations