• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 //
2 // Copyright (C) 2013 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #include "shill/eap_credentials.h"
18 
19 #include <base/stl_util.h>
20 #if defined(__ANDROID__)
21 #include <dbus/service_constants.h>
22 #else
23 #include <chromeos/dbus/service_constants.h>
24 #endif  // __ANDROID__
25 #include <gtest/gtest.h>
26 
27 #include "shill/key_value_store.h"
28 #include "shill/mock_certificate_file.h"
29 #include "shill/mock_event_dispatcher.h"
30 #include "shill/mock_log.h"
31 #include "shill/mock_metrics.h"
32 #include "shill/mock_property_store.h"
33 #include "shill/mock_store.h"
34 #include "shill/supplicant/wpa_supplicant.h"
35 #include "shill/technology.h"
36 
37 using base::FilePath;
38 using std::map;
39 using std::string;
40 using std::vector;
41 using testing::_;
42 using testing::AnyNumber;
43 using testing::DoAll;
44 using testing::HasSubstr;
45 using testing::Mock;
46 using testing::Return;
47 using testing::SetArgumentPointee;
48 
49 namespace shill {
50 
51 class EapCredentialsTest : public testing::Test {
52  public:
EapCredentialsTest()53   EapCredentialsTest() {}
~EapCredentialsTest()54   virtual ~EapCredentialsTest() {}
55 
56  protected:
PopulateSupplicantProperties()57   void PopulateSupplicantProperties() {
58     eap_.PopulateSupplicantProperties(&certificate_file_, &params_);
59   }
60 
SetAnonymousIdentity(const string & anonymous_identity)61   void SetAnonymousIdentity(const string& anonymous_identity) {
62     eap_.anonymous_identity_ = anonymous_identity;
63   }
SetCACertNSS(const string & ca_cert_nss)64   void SetCACertNSS(const string& ca_cert_nss) {
65     eap_.ca_cert_nss_ = ca_cert_nss;
66   }
SetCACertPEM(const vector<string> & ca_cert_pem)67   void SetCACertPEM(const vector<string>& ca_cert_pem) {
68     eap_.ca_cert_pem_ = ca_cert_pem;
69   }
SetClientCert(const string & client_cert)70   void SetClientCert(const string& client_cert) {
71     eap_.client_cert_ = client_cert;
72   }
SetCertId(const string & cert_id)73   void SetCertId(const string& cert_id) {
74     eap_.cert_id_ = cert_id;
75   }
SetCACertId(const string & ca_cert_id)76   void SetCACertId(const string& ca_cert_id) {
77     eap_.ca_cert_id_ = ca_cert_id;
78   }
SetEap(const string & eap)79   void SetEap(const string& eap) {
80     eap_.eap_ = eap;
81   }
SetIdentity(const string & identity)82   void SetIdentity(const string& identity) {
83     eap_.identity_ = identity;
84   }
SetInnerEap(const string & inner_eap)85   void SetInnerEap(const string& inner_eap) {
86     eap_.inner_eap_ = inner_eap;
87   }
SetKeyId(const string & key_id)88   void SetKeyId(const string& key_id) {
89     eap_.key_id_ = key_id;
90   }
GetPassword()91   const string& GetPassword() {
92     return eap_.password_;
93   }
SetPassword(const string & password)94   void SetPassword(const string& password) {
95     eap_.password_ = password;
96   }
SetPrivateKey(const string & private_key)97   void SetPrivateKey(const string& private_key) {
98     eap_.private_key_ = private_key;
99   }
SetPin(const string & pin)100   void SetPin(const string& pin) {
101     eap_.pin_ = pin;
102   }
SetUseProactiveKeyCaching(bool use_proactive_key_caching)103   void SetUseProactiveKeyCaching(bool use_proactive_key_caching) {
104     eap_.use_proactive_key_caching_ = use_proactive_key_caching;
105   }
SetUseSystemCAs(bool use_system_cas)106   void SetUseSystemCAs(bool use_system_cas) {
107     eap_.use_system_cas_ = use_system_cas;
108   }
IsReset()109   bool IsReset() {
110     return
111         eap_.anonymous_identity_.empty() &&
112         eap_.cert_id_.empty() &&
113         eap_.client_cert_.empty() &&
114         eap_.identity_.empty() &&
115         eap_.key_id_.empty() &&
116         eap_.password_.empty() &&
117         eap_.pin_.empty() &&
118         eap_.private_key_.empty() &&
119         eap_.private_key_password_.empty() &&
120         eap_.ca_cert_.empty() &&
121         eap_.ca_cert_id_.empty() &&
122         eap_.ca_cert_nss_.empty() &&
123         eap_.ca_cert_pem_.empty() &&
124         eap_.eap_.empty() &&
125         eap_.inner_eap_.empty() &&
126         eap_.subject_match_.empty() &&
127         eap_.use_system_cas_ == true &&
128         eap_.use_proactive_key_caching_ == false;
129   }
130 
GetKeyManagement()131   const string& GetKeyManagement() {
132     return eap_.key_management_;
133   }
SetEapPassword(const string & password,Error * error)134   bool SetEapPassword(const string& password, Error* error) {
135     return eap_.SetEapPassword(password, error);
136   }
SetEapPrivateKeyPassword(const string & password,Error * error)137   bool SetEapPrivateKeyPassword(const string& password, Error* error) {
138     return eap_.SetEapPrivateKeyPassword(password, error);
139   }
140 
141   EapCredentials eap_;
142   MockCertificateFile certificate_file_;
143   KeyValueStore params_;
144 };
145 
TEST_F(EapCredentialsTest,PropertyStore)146 TEST_F(EapCredentialsTest, PropertyStore) {
147   PropertyStore store;
148   eap_.InitPropertyStore(&store);
149   const string kIdentity("Cross-Eyed Mary");
150   Error error;
151   EXPECT_TRUE(store.SetStringProperty(kEapIdentityProperty, kIdentity, &error));
152   EXPECT_EQ(kIdentity, eap_.identity());
153 }
154 
TEST_F(EapCredentialsTest,Connectable)155 TEST_F(EapCredentialsTest, Connectable) {
156   // Empty EAP credentials should not make a 802.1x network connectable.
157   EXPECT_FALSE(eap_.IsConnectable());
158 
159   // Identity alone is not enough.
160   SetIdentity("Steel Monkey");
161   EXPECT_FALSE(eap_.IsConnectable());
162 
163   // Set a password.
164   SetPassword("Angry Tapir");
165 
166   // Empty "EAP" parameter is treated like "not EAP-TLS", and connectable.
167   EXPECT_TRUE(eap_.IsConnectable());
168 
169   // Some other non-TLS EAP type.
170   SetEap("DodgeBall");
171   EXPECT_TRUE(eap_.IsConnectable());
172 
173   // EAP-TLS requires certificate parameters, and cares not for passwords.
174   SetEap("TLS");
175   EXPECT_FALSE(eap_.IsConnectable());
176 
177   // Clearing the password won't help.
178   SetPassword("");
179   EXPECT_FALSE(eap_.IsConnectable());
180 
181   // A client cert by itself doesn't help.
182   SetClientCert("client-cert");
183   EXPECT_FALSE(eap_.IsConnectable());
184 
185   // A client cert and key will, however.
186   SetPrivateKey("client-cert");
187   EXPECT_TRUE(eap_.IsConnectable());
188 
189   // A key-id (and cert) doesn't work.
190   SetKeyId("client-key-id");
191   EXPECT_FALSE(eap_.IsConnectable());
192 
193   // We need a PIN for the key id in addition.
194   SetPin("pin");
195   EXPECT_TRUE(eap_.IsConnectable());
196 
197   // If we clear the "EAP" property, we just assume these valid certificate
198   // credentials are the ones to be used.
199   SetEap("");
200   EXPECT_TRUE(eap_.IsConnectable());
201 
202   // Check that clearing the certificate parameter breaks us again.
203   SetClientCert("");
204   EXPECT_FALSE(eap_.IsConnectable());
205 
206   // Setting the cert-id will fix things.
207   SetCertId("client-cert-id");
208   EXPECT_TRUE(eap_.IsConnectable());
209 }
210 
TEST_F(EapCredentialsTest,ConnectableUsingPassphrase)211 TEST_F(EapCredentialsTest, ConnectableUsingPassphrase) {
212   EXPECT_FALSE(eap_.IsConnectableUsingPassphrase());
213 
214   // No password.
215   SetIdentity("TestIdentity");
216   EXPECT_FALSE(eap_.IsConnectableUsingPassphrase());
217 
218   // Success.
219   SetPassword("TestPassword");
220   EXPECT_TRUE(eap_.IsConnectableUsingPassphrase());
221 
222   // Clear identity.
223   SetIdentity("");
224   EXPECT_FALSE(eap_.IsConnectableUsingPassphrase());
225 }
226 
TEST_F(EapCredentialsTest,IsEapAuthenticationProperty)227 TEST_F(EapCredentialsTest, IsEapAuthenticationProperty) {
228   EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty(
229       kEapAnonymousIdentityProperty));
230   EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty(kEapCertIdProperty));
231   EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty(
232       kEapClientCertProperty));
233   EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty(
234       kEapIdentityProperty));
235   EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty(kEapKeyIdProperty));
236   EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty(kEapKeyMgmtProperty));
237   EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty(
238       kEapPasswordProperty));
239   EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty(kEapPinProperty));
240   EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty(
241       kEapPrivateKeyProperty));
242   EXPECT_TRUE(EapCredentials::IsEapAuthenticationProperty(
243       kEapPrivateKeyPasswordProperty));
244 
245   // It's easier to test that this function returns TRUE in every situation
246   // that it should, than to test all the cases it should return FALSE in.
247   EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty(kEapCaCertProperty));
248   EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty(
249       kEapCaCertIdProperty));
250   EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty(
251       kEapCaCertNssProperty));
252   EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty(
253       kEapCaCertPemProperty));
254   EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty(kEapMethodProperty));
255   EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty(
256       kEapPhase2AuthProperty));
257   EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty(
258       kEapRemoteCertificationProperty));
259   EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty(
260       kEapSubjectMatchProperty));
261   EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty(
262       kEapUseProactiveKeyCachingProperty));
263   EXPECT_FALSE(EapCredentials::IsEapAuthenticationProperty(
264       kEapUseSystemCasProperty));
265 }
266 
TEST_F(EapCredentialsTest,LoadAndSave)267 TEST_F(EapCredentialsTest, LoadAndSave) {
268   MockStore store;
269   // For the values we're not testing...
270   EXPECT_CALL(store, GetCryptedString(_, _, _)).WillRepeatedly(Return(false));
271   EXPECT_CALL(store, GetString(_, _, _)).WillRepeatedly(Return(false));
272 
273   const string kId("storage-id");
274   const string kIdentity("Purple Onion");
275   EXPECT_CALL(store, GetCryptedString(
276       kId, EapCredentials::kStorageEapIdentity, _))
277       .WillOnce(DoAll(SetArgumentPointee<2>(kIdentity), Return(true)));
278   const string kManagement("Shave and a Haircut");
279   EXPECT_CALL(store, GetString(
280       kId, EapCredentials::kStorageEapKeyManagement, _))
281       .WillOnce(DoAll(SetArgumentPointee<2>(kManagement), Return(true)));
282   const string kPassword("Two Bits");
283   EXPECT_CALL(store, GetCryptedString(
284       kId, EapCredentials::kStorageEapPassword, _))
285       .WillOnce(DoAll(SetArgumentPointee<2>(kPassword), Return(true)));
286 
287   eap_.Load(&store, kId);
288   Mock::VerifyAndClearExpectations(&store);
289 
290   EXPECT_EQ(kIdentity, eap_.identity());
291   EXPECT_EQ(kManagement, eap_.key_management());
292   EXPECT_EQ(kPassword, GetPassword());
293 
294   // Authentication properties are deleted from the store if they are empty,
295   // so we expect the fields that we haven't set to be deleted.
296   EXPECT_CALL(store, DeleteKey(_, _)).Times(AnyNumber());
297   EXPECT_CALL(store, SetCryptedString(_, _, _)).Times(0);
298   EXPECT_CALL(store, DeleteKey(kId, EapCredentials::kStorageEapIdentity));
299   EXPECT_CALL(store, SetString(
300       kId, EapCredentials::kStorageEapKeyManagement, kManagement));
301   EXPECT_CALL(store, DeleteKey(kId, EapCredentials::kStorageEapPassword));
302   eap_.Save(&store, kId, false);
303   Mock::VerifyAndClearExpectations(&store);
304 
305   // Authentication properties are deleted from the store if they are empty,
306   // so we expect the fields that we haven't set to be deleted.
307   EXPECT_CALL(store, DeleteKey(_, _)).Times(AnyNumber());
308   EXPECT_CALL(store, SetCryptedString(
309       kId, EapCredentials::kStorageEapIdentity, kIdentity));
310   EXPECT_CALL(store, SetString(
311       kId, EapCredentials::kStorageEapKeyManagement, kManagement));
312   EXPECT_CALL(store, SetCryptedString(
313       kId, EapCredentials::kStorageEapPassword, kPassword));
314   eap_.Save(&store, kId, true);
315 }
316 
TEST_F(EapCredentialsTest,OutputConnectionMetrics)317 TEST_F(EapCredentialsTest, OutputConnectionMetrics) {
318   Error unused_error;
319   SetEap(kEapMethodPEAP);
320   SetInnerEap(kEapPhase2AuthPEAPMSCHAPV2);
321 
322   MockEventDispatcher dispatcher;
323   MockMetrics metrics(&dispatcher);
324   EXPECT_CALL(metrics, SendEnumToUMA("Network.Shill.Wifi.EapOuterProtocol",
325                                      Metrics::kEapOuterProtocolPeap,
326                                      Metrics::kEapOuterProtocolMax));
327   EXPECT_CALL(metrics, SendEnumToUMA("Network.Shill.Wifi.EapInnerProtocol",
328                                      Metrics::kEapInnerProtocolPeapMschapv2,
329                                      Metrics::kEapInnerProtocolMax));
330   eap_.OutputConnectionMetrics(&metrics, Technology::kWifi);
331 }
332 
TEST_F(EapCredentialsTest,PopulateSupplicantProperties)333 TEST_F(EapCredentialsTest, PopulateSupplicantProperties) {
334   SetIdentity("testidentity");
335   SetPin("xxxx");
336   PopulateSupplicantProperties();
337   // Test that only non-empty 802.1x properties are populated.
338   EXPECT_TRUE(
339       params_.ContainsString(WPASupplicant::kNetworkPropertyEapIdentity));
340   EXPECT_FALSE(params_.ContainsString(WPASupplicant::kNetworkPropertyEapKeyId));
341   EXPECT_FALSE(
342       params_.ContainsString(WPASupplicant::kNetworkPropertyEapCaCert));
343 
344   // Test that CA path is set by default.
345   EXPECT_TRUE(params_.ContainsString(WPASupplicant::kNetworkPropertyCaPath));
346 
347   // Test that hardware-backed security arguments are not set, since
348   // neither key-id nor cert-id were set.
349   EXPECT_FALSE(params_.ContainsString(WPASupplicant::kNetworkPropertyEapPin));
350   EXPECT_FALSE(params_.ContainsUint(WPASupplicant::kNetworkPropertyEngine));
351   EXPECT_FALSE(params_.ContainsString(WPASupplicant::kNetworkPropertyEngineId));
352 }
353 
TEST_F(EapCredentialsTest,PopulateSupplicantPropertiesNoSystemCAs)354 TEST_F(EapCredentialsTest, PopulateSupplicantPropertiesNoSystemCAs) {
355   SetIdentity("testidentity");
356   SetUseSystemCAs(false);
357   PopulateSupplicantProperties();
358   // Test that CA path is not set if use_system_cas is explicitly false.
359   EXPECT_FALSE(params_.ContainsString(WPASupplicant::kNetworkPropertyCaPath));
360 }
361 
TEST_F(EapCredentialsTest,PopulateSupplicantPropertiesProactiveKeyCachingDisabledByDefault)362 TEST_F(EapCredentialsTest,
363        PopulateSupplicantPropertiesProactiveKeyCachingDisabledByDefault) {
364   SetIdentity("testidentity");
365   PopulateSupplicantProperties();
366 
367   ASSERT_TRUE(params_.ContainsUint(
368       WPASupplicant::kNetworkPropertyEapProactiveKeyCaching));
369 
370   const uint32_t kProactiveKeyCachingDisabled(0);
371 
372   EXPECT_EQ(kProactiveKeyCachingDisabled,
373             params_.GetUint(
374                 WPASupplicant::kNetworkPropertyEapProactiveKeyCaching));
375 }
376 
TEST_F(EapCredentialsTest,PopulateSupplicantPropertiesEnableProactiveKeyCaching)377 TEST_F(EapCredentialsTest,
378        PopulateSupplicantPropertiesEnableProactiveKeyCaching) {
379   SetIdentity("testidentity");
380   SetUseProactiveKeyCaching(true);
381   PopulateSupplicantProperties();
382 
383   ASSERT_TRUE(params_.ContainsUint(
384       WPASupplicant::kNetworkPropertyEapProactiveKeyCaching));
385 
386   const uint32_t kProactiveKeyCachingEnabled(1);
387 
388   EXPECT_EQ(kProactiveKeyCachingEnabled,
389             params_.GetUint(
390                 WPASupplicant::kNetworkPropertyEapProactiveKeyCaching));
391 }
392 
TEST_F(EapCredentialsTest,PopulateSupplicantPropertiesDisableProactiveKeyCaching)393 TEST_F(EapCredentialsTest,
394        PopulateSupplicantPropertiesDisableProactiveKeyCaching) {
395   SetIdentity("testidentity");
396   SetUseProactiveKeyCaching(false);
397   PopulateSupplicantProperties();
398 
399   ASSERT_TRUE(params_.ContainsUint(
400       WPASupplicant::kNetworkPropertyEapProactiveKeyCaching));
401 
402   const uint32_t kProactiveKeyCachingDisabled(0);
403 
404   EXPECT_EQ(kProactiveKeyCachingDisabled,
405             params_.GetUint(
406                 WPASupplicant::kNetworkPropertyEapProactiveKeyCaching));
407 }
408 
TEST_F(EapCredentialsTest,PopulateSupplicantPropertiesUsingHardwareAuth)409 TEST_F(EapCredentialsTest, PopulateSupplicantPropertiesUsingHardwareAuth) {
410   SetIdentity("testidentity");
411   SetKeyId("key_id");
412   SetPin("xxxx");
413   SetEap("PEAP");
414   PopulateSupplicantProperties();
415   // Test that EAP engine parameters are not set if the authentication type
416   // is not one that accepts a client certificate.
417   EXPECT_FALSE(params_.ContainsString(WPASupplicant::kNetworkPropertyEapPin));
418   EXPECT_FALSE(params_.ContainsString(WPASupplicant::kNetworkPropertyEapKeyId));
419   EXPECT_FALSE(params_.ContainsUint(WPASupplicant::kNetworkPropertyEngine));
420   EXPECT_FALSE(params_.ContainsString(WPASupplicant::kNetworkPropertyEngineId));
421 
422   // Test that EAP engine parameters are set if key_id is set and the
423   // authentication type accepts a client certificate.
424   params_.Clear();
425   SetEap("TLS");
426   PopulateSupplicantProperties();
427   EXPECT_TRUE(params_.ContainsString(WPASupplicant::kNetworkPropertyEapPin));
428   EXPECT_TRUE(params_.ContainsString(WPASupplicant::kNetworkPropertyEapKeyId));
429   EXPECT_TRUE(params_.ContainsUint(WPASupplicant::kNetworkPropertyEngine));
430   EXPECT_TRUE(params_.ContainsString(WPASupplicant::kNetworkPropertyEngineId));
431 
432   // An empty EAP parameter should be considered to be possibly "TLS".
433   params_.Clear();
434   SetEap("");
435   PopulateSupplicantProperties();
436   EXPECT_TRUE(params_.ContainsString(WPASupplicant::kNetworkPropertyEapPin));
437   EXPECT_TRUE(params_.ContainsString(WPASupplicant::kNetworkPropertyEapKeyId));
438   EXPECT_TRUE(params_.ContainsUint(WPASupplicant::kNetworkPropertyEngine));
439   EXPECT_TRUE(params_.ContainsString(WPASupplicant::kNetworkPropertyEngineId));
440 
441   // Test that EAP engine parameters are set if ca_cert_id is set even if the
442   // authentication type does not accept a client certificate.  However,
443   // the client key id should not be provided.
444   params_.Clear();
445   SetEap("PEAP");
446   SetCACertId("certid");
447   PopulateSupplicantProperties();
448   EXPECT_TRUE(params_.ContainsString(WPASupplicant::kNetworkPropertyEapPin));
449   EXPECT_FALSE(params_.ContainsString(WPASupplicant::kNetworkPropertyEapKeyId));
450   EXPECT_TRUE(params_.ContainsUint(WPASupplicant::kNetworkPropertyEngine));
451   EXPECT_TRUE(params_.ContainsString(WPASupplicant::kNetworkPropertyEngineId));
452   EXPECT_TRUE(
453       params_.ContainsString(WPASupplicant::kNetworkPropertyEapCaCertId));
454 }
455 
TEST_F(EapCredentialsTest,PopulateSupplicantPropertiesPEM)456 TEST_F(EapCredentialsTest, PopulateSupplicantPropertiesPEM) {
457   const vector<string> kPemCert{ "-pem-certificate-here-" };
458   SetCACertPEM(kPemCert);
459   const string kPEMCertfile("/tmp/pem-cert");
460   FilePath pem_cert(kPEMCertfile);
461   EXPECT_CALL(certificate_file_, CreatePEMFromStrings(kPemCert))
462       .WillOnce(Return(pem_cert));
463 
464   PopulateSupplicantProperties();
465   EXPECT_TRUE(params_.ContainsString(WPASupplicant::kNetworkPropertyEapCaCert));
466   if (params_.ContainsString(WPASupplicant::kNetworkPropertyEapCaCert)) {
467     EXPECT_EQ(kPEMCertfile,
468               params_.GetString(WPASupplicant::kNetworkPropertyEapCaCert));
469   }
470 }
471 
TEST_F(EapCredentialsTest,PopulateWiMaxProperties)472 TEST_F(EapCredentialsTest, PopulateWiMaxProperties) {
473   {
474     KeyValueStore parameters;
475     eap_.PopulateWiMaxProperties(&parameters);
476 
477     EXPECT_FALSE(parameters.ContainsString(
478         wimax_manager::kEAPAnonymousIdentity));
479     EXPECT_FALSE(parameters.ContainsString(
480         wimax_manager::kEAPUserIdentity));
481     EXPECT_FALSE(parameters.ContainsString(
482         wimax_manager::kEAPUserPassword));
483   }
484 
485   const string kAnonymousIdentity("TestAnonymousIdentity");
486   SetAnonymousIdentity(kAnonymousIdentity);
487   const string kIdentity("TestUserIdentity");
488   SetIdentity(kIdentity);
489   const string kPassword("TestPassword");
490   SetPassword(kPassword);
491 
492   {
493     KeyValueStore parameters;
494     eap_.PopulateWiMaxProperties(&parameters);
495     EXPECT_EQ(kAnonymousIdentity, parameters.LookupString(
496         wimax_manager::kEAPAnonymousIdentity, ""));
497     EXPECT_EQ(kIdentity, parameters.LookupString(
498         wimax_manager::kEAPUserIdentity, ""));
499     EXPECT_EQ(kPassword, parameters.LookupString(
500         wimax_manager::kEAPUserPassword, ""));
501   }
502 }
503 
TEST_F(EapCredentialsTest,Reset)504 TEST_F(EapCredentialsTest, Reset) {
505   EXPECT_TRUE(IsReset());
506   EXPECT_TRUE(GetKeyManagement().empty());
507   SetAnonymousIdentity("foo");
508   SetCACertId("foo");
509   SetCACertNSS("foo");
510   SetCACertPEM(vector<string>{ "foo" });
511   SetClientCert("foo");
512   SetCertId("foo");
513   SetEap("foo");
514   SetIdentity("foo");
515   SetInnerEap("foo");
516   SetKeyId("foo");
517   SetPassword("foo");
518   SetPrivateKey("foo");
519   SetPin("foo");
520   SetUseSystemCAs(false);
521   SetUseProactiveKeyCaching(true);
522   eap_.SetKeyManagement("foo", nullptr);
523   EXPECT_FALSE(IsReset());
524   EXPECT_FALSE(GetKeyManagement().empty());
525   eap_.Reset();
526   EXPECT_TRUE(IsReset());
527   EXPECT_FALSE(GetKeyManagement().empty());
528 }
529 
TEST_F(EapCredentialsTest,SetKeyManagement)530 TEST_F(EapCredentialsTest, SetKeyManagement) {
531   const string kKeyManagement0("foo");
532   eap_.SetKeyManagement(kKeyManagement0, nullptr);
533   EXPECT_EQ(kKeyManagement0, GetKeyManagement());
534 
535   const string kKeyManagement1("bar");
536   eap_.SetKeyManagement(kKeyManagement1, nullptr);
537   EXPECT_EQ(kKeyManagement1, GetKeyManagement());
538 
539   // We should not be able to set the key management to an empty string.
540   eap_.SetKeyManagement("", nullptr);
541   EXPECT_EQ(kKeyManagement1, GetKeyManagement());
542 }
543 
544 // Custom property setters should return false, and make no changes, if
545 // the new value is the same as the old value.
TEST_F(EapCredentialsTest,CustomSetterNoopChange)546 TEST_F(EapCredentialsTest, CustomSetterNoopChange) {
547   // SetEapKeyManagement
548   {
549     const string kKeyManagement("foo");
550     Error error;
551     // Set to known value.
552     EXPECT_TRUE(eap_.SetKeyManagement(kKeyManagement, &error));
553     EXPECT_TRUE(error.IsSuccess());
554     // Set to same value.
555     EXPECT_FALSE(eap_.SetKeyManagement(kKeyManagement, &error));
556     EXPECT_TRUE(error.IsSuccess());
557   }
558 
559   // SetEapPassword
560   {
561     const string kPassword("foo");
562     Error error;
563     // Set to known value.
564     EXPECT_TRUE(SetEapPassword(kPassword, &error));
565     EXPECT_TRUE(error.IsSuccess());
566     // Set to same value.
567     EXPECT_FALSE(SetEapPassword(kPassword, &error));
568     EXPECT_TRUE(error.IsSuccess());
569   }
570 
571   // SetEapPrivateKeyPassword
572   {
573     const string kPrivateKeyPassword("foo");
574     Error error;
575     // Set to known value.
576     EXPECT_TRUE(SetEapPrivateKeyPassword(kPrivateKeyPassword, &error));
577     EXPECT_TRUE(error.IsSuccess());
578     // Set to same value.
579     EXPECT_FALSE(SetEapPrivateKeyPassword(kPrivateKeyPassword, &error));
580     EXPECT_TRUE(error.IsSuccess());
581   }
582 }
583 
584 }  // namespace shill
585