Test Ikev2VpnProfile provisioned with IkeTunnelConnectionParams
Bug: 223841137
Test: atest CtsNetTestCases FrameworksNetTests
Change-Id: I683f6242e4ed4a469893e3a17fe7b479a7a768e5
diff --git a/tests/cts/net/src/android/net/cts/Ikev2VpnTest.java b/tests/cts/net/src/android/net/cts/Ikev2VpnTest.java
index 04843f9..7286bf6 100644
--- a/tests/cts/net/src/android/net/cts/Ikev2VpnTest.java
+++ b/tests/cts/net/src/android/net/cts/Ikev2VpnTest.java
@@ -20,8 +20,6 @@
import static android.net.NetworkCapabilities.NET_CAPABILITY_VALIDATED;
import static android.net.NetworkCapabilities.TRANSPORT_VPN;
import static android.net.cts.util.CtsNetUtils.TestNetworkCallback;
-import static android.net.cts.util.IkeSessionTestUtils.CHILD_PARAMS;
-import static android.net.cts.util.IkeSessionTestUtils.IKE_PARAMS;
import static com.android.compatibility.common.util.SystemUtil.runWithShellPermissionIdentity;
import static com.android.testutils.DevSdkIgnoreRuleKt.SC_V2;
@@ -51,6 +49,7 @@
import android.net.TestNetworkInterface;
import android.net.VpnManager;
import android.net.cts.util.CtsNetUtils;
+import android.net.cts.util.IkeSessionTestUtils;
import android.net.ipsec.ike.IkeTunnelConnectionParams;
import android.os.Build;
import android.os.Process;
@@ -252,6 +251,28 @@
return builder.build();
}
+ private Ikev2VpnProfile buildIkev2VpnProfileIkeTunConnParams(
+ final boolean isRestrictedToTestNetworks, final boolean requiresValidation,
+ final boolean testIpv6) throws Exception {
+ final IkeTunnelConnectionParams params =
+ new IkeTunnelConnectionParams(testIpv6
+ ? IkeSessionTestUtils.IKE_PARAMS_V6 : IkeSessionTestUtils.IKE_PARAMS_V4,
+ IkeSessionTestUtils.CHILD_PARAMS);
+
+ final Ikev2VpnProfileBuilderShim builderShim =
+ Ikev2VpnProfileBuilderShimImpl.newInstance(null, null, params)
+ .setRequiresInternetValidation(requiresValidation)
+ .setProxy(TEST_PROXY_INFO)
+ .setMaxMtu(TEST_MTU)
+ .setMetered(false);
+
+ final Ikev2VpnProfile.Builder builder = (Ikev2VpnProfile.Builder) builderShim.getBuilder();
+ if (isRestrictedToTestNetworks) {
+ builder.restrictToTestNetworks();
+ }
+ return builder.build();
+ }
+
private Ikev2VpnProfile buildIkev2VpnProfilePsk(@NonNull String remote,
boolean isRestrictedToTestNetworks, boolean requiresValidation) throws Exception {
final Ikev2VpnProfileBuilderShim builder =
@@ -325,8 +346,8 @@
assumeTrue(mCtsNetUtils.hasIpsecTunnelsFeature());
assumeTrue(TestUtils.shouldTestTApis());
- final IkeTunnelConnectionParams expectedParams =
- new IkeTunnelConnectionParams(IKE_PARAMS, CHILD_PARAMS);
+ final IkeTunnelConnectionParams expectedParams = new IkeTunnelConnectionParams(
+ IkeSessionTestUtils.IKE_PARAMS_V6, IkeSessionTestUtils.CHILD_PARAMS);
final Ikev2VpnProfileBuilderShim ikeProfileBuilder =
Ikev2VpnProfileBuilderShimImpl.newInstance(null, null, expectedParams);
// Verify the other Ike options could not be set with IkeTunnelConnectionParams.
@@ -472,7 +493,8 @@
}
private void checkStartStopVpnProfileBuildsNetworks(@NonNull IkeTunUtils tunUtils,
- boolean testIpv6, boolean requiresValidation, boolean testSessionKey)
+ boolean testIpv6, boolean requiresValidation, boolean testSessionKey,
+ boolean testIkeTunConnParams)
throws Exception {
String serverAddr = testIpv6 ? TEST_SERVER_ADDR_V6 : TEST_SERVER_ADDR_V4;
String initResp = testIpv6 ? SUCCESSFUL_IKE_INIT_RESP_V6 : SUCCESSFUL_IKE_INIT_RESP_V4;
@@ -482,8 +504,11 @@
// Requires MANAGE_TEST_NETWORKS to provision a test-mode profile.
mCtsNetUtils.setAppopPrivileged(AppOpsManager.OP_ACTIVATE_PLATFORM_VPN, true);
- final Ikev2VpnProfile profile = buildIkev2VpnProfilePsk(serverAddr,
- true /* isRestrictedToTestNetworks */, requiresValidation);
+ final Ikev2VpnProfile profile = testIkeTunConnParams
+ ? buildIkev2VpnProfileIkeTunConnParams(true /* isRestrictedToTestNetworks */,
+ requiresValidation, testIpv6)
+ : buildIkev2VpnProfilePsk(serverAddr, true /* isRestrictedToTestNetworks */,
+ requiresValidation);
assertNull(sVpnMgr.provisionVpnProfile(profile));
final TestableNetworkCallback cb = new TestableNetworkCallback(TIMEOUT_MS);
@@ -564,6 +589,7 @@
private final boolean mTestIpv6Only;
private final boolean mRequiresValidation;
private final boolean mTestSessionKey;
+ private final boolean mTestIkeTunConnParams;
/**
* Constructs the test
@@ -573,10 +599,11 @@
* @param testSessionKey if true, start VPN by calling startProvisionedVpnProfileSession()
*/
VerifyStartStopVpnProfileTest(boolean testIpv6Only, boolean requiresValidation,
- boolean testSessionKey) {
+ boolean testSessionKey, boolean testIkeTunConnParams) {
mTestIpv6Only = testIpv6Only;
mRequiresValidation = requiresValidation;
mTestSessionKey = testSessionKey;
+ mTestIkeTunConnParams = testIkeTunConnParams;
}
@Override
@@ -584,8 +611,8 @@
throws Exception {
final IkeTunUtils tunUtils = new IkeTunUtils(testIface.getFileDescriptor());
- checkStartStopVpnProfileBuildsNetworks(
- tunUtils, mTestIpv6Only, mRequiresValidation, mTestSessionKey);
+ checkStartStopVpnProfileBuildsNetworks(tunUtils, mTestIpv6Only, mRequiresValidation,
+ mTestSessionKey, mTestIkeTunConnParams);
}
@Override
@@ -603,53 +630,83 @@
}
}
- @Test
- public void testStartStopVpnProfileV4() throws Exception {
+ private void doTestStartStopVpnProfile(boolean testIpv6Only, boolean requiresValidation,
+ boolean testSessionKey, boolean testIkeTunConnParams) throws Exception {
assumeTrue(mCtsNetUtils.hasIpsecTunnelsFeature());
-
// Requires shell permission to update appops.
runWithShellPermissionIdentity(
new TestNetworkRunnable(new VerifyStartStopVpnProfileTest(
- false /* testIpv6Only */, false /* requiresValidation */,
- false /* testSessionKey */)));
+ testIpv6Only, requiresValidation, testSessionKey , testIkeTunConnParams)));
+ }
- runWithShellPermissionIdentity(
- new TestNetworkRunnable(new VerifyStartStopVpnProfileTest(
- false /* testIpv6Only */, true /* requiresValidation */,
- false /* testSessionKey */)));
+ @Test
+ public void testStartStopVpnProfileV4() throws Exception {
+ doTestStartStopVpnProfile(false /* testIpv6Only */, false /* requiresValidation */,
+ false /* testSessionKey */, false /* testIkeTunConnParams */);
+ }
+
+ @Test @IgnoreUpTo(SC_V2)
+ public void testStartStopVpnProfileV4WithValidation() throws Exception {
+ assumeTrue(TestUtils.shouldTestTApis());
+ doTestStartStopVpnProfile(false /* testIpv6Only */, true /* requiresValidation */,
+ false /* testSessionKey */, false /* testIkeTunConnParams */);
}
@Test
public void testStartStopVpnProfileV6() throws Exception {
- assumeTrue(mCtsNetUtils.hasIpsecTunnelsFeature());
+ doTestStartStopVpnProfile(true /* testIpv6Only */, false /* requiresValidation */,
+ false /* testSessionKey */, false /* testIkeTunConnParams */);
+ }
- // Requires shell permission to update appops.
- runWithShellPermissionIdentity(
- new TestNetworkRunnable(new VerifyStartStopVpnProfileTest(
- true /* testIpv6Only */, false /* requiresValidation */,
- false /* testSessionKey */)));
- runWithShellPermissionIdentity(
- new TestNetworkRunnable(new VerifyStartStopVpnProfileTest(
- true /* testIpv6Only */, true /* requiresValidation */,
- false /* testSessionKey */)));
+ @Test @IgnoreUpTo(SC_V2)
+ public void testStartStopVpnProfileV6WithValidation() throws Exception {
+ assumeTrue(TestUtils.shouldTestTApis());
+ doTestStartStopVpnProfile(true /* testIpv6Only */, true /* requiresValidation */,
+ false /* testSessionKey */, false /* testIkeTunConnParams */);
+ }
+
+ @Test @IgnoreUpTo(SC_V2)
+ public void testStartStopVpnProfileIkeTunConnParamsV4() throws Exception {
+ assumeTrue(TestUtils.shouldTestTApis());
+ doTestStartStopVpnProfile(false /* testIpv6Only */, false /* requiresValidation */,
+ false /* testSessionKey */, true /* testIkeTunConnParams */);
+ }
+
+ @Test @IgnoreUpTo(SC_V2)
+ public void testStartStopVpnProfileIkeTunConnParamsV4WithValidation() throws Exception {
+ assumeTrue(TestUtils.shouldTestTApis());
+ doTestStartStopVpnProfile(false /* testIpv6Only */, true /* requiresValidation */,
+ false /* testSessionKey */, true /* testIkeTunConnParams */);
+ }
+
+ @Test @IgnoreUpTo(SC_V2)
+ public void testStartStopVpnProfileIkeTunConnParamsV6() throws Exception {
+ assumeTrue(TestUtils.shouldTestTApis());
+ doTestStartStopVpnProfile(true /* testIpv6Only */, false /* requiresValidation */,
+ false /* testSessionKey */, true /* testIkeTunConnParams */);
+ }
+
+ @Test @IgnoreUpTo(SC_V2)
+ public void testStartStopVpnProfileIkeTunConnParamsV6WithValidation() throws Exception {
+ assumeTrue(TestUtils.shouldTestTApis());
+ doTestStartStopVpnProfile(true /* testIpv6Only */, true /* requiresValidation */,
+ false /* testSessionKey */, true /* testIkeTunConnParams */);
}
@IgnoreUpTo(SC_V2)
@Test
- public void testStartProvisionedVpnProfileSession() throws Exception {
- assumeTrue(mCtsNetUtils.hasIpsecTunnelsFeature());
+ public void testStartProvisionedVpnV4ProfileSession() throws Exception {
assumeTrue(TestUtils.shouldTestTApis());
+ doTestStartStopVpnProfile(false /* testIpv6Only */, false /* requiresValidation */,
+ true /* testSessionKey */, false /* testIkeTunConnParams */);
+ }
- // Requires shell permission to update appops.
- runWithShellPermissionIdentity(
- new TestNetworkRunnable(new VerifyStartStopVpnProfileTest(
- false /* testIpv6Only */, false /* requiresValidation */,
- true /* testSessionKey */)));
-
- runWithShellPermissionIdentity(
- new TestNetworkRunnable(new VerifyStartStopVpnProfileTest(
- true /* testIpv6Only */, false /* requiresValidation */,
- true /* testSessionKey */)));
+ @IgnoreUpTo(SC_V2)
+ @Test
+ public void testStartProvisionedVpnV6ProfileSession() throws Exception {
+ assumeTrue(TestUtils.shouldTestTApis());
+ doTestStartStopVpnProfile(true /* testIpv6Only */, false /* requiresValidation */,
+ true /* testSessionKey */, false /* testIkeTunConnParams */);
}
private static class CertificateAndKey {
diff --git a/tests/cts/net/util/java/android/net/cts/util/IkeSessionTestUtils.java b/tests/cts/net/util/java/android/net/cts/util/IkeSessionTestUtils.java
index b4ebcdb..244bfc5 100644
--- a/tests/cts/net/util/java/android/net/cts/util/IkeSessionTestUtils.java
+++ b/tests/cts/net/util/java/android/net/cts/util/IkeSessionTestUtils.java
@@ -16,44 +16,73 @@
package android.net.cts.util;
+import static android.net.ipsec.ike.SaProposal.DH_GROUP_4096_BIT_MODP;
+import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_CBC;
+import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12;
+import static android.net.ipsec.ike.SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA2_256_128;
import static android.net.ipsec.ike.SaProposal.KEY_LEN_AES_128;
-import static android.net.ipsec.ike.SaProposal.KEY_LEN_UNUSED;
+import static android.net.ipsec.ike.SaProposal.KEY_LEN_AES_256;
+import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC;
+import android.net.InetAddresses;
import android.net.ipsec.ike.ChildSaProposal;
import android.net.ipsec.ike.IkeFqdnIdentification;
+import android.net.ipsec.ike.IkeIpv4AddrIdentification;
+import android.net.ipsec.ike.IkeIpv6AddrIdentification;
import android.net.ipsec.ike.IkeSaProposal;
import android.net.ipsec.ike.IkeSessionParams;
-import android.net.ipsec.ike.SaProposal;
import android.net.ipsec.ike.TunnelModeChildSessionParams;
+import java.net.Inet4Address;
+import java.net.Inet6Address;
+import java.net.InetAddress;
+
/** Shared testing parameters and util methods for testing IKE */
public class IkeSessionTestUtils {
- private static final String TEST_CLIENT_ADDR = "test.client.com";
- private static final String TEST_SERVER_ADDR = "test.server.com";
- private static final String TEST_SERVER = "2001:0db8:85a3:0000:0000:8a2e:0370:7334";
+ private static final String TEST_SERVER_ADDR_V4 = "192.0.2.2";
+ private static final String TEST_SERVER_ADDR_V6 = "2001:db8::2";
+ private static final String TEST_IDENTITY = "client.cts.android.com";
+ private static final byte[] TEST_PSK = "ikeAndroidPsk".getBytes();
+ public static final IkeSessionParams IKE_PARAMS_V4 = getTestIkeSessionParams(false);
+ public static final IkeSessionParams IKE_PARAMS_V6 = getTestIkeSessionParams(true);
- public static final IkeSaProposal SA_PROPOSAL = new IkeSaProposal.Builder()
- .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED)
- .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
- .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC)
- .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
- .build();
- public static final ChildSaProposal CHILD_PROPOSAL = new ChildSaProposal.Builder()
- .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_128)
- .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE)
- .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
- .build();
+ public static final TunnelModeChildSessionParams CHILD_PARAMS = getChildSessionParams();
- public static final IkeSessionParams IKE_PARAMS =
- new IkeSessionParams.Builder()
- .setServerHostname(TEST_SERVER)
- .addSaProposal(SA_PROPOSAL)
- .setLocalIdentification(new IkeFqdnIdentification(TEST_CLIENT_ADDR))
- .setRemoteIdentification(new IkeFqdnIdentification(TEST_SERVER_ADDR))
- .setAuthPsk("psk".getBytes())
- .build();
- public static final TunnelModeChildSessionParams CHILD_PARAMS =
- new TunnelModeChildSessionParams.Builder()
- .addSaProposal(CHILD_PROPOSAL)
- .build();
+ private static TunnelModeChildSessionParams getChildSessionParams() {
+ final TunnelModeChildSessionParams.Builder childOptionsBuilder =
+ new TunnelModeChildSessionParams.Builder()
+ .addSaProposal(getChildSaProposals());
+
+ return childOptionsBuilder.build();
+ }
+
+ private static IkeSessionParams getTestIkeSessionParams(boolean testIpv6) {
+ final String testServer = testIpv6 ? TEST_SERVER_ADDR_V6 : TEST_SERVER_ADDR_V4;
+ final InetAddress addr = InetAddresses.parseNumericAddress(testServer);
+ final IkeSessionParams.Builder ikeOptionsBuilder =
+ new IkeSessionParams.Builder()
+ .setServerHostname(testServer)
+ .setLocalIdentification(new IkeFqdnIdentification(TEST_IDENTITY))
+ .setRemoteIdentification(testIpv6
+ ? new IkeIpv6AddrIdentification((Inet6Address) addr)
+ : new IkeIpv4AddrIdentification((Inet4Address) addr))
+ .setAuthPsk(TEST_PSK)
+ .addSaProposal(getIkeSaProposals());
+
+ return ikeOptionsBuilder.build();
+ }
+
+ private static IkeSaProposal getIkeSaProposals() {
+ return new IkeSaProposal.Builder()
+ .addEncryptionAlgorithm(ENCRYPTION_ALGORITHM_AES_CBC, KEY_LEN_AES_256)
+ .addIntegrityAlgorithm(INTEGRITY_ALGORITHM_HMAC_SHA2_256_128)
+ .addDhGroup(DH_GROUP_4096_BIT_MODP)
+ .addPseudorandomFunction(PSEUDORANDOM_FUNCTION_AES128_XCBC).build();
+ }
+
+ private static ChildSaProposal getChildSaProposals() {
+ return new ChildSaProposal.Builder()
+ .addEncryptionAlgorithm(ENCRYPTION_ALGORITHM_AES_GCM_12, KEY_LEN_AES_128)
+ .build();
+ }
}
diff --git a/tests/unit/java/android/net/Ikev2VpnProfileTest.java b/tests/unit/java/android/net/Ikev2VpnProfileTest.java
index 8222ca1..5cb014f 100644
--- a/tests/unit/java/android/net/Ikev2VpnProfileTest.java
+++ b/tests/unit/java/android/net/Ikev2VpnProfileTest.java
@@ -17,7 +17,7 @@
package android.net;
import static android.net.cts.util.IkeSessionTestUtils.CHILD_PARAMS;
-import static android.net.cts.util.IkeSessionTestUtils.IKE_PARAMS;
+import static android.net.cts.util.IkeSessionTestUtils.IKE_PARAMS_V6;
import static com.android.testutils.DevSdkIgnoreRuleKt.SC_V2;
@@ -448,7 +448,7 @@
@Test
public void testConversionIsLosslessWithIkeTunConnParams() throws Exception {
final IkeTunnelConnectionParams tunnelParams =
- new IkeTunnelConnectionParams(IKE_PARAMS, CHILD_PARAMS);
+ new IkeTunnelConnectionParams(IKE_PARAMS_V6, CHILD_PARAMS);
// Config authentication related fields is not required while building with
// IkeTunnelConnectionParams.
final Ikev2VpnProfile ikeProfile = new Ikev2VpnProfile.Builder(tunnelParams).build();
@@ -464,9 +464,9 @@
// Verify building with IkeTunnelConnectionParams
final IkeTunnelConnectionParams tunnelParams =
- new IkeTunnelConnectionParams(IKE_PARAMS, CHILD_PARAMS);
+ new IkeTunnelConnectionParams(IKE_PARAMS_V6, CHILD_PARAMS);
final IkeTunnelConnectionParams tunnelParams2 =
- new IkeTunnelConnectionParams(IKE_PARAMS, CHILD_PARAMS);
+ new IkeTunnelConnectionParams(IKE_PARAMS_V6, CHILD_PARAMS);
assertEquals(new Ikev2VpnProfile.Builder(tunnelParams).build(),
new Ikev2VpnProfile.Builder(tunnelParams2).build());
}
diff --git a/tests/unit/java/com/android/internal/net/VpnProfileTest.java b/tests/unit/java/com/android/internal/net/VpnProfileTest.java
index 360390d..0a6d2f2 100644
--- a/tests/unit/java/com/android/internal/net/VpnProfileTest.java
+++ b/tests/unit/java/com/android/internal/net/VpnProfileTest.java
@@ -17,7 +17,7 @@
package com.android.internal.net;
import static android.net.cts.util.IkeSessionTestUtils.CHILD_PARAMS;
-import static android.net.cts.util.IkeSessionTestUtils.IKE_PARAMS;
+import static android.net.cts.util.IkeSessionTestUtils.IKE_PARAMS_V4;
import static com.android.modules.utils.build.SdkLevel.isAtLeastT;
import static com.android.testutils.ParcelUtils.assertParcelSane;
@@ -128,7 +128,7 @@
private VpnProfile getSampleIkev2ProfileWithIkeTunConnParams(String key) {
final VpnProfile p = new VpnProfile(key, true /* isRestrictedToTestNetworks */,
false /* excludesLocalRoutes */, true /* requiresPlatformValidation */,
- new IkeTunnelConnectionParams(IKE_PARAMS, CHILD_PARAMS));
+ new IkeTunnelConnectionParams(IKE_PARAMS_V4, CHILD_PARAMS));
p.name = "foo";
p.server = "bar";