Merge "Deflaky test for DnsResolverTest"
diff --git a/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionPskTest.java b/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionPskTest.java
index ed67dd1..fb93398 100644
--- a/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionPskTest.java
+++ b/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionPskTest.java
@@ -99,19 +99,17 @@
.addInternalAddressRequest(AF_INET6)
.build();
- private IkeSessionParams createIkeSessionParams(InetAddress mRemoteAddress) {
- return new IkeSessionParams.Builder(sContext)
- .setNetwork(mTunNetwork)
- .setServerHostname(mRemoteAddress.getHostAddress())
- .addSaProposal(SaProposalTest.buildIkeSaProposalWithNormalModeCipher())
- .addSaProposal(SaProposalTest.buildIkeSaProposalWithCombinedModeCipher())
- .setLocalIdentification(new IkeFqdnIdentification(LOCAL_HOSTNAME))
- .setRemoteIdentification(new IkeFqdnIdentification(REMOTE_HOSTNAME))
- .setAuthPsk(IKE_PSK)
- .build();
- }
-
- private IkeSession openIkeSession(IkeSessionParams ikeParams) {
+ private IkeSession openIkeSessionWithRemoteAddress(InetAddress remoteAddress) {
+ IkeSessionParams ikeParams =
+ new IkeSessionParams.Builder(sContext)
+ .setNetwork(mTunNetwork)
+ .setServerHostname(remoteAddress.getHostAddress())
+ .addSaProposal(SaProposalTest.buildIkeSaProposalWithNormalModeCipher())
+ .addSaProposal(SaProposalTest.buildIkeSaProposalWithCombinedModeCipher())
+ .setLocalIdentification(new IkeFqdnIdentification(LOCAL_HOSTNAME))
+ .setRemoteIdentification(new IkeFqdnIdentification(REMOTE_HOSTNAME))
+ .setAuthPsk(IKE_PSK)
+ .build();
return new IkeSession(
sContext,
ikeParams,
@@ -122,9 +120,11 @@
}
@Test
- public void testIkeSessionSetupAndManageChildSas() throws Exception {
+ public void testIkeSessionSetupAndChildSessionSetupWithTunnelMode() throws Exception {
+ if (!hasTunnelsFeature()) return;
+
// Open IKE Session
- IkeSession ikeSession = openIkeSession(createIkeSessionParams(mRemoteAddress));
+ IkeSession ikeSession = openIkeSessionWithRemoteAddress(mRemoteAddress);
int expectedMsgId = 0;
mTunUtils.awaitReqAndInjectResp(
IKE_INIT_SPI,
@@ -165,6 +165,9 @@
assertTrue(firstChildConfig.getInternalDnsServers().isEmpty());
assertTrue(firstChildConfig.getInternalDhcpServers().isEmpty());
+ assertNotNull(mFirstChildSessionCallback.awaitNextCreatedIpSecTransform());
+ assertNotNull(mFirstChildSessionCallback.awaitNextCreatedIpSecTransform());
+
// Open additional Child Session
TestChildSessionCallback additionalChildCb = new TestChildSessionCallback();
ikeSession.openChildSession(CHILD_PARAMS, additionalChildCb);
@@ -181,9 +184,12 @@
Arrays.asList(EXPECTED_INBOUND_TS), firstChildConfig.getInboundTrafficSelectors());
assertEquals(Arrays.asList(DEFAULT_V4_TS), firstChildConfig.getOutboundTrafficSelectors());
assertTrue(additionalChildConfig.getInternalAddresses().isEmpty());
- assertTrue(firstChildConfig.getInternalSubnets().isEmpty());
- assertTrue(firstChildConfig.getInternalDnsServers().isEmpty());
- assertTrue(firstChildConfig.getInternalDhcpServers().isEmpty());
+ assertTrue(additionalChildConfig.getInternalSubnets().isEmpty());
+ assertTrue(additionalChildConfig.getInternalDnsServers().isEmpty());
+ assertTrue(additionalChildConfig.getInternalDhcpServers().isEmpty());
+
+ assertNotNull(additionalChildCb.awaitNextCreatedIpSecTransform());
+ assertNotNull(additionalChildCb.awaitNextCreatedIpSecTransform());
// Close additional Child Session
ikeSession.closeChildSession(additionalChildCb);
@@ -193,6 +199,8 @@
true /* expectedUseEncap */,
hexStringToByteArray(SUCCESS_DELETE_CHILD_RESP));
+ assertNotNull(additionalChildCb.awaitNextDeletedIpSecTransform());
+ assertNotNull(additionalChildCb.awaitNextDeletedIpSecTransform());
additionalChildCb.awaitOnClosed();
// Close IKE Session
@@ -203,16 +211,20 @@
true /* expectedUseEncap */,
hexStringToByteArray(SUCCESS_DELETE_IKE_RESP));
+ assertNotNull(mFirstChildSessionCallback.awaitNextDeletedIpSecTransform());
+ assertNotNull(mFirstChildSessionCallback.awaitNextDeletedIpSecTransform());
mFirstChildSessionCallback.awaitOnClosed();
mIkeSessionCallback.awaitOnClosed();
- // TODO: verify IpSecTransform pair is created and deleted
+ // TODO: verify created and deleted IpSecTransform pair and their directions
}
@Test
- public void testIkeSessionKill() throws Exception {
+ public void testIkeSessionKillWithTunnelMode() throws Exception {
+ if (!hasTunnelsFeature()) return;
+
// Open IKE Session
- IkeSession ikeSession = openIkeSession(createIkeSessionParams(mRemoteAddress));
+ IkeSession ikeSession = openIkeSessionWithRemoteAddress(mRemoteAddress);
int expectedMsgId = 0;
mTunUtils.awaitReqAndInjectResp(
IKE_INIT_SPI,
@@ -227,7 +239,6 @@
hexStringToByteArray(SUCCESS_IKE_AUTH_RESP));
ikeSession.kill();
-
mFirstChildSessionCallback.awaitOnClosed();
mIkeSessionCallback.awaitOnClosed();
}
@@ -238,7 +249,7 @@
"46B8ECA1E0D72A180000000000000000292022200000000000000024000000080000000E";
// Open IKE Session
- IkeSession ikeSession = openIkeSession(createIkeSessionParams(mRemoteAddress));
+ IkeSession ikeSession = openIkeSessionWithRemoteAddress(mRemoteAddress);
int expectedMsgId = 0;
mTunUtils.awaitReqAndInjectResp(
IKE_INIT_SPI,
@@ -246,6 +257,8 @@
false /* expectedUseEncap */,
hexStringToByteArray(ikeInitFailRespHex));
+ mFirstChildSessionCallback.awaitOnClosed();
+
IkeException exception = mIkeSessionCallback.awaitOnClosedException();
assertNotNull(exception);
assertTrue(exception instanceof IkeProtocolException);
@@ -254,5 +267,7 @@
assertArrayEquals(EXPECTED_PROTOCOL_ERROR_DATA_NONE, protocolException.getErrorData());
}
- // TODO(b/148689509): Verify rekey process and handling IKE_AUTH failure
+ // TODO(b/155821007): Verify rekey process and handling IKE_AUTH failure
+
+ // TODO(b/155821007): Test creating transport mode Child SA
}
diff --git a/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionTestBase.java b/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionTestBase.java
index deba8fd..279d088 100644
--- a/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionTestBase.java
+++ b/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionTestBase.java
@@ -20,6 +20,7 @@
import android.annotation.NonNull;
import android.app.AppOpsManager;
import android.content.Context;
+import android.content.pm.PackageManager;
import android.net.ConnectivityManager;
import android.net.InetAddresses;
import android.net.IpSecTransform;
@@ -39,7 +40,6 @@
import android.os.Binder;
import android.os.ParcelFileDescriptor;
import android.platform.test.annotations.AppModeFull;
-import android.util.Log;
import androidx.test.InstrumentationRegistry;
import androidx.test.ext.junit.runners.AndroidJUnit4;
@@ -65,6 +65,13 @@
*
* <p>Subclasses MUST explicitly call #setUpTestNetwork and #tearDownTestNetwork to be able to use
* the test network
+ *
+ * <p>All IKE Sessions running in test mode will generate SPIs deterministically. That is to say
+ * each IKE Session will always generate the same IKE INIT SPI and test vectors are generated based
+ * on this deterministic IKE SPI. Each test will use different local and remote addresses to avoid
+ * the case that the next test try to allocate the same SPI before the previous test has released
+ * it, since SPI resources are not released in testing thread. Similarly, each test MUST use
+ * different Network instances to avoid sharing the same IkeSocket and hitting IKE SPI collision.
*/
@RunWith(AndroidJUnit4.class)
@AppModeFull(reason = "MANAGE_TEST_NETWORKS permission can't be granted to instant apps")
@@ -116,7 +123,7 @@
InstrumentationRegistry.getInstrumentation()
.getUiAutomation()
.adoptShellPermissionIdentity();
- sTNM = (TestNetworkManager) sContext.getSystemService(Context.TEST_NETWORK_SERVICE);
+ sTNM = sContext.getSystemService(TestNetworkManager.class);
// Under normal circumstances, the MANAGE_IPSEC_TUNNELS appop would be auto-granted, and
// a standard permission is insufficient. So we shell out the appop, to give us the
@@ -149,10 +156,6 @@
@After
public void tearDown() throws Exception {
tearDownTestNetwork();
-
- resetNextAvailableAddress(NEXT_AVAILABLE_IP4_ADDR_LOCAL, INITIAL_AVAILABLE_IP4_ADDR_LOCAL);
- resetNextAvailableAddress(
- NEXT_AVAILABLE_IP4_ADDR_REMOTE, INITIAL_AVAILABLE_IP4_ADDR_REMOTE);
}
void setUpTestNetwork(InetAddress localAddr) throws Exception {
@@ -185,9 +188,8 @@
pkg, // Package name
opName, // Appop
(allow ? "allow" : "deny")); // Action
- Log.d("IKE", "CTS setAppOp cmd " + cmd);
- String result = SystemUtil.runShellCommand(cmd);
+ SystemUtil.runShellCommand(cmd);
}
}
@@ -229,6 +231,7 @@
}
}
+ /** Testing callback that allows caller to block current thread until a method get called */
static class TestIkeSessionCallback implements IkeSessionCallback {
private CompletableFuture<IkeSessionConfiguration> mFutureIkeConfig =
new CompletableFuture<>();
@@ -282,6 +285,7 @@
}
}
+ /** Testing callback that allows caller to block current thread until a method get called */
static class TestChildSessionCallback implements ChildSessionCallback {
private CompletableFuture<ChildSessionConfiguration> mFutureChildConfig =
new CompletableFuture<>();
@@ -368,6 +372,11 @@
}
}
+ /** Package private method to check if device has IPsec tunnels feature */
+ static boolean hasTunnelsFeature() {
+ return sContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_IPSEC_TUNNELS);
+ }
+
// TODO(b/148689509): Verify IKE Session setup using EAP and digital-signature-based auth
// TODO(b/148689509): Verify hostname based creation
diff --git a/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeTunUtils.java b/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeTunUtils.java
index 5a8258d..f52b88b 100644
--- a/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeTunUtils.java
+++ b/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeTunUtils.java
@@ -121,7 +121,9 @@
+ " and message ID "
+ expectedMsgId);
}
- return null;
+
+ throw new IllegalStateException(
+ "Hit an impossible case where fail() didn't throw an exception");
}
private static boolean isIke(