autotests: Test encrypted private keys with EAP-TLS
Make 3 connections in test EAP-TLS, one with an unencrypted private key, one with the private key passphrase provided in the provisioning file and one with the passphrase provided through the agent. Also improve the scanning logic at the beginning.
This commit is contained in:
parent
56d3d40f30
commit
25a9d2a71f
|
@ -0,0 +1,29 @@
|
||||||
|
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||||
|
MIIE6TAbBgkqhkiG9w0BBQMwDgQI4Jws4ZHp7oQCAggABIIEyGImScBCorOX2u/F
|
||||||
|
ISGvMBLavYPfA1f349fcfPfjbMeTLtrubuFfSYJDrB1KaP4oWsK3RA8AjuNtP49N
|
||||||
|
fWjaAD6E9YTcNPVODgqNaoeslatqszPEqsqfx+vz1inTc+dyZ8ZYTWDlWAFSC33B
|
||||||
|
k6z5CX68YdujTI9hBtkwAJuCoSSIKJNM7duSXzlxM3IfCfzRn4BuO+8usdxqrc5A
|
||||||
|
p1R+LvDehIeOrQxkpJE3oHPq1xcCG4/WOnHWwRlmHmQIc2Z+ZLdgFjXYLvmNG58B
|
||||||
|
PcBAxWjppmZZMXiMqIoZxqQ7hBhwqI2wxCFYAihf4cgn6bT37sv0CeNPjRHfftpr
|
||||||
|
3tWgSeqLbov7Sfm5f1tq3AhJ3om8aaHEL8vUexs0j9mKhJyM0gyel+d1pHSi9/Ka
|
||||||
|
U/qNk2KzhZl4+/p7ngjkK8or7IDgbRQWzRXac6uxnvhDRuCZWWAjgzq7A9KdjMCf
|
||||||
|
T0+OX9USpOl2/cQSeKdRY5xKLBudQGilMvKZwd+rxBMkDBCwl+fj5HX1Tcj085kv
|
||||||
|
CSEOpA90HvqI9VvdxPw0KKWTc/d3FgWKVVzEqtVUCbtDGXZnv3Kt9F05zoX/wL2k
|
||||||
|
PkCd7yQouCYxPevVVz1kus5mwWHaZbEUW6S9GUSeZXs/Itb9Jwl9X6m1G9e393U+
|
||||||
|
FQb95dfDzP1zQzemLJ+Iu6rkmKNC6x1pC+hNG3jy5QRoQ9wB4WV4q3JRHFUECEgd
|
||||||
|
CAN52Saz9f7qt1MmoNPM0fSS+ovh08KoABEI7mp8s9fFj0b7x9h/zlRgigNKp+JE
|
||||||
|
N9/51OSopajlse0ly+1zb8I2iOGeA3U4cvZG5mEP+kstJvdD4PYgx9cWDm6EDKmN
|
||||||
|
4nIL48aNoWFxa7MGJsmQo56QmGAxG7lZusVu4lYUvHQsmqDQWhqBz1k/f4GzioN0
|
||||||
|
7wslyuElIrZyRugYdh+Epy7WbXRi9nBhwuWpOx8TnwOszWIfJT7NLWH+/SaVzuG4
|
||||||
|
IsR1gnaQ5HLPyXxuaJkzcZs7EOG5S5MT7tDW9i72RZUiUPGztmhOLxkYrH/r3UCa
|
||||||
|
8Agc1nYXs8VH9sV+LMMGdCVoY/RwJvZwf13fqnLcmIA4iI8cDf1beUVm1JvdgIL/
|
||||||
|
5Pbxyh2sAzyk/DIFD6yCQUacBKkR3EAXPG9gm5jebjHOU+gxSt69e3jgA1BvuoS5
|
||||||
|
S3xLePrZnGZuPjM2PQX6LW1wWBtNlhbqWAkyeL3YwEwv2FjluFqALB/He/MaNly3
|
||||||
|
UXFULImo8C/2UF9y9hgoSuamFqlKtgaNBUlqNPxX0EQmyCuqBEGYaouZ2TzPfZ44
|
||||||
|
Jf6p6sQZeEmklEIDkaC9DvAGU7DPRfxolLpYHvdHQTwnjKMbFkg7FSAzzdNiKKeR
|
||||||
|
nEnCkaofA2FASfQaZvOkewACaZfqJ1FCSsoetYq2Ulf8o1f8j/QM+JIq4p0DIybz
|
||||||
|
4gsBmg05xufNiZNqZrrFc0/HcZkT3ahgtY+TMzU8d0hAS7roFNlM2lpaE69HJeTZ
|
||||||
|
rhRO7/VAU2Kb0bQI5UWe4yfvbPBmmaxw06lPahlBAEgqeULwfVWBPafjSyq8vPag
|
||||||
|
9RzpwSASqL6dv89qdOPE0JioA9xZ3cemlVOgqzd04AkdnDf3flGCJa6O9BujGm72
|
||||||
|
8t0TmXLstK7YNaxQYA==
|
||||||
|
-----END ENCRYPTED PRIVATE KEY-----
|
|
@ -0,0 +1,30 @@
|
||||||
|
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||||
|
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIVG6rLrQ+fVgCAggA
|
||||||
|
MBQGCCqGSIb3DQMHBAizDQ76m4Q4ZQSCBMh50R/dRYR4agewBCpNNVYIHV/wotfZ
|
||||||
|
PhhwcJQFZMmp50rCI9rh13w8TSr+KDreXTY+XzvqFS7fbB0JV3QWlv2wvqkAFXoJ
|
||||||
|
CYlE40WXg5Qd2H849IyLEil8J5mvoZohDZYNk82zi+PSvkvxJ8d1RJIiHHhmReeC
|
||||||
|
0+rDHd9C+Xr2MVBOMA+gimx/P3qtS4jI0qjmzyUiorHa9lvY5qzxbMibi4mEAjBy
|
||||||
|
VWviWHszpCwKVapODFlG2r5R2wvmhp4GUGSigi7KtL7hijEbsh4CW2RqYLR733Nx
|
||||||
|
WdsyIc4sD3908ttfQSmsSt6vchAMkelwFizGSEFLMsCne3MGjVsLpVitg6nswl6N
|
||||||
|
pvngZu0zaggWFVPRIt+vIimeHrujzoiUuzDizjOVzCiyRkrFuJEMwN3l/AaSxUiG
|
||||||
|
lOWga1Eb+McH3oJNU1WtrL7gDwfmKFc26D7xNMnGLcdYxfM1F98XfM3FVswaHdC7
|
||||||
|
0uTmEmMdhpoNw4CWai37NpigW01cDnxMMpFuX0yTU8GUU/JkBgZ4NHE1sTZrFiOf
|
||||||
|
mMr83waumMGwwChhZAd1qDRB35c1HLvVqBt3HkdcyCZP1JBxG4QLrw7IVzG+knlj
|
||||||
|
QdrBC/lDNA15wG27v5hRUVEoeFRJkOllUlSqfh0PmJw2t32BP8dS6EsM8eTpnQ7R
|
||||||
|
ysqO5CVZ3WTNFwIZ7wD8zmaBOamkZ1OzOluYFL5sBHGRM05pSEsYOivsi7tlp5Gj
|
||||||
|
ZQjR+qSKLT34R4QxWhziWgNC/ynjVuWNWX67p1T/ngsM9kGa6cm84XbHQL7CqUyX
|
||||||
|
H7vOWtWHGCclS1Ori5vjFP8/qdOVGMpiKnX8HvoBv6zxJvfMYNAz39MMewlfHdCa
|
||||||
|
vEvBVwxLYRxbaL1IGNUebXVyn7JNRhuDm1SDNU1ADj8GW4AL5+22D9xArz8Lnkrj
|
||||||
|
+lvHm1NMIckciFYHraKmIPeJLiLIxDJ1SX+WgJGLo+P0W2TJLHAnQl5a1KzJOsIq
|
||||||
|
/y35Q4mFLX0JE4mzAj2S1bsVate4FZpnKqVT0mfN5/UPSnQOpJKRSTYV9QJm1mGb
|
||||||
|
gtdvwSvSniyjSSP/MAB+M7C0N4syC4N4sXYXJTKcM3CN/tN4ASycpkWRvXXLWRsj
|
||||||
|
BuQq9z50ojdnx+twu2eG3eYRAGjEW7yOD3GHPQOtCx3IQDptmzYf2v4rk9x+IFfT
|
||||||
|
L0ZfmyVevXgm9zjHI9s64Ok1g/6SL8lO+wszfjDs1zEgrMRfoVoKOBrWN7fYKiKi
|
||||||
|
GBUeaZ9HgcM1ha/a63N1LPK9OPR2w4qh+DpCLpfvhzZN6IRv1oFddws8jwye1pJb
|
||||||
|
1Po33NxHUfsOTX+lpc61NOEua7s3/Wu5gm0jBrX5c/aKCfXMsJHzW+0wl4SAXDog
|
||||||
|
3Cl29/NAMSQDpQP9A91QSwHYkyzk4rBLcrbx6bQfFSHOqdl2dto+UJfiz+5PzD7s
|
||||||
|
I7k72LGzrfIOq4brLbrLIGwj/ani/vvSZnXYzx3uUeP9w1EZSgNKC9HLBW7lyav3
|
||||||
|
IlY7HAO2GMVlIdzynHPT3wMXtLqf/ykO+tkrEF4LjOu9r+cdhCxHum22vlgZKL7J
|
||||||
|
J044ViKBro0CWL1wajpFQOvG/BG4VDJ/dfGee0iBr4R+CIkaUwVTCdRsibyZRM8E
|
||||||
|
FL0=
|
||||||
|
-----END ENCRYPTED PRIVATE KEY-----
|
|
@ -6,14 +6,26 @@ import sys
|
||||||
sys.path.append('../util')
|
sys.path.append('../util')
|
||||||
import iwd
|
import iwd
|
||||||
from iwd import IWD
|
from iwd import IWD
|
||||||
|
from iwd import PSKAgent
|
||||||
from iwd import NetworkType
|
from iwd import NetworkType
|
||||||
import testutil
|
import testutil
|
||||||
|
import hostapd
|
||||||
|
|
||||||
class Test(unittest.TestCase):
|
class Test(unittest.TestCase):
|
||||||
|
|
||||||
def test_connection_success(self):
|
def do_test_connection_success(self, ssid, passphrase=None):
|
||||||
wd = IWD()
|
wd = IWD()
|
||||||
|
|
||||||
|
if passphrase:
|
||||||
|
psk_agent = PSKAgent(passphrase)
|
||||||
|
wd.register_psk_agent(psk_agent)
|
||||||
|
|
||||||
|
hostapd_ifname = None
|
||||||
|
for ifname in hostapd.hostapd_map:
|
||||||
|
if ssid + '.conf' in hostapd.hostapd_map[ifname].config:
|
||||||
|
hostapd_ifname = ifname
|
||||||
|
break
|
||||||
|
|
||||||
devices = wd.list_devices();
|
devices = wd.list_devices();
|
||||||
self.assertIsNotNone(devices)
|
self.assertIsNotNone(devices)
|
||||||
device = devices[0]
|
device = devices[0]
|
||||||
|
@ -21,15 +33,16 @@ class Test(unittest.TestCase):
|
||||||
condition = 'not obj.scanning'
|
condition = 'not obj.scanning'
|
||||||
wd.wait_for_object_condition(device, condition)
|
wd.wait_for_object_condition(device, condition)
|
||||||
|
|
||||||
device.scan()
|
if not device.get_ordered_networks():
|
||||||
|
device.scan()
|
||||||
condition = 'not obj.scanning'
|
condition = 'obj.scanning'
|
||||||
wd.wait_for_object_condition(device, condition)
|
wd.wait_for_object_condition(device, condition)
|
||||||
|
condition = 'not obj.scanning'
|
||||||
|
wd.wait_for_object_condition(device, condition)
|
||||||
|
|
||||||
ordered_networks = device.get_ordered_networks()
|
ordered_networks = device.get_ordered_networks()
|
||||||
ordered_network = ordered_networks[0]
|
ordered_network = [n for n in ordered_networks if n.name == ssid][0]
|
||||||
|
|
||||||
self.assertEqual(ordered_network.name, "ssidEAP-TLS")
|
|
||||||
self.assertEqual(ordered_network.type, NetworkType.eap)
|
self.assertEqual(ordered_network.type, NetworkType.eap)
|
||||||
|
|
||||||
condition = 'not obj.connected'
|
condition = 'not obj.connected'
|
||||||
|
@ -41,16 +54,30 @@ class Test(unittest.TestCase):
|
||||||
wd.wait_for_object_condition(ordered_network.network_object, condition)
|
wd.wait_for_object_condition(ordered_network.network_object, condition)
|
||||||
|
|
||||||
testutil.test_iface_operstate()
|
testutil.test_iface_operstate()
|
||||||
testutil.test_ifaces_connected()
|
testutil.test_ifaces_connected(hostapd_ifname, 'wln3')
|
||||||
|
|
||||||
device.disconnect()
|
device.disconnect()
|
||||||
|
|
||||||
condition = 'not obj.connected'
|
condition = 'not obj.connected'
|
||||||
wd.wait_for_object_condition(ordered_network.network_object, condition)
|
wd.wait_for_object_condition(ordered_network.network_object, condition)
|
||||||
|
|
||||||
|
if passphrase:
|
||||||
|
wd.unregister_psk_agent(psk_agent)
|
||||||
|
|
||||||
|
def test_eap_tls(self):
|
||||||
|
self.do_test_connection_success('ssidEAP-TLS')
|
||||||
|
|
||||||
|
def test_eap_tls2(self):
|
||||||
|
self.do_test_connection_success('ssidEAP-TLS2')
|
||||||
|
|
||||||
|
def test_eap_tls3(self):
|
||||||
|
self.do_test_connection_success('ssidEAP-TLS3', 'abc')
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def setUpClass(cls):
|
def setUpClass(cls):
|
||||||
IWD.copy_to_storage('ssidEAP-TLS.8021x')
|
IWD.copy_to_storage('ssidEAP-TLS.8021x')
|
||||||
|
IWD.copy_to_storage('ssidEAP-TLS2.8021x')
|
||||||
|
IWD.copy_to_storage('ssidEAP-TLS3.8021x')
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def tearDownClass(cls):
|
def tearDownClass(cls):
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
[SETUP]
|
[SETUP]
|
||||||
num_radios=2
|
num_radios=4
|
||||||
tmpfs_extra_stuff=../misc/certs
|
tmpfs_extra_stuff=../misc/certs
|
||||||
|
|
||||||
[HOSTAPD]
|
[HOSTAPD]
|
||||||
rad0=ssidEAP-TLS.conf
|
rad0=ssidEAP-TLS.conf
|
||||||
|
rad1=ssidEAP-TLS2.conf
|
||||||
|
rad2=ssidEAP-TLS3.conf
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
[Security]
|
||||||
|
EAP-Method=TLS
|
||||||
|
EAP-TLS-CACert=/tmp/certs/cert-ca.pem
|
||||||
|
EAP-TLS-ClientCert=/tmp/certs/cert-client.pem
|
||||||
|
EAP-TLS-ClientKey=/tmp/certs/cert-client-key-md5-des.pem
|
||||||
|
EAP-TLS-ClientKeyPassphrase=abc
|
||||||
|
EAP-Identity=abc@example.com
|
|
@ -0,0 +1,12 @@
|
||||||
|
hw_mode=g
|
||||||
|
channel=2
|
||||||
|
ssid=ssidEAP-TLS2
|
||||||
|
|
||||||
|
wpa=3
|
||||||
|
wpa_key_mgmt=WPA-EAP
|
||||||
|
ieee8021x=1
|
||||||
|
eap_server=1
|
||||||
|
eap_user_file=/tmp/certs/eap-user-tls.text
|
||||||
|
ca_cert=/tmp/certs/cert-ca.pem
|
||||||
|
server_cert=/tmp/certs/cert-server.pem
|
||||||
|
private_key=/tmp/certs/cert-server-key.pem
|
|
@ -0,0 +1,6 @@
|
||||||
|
[Security]
|
||||||
|
EAP-Method=TLS
|
||||||
|
EAP-TLS-CACert=/tmp/certs/cert-ca.pem
|
||||||
|
EAP-TLS-ClientCert=/tmp/certs/cert-client.pem
|
||||||
|
EAP-TLS-ClientKey=/tmp/certs/cert-client-key-v2-des-ede3.pem
|
||||||
|
EAP-Identity=abc@example.com
|
|
@ -0,0 +1,12 @@
|
||||||
|
hw_mode=g
|
||||||
|
channel=3
|
||||||
|
ssid=ssidEAP-TLS3
|
||||||
|
|
||||||
|
wpa=3
|
||||||
|
wpa_key_mgmt=WPA-EAP
|
||||||
|
ieee8021x=1
|
||||||
|
eap_server=1
|
||||||
|
eap_user_file=/tmp/certs/eap-user-tls.text
|
||||||
|
ca_cert=/tmp/certs/cert-ca.pem
|
||||||
|
server_cert=/tmp/certs/cert-server.pem
|
||||||
|
private_key=/tmp/certs/cert-server-key.pem
|
Loading…
Reference in New Issue