autotests: Test encrypted private keys with EAP-TLS
Make 3 connections in test EAP-TLS, one with an unencrypted private key, one with the private key passphrase provided in the provisioning file and one with the passphrase provided through the agent. Also improve the scanning logic at the beginning.
This commit is contained in:
parent
56d3d40f30
commit
25a9d2a71f
|
@ -0,0 +1,29 @@
|
|||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIE6TAbBgkqhkiG9w0BBQMwDgQI4Jws4ZHp7oQCAggABIIEyGImScBCorOX2u/F
|
||||
ISGvMBLavYPfA1f349fcfPfjbMeTLtrubuFfSYJDrB1KaP4oWsK3RA8AjuNtP49N
|
||||
fWjaAD6E9YTcNPVODgqNaoeslatqszPEqsqfx+vz1inTc+dyZ8ZYTWDlWAFSC33B
|
||||
k6z5CX68YdujTI9hBtkwAJuCoSSIKJNM7duSXzlxM3IfCfzRn4BuO+8usdxqrc5A
|
||||
p1R+LvDehIeOrQxkpJE3oHPq1xcCG4/WOnHWwRlmHmQIc2Z+ZLdgFjXYLvmNG58B
|
||||
PcBAxWjppmZZMXiMqIoZxqQ7hBhwqI2wxCFYAihf4cgn6bT37sv0CeNPjRHfftpr
|
||||
3tWgSeqLbov7Sfm5f1tq3AhJ3om8aaHEL8vUexs0j9mKhJyM0gyel+d1pHSi9/Ka
|
||||
U/qNk2KzhZl4+/p7ngjkK8or7IDgbRQWzRXac6uxnvhDRuCZWWAjgzq7A9KdjMCf
|
||||
T0+OX9USpOl2/cQSeKdRY5xKLBudQGilMvKZwd+rxBMkDBCwl+fj5HX1Tcj085kv
|
||||
CSEOpA90HvqI9VvdxPw0KKWTc/d3FgWKVVzEqtVUCbtDGXZnv3Kt9F05zoX/wL2k
|
||||
PkCd7yQouCYxPevVVz1kus5mwWHaZbEUW6S9GUSeZXs/Itb9Jwl9X6m1G9e393U+
|
||||
FQb95dfDzP1zQzemLJ+Iu6rkmKNC6x1pC+hNG3jy5QRoQ9wB4WV4q3JRHFUECEgd
|
||||
CAN52Saz9f7qt1MmoNPM0fSS+ovh08KoABEI7mp8s9fFj0b7x9h/zlRgigNKp+JE
|
||||
N9/51OSopajlse0ly+1zb8I2iOGeA3U4cvZG5mEP+kstJvdD4PYgx9cWDm6EDKmN
|
||||
4nIL48aNoWFxa7MGJsmQo56QmGAxG7lZusVu4lYUvHQsmqDQWhqBz1k/f4GzioN0
|
||||
7wslyuElIrZyRugYdh+Epy7WbXRi9nBhwuWpOx8TnwOszWIfJT7NLWH+/SaVzuG4
|
||||
IsR1gnaQ5HLPyXxuaJkzcZs7EOG5S5MT7tDW9i72RZUiUPGztmhOLxkYrH/r3UCa
|
||||
8Agc1nYXs8VH9sV+LMMGdCVoY/RwJvZwf13fqnLcmIA4iI8cDf1beUVm1JvdgIL/
|
||||
5Pbxyh2sAzyk/DIFD6yCQUacBKkR3EAXPG9gm5jebjHOU+gxSt69e3jgA1BvuoS5
|
||||
S3xLePrZnGZuPjM2PQX6LW1wWBtNlhbqWAkyeL3YwEwv2FjluFqALB/He/MaNly3
|
||||
UXFULImo8C/2UF9y9hgoSuamFqlKtgaNBUlqNPxX0EQmyCuqBEGYaouZ2TzPfZ44
|
||||
Jf6p6sQZeEmklEIDkaC9DvAGU7DPRfxolLpYHvdHQTwnjKMbFkg7FSAzzdNiKKeR
|
||||
nEnCkaofA2FASfQaZvOkewACaZfqJ1FCSsoetYq2Ulf8o1f8j/QM+JIq4p0DIybz
|
||||
4gsBmg05xufNiZNqZrrFc0/HcZkT3ahgtY+TMzU8d0hAS7roFNlM2lpaE69HJeTZ
|
||||
rhRO7/VAU2Kb0bQI5UWe4yfvbPBmmaxw06lPahlBAEgqeULwfVWBPafjSyq8vPag
|
||||
9RzpwSASqL6dv89qdOPE0JioA9xZ3cemlVOgqzd04AkdnDf3flGCJa6O9BujGm72
|
||||
8t0TmXLstK7YNaxQYA==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIVG6rLrQ+fVgCAggA
|
||||
MBQGCCqGSIb3DQMHBAizDQ76m4Q4ZQSCBMh50R/dRYR4agewBCpNNVYIHV/wotfZ
|
||||
PhhwcJQFZMmp50rCI9rh13w8TSr+KDreXTY+XzvqFS7fbB0JV3QWlv2wvqkAFXoJ
|
||||
CYlE40WXg5Qd2H849IyLEil8J5mvoZohDZYNk82zi+PSvkvxJ8d1RJIiHHhmReeC
|
||||
0+rDHd9C+Xr2MVBOMA+gimx/P3qtS4jI0qjmzyUiorHa9lvY5qzxbMibi4mEAjBy
|
||||
VWviWHszpCwKVapODFlG2r5R2wvmhp4GUGSigi7KtL7hijEbsh4CW2RqYLR733Nx
|
||||
WdsyIc4sD3908ttfQSmsSt6vchAMkelwFizGSEFLMsCne3MGjVsLpVitg6nswl6N
|
||||
pvngZu0zaggWFVPRIt+vIimeHrujzoiUuzDizjOVzCiyRkrFuJEMwN3l/AaSxUiG
|
||||
lOWga1Eb+McH3oJNU1WtrL7gDwfmKFc26D7xNMnGLcdYxfM1F98XfM3FVswaHdC7
|
||||
0uTmEmMdhpoNw4CWai37NpigW01cDnxMMpFuX0yTU8GUU/JkBgZ4NHE1sTZrFiOf
|
||||
mMr83waumMGwwChhZAd1qDRB35c1HLvVqBt3HkdcyCZP1JBxG4QLrw7IVzG+knlj
|
||||
QdrBC/lDNA15wG27v5hRUVEoeFRJkOllUlSqfh0PmJw2t32BP8dS6EsM8eTpnQ7R
|
||||
ysqO5CVZ3WTNFwIZ7wD8zmaBOamkZ1OzOluYFL5sBHGRM05pSEsYOivsi7tlp5Gj
|
||||
ZQjR+qSKLT34R4QxWhziWgNC/ynjVuWNWX67p1T/ngsM9kGa6cm84XbHQL7CqUyX
|
||||
H7vOWtWHGCclS1Ori5vjFP8/qdOVGMpiKnX8HvoBv6zxJvfMYNAz39MMewlfHdCa
|
||||
vEvBVwxLYRxbaL1IGNUebXVyn7JNRhuDm1SDNU1ADj8GW4AL5+22D9xArz8Lnkrj
|
||||
+lvHm1NMIckciFYHraKmIPeJLiLIxDJ1SX+WgJGLo+P0W2TJLHAnQl5a1KzJOsIq
|
||||
/y35Q4mFLX0JE4mzAj2S1bsVate4FZpnKqVT0mfN5/UPSnQOpJKRSTYV9QJm1mGb
|
||||
gtdvwSvSniyjSSP/MAB+M7C0N4syC4N4sXYXJTKcM3CN/tN4ASycpkWRvXXLWRsj
|
||||
BuQq9z50ojdnx+twu2eG3eYRAGjEW7yOD3GHPQOtCx3IQDptmzYf2v4rk9x+IFfT
|
||||
L0ZfmyVevXgm9zjHI9s64Ok1g/6SL8lO+wszfjDs1zEgrMRfoVoKOBrWN7fYKiKi
|
||||
GBUeaZ9HgcM1ha/a63N1LPK9OPR2w4qh+DpCLpfvhzZN6IRv1oFddws8jwye1pJb
|
||||
1Po33NxHUfsOTX+lpc61NOEua7s3/Wu5gm0jBrX5c/aKCfXMsJHzW+0wl4SAXDog
|
||||
3Cl29/NAMSQDpQP9A91QSwHYkyzk4rBLcrbx6bQfFSHOqdl2dto+UJfiz+5PzD7s
|
||||
I7k72LGzrfIOq4brLbrLIGwj/ani/vvSZnXYzx3uUeP9w1EZSgNKC9HLBW7lyav3
|
||||
IlY7HAO2GMVlIdzynHPT3wMXtLqf/ykO+tkrEF4LjOu9r+cdhCxHum22vlgZKL7J
|
||||
J044ViKBro0CWL1wajpFQOvG/BG4VDJ/dfGee0iBr4R+CIkaUwVTCdRsibyZRM8E
|
||||
FL0=
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
|
@ -6,14 +6,26 @@ import sys
|
|||
sys.path.append('../util')
|
||||
import iwd
|
||||
from iwd import IWD
|
||||
from iwd import PSKAgent
|
||||
from iwd import NetworkType
|
||||
import testutil
|
||||
import hostapd
|
||||
|
||||
class Test(unittest.TestCase):
|
||||
|
||||
def test_connection_success(self):
|
||||
def do_test_connection_success(self, ssid, passphrase=None):
|
||||
wd = IWD()
|
||||
|
||||
if passphrase:
|
||||
psk_agent = PSKAgent(passphrase)
|
||||
wd.register_psk_agent(psk_agent)
|
||||
|
||||
hostapd_ifname = None
|
||||
for ifname in hostapd.hostapd_map:
|
||||
if ssid + '.conf' in hostapd.hostapd_map[ifname].config:
|
||||
hostapd_ifname = ifname
|
||||
break
|
||||
|
||||
devices = wd.list_devices();
|
||||
self.assertIsNotNone(devices)
|
||||
device = devices[0]
|
||||
|
@ -21,15 +33,16 @@ class Test(unittest.TestCase):
|
|||
condition = 'not obj.scanning'
|
||||
wd.wait_for_object_condition(device, condition)
|
||||
|
||||
device.scan()
|
||||
|
||||
condition = 'not obj.scanning'
|
||||
wd.wait_for_object_condition(device, condition)
|
||||
if not device.get_ordered_networks():
|
||||
device.scan()
|
||||
condition = 'obj.scanning'
|
||||
wd.wait_for_object_condition(device, condition)
|
||||
condition = 'not obj.scanning'
|
||||
wd.wait_for_object_condition(device, condition)
|
||||
|
||||
ordered_networks = device.get_ordered_networks()
|
||||
ordered_network = ordered_networks[0]
|
||||
ordered_network = [n for n in ordered_networks if n.name == ssid][0]
|
||||
|
||||
self.assertEqual(ordered_network.name, "ssidEAP-TLS")
|
||||
self.assertEqual(ordered_network.type, NetworkType.eap)
|
||||
|
||||
condition = 'not obj.connected'
|
||||
|
@ -41,16 +54,30 @@ class Test(unittest.TestCase):
|
|||
wd.wait_for_object_condition(ordered_network.network_object, condition)
|
||||
|
||||
testutil.test_iface_operstate()
|
||||
testutil.test_ifaces_connected()
|
||||
testutil.test_ifaces_connected(hostapd_ifname, 'wln3')
|
||||
|
||||
device.disconnect()
|
||||
|
||||
condition = 'not obj.connected'
|
||||
wd.wait_for_object_condition(ordered_network.network_object, condition)
|
||||
|
||||
if passphrase:
|
||||
wd.unregister_psk_agent(psk_agent)
|
||||
|
||||
def test_eap_tls(self):
|
||||
self.do_test_connection_success('ssidEAP-TLS')
|
||||
|
||||
def test_eap_tls2(self):
|
||||
self.do_test_connection_success('ssidEAP-TLS2')
|
||||
|
||||
def test_eap_tls3(self):
|
||||
self.do_test_connection_success('ssidEAP-TLS3', 'abc')
|
||||
|
||||
@classmethod
|
||||
def setUpClass(cls):
|
||||
IWD.copy_to_storage('ssidEAP-TLS.8021x')
|
||||
IWD.copy_to_storage('ssidEAP-TLS2.8021x')
|
||||
IWD.copy_to_storage('ssidEAP-TLS3.8021x')
|
||||
|
||||
@classmethod
|
||||
def tearDownClass(cls):
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
[SETUP]
|
||||
num_radios=2
|
||||
num_radios=4
|
||||
tmpfs_extra_stuff=../misc/certs
|
||||
|
||||
[HOSTAPD]
|
||||
rad0=ssidEAP-TLS.conf
|
||||
rad1=ssidEAP-TLS2.conf
|
||||
rad2=ssidEAP-TLS3.conf
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
[Security]
|
||||
EAP-Method=TLS
|
||||
EAP-TLS-CACert=/tmp/certs/cert-ca.pem
|
||||
EAP-TLS-ClientCert=/tmp/certs/cert-client.pem
|
||||
EAP-TLS-ClientKey=/tmp/certs/cert-client-key-md5-des.pem
|
||||
EAP-TLS-ClientKeyPassphrase=abc
|
||||
EAP-Identity=abc@example.com
|
|
@ -0,0 +1,12 @@
|
|||
hw_mode=g
|
||||
channel=2
|
||||
ssid=ssidEAP-TLS2
|
||||
|
||||
wpa=3
|
||||
wpa_key_mgmt=WPA-EAP
|
||||
ieee8021x=1
|
||||
eap_server=1
|
||||
eap_user_file=/tmp/certs/eap-user-tls.text
|
||||
ca_cert=/tmp/certs/cert-ca.pem
|
||||
server_cert=/tmp/certs/cert-server.pem
|
||||
private_key=/tmp/certs/cert-server-key.pem
|
|
@ -0,0 +1,6 @@
|
|||
[Security]
|
||||
EAP-Method=TLS
|
||||
EAP-TLS-CACert=/tmp/certs/cert-ca.pem
|
||||
EAP-TLS-ClientCert=/tmp/certs/cert-client.pem
|
||||
EAP-TLS-ClientKey=/tmp/certs/cert-client-key-v2-des-ede3.pem
|
||||
EAP-Identity=abc@example.com
|
|
@ -0,0 +1,12 @@
|
|||
hw_mode=g
|
||||
channel=3
|
||||
ssid=ssidEAP-TLS3
|
||||
|
||||
wpa=3
|
||||
wpa_key_mgmt=WPA-EAP
|
||||
ieee8021x=1
|
||||
eap_server=1
|
||||
eap_user_file=/tmp/certs/eap-user-tls.text
|
||||
ca_cert=/tmp/certs/cert-ca.pem
|
||||
server_cert=/tmp/certs/cert-server.pem
|
||||
private_key=/tmp/certs/cert-server-key.pem
|
Loading…
Reference in New Issue