auto-t: Add universal testEAP test

This tests all EAP methods in their standard configuration. Any
corner cases requiring changes to main.conf or other hostapd
options are not included and will be left as stand alone tests.

This was done because nearly all EAP tests are identical except
the IWD provisioning file and hostapd EAP users fine. The IWD
provisioning file can be swapped out as needed for each individual
test without actually restarting IWD. And the EAP users file can
simply be written to include every possible EAP method that
is supported.

autotests/misc/secrets/eap-user.text

@@ -0,0 +1,22 @@
+"112345678@phonesim.org"		SIM
+"012345678@phonesim.org"		AKA
+"612345678@phonesim.org"		AKA'
+"mschapv2@example.com"			MSCHAPV2	"Password"
+"pwd@example.com"			PWD		"Password"
+
+# Phase 1 users
+"tls@example.com"			TLS
+"ttls@example.com"			TTLS
+"peap@example.com"			PEAP
+"peapv0@example.com"			PEAP [ver=0]
+"peapv1@example.com"			PEAP [ver=1]
+
+# Phase 2
+"md5-phase2@example.com"		MD5		"Password" [2]
+"gtc-phase2@example.com"		GTC		"Password" [2]
+"mschapv2-phase2@example.com"		MSCHAPV2	"Password" [2]
+"ttls-chap-phase2@example.com"		TTLS-CHAP	"Password" [2]
+"ttls-mschap-phase2@example.com"	TTLS-MSCHAP	"Password" [2]
+"ttls-mschapv2-phase2@example.com"	TTLS-MSCHAPV2	"Password" [2]
+"ttls-pap-phase2@example.com"		TTLS-PAP	"Password" [2]
+"112345678@phonesim.org"		SIM [2]

autotests/testEAP/connection_test.py

@@ -0,0 +1,240 @@
+#!/usr/bin/python3
+
+from typing import Iterable
+import unittest
+import sys
+
+sys.path.append('../util')
+from iwd import IWD
+from iwd import NetworkType
+from iwd import PSKAgent
+from hlrauc import AuthCenter
+from ofono import Ofono
+from config import ctx
+import testutil
+import traceback
+
+class Test(unittest.TestCase):
+    def copy_network(self, name):
+        IWD.copy_to_storage(name, name='ssidEAP.8021x')
+        self.wd.wait_for_object_condition(self.wd,
+                                    '"ssidEAP" in [n.name for n in obj.list_known_networks()]')
+
+    def remove_network(self):
+        networks = self.wd.list_known_networks()
+        [n.forget() for n in networks if n.name == 'ssidEAP']
+        self.wd.wait_for_object_condition(self.wd,
+                                    '"ssidEAP" not in [n.name for n in obj.list_known_networks()]')
+
+    def validate_connection(self, wd, *secrets):
+        if secrets:
+            psk_agent = PSKAgent(*secrets)
+            wd.register_psk_agent(psk_agent)
+
+        devices = wd.list_devices(1)
+        self.assertIsNotNone(devices)
+        device = devices[0]
+
+        ordered_network = device.get_ordered_network('ssidEAP')
+
+        self.assertEqual(ordered_network.type, NetworkType.eap)
+
+        condition = 'not obj.connected'
+        wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+        ordered_network.network_object.connect()
+
+        condition = 'obj.state == DeviceState.connected'
+        wd.wait_for_object_condition(device, condition)
+
+        testutil.test_iface_operstate()
+        testutil.test_ifaces_connected()
+
+        if secrets:
+            wd.unregister_psk_agent(psk_agent)
+
+        device.disconnect()
+
+        condition = 'not obj.connected'
+        wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+    #
+    # EAP-AKA
+    #
+    def test_eap_aka(self):
+        if not ctx.is_process_running('ofonod'):
+            self.skipTest("ofono not running")
+
+        ofono = Ofono()
+        ofono.enable_modem('/phonesim')
+        ofono.wait_for_sim_auth()
+
+        auth = AuthCenter('/tmp/hlrauc.sock', '/tmp/sim/aka.db')
+
+        self.copy_network('sim/ssidEAP-AKA.8021x')
+
+        try:
+            self.validate_connection(self.wd)
+        finally:
+            auth.stop()
+
+    #
+    # EAP-AKA'
+    #
+    def test_eap_aka_prime(self):
+        if not ctx.is_process_running('ofonod'):
+            self.skipTest("ofono not running")
+
+        ofono = Ofono()
+        ofono.enable_modem('/phonesim')
+        ofono.wait_for_sim_auth()
+
+        auth = AuthCenter('/tmp/hlrauc.sock', '/tmp/sim/aka.db')
+
+        self.copy_network('sim/ssidEAP-AKA-prime.8021x')
+
+        try:
+            self.validate_connection(self.wd)
+        finally:
+            auth.stop()
+
+    #
+    # EAP-SIM
+    #
+    def test_eap_sim(self):
+        if not ctx.is_process_running('ofonod'):
+            self.skipTest("ofono not running")
+
+        ofono = Ofono()
+        ofono.enable_modem('/phonesim')
+        ofono.wait_for_sim_auth()
+
+        auth = AuthCenter('/tmp/hlrauc.sock', '/tmp/sim/sim.db')
+
+        self.copy_network('sim/ssidEAP-SIM.8021x')
+
+        try:
+            self.validate_connection(self.wd)
+        finally:
+            auth.stop()
+
+    #
+    # EAP-MSCHAPv2
+    #
+    # * Credentials in 8021x file
+    # * Password-Hash in 8021x file
+    # * Agent request for password
+    # * Agent request for user + password
+    #
+    def test_eap_mschapv2(self):
+        self.copy_network('mschapv2/ssidEAP-MSCHAPV2.8021x')
+        self.validate_connection(self.wd)
+
+        self.copy_network('mschapv2/ssidEAP-MSCHAPV2-hash.8021x')
+        self.validate_connection(self.wd)
+
+        self.copy_network('mschapv2/ssidEAP-MSCHAPV2-nopass.8021x')
+        self.validate_connection(self.wd, [], ('mschapv2@example.com', 'Password'))
+
+        self.copy_network('mschapv2/ssidEAP-MSCHAPV2-nouserpass.8021x')
+        self.validate_connection(self.wd, [], ('mschapv2@example.com', 'Password'))
+
+    #
+    # EAP-PEAP
+    #
+    # * Test all combinations of PEAP, PEAPv0, PEAPv1 with MD5, GTC, SIM, MSCHAPv2
+    #
+    def test_eap_peap(self):
+        ofono = Ofono()
+        ofono.enable_modem('/phonesim')
+        ofono.wait_for_sim_auth()
+
+        auth = AuthCenter('/tmp/hlrauc.sock', '/tmp/sim/sim.db')
+
+        for ver in ['PEAP', 'PEAPv0', 'PEAPv1']:
+            for inner in ['MD5', 'GTC', 'SIM', 'MSCHAPv2']:
+                self.copy_network('peap/ssidEAP-%s-%s.8021x' % (ver, inner))
+
+                try:
+                    self.validate_connection(self.wd)
+                except Exception as e:
+                    # Catch an error here and print the actual PEAP combo that failed
+                    traceback.print_exc()
+                    auth.stop()
+                    raise Exception("%s-%s test failed" % (ver, inner))
+
+                self.remove_network()
+
+        auth.stop()
+
+    #
+    # EAP-PWD
+    #
+    def test_eap_pwd(self):
+        self.copy_network('ssidEAP-PWD.8021x')
+
+        self.validate_connection(self.wd)
+
+    #
+    # EAP-TLS
+    #
+    # * Encrypted private key, passphrase in 8021x file
+    # * Unencrypted private key
+    # * Encrypted private key, passphrase provided by agent
+    # * Embedded PEM inside 8021x file
+    # * KeyBundle
+    #
+    def test_eap_tls(self):
+        for name, secrets in [('keypass', None), ('nokeypass', None),
+                        ('des-ede3', 'abc'), ('embedded', None), ('keybundle', None)]:
+            self.copy_network('tls/ssidEAP-TLS-%s.8021x' % name)
+            try:
+                self.validate_connection(self.wd, secrets)
+            except Exception as e:
+                traceback.print_exc()
+                raise Exception('EAP-TLS (%s) failed' % name)
+
+            self.remove_network()
+
+    #
+    # EAP-TTLS
+    #
+    # * CHAP, MD5, MSCHAPV2 as phase 2
+    # * Tunneled-MSCHAP, Tunneled-MSCHAPV2, Tunneled-PAP as phase 2
+    #
+    def test_eap_ttls(self):
+        for name, secrets in [('CHAP', ('ttls@example.com', ('ttls-chap-phase2@example.com', 'Password'))),
+                              ('MD5', None),
+                              ('MSCHAPV2', ('ttls@example.com', ('mschapv2-phase2@example.com', 'Password'))),
+                              ('Tunneled-MSCHAP', ('ttls@example.com', ('ttls-mschap-phase2@example.com', 'Password'))),
+                              ('Tunneled-MSCHAPV2', ('ttls@example.com', ('ttls-mschapv2-phase2@example.com', 'Password'))),
+                              ('Tunneled-PAP', ('ttls@example.com', ('ttls-pap-phase2@example.com', 'Password')))]:
+            self.copy_network('ttls/ssidEAP-TTLS-%s.8021x' % name)
+            try:
+                if isinstance(secrets, Iterable):
+                    self.validate_connection(self.wd, *secrets)
+                else:
+                    self.validate_connection(self.wd, None)
+            except Exception as e:
+                    traceback.print_exc()
+                    raise Exception('EAP-TTLS (%s) failed' % name)
+
+            self.remove_network()
+
+    def setUp(self):
+        IWD.clear_storage()
+
+    def tearDown(self):
+        self.remove_network()
+
+    @classmethod
+    def setUpClass(cls):
+        cls.wd = IWD()
+
+    @classmethod
+    def tearDownClass(cls):
+        cls.wd = None
+        IWD.clear_storage()
+
+if __name__ == '__main__':
+    unittest.main(exit=True)

autotests/testEAP/hw.conf

@@ -0,0 +1,6 @@
+[SETUP]
+num_radios=2
+sim_keys=ofono
+
+[HOSTAPD]
+rad0=ssidEAP.conf

autotests/testEAP/mschapv2/ssidEAP-MSCHAPV2-hash.8021x

@@ -0,0 +1,7 @@
+[Security]
+EAP-Method=MSCHAPV2
+EAP-Identity=mschapv2@example.com
+EAP-Password-Hash=a4f49c406510bdcab6824ee7c30fd852
+
+[Settings]
+AutoConnect=false

autotests/testEAP/mschapv2/ssidEAP-MSCHAPV2-nopass.8021x

@@ -0,0 +1,6 @@
+[Security]
+EAP-Method=MSCHAPV2
+EAP-Identity=mschapv2@example.com
+
+[Settings]
+AutoConnect=false

autotests/testEAP/mschapv2/ssidEAP-MSCHAPV2-nouserpass.8021x

@@ -0,0 +1,5 @@
+[Security]
+EAP-Method=MSCHAPV2
+
+[Settings]
+AutoConnect=false

autotests/testEAP/mschapv2/ssidEAP-MSCHAPV2.8021x

@@ -0,0 +1,7 @@
+[Security]
+EAP-Method=MSCHAPV2
+EAP-Identity=mschapv2@example.com
+EAP-Password=Password
+
+[Settings]
+AutoConnect=false

autotests/testEAP/peap/ssidEAP-PEAP-GTC.8021x

@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peap@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=GTC
+EAP-PEAP-Phase2-Identity=gtc-phase2@example.com
+EAP-PEAP-Phase2-Password=Password
+
+[Settings]
+AutoConnect=false

autotests/testEAP/peap/ssidEAP-PEAP-MD5.8021x

@@ -0,0 +1,14 @@
+[Security]
+EAP-Method=PEAP
+
+EAP-Identity=peap@example.com
+
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=MD5
+EAP-PEAP-Phase2-Identity=md5-phase2@example.com
+EAP-PEAP-Phase2-Password=Password
+
+[Settings]
+AutoConnect=false

autotests/testEAP/peap/ssidEAP-PEAP-MSCHAPv2.8021x

@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peap@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=MSCHAPV2
+EAP-PEAP-Phase2-Identity=mschapv2-phase2@example.com
+EAP-PEAP-Phase2-Password=Password
+
+[Settings]
+AutoConnect=false

autotests/testEAP/peap/ssidEAP-PEAP-SIM.8021x

@@ -0,0 +1,10 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peap@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=SIM
+
+[Settings]
+AutoConnect=false

autotests/testEAP/peap/ssidEAP-PEAPv0-GTC.8021x

@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peapv0@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=GTC
+EAP-PEAP-Phase2-Identity=gtc-phase2@example.com
+EAP-PEAP-Phase2-Password=Password
+
+[Settings]
+AutoConnect=false

autotests/testEAP/peap/ssidEAP-PEAPv0-MD5.8021x

@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peapv0@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=MD5
+EAP-PEAP-Phase2-Identity=md5-phase2@example.com
+EAP-PEAP-Phase2-Password=Password
+
+[Settings]
+AutoConnect=false

autotests/testEAP/peap/ssidEAP-PEAPv0-MSCHAPv2.8021x

@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peapv0@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=MSCHAPV2
+EAP-PEAP-Phase2-Identity=mschapv2-phase2@example.com
+EAP-PEAP-Phase2-Password=Password
+
+[Settings]
+AutoConnect=false

autotests/testEAP/peap/ssidEAP-PEAPv0-SIM.8021x

@@ -0,0 +1,10 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peapv0@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=SIM
+
+[Settings]
+AutoConnect=false

autotests/testEAP/peap/ssidEAP-PEAPv1-GTC.8021x

@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peapv1@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=GTC
+EAP-PEAP-Phase2-Identity=gtc-phase2@example.com
+EAP-PEAP-Phase2-Password=Password
+
+[Settings]
+AutoConnect=false

autotests/testEAP/peap/ssidEAP-PEAPv1-MD5.8021x

@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peapv1@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=MD5
+EAP-PEAP-Phase2-Identity=md5-phase2@example.com
+EAP-PEAP-Phase2-Password=Password
+
+[Settings]
+AutoConnect=false

autotests/testEAP/peap/ssidEAP-PEAPv1-MSCHAPv2.8021x

@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peapv1@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=MSCHAPV2
+EAP-PEAP-Phase2-Identity=mschapv2-phase2@example.com
+EAP-PEAP-Phase2-Password=Password
+
+[Settings]
+AutoConnect=false

autotests/testEAP/peap/ssidEAP-PEAPv1-SIM.8021x

@@ -0,0 +1,10 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peapv1@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=SIM
+
+[Settings]
+AutoConnect=false

autotests/testEAP/sim/aka.db

@@ -0,0 +1,3 @@
+# IMSI K OPC AMF SQN
+
+12345678:90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:61df:000000000021

autotests/testEAP/sim/sim.db

@@ -0,0 +1 @@
+12345678:673fb8cd35f98800:1fb1e3b5:DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD

autotests/testEAP/sim/ssidEAP-AKA-prime.8021x

@@ -0,0 +1,5 @@
+[Security]
+EAP-Method=AKA'
+
+[Settings]
+AutoConnect=false

autotests/testEAP/sim/ssidEAP-AKA.8021x

@@ -0,0 +1,2 @@
+[Security]
+EAP-Method=AKA

autotests/testEAP/sim/ssidEAP-SIM.8021x

@@ -0,0 +1,5 @@
+[Security]
+EAP-Method=SIM
+
+[Settings]
+AutoConnect=false

autotests/testEAP/ssidEAP-PWD.8021x

@@ -0,0 +1,7 @@
+[Security]
+EAP-Method=PWD
+EAP-Identity=pwd@example.com
+EAP-Password=Password
+
+[Settings]
+AutoConnect=false

autotests/testEAP/ssidEAP.conf

@@ -0,0 +1,14 @@
+hw_mode=g
+channel=1
+ssid=ssidEAP
+wpa=3
+wpa_key_mgmt=WPA-EAP
+ieee8021x=1
+eap_server=1
+eap_user_file=/tmp/secrets/eap-user.text
+ca_cert=/tmp/certs/cert-ca.pem
+server_cert=/tmp/certs/cert-server.pem
+private_key=/tmp/certs/cert-server-key.pem
+
+eap_sim_db=unix:/tmp/hlrauc.sock
+eap_sim_aka_result_ind=1

autotests/testEAP/tls/ssidEAP-TLS-des-ede3.8021x

@@ -0,0 +1,9 @@
+[Security]
+EAP-Method=TLS
+EAP-TLS-CACert=/tmp/certs/cert-ca.pem
+EAP-TLS-ClientCert=/tmp/certs/cert-client.crt
+EAP-TLS-ClientKey=/tmp/certs/cert-client-key-v2-des-ede3.pem
+EAP-Identity=tls@example.com
+
+[Settings]
+AutoConnect=False

autotests/testEAP/tls/ssidEAP-TLS-embedded.8021x

@@ -0,0 +1,94 @@
+[Security]
+EAP-Method=TLS
+EAP-TLS-CACert=embed:cert_ca
+EAP-TLS-ClientCert=embed:cert_client
+EAP-TLS-ClientKey=embed:cert_client_key
+EAP-Identity=tls@example.com
+
+[@pem@cert_ca]
+-----BEGIN CERTIFICATE-----
+MIIEVDCCAzygAwIBAgIJAJmt2W7CutHvMA0GCSqGSIb3DQEBCwUAMHgxNTAzBgNV
+BAoMLEludGVybmF0aW9uYWwgVW5pb24gb2YgRXhhbXBsZSBPcmdhbml6YXRpb25z
+MR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1ZXIgZ3V5MR4wHAYJKoZIhvcNAQkB
+Fg9jYUBtYWlsLmV4YW1wbGUwHhcNMTYwNTE3MjEyMDQ2WhcNNDMxMDAzMjEyMDQ2
+WjB4MTUwMwYDVQQKDCxJbnRlcm5hdGlvbmFsIFVuaW9uIG9mIEV4YW1wbGUgT3Jn
+YW5pemF0aW9uczEfMB0GA1UEAwwWQ2VydGlmaWNhdGUgaXNzdWVyIGd1eTEeMBwG
+CSqGSIb3DQEJARYPY2FAbWFpbC5leGFtcGxlMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAo3GrGqW49h8kY2Wx/1kd5dIkYGazuWrX93ma9904hHBJNsvu
+V34QfHVln6wDpMZMwuvkfct09kl0rQpztJzA9YL4GMdmV6+6J6LiX1kMqLkNaJa+
+Ov+ECG5ypBRbSTYKpqFsc5wPOQf/N8brBiZS1v67va3fCwO6dgLeAf7dZ3Q70oUr
+mghbK8UnlC+wLShxCBAW8TUKg7B7M5Gea794CO9wH7NsFyAr963WVcLxrdL3xMHZ
+9hcscrljh35nCAc6sum1cTtWI651OGehr0Bhp2o2Exgr2mbo5TobqEW+fe4gc4ik
+0nzHGWiOVaszUcvpeeduGV3y6om93atffeKuxQIDAQABo4HgMIHdMA8GA1UdEwQI
+MAYBAf8CAQAwHQYDVR0OBBYEFO+M3tJAELTnseUqZyP4vl5X7SmUMIGqBgNVHSME
+gaIwgZ+AFO+M3tJAELTnseUqZyP4vl5X7SmUoXykejB4MTUwMwYDVQQKDCxJbnRl
+cm5hdGlvbmFsIFVuaW9uIG9mIEV4YW1wbGUgT3JnYW5pemF0aW9uczEfMB0GA1UE
+AwwWQ2VydGlmaWNhdGUgaXNzdWVyIGd1eTEeMBwGCSqGSIb3DQEJARYPY2FAbWFp
+bC5leGFtcGxlggkAma3ZbsK60e8wDQYJKoZIhvcNAQELBQADggEBAA/Yb9jB94OF
+swbyCrA6Qe53YGC4dfqrKGRThtGKTrH0XcM2x2qLIIbiNDogwhRqlUW8iNY6Dm2k
+43mJzNsYhy7Nt3IJFCguTJFilfGzQnBtK8wCr/C9qsj//BESOIlo/TDZ2Ho4ixcJ
+n+FTnN34F6JJ0DIvA6tNBe1kUFSrbubL8ygNWJ9BKMebEzokGNGCGFNr70DlQj2o
+1EOMMOkj0gWO0WegAYFLojzag3l+uvU59YE+/fbZ2iclyvbF7IutQ5M9g5TnQE6F
+f+qFKR5+bhlJwry6vLl/6ulihkvF3y1bm7zae62zbFaZRU6PJUl1DtXiA23ZTm9T
+VDivqs07R84=
+-----END CERTIFICATE-----
+
+[@pem@cert_client]
+-----BEGIN CERTIFICATE-----
+MIIEPTCCAyWgAwIBAgIJAPk7rut4SWQCMA0GCSqGSIb3DQEBCwUAMHgxNTAzBgNV
+BAoMLEludGVybmF0aW9uYWwgVW5pb24gb2YgRXhhbXBsZSBPcmdhbml6YXRpb25z
+MR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1ZXIgZ3V5MR4wHAYJKoZIhvcNAQkB
+Fg9jYUBtYWlsLmV4YW1wbGUwHhcNMTYwNTE3MjEyMDQ3WhcNNDMxMDAzMjEyMDQ3
+WjBnMSEwHwYDVQQKDBhCYXIgRXhhbXBsZSBPcmdhbml6YXRpb24xITAfBgNVBAMM
+GEJhciBFeGFtcGxlIE9yZ2FuaXphdGlvbjEfMB0GCSqGSIb3DQEJARYQYmFyQG1h
+aWwuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOE5D/lU
+haTC3xL281ttZPRURXlKJqLwcHGXQSuQm6wwYWtAhLyMLEHrryE0oChKdw3eV7Nn
+/IODxvk1S8uIuKfHWuNd5qX/yu7CjCWvyim2CSJHF24rQFmb9ePoddOZnDMMAIz7
+PC325JVhbr/LSBLbqhZ0smHy1HKyrzzHHzKU4YcTH/3+3H4MHZwnNZfbfG5qhRZG
+Nuu/8t+AWVcEocPRGYZpzWJNq6AAzojAHSSOxxiscBMiuQ+BdofPw9XhwpS+Fstk
+rvF8J9FfZj5U3FOm/EgOQn8efnrUL231PqB1R9PIKYv/938p3iDMIi0ETiKi5ced
+WV8m2PcykPdNOKMCAwEAAaOB2jCB1zAJBgNVHRMEAjAAMB0GA1UdDgQWBBTs9eey
+OkMw3uiPpDOa3b9KErbEfzCBqgYDVR0jBIGiMIGfgBTvjN7SQBC057HlKmcj+L5e
+V+0plKF8pHoweDE1MDMGA1UECgwsSW50ZXJuYXRpb25hbCBVbmlvbiBvZiBFeGFt
+cGxlIE9yZ2FuaXphdGlvbnMxHzAdBgNVBAMMFkNlcnRpZmljYXRlIGlzc3VlciBn
+dXkxHjAcBgkqhkiG9w0BCQEWD2NhQG1haWwuZXhhbXBsZYIJAJmt2W7CutHvMA0G
+CSqGSIb3DQEBCwUAA4IBAQA8MxPjU2h5gwntQeSs8eeaEUILMkoU6JSDS4s5Hex5
+xYMLfcSoPPI0E6ahvKtWkSM0UZThyWsulSDTI1EgAiebjms06m1Ogh9V+0VbcOlQ
+D/k3+fSRIiyY+v3J/h8ArUby+m5O2g1TgECr/nZl4avoAI0RpBi3lH6tC8GQYdbc
+SA6hpNCM/dY3LWtAo2W6mdE8+RlCuTj4VZiQ1g6GE77t6XwDFL6vQBzLLXrinvXK
+Ha+IssV5sGdpH9bVFWIJV2q3OZuv3HLhQfGmeUrGyWVcokQQ8d6kRwg65Zb1+KT2
+bNlVKhPAMBk4ayEocpqFIfqfCKDjGdPUruIh8IVDc684
+-----END CERTIFICATE-----
+
+[@pem@cert_client_key]
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDhOQ/5VIWkwt8S
+9vNbbWT0VEV5Siai8HBxl0ErkJusMGFrQIS8jCxB668hNKAoSncN3lezZ/yDg8b5
+NUvLiLinx1rjXeal/8ruwowlr8optgkiRxduK0BZm/Xj6HXTmZwzDACM+zwt9uSV
+YW6/y0gS26oWdLJh8tRysq88xx8ylOGHEx/9/tx+DB2cJzWX23xuaoUWRjbrv/Lf
+gFlXBKHD0RmGac1iTaugAM6IwB0kjscYrHATIrkPgXaHz8PV4cKUvhbLZK7xfCfR
+X2Y+VNxTpvxIDkJ/Hn561C9t9T6gdUfTyCmL//d/Kd4gzCItBE4iouXHnVlfJtj3
+MpD3TTijAgMBAAECggEBAIbg9YAL7j1NtupUmkkWqm7oSPLqRVkvRSfBvXWplJD6
+KF1itht0lsyjqK3qJj/62HGlxj/a9o6MTIzSLiImLu/Lo9KmWYrwNUfnmqa3MArq
+yW2NxapknJUNoaRrgqTGSZUIiwvjKZcdVKdhQkH6K5+fja0FFg8yrahC+k8bsMNI
+5mw8NwRdR3SvHJWHCLfKCQ31tju7On/4C6jr0siUCc2//W+SO5c+FHDY1bma02cp
+jXTEiFpw91YcyKxiADIaH9/qfxWdefxqYg1WlUeXF3jYt5xYnYr34qKW1gOZ3jy1
+QJ3esn382ZTml3TFZWy+g9tkYyOSgmDwQZbLk/ppBAECgYEA8RzLBFwP018ieMBv
+khDtwcKk6ZihkWZxEPQPuUljWzzAHn/f3dXOcrfmflAKeoDEeYDimDYDizTLDPC4
+zmWkMJHNadcM5H065BbGVFQWXo47ltccfIlB/1vzG8aywfJ/yNfHvH87wbH2eg6N
+yOr+96ZjLJszQ+Rv189BbXDzTcMCgYEA7yEbUL/A1J0l2kLoYyS0vfVa7AyBVOFW
+vPgfkF7HdNpIiFWlukMr+DWOolaoZp5iHqQXFwJsL8qCcrbZuHbaNHAI/5vDE9xG
+fh8KzrfBrjIPIyNm6EWpsBo5unXK+wTeqIAGKdzDo5Q3zEE6G5DkkHItKA7yjPOM
+gz/b/MR3W6ECgYBBv3dA3hXWrreIs/j4nLMoxfoQVPWh34xvcg4jmXaFd6Bv8LDM
+HjRopestgIgK9bgd5d5kYT5AJIpGIhJS/fZy5B9egCzc1aVMc0Vr024yJJjtPgVf
+lFIx3xIA/gLazlS4INcveIaEABJVIEjbg/E4+N9MV5n4Jn+1GqgdvtIp3wKBgQC0
+C3lFkxrc+nVFoJrYCwsK+3E5yTCXeBKWtTsOuE307WUvQU1GsMyqVajPEfA5U4cN
+Cv9Xk7thQFh3hrTm7pXcZX5g9iYrDe8FhtncSv7I6Wf8TOtudwUMUrKkcYwi88ex
+lrMNUer7ft2ELJhTqQRuvYjCYH6/IaDqMWqxJju4AQKBgQDPjOh75ykQc93SsYpt
+Tb4gQKLeqOb57pofT8D44DccatfEgk31D4fBIIQu6XKopQmCtQyX9DUDjOWFTxuo
+IMPysN6Fh1quCbC6Xt5xfKoaJG5yQYKeKtLhknwEW9SUifU2xVrOcPikLs7Iwmmp
+BkDLsu/YKwRFSfrbYZXbTlU8tQ==
+-----END PRIVATE KEY-----
+
+[Settings]
+AutoConnect=False

autotests/testEAP/tls/ssidEAP-TLS-keybundle.8021x

@@ -0,0 +1,9 @@
+[Security]
+EAP-Method=TLS
+EAP-TLS-CACert=/tmp/certs/cert-ca.pem
+EAP-TLS-ClientKeyBundle=/tmp/certs/cert-client.p12
+EAP-TLS-ClientKeyPassphrase=abc
+EAP-Identity=tls@example.com
+
+[Settings]
+AutoConnect=False

autotests/testEAP/tls/ssidEAP-TLS-keypass.8021x

@@ -0,0 +1,10 @@
+[Security]
+EAP-Method=TLS
+EAP-TLS-CACert=/tmp/certs/cert-ca.pem
+EAP-TLS-ClientCert=/tmp/certs/cert-client.pem
+EAP-TLS-ClientKey=/tmp/certs/cert-client-key-md5-des.pem
+EAP-TLS-ClientKeyPassphrase=abc
+EAP-Identity=tls@example.com
+
+[Settings]
+AutoConnect=False

autotests/testEAP/tls/ssidEAP-TLS-nokeypass.8021x

@@ -0,0 +1,9 @@
+[Security]
+EAP-Method=TLS
+EAP-TLS-CACert=/tmp/certs/cert-ca.pem
+EAP-TLS-ClientCert=/tmp/certs/cert-client.pem
+EAP-TLS-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-Identity=tls@example.com
+
+[Settings]
+AutoConnect=False

autotests/testEAP/ttls/ssidEAP-TTLS-CHAP.8021x

@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=TTLS
+EAP-Identity=ttls@example.com
+EAP-TTLS-Phase2-Method=Tunneled-CHAP
+
+# If CHAP Identity and Password are left out, they will be requested through
+# the agent.
+#EAP-TTLS-Phase2-Identity=ttls-chap-phase2@example.com
+#EAP-TTLS-Phase2-Password=Password
+
+[Settings]
+AutoConnect=False

autotests/testEAP/ttls/ssidEAP-TTLS-MD5.8021x

@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=TTLS
+EAP-Identity=ttls@example.com
+EAP-TTLS-CACert=/tmp/certs/cert-ca.pem
+EAP-TTLS-ClientCert=/tmp/certs/cert-client.pem
+EAP-TTLS-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-TTLS-Phase2-Method=MD5
+EAP-TTLS-Phase2-Identity=md5-phase2@example.com
+EAP-TTLS-Phase2-Password=Password
+
+[Settings]
+AutoConnect=False

autotests/testEAP/ttls/ssidEAP-TTLS-MSCHAPV2.8021x

@@ -0,0 +1,8 @@
+[Security]
+EAP-Method=TTLS
+EAP-Identity=ttls@example.com
+EAP-TTLS-CACert=/tmp/certs/cert-ca.pem
+EAP-TTLS-ClientCert=/tmp/certs/cert-client.pem
+EAP-TTLS-ClientKey=/tmp/certs/cert-client-key-v2-des-ede3.pem
+EAP-TTLS-Phase2-Method=MSCHAPV2
+EAP-TTLS-Phase2-Identity=mschapv2-phase2@example.com

autotests/testEAP/ttls/ssidEAP-TTLS-Tunneled-MSCHAP.8021x

@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=TTLS
+EAP-Identity=ttls@example.com
+EAP-TTLS-Phase2-Method=Tunneled-MSCHAP
+
+# If MSCHAP Identity and Password are left out, they will be requested through
+# the agent.
+#EAP-TTLS-Phase2-Identity=ttls-mschap-phase2@example.com
+#EAP-TTLS-Phase2-Password=Password
+
+[Settings]
+AutoConnect=False

autotests/testEAP/ttls/ssidEAP-TTLS-Tunneled-MSCHAPV2.8021x

@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=TTLS
+EAP-Identity=ttls@example.com
+EAP-TTLS-Phase2-Method=Tunneled-MSCHAPv2
+
+# If MSCHAP Identity and Password are left out, they will be requested through
+# the agent.
+#EAP-TTLS-Phase2-Identity=ttls-mschapv2-phase2@example.com
+#EAP-TTLS-Phase2-Password=Password
+
+[Settings]
+AutoConnect=False

autotests/testEAP/ttls/ssidEAP-TTLS-Tunneled-PAP.8021x

@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=TTLS
+EAP-Identity=ttls@example.com
+EAP-TTLS-Phase2-Method=Tunneled-PAP
+
+# If PAP Identity and Password are left out, they will be requested through
+# the agent.
+#EAP-TTLS-Phase2-Identity=ttls-pap@example.com
+#EAP-TTLS-Phase2-Password=Password
+
+[Settings]
+AutoConnect=False