//
// Copyright (C) 2013 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#include "shill/supplicant/supplicant_eap_state_handler.h"
#include <gmock/gmock.h>
#include <gtest/gtest.h>
#include "shill/mock_log.h"
#include "shill/supplicant/wpa_supplicant.h"
using std::string;
using testing::_;
using testing::EndsWith;
using testing::Mock;
namespace shill {
class SupplicantEAPStateHandlerTest : public testing::Test {
public:
SupplicantEAPStateHandlerTest() : failure_(Service::kFailureUnknown) {}
virtual ~SupplicantEAPStateHandlerTest() {}
protected:
void StartEAP() {
EXPECT_CALL(log_, Log(logging::LOG_INFO, _,
EndsWith("Authentication starting.")));
EXPECT_FALSE(handler_.ParseStatus(WPASupplicant::kEAPStatusStarted, "",
&failure_));
Mock::VerifyAndClearExpectations(&log_);
}
const string& GetTLSError() { return handler_.tls_error_; }
SupplicantEAPStateHandler handler_;
Service::ConnectFailure failure_;
ScopedMockLog log_;
};
TEST_F(SupplicantEAPStateHandlerTest, Construct) {
EXPECT_FALSE(handler_.is_eap_in_progress());
EXPECT_EQ("", GetTLSError());
}
TEST_F(SupplicantEAPStateHandlerTest, AuthenticationStarting) {
StartEAP();
EXPECT_TRUE(handler_.is_eap_in_progress());
EXPECT_EQ("", GetTLSError());
EXPECT_EQ(Service::kFailureUnknown, failure_);
}
TEST_F(SupplicantEAPStateHandlerTest, AcceptedMethod) {
StartEAP();
const string kEAPMethod("EAP-ROCHAMBEAU");
EXPECT_CALL(log_, Log(logging::LOG_INFO, _,
EndsWith("accepted method " + kEAPMethod)));
EXPECT_FALSE(handler_.ParseStatus(
WPASupplicant::kEAPStatusAcceptProposedMethod, kEAPMethod, &failure_));
EXPECT_TRUE(handler_.is_eap_in_progress());
EXPECT_EQ("", GetTLSError());
EXPECT_EQ(Service::kFailureUnknown, failure_);
}
TEST_F(SupplicantEAPStateHandlerTest, SuccessfulCompletion) {
StartEAP();
EXPECT_CALL(log_, Log(_, _,
EndsWith("Completed authentication successfully.")));
EXPECT_TRUE(handler_.ParseStatus(WPASupplicant::kEAPStatusCompletion,
WPASupplicant::kEAPParameterSuccess,
&failure_));
EXPECT_FALSE(handler_.is_eap_in_progress());
EXPECT_EQ("", GetTLSError());
EXPECT_EQ(Service::kFailureUnknown, failure_);
}
TEST_F(SupplicantEAPStateHandlerTest, EAPFailureGeneric) {
StartEAP();
// An EAP failure without a previous TLS indication yields a generic failure.
EXPECT_FALSE(handler_.ParseStatus(WPASupplicant::kEAPStatusCompletion,
WPASupplicant::kEAPParameterFailure,
&failure_));
// Since it hasn't completed successfully, we must assume even in failure
// that wpa_supplicant is continuing the EAP authentication process.
EXPECT_TRUE(handler_.is_eap_in_progress());
EXPECT_EQ("", GetTLSError());
EXPECT_EQ(Service::kFailureEAPAuthentication, failure_);
}
TEST_F(SupplicantEAPStateHandlerTest, EAPFailureLocalTLSIndication) {
StartEAP();
// A TLS indication should be stored but a failure should not be returned.
EXPECT_FALSE(handler_.ParseStatus(WPASupplicant::kEAPStatusLocalTLSAlert, "",
&failure_));
EXPECT_TRUE(handler_.is_eap_in_progress());
EXPECT_EQ(WPASupplicant::kEAPStatusLocalTLSAlert, GetTLSError());
EXPECT_EQ(Service::kFailureUnknown, failure_);
// An EAP failure with a previous TLS indication yields a specific failure.
EXPECT_FALSE(handler_.ParseStatus(WPASupplicant::kEAPStatusCompletion,
WPASupplicant::kEAPParameterFailure,
&failure_));
EXPECT_TRUE(handler_.is_eap_in_progress());
EXPECT_EQ(Service::kFailureEAPLocalTLS, failure_);
}
TEST_F(SupplicantEAPStateHandlerTest, EAPFailureRemoteTLSIndication) {
StartEAP();
// A TLS indication should be stored but a failure should not be returned.
EXPECT_FALSE(handler_.ParseStatus(WPASupplicant::kEAPStatusRemoteTLSAlert, "",
&failure_));
EXPECT_TRUE(handler_.is_eap_in_progress());
EXPECT_EQ(WPASupplicant::kEAPStatusRemoteTLSAlert, GetTLSError());
EXPECT_EQ(Service::kFailureUnknown, failure_);
// An EAP failure with a previous TLS indication yields a specific failure.
EXPECT_FALSE(handler_.ParseStatus(WPASupplicant::kEAPStatusCompletion,
WPASupplicant::kEAPParameterFailure,
&failure_));
EXPECT_TRUE(handler_.is_eap_in_progress());
EXPECT_EQ(Service::kFailureEAPRemoteTLS, failure_);
}
TEST_F(SupplicantEAPStateHandlerTest, BadRemoteCertificateVerification) {
StartEAP();
const string kStrangeParameter("ennui");
EXPECT_CALL(log_, Log(logging::LOG_ERROR, _, EndsWith(
string("Unexpected ") +
WPASupplicant::kEAPStatusRemoteCertificateVerification +
" parameter: " + kStrangeParameter)));
EXPECT_FALSE(handler_.ParseStatus(
WPASupplicant::kEAPStatusRemoteCertificateVerification, kStrangeParameter,
&failure_));
// Although we reported an error, this shouldn't mean failure.
EXPECT_TRUE(handler_.is_eap_in_progress());
EXPECT_EQ("", GetTLSError());
EXPECT_EQ(Service::kFailureUnknown, failure_);
}
TEST_F(SupplicantEAPStateHandlerTest, ParameterNeeded) {
StartEAP();
const string kAuthenticationParameter("nudge nudge say no more");
EXPECT_CALL(log_, Log(logging::LOG_ERROR, _, EndsWith(
string("aborted due to missing authentication parameter: ") +
kAuthenticationParameter)));
EXPECT_FALSE(handler_.ParseStatus(
WPASupplicant::kEAPStatusParameterNeeded, kAuthenticationParameter,
&failure_));
EXPECT_TRUE(handler_.is_eap_in_progress());
EXPECT_EQ("", GetTLSError());
EXPECT_EQ(Service::kFailureEAPAuthentication, failure_);
}
TEST_F(SupplicantEAPStateHandlerTest, ParameterNeededPin) {
StartEAP();
EXPECT_FALSE(handler_.ParseStatus(
WPASupplicant::kEAPStatusParameterNeeded,
WPASupplicant::kEAPRequestedParameterPIN,
&failure_));
EXPECT_TRUE(handler_.is_eap_in_progress());
EXPECT_EQ("", GetTLSError());
EXPECT_EQ(Service::kFailurePinMissing, failure_);
}
} // namespace shill