#!/usr/bin/env python3.4
#
# Copyright 2016 - The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import pprint
import random
import time
from acts import asserts
from acts import base_test
from acts import signals
from acts.test_utils.wifi import wifi_test_utils as wutils
WifiEnums = wutils.WifiEnums
# EAP Macros
EAP = WifiEnums.Eap
EapPhase2 = WifiEnums.EapPhase2
# Enterprise Config Macros
Ent = WifiEnums.Enterprise
class WifiEnterpriseTest(base_test.BaseTestClass):
def __init__(self, controllers):
base_test.BaseTestClass.__init__(self, controllers)
self.tests = (
"test_eap_connect",
"test_eap_connect_negative",
)
def setup_class(self):
self.dut = self.android_devices[0]
wutils.wifi_test_device_init(self.dut)
required_userparam_names = (
"ca_cert",
"client_cert",
"client_key",
"passpoint_ca_cert",
"passpoint_client_cert",
"passpoint_client_key",
"eap_identity",
"eap_password",
"invalid_ca_cert",
"invalid_client_cert",
"invalid_client_key",
"fqdn",
"provider_friendly_name",
"realm",
"ssid_peap0",
"ssid_peap1",
"ssid_tls",
"ssid_ttls",
"ssid_pwd",
"ssid_sim",
"ssid_aka",
"ssid_aka_prime",
"ssid_passpoint",
"device_password",
"ping_addr"
)
self.unpack_userparams(required_userparam_names,
roaming_consortium_ids=None,
plmn=None)
# Default configs for EAP networks.
self.config_peap0 = {
Ent.EAP: EAP.PEAP,
Ent.CA_CERT: self.ca_cert,
Ent.IDENTITY: self.eap_identity,
Ent.PASSWORD: self.eap_password,
Ent.PHASE2: EapPhase2.MSCHAPV2,
WifiEnums.SSID_KEY: self.ssid_peap0
}
self.config_peap1 = dict(self.config_peap0)
self.config_peap1[WifiEnums.SSID_KEY] = self.ssid_peap1
self.config_tls = {
Ent.EAP: EAP.TLS,
Ent.CA_CERT: self.ca_cert,
WifiEnums.SSID_KEY: self.ssid_tls,
Ent.CLIENT_CERT: self.client_cert,
Ent.PRIVATE_KEY_ID: self.client_key,
Ent.IDENTITY: self.eap_identity,
}
self.config_ttls = {
Ent.EAP: EAP.TTLS,
Ent.CA_CERT: self.ca_cert,
Ent.IDENTITY: self.eap_identity,
Ent.PASSWORD: self.eap_password,
Ent.PHASE2: EapPhase2.MSCHAPV2,
WifiEnums.SSID_KEY: self.ssid_ttls
}
self.config_pwd = {
Ent.EAP: EAP.PWD,
Ent.IDENTITY: self.eap_identity,
Ent.PASSWORD: self.eap_password,
WifiEnums.SSID_KEY: self.ssid_pwd
}
self.config_sim = {
Ent.EAP: EAP.SIM,
WifiEnums.SSID_KEY: self.ssid_sim,
}
self.config_aka = {
Ent.EAP: EAP.AKA,
WifiEnums.SSID_KEY: self.ssid_aka,
}
self.config_aka_prime = {
Ent.EAP: EAP.AKA_PRIME,
WifiEnums.SSID_KEY: self.ssid_aka_prime,
}
# Base config for passpoint networks.
self.config_passpoint = {
Ent.FQDN: self.fqdn,
Ent.FRIENDLY_NAME: self.provider_friendly_name,
Ent.REALM: self.realm,
Ent.CA_CERT: self.passpoint_ca_cert
}
if self.plmn:
self.config_passpoint[Ent.PLMN] = self.plmn
if self.roaming_consortium_ids:
self.config_passpoint[Ent.ROAMING_IDS] = self.roaming_consortium_ids
# Default configs for passpoint networks.
self.config_passpoint_tls = dict(self.config_tls)
self.config_passpoint_tls.update(self.config_passpoint)
self.config_passpoint_tls[Ent.CLIENT_CERT] = self.passpoint_client_cert
self.config_passpoint_tls[Ent.PRIVATE_KEY_ID] = self.passpoint_client_key
del self.config_passpoint_tls[WifiEnums.SSID_KEY]
self.config_passpoint_ttls = dict(self.config_ttls)
self.config_passpoint_ttls.update(self.config_passpoint)
del self.config_passpoint_ttls[WifiEnums.SSID_KEY]
# Set screen lock password so ConfigStore is unlocked.
self.dut.droid.setDevicePassword(self.device_password)
def teardown_class(self):
wutils.reset_wifi(self.dut)
self.dut.droid.disableDevicePassword()
self.dut.ed.clear_all_events()
def setup_test(self):
self.dut.droid.wifiStartTrackingStateChange()
self.dut.droid.wakeLockAcquireBright()
self.dut.droid.wakeUpNow()
wutils.reset_wifi(self.dut)
self.dut.ed.clear_all_events()
def teardown_test(self):
self.dut.droid.wakeLockRelease()
self.dut.droid.goToSleepNow()
self.dut.droid.wifiStopTrackingStateChange()
def on_fail(self, test_name, begin_time):
self.dut.cat_adb_log(test_name, begin_time)
"""Helper Functions"""
def eap_negative_connect_logic(self, config, ad):
"""Tries to connect to an enterprise network with invalid credentials
and expect a failure.
Args:
config: A dict representing an invalid EAP credential.
Returns:
True if connection failed as expected, False otherwise.
"""
with asserts.assert_raises(signals.TestFailure, extras=config):
verdict = wutils.eap_connect(config, ad)
asserts.explicit_pass("Connection failed as expected.")
def expand_config_by_phase2(self, config):
"""Take an enterprise config and generate a list of configs, each with
a different phase2 auth type.
Args:
config: A dict representing enterprise config.
Returns
A list of enterprise configs.
"""
results = []
for phase2_type in EapPhase2:
# Skip a special case for passpoint TTLS.
if Ent.FQDN in config and phase2_type == EapPhase2.GTC:
continue
c = dict(config)
c[Ent.PHASE2] = phase2_type
results.append(c)
return results
def gen_eap_configs(self):
"""Generates configurations for different EAP authentication types.
Returns:
A list of dicts each representing an EAP configuration.
"""
configs = [self.config_tls,
self.config_pwd,
self.config_sim,
self.config_aka,
self.config_aka_prime]
configs += wutils.expand_enterprise_config_by_phase2(self.config_ttls)
configs += wutils.expand_enterprise_config_by_phase2(self.config_peap0)
configs += wutils.expand_enterprise_config_by_phase2(self.config_peap1)
return configs
def gen_passpoint_configs(self):
"""Generates passpoint configurations for different EAP authentication
types.
Returns:
A list of dicts each representing an EAP configuration for
passpoint networks.
"""
configs = [self.config_passpoint_tls]
configs += wutils.expand_enterprise_config_by_phase2(self.config_passpoint_ttls)
return configs
def gen_negative_configs(self, configs, neg_params):
"""Generic function used to generate negative configs.
For all the valid configurations, if a param in the neg_params also
exists in a config, a copy of the config is made with an invalid value
of the param.
Args:
configs: A list of valid configurations.
neg_params: A dict that has all the invalid values.
Returns:
A list of invalid configurations generated based on the valid
configurations. Each invalid configuration has a different invalid
field.
"""
results = []
for c in configs:
for k, v in neg_params.items():
# Skip negative test for TLS's identity field since it's not
# used for auth.
if c[Ent.EAP] == EAP.TLS and k == Ent.IDENTITY:
continue
if k in c:
nc = dict(c)
nc[k] = v
nc["invalid_field"] = k
results.append(nc)
return results
def gen_negative_eap_configs(self):
"""Generates invalid configurations for different EAP authentication
types.
For all the valid EAP configurations, if a param that is part of the
authentication info exists in a config, a copy of the config is made
with an invalid value of the param.
Returns:
A list of dicts each representing an invalid EAP configuration.
"""
neg_params = {
Ent.CLIENT_CERT: self.invalid_client_cert,
Ent.CA_CERT: self.invalid_ca_cert,
Ent.PRIVATE_KEY_ID: self.invalid_client_key,
Ent.IDENTITY: "fake_identity",
Ent.PASSWORD: "wrong_password"
}
configs = self.gen_eap_configs()
return self.gen_negative_configs(configs, neg_params)
def gen_negative_passpoint_configs(self):
"""Generates invalid configurations for different EAP authentication
types with passpoint support.
Returns:
A list of dicts each representing an invalid EAP configuration
with passpoint fields.
"""
neg_params = {
Ent.CLIENT_CERT: self.invalid_client_cert,
Ent.CA_CERT: self.invalid_ca_cert,
Ent.PRIVATE_KEY_ID: self.invalid_client_key,
Ent.IDENTITY: "fake_identity",
Ent.PASSWORD: "wrong_password",
Ent.FQDN: "fake_fqdn",
Ent.REALM: "where_no_one_has_gone_before",
Ent.PLMN: "fake_plmn",
Ent.ROAMING_IDS: [1234567890, 9876543210]
}
configs = self.gen_passpoint_configs()
return self.gen_negative_configs(configs, neg_params)
def gen_eap_test_name(self, config, ad):
"""Generates a test case name based on an EAP configuration.
Args:
config: A dict representing an EAP credential.
ad: Discarded. This is here because name function signature needs
to be consistent with logic function signature for generated
test cases.
Returns:
A string representing the name of a generated EAP test case.
"""
eap_name = config[Ent.EAP].name
if "peap0" in config[WifiEnums.SSID_KEY].lower():
eap_name = "PEAP0"
if "peap1" in config[WifiEnums.SSID_KEY].lower():
eap_name = "PEAP1"
name = "test_connect-%s" % eap_name
if Ent.PHASE2 in config:
name += "-{}".format(config[Ent.PHASE2].name)
return name
def gen_passpoint_test_name(self, config, ad):
"""Generates a test case name based on an EAP passpoint configuration.
Args:
config: A dict representing an EAP passpoint credential.
ad: Discarded. This is here because name function signature needs
to be consistent with logic function signature for generated
test cases.
Returns:
A string representing the name of a generated EAP passpoint connect
test case.
"""
name = self.gen_eap_test_name(config, ad)
name = name.replace("connect", "passpoint_connect")
return name
"""Tests"""
@signals.generated_test
def test_eap_connect(self):
"""Test connecting to enterprise networks of different authentication
types.
The authentication types tested are:
EAP-TLS
EAP-PEAP with different phase2 types.
EAP-TTLS with different phase2 types.
Procedures:
For each enterprise wifi network
1. Connect to the network.
2. Send a GET request to a website and check response.
Expect:
Successful connection and Internet access through the enterprise
networks.
"""
eap_configs = self.gen_eap_configs()
self.log.info("Testing %d different configs." % len(eap_configs))
random.shuffle(eap_configs)
failed = self.run_generated_testcases(
wutils.eap_connect,
eap_configs,
args=(self.dut,),
name_func=self.gen_eap_test_name)
msg = ("The following configs failed EAP connect test: %s" %
pprint.pformat(failed))
asserts.assert_equal(len(failed), 0, msg)
@signals.generated_test
def test_eap_connect_negative(self):
"""Test connecting to enterprise networks.
Procedures:
For each enterprise wifi network
1. Connect to the network with invalid credentials.
Expect:
Fail to establish connection.
"""
neg_eap_configs = self.gen_negative_eap_configs()
self.log.info("Testing %d different configs." % len(neg_eap_configs))
random.shuffle(neg_eap_configs)
def name_gen(config, ad):
name = self.gen_eap_test_name(config, ad)
name += "-with_wrong-{}".format(config["invalid_field"])
return name
failed = self.run_generated_testcases(
self.eap_negative_connect_logic,
neg_eap_configs,
args=(self.dut,),
name_func=name_gen)
msg = ("The following configs failed negative EAP connect test: %s" %
pprint.pformat(failed))
asserts.assert_equal(len(failed), 0, msg)
@signals.generated_test
def test_passpoint_connect(self):
"""Test connecting to enterprise networks of different authentication
types with passpoint support.
The authentication types tested are:
EAP-TLS
EAP-TTLS with MSCHAPV2 as phase2.
Procedures:
For each enterprise wifi network
1. Connect to the network.
2. Send a GET request to a website and check response.
Expect:
Successful connection and Internet access through the enterprise
networks with passpoint support.
"""
asserts.skip_if(not self.dut.droid.wifiIsPasspointSupported(),
"Passpoint is not supported on device %s" % self.dut.model)
passpoint_configs = self.gen_passpoint_configs()
self.log.info("Testing %d different configs." % len(passpoint_configs))
random.shuffle(passpoint_configs)
failed = self.run_generated_testcases(
wutils.eap_connect,
passpoint_configs,
args=(self.dut,),
name_func=self.gen_passpoint_test_name)
msg = ("The following configs failed passpoint connect test: %s" %
pprint.pformat(failed))
asserts.assert_equal(len(failed), 0, msg)
@signals.generated_test
def test_passpoint_connect_negative(self):
"""Test connecting to enterprise networks.
Procedures:
For each enterprise wifi network
1. Connect to the network with invalid credentials.
Expect:
Fail to establish connection.
"""
asserts.skip_if(not self.dut.droid.wifiIsPasspointSupported(),
"Passpoint is not supported on device %s" % self.dut.model)
neg_passpoint_configs = self.gen_negative_passpoint_configs()
self.log.info("Testing %d different configs." % len(neg_passpoint_configs))
random.shuffle(neg_passpoint_configs)
def name_gen(config, ad):
name = self.gen_passpoint_test_name(config, ad)
name += "-with_wrong-{}".format(config["invalid_field"])
return name
failed = self.run_generated_testcases(
self.eap_negative_connect_logic,
neg_passpoint_configs,
args=(self.dut,),
name_func=name_gen)
msg = ("The following configs failed negative passpoint connect test: "
"%s") % pprint.pformat(failed)
asserts.assert_equal(len(failed), 0, msg)