Google Git
Sign in
cos / mirrors / cros / chromiumos / third_party / autotest / refs/heads/stabilize-4068.0.B / . / server / site_tests / network_WiFiRoaming / 011PMKSA_Caching
blob: 9c0090e027d1d1280c356d8a73302b0aea6608db [file] [log] [blame]
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# Test that 802.1x authentication is bypassed and uses PMKSA caching
# instead when a cache candidate is available.
{ "name":"Check1x_PMKSA",
"steps":[ # Channel [any]
[ "create", { "type":"hostap" } ],
[ "install_files", { "system" : "router",
"files" :
{ site_eap_certs.server_ca_cert_1_install_path :
site_eap_certs.ca_cert_1,
site_eap_certs.server_cert_1_install_path :
site_eap_certs.server_cert_1,
site_eap_certs.server_key_1_install_path :
site_eap_certs.server_private_key_1,
site_eap_certs.server_expired_cert_install_path :
site_eap_certs.server_expired_cert,
site_eap_certs.server_expired_key_install_path :
site_eap_certs.server_expired_key,
"/tmp/hostapd_eap_user_file" :
"* TLS"} } ],
[ "config", { "channel":"2412", "mode":"11g",
"wpa":"2", "wpa_key_mgmt":"WPA-EAP",
"rsn_pairwise":"CCMP", "ieee8021x":"1",
"rsn_preauth" : "1",
"eap_server" : "1",
"ca_cert" :
site_eap_certs.server_ca_cert_1_install_path,
"server_cert" :
site_eap_certs.server_cert_1_install_path,
"private_key" :
site_eap_certs.server_key_1_install_path,
"eap_user_file" : "/tmp/hostapd_eap_user_file"} ],
[ "install_files", { "system" : "client",
"files" :
{ site_eap_certs.client_ca_cert_1_install_path :
site_eap_certs.ca_cert_1,
site_eap_certs.client_ca_cert_2_install_path :
site_eap_certs.ca_cert_2,
site_eap_certs.client_cert_1_install_path :
site_eap_certs.client_cert_1,
site_eap_certs.client_cert_2_install_path :
site_eap_certs.client_cert_2,
site_eap_certs.client_key_1_install_path :
site_eap_certs.client_private_key_1,
site_eap_certs.client_key_2_install_path :
site_eap_certs.client_private_key_2, } } ],
# Connect to 802.1x network.
[ "connect", { "security": "802_1x",
"psk" : "EAP.Identity:chromeos"
":EAP.ClientCert:" +
site_eap_certs.client_cert_1_install_path +
":EAP.PrivateKey:" +
site_eap_certs.client_key_1_install_path +
":EAP.CACert:" +
site_eap_certs.client_ca_cert_1_install_path
} ],
# Add another AP with identical configuration except on a different channel.
[ "config", { "channel": "5240", "multi_interface": None } ],
# Wait for service to really come up and start beaconing.
[ "sleep", { "time": "5" } ],
# Command the client to roam to the second AP. We need to scan first
# so that the second AP appears in wpa_supplicant's tables.
[ "scan" ],
[ "client_roam", { "instance":1 } ],
# Ensure that the client gains connectivity to the second AP.
[ "wait_service", { "run_timeout":20, # Timeout is 20 seconds
"debug":True, # Print state transitions
"states": [
(None, '+ready') # Wait for transition into a
] } ], # new 'ready' state.
# Force a roam back to the first AP by removing the second.
[ "deconfig", { "instance":1, "silent": None } ],
# Ensure that the client regains connectivity to the first AP.
[ "wait_service", { "run_timeout":20, # Timeout is 20 seconds
"debug":True, # Print state transitions
"states":[
(None, '+ready') # Wait for transition into a
] } ], # new 'ready' state.
# Verify that PMKSA cache was used for authentication.
[ "verify_pmksa_auth" ],
[ "destroy" ],
],
}