| # Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| # Test that 802.1x authentication is bypassed and uses PMKSA caching |
| # instead when a cache candidate is available. |
| |
| { "name":"Check1x_PMKSA", |
| "steps":[ # Channel [any] |
| [ "create", { "type":"hostap" } ], |
| [ "install_files", { "system" : "router", |
| "files" : |
| { site_eap_certs.server_ca_cert_1_install_path : |
| site_eap_certs.ca_cert_1, |
| site_eap_certs.server_cert_1_install_path : |
| site_eap_certs.server_cert_1, |
| site_eap_certs.server_key_1_install_path : |
| site_eap_certs.server_private_key_1, |
| site_eap_certs.server_expired_cert_install_path : |
| site_eap_certs.server_expired_cert, |
| site_eap_certs.server_expired_key_install_path : |
| site_eap_certs.server_expired_key, |
| "/tmp/hostapd_eap_user_file" : |
| "* TLS"} } ], |
| [ "config", { "channel":"2412", "mode":"11g", |
| "wpa":"2", "wpa_key_mgmt":"WPA-EAP", |
| "rsn_pairwise":"CCMP", "ieee8021x":"1", |
| "rsn_preauth" : "1", |
| "eap_server" : "1", |
| "ca_cert" : |
| site_eap_certs.server_ca_cert_1_install_path, |
| "server_cert" : |
| site_eap_certs.server_cert_1_install_path, |
| "private_key" : |
| site_eap_certs.server_key_1_install_path, |
| "eap_user_file" : "/tmp/hostapd_eap_user_file"} ], |
| |
| [ "install_files", { "system" : "client", |
| "files" : |
| { site_eap_certs.client_ca_cert_1_install_path : |
| site_eap_certs.ca_cert_1, |
| site_eap_certs.client_ca_cert_2_install_path : |
| site_eap_certs.ca_cert_2, |
| site_eap_certs.client_cert_1_install_path : |
| site_eap_certs.client_cert_1, |
| site_eap_certs.client_cert_2_install_path : |
| site_eap_certs.client_cert_2, |
| site_eap_certs.client_key_1_install_path : |
| site_eap_certs.client_private_key_1, |
| site_eap_certs.client_key_2_install_path : |
| site_eap_certs.client_private_key_2, } } ], |
| |
| # Connect to 802.1x network. |
| [ "connect", { "security": "802_1x", |
| "psk" : "EAP.Identity:chromeos" |
| ":EAP.ClientCert:" + |
| site_eap_certs.client_cert_1_install_path + |
| ":EAP.PrivateKey:" + |
| site_eap_certs.client_key_1_install_path + |
| ":EAP.CACert:" + |
| site_eap_certs.client_ca_cert_1_install_path |
| } ], |
| |
| # Add another AP with identical configuration except on a different channel. |
| [ "config", { "channel": "5240", "multi_interface": None } ], |
| |
| # Wait for service to really come up and start beaconing. |
| [ "sleep", { "time": "5" } ], |
| |
| # Command the client to roam to the second AP. We need to scan first |
| # so that the second AP appears in wpa_supplicant's tables. |
| [ "scan" ], |
| [ "client_roam", { "instance":1 } ], |
| |
| # Ensure that the client gains connectivity to the second AP. |
| [ "wait_service", { "run_timeout":20, # Timeout is 20 seconds |
| "debug":True, # Print state transitions |
| "states": [ |
| (None, '+ready') # Wait for transition into a |
| ] } ], # new 'ready' state. |
| |
| # Force a roam back to the first AP by removing the second. |
| [ "deconfig", { "instance":1, "silent": None } ], |
| |
| # Ensure that the client regains connectivity to the first AP. |
| [ "wait_service", { "run_timeout":20, # Timeout is 20 seconds |
| "debug":True, # Print state transitions |
| "states":[ |
| (None, '+ready') # Wait for transition into a |
| ] } ], # new 'ready' state. |
| |
| # Verify that PMKSA cache was used for authentication. |
| [ "verify_pmksa_auth" ], |
| |
| [ "destroy" ], |
| ], |
| } |