From 26589d440f332fe52238fa258d7d7b58df43eee5 Mon Sep 17 00:00:00 2001
From: Tibor Král <tibor.kral@pantheon.tech>
Date: Wed, 14 Nov 2018 18:20:02 +0100
Subject: HC2VPP-87: Expose IPSEC management
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Change-Id: Ib13a2cdba5a0902581c455de67cc0ee64d20598d
Signed-off-by: Tibor Král <tibor.kral@pantheon.tech>
---
 .../ipsec/write/Ikev2PolicyCustomizerTest.java     | 167 +++++++++++++++++++++
 1 file changed, 167 insertions(+)
 create mode 100644 ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyCustomizerTest.java

(limited to 'ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyCustomizerTest.java')

diff --git a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyCustomizerTest.java b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyCustomizerTest.java
new file mode 100644
index 000000000..0c7b65f1b
--- /dev/null
+++ b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyCustomizerTest.java
@@ -0,0 +1,167 @@
+/*
+ * Copyright (c) 2019 PANTHEON.tech.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.fd.hc2vpp.ipsec.write;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import io.fd.hc2vpp.common.test.write.WriterCustomizerTest;
+import io.fd.hc2vpp.common.translate.util.ByteDataTranslator;
+import io.fd.hc2vpp.common.translate.util.Ipv4Translator;
+import io.fd.hc2vpp.common.translate.util.Ipv6Translator;
+import io.fd.hc2vpp.ipsec.helpers.SchemaContextTestHelper;
+import io.fd.honeycomb.test.tools.HoneycombTestRunner;
+import io.fd.honeycomb.test.tools.annotations.InjectTestData;
+import io.fd.honeycomb.translate.write.WriteFailedException;
+import io.fd.vpp.jvpp.core.dto.Ikev2ProfileAddDel;
+import io.fd.vpp.jvpp.core.dto.Ikev2ProfileAddDelReply;
+import io.fd.vpp.jvpp.core.dto.Ikev2ProfileSetAuth;
+import io.fd.vpp.jvpp.core.dto.Ikev2ProfileSetAuthReply;
+import io.fd.vpp.jvpp.core.dto.Ikev2ProfileSetTs;
+import io.fd.vpp.jvpp.core.dto.Ikev2ProfileSetTsReply;
+import java.nio.ByteBuffer;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.IpsecIkev2PolicyAugmentation;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.ikev2.policy.aug.grouping.TrafficSelectors;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.Ikev2;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ikev2.Policy;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ikev2.PolicyKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ikev2.policy.profile.grouping.Authentication;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+
+@RunWith(HoneycombTestRunner.class)
+public class Ikev2PolicyCustomizerTest extends WriterCustomizerTest implements SchemaContextTestHelper,
+        ByteDataTranslator, Ipv4Translator, Ipv6Translator {
+
+    private static final String IKEV2_PATH = "/hc2vpp-ietf-ipsec:ikev2";
+    private Ikev2PolicyCustomizer customizer;
+
+    @Override
+    protected void setUpTest() throws Exception {
+        customizer = new Ikev2PolicyCustomizer(api);
+        when(api.ikev2ProfileAddDel(any())).thenReturn(future(new Ikev2ProfileAddDelReply()));
+        when(api.ikev2ProfileSetTs(any())).thenReturn(future(new Ikev2ProfileSetTsReply()));
+        when(api.ikev2ProfileSetAuth(any())).thenReturn(future(new Ikev2ProfileSetAuthReply()));
+    }
+
+    @Test
+    public void testWrite(@InjectTestData(resourcePath = "/ikev2/addIkev2Profile.json", id = IKEV2_PATH) Ikev2 ikev2)
+            throws WriteFailedException {
+        Policy policy = ikev2.getPolicy().get(0);
+        customizer.writeCurrentAttributes(getId(policy.getName()), policy, writeContext);
+        Ikev2ProfileAddDel profileAddrequest = new Ikev2ProfileAddDel();
+        profileAddrequest.isAdd = BYTE_TRUE;
+        profileAddrequest.name = policy.getName().getBytes();
+
+        verify(api).ikev2ProfileAddDel(profileAddrequest);
+        verify(api).ikev2ProfileSetTs(translateTStoRequest(policy.augmentation(IpsecIkev2PolicyAugmentation.class)
+                .getTrafficSelectors().get(0), policy.getName()));
+        verify(api).ikev2ProfileSetAuth(translateAuthToRequest(policy));
+    }
+
+    @Test
+    public void testUpdate(
+            @InjectTestData(resourcePath = "/ikev2/addDelProfile_before.json", id = IKEV2_PATH) Ikev2 ikev2Before,
+            @InjectTestData(resourcePath = "/ikev2/addDelProfile_after.json", id = IKEV2_PATH) Ikev2 ikev2After)
+            throws WriteFailedException {
+        final Policy before = ikev2Before.getPolicy().get(0);
+        final Policy after = ikev2After.getPolicy().get(0);
+        customizer.updateCurrentAttributes(getId(before.getName()), before, after, writeContext);
+
+        verify(api, times(0)).ikev2ProfileAddDel(any());
+        verify(api).ikev2ProfileSetTs(translateTStoRequest(after.augmentation(IpsecIkev2PolicyAugmentation.class)
+                .getTrafficSelectors().get(0), after.getName()));
+        verify(api).ikev2ProfileSetAuth(translateAuthToRequest(after));
+    }
+
+    @Test
+    public void testDelete(@InjectTestData(resourcePath = "/ikev2/addIkev2Profile.json", id = IKEV2_PATH) Ikev2 ikev2)
+            throws WriteFailedException {
+        Policy policy = ikev2.getPolicy().get(0);
+        customizer.deleteCurrentAttributes(getId(policy.getName()), policy, writeContext);
+        final Ikev2ProfileAddDel request = new Ikev2ProfileAddDel();
+        request.name = policy.getName().getBytes();
+        request.isAdd = BYTE_FALSE;
+        verify(api).ikev2ProfileAddDel(request);
+        verify(api, times(0)).ikev2ProfileSetTs(any());
+        verify(api, times(0)).ikev2ProfileSetAuth(any());
+    }
+
+    private InstanceIdentifier<Policy> getId(final String name) {
+        return InstanceIdentifier.create(Ikev2.class).child(Policy.class, new PolicyKey(name));
+    }
+
+    private Ikev2ProfileSetTs translateTStoRequest(final TrafficSelectors selector, final String policyName) {
+        Ikev2ProfileSetTs addTsRequest = new Ikev2ProfileSetTs();
+        if (selector.getLocalAddressHigh() != null && selector.getLocalAddressLow() != null) {
+            addTsRequest.isLocal = ByteDataTranslator.BYTE_TRUE;
+            addTsRequest.startAddr = ByteBuffer
+                    .wrap(ipv4AddressNoZoneToArray(selector.getLocalAddressLow().getIpv4Address().getValue())).getInt();
+            addTsRequest.endAddr = ByteBuffer
+                    .wrap(ipv4AddressNoZoneToArray(selector.getLocalAddressHigh().getIpv4Address().getValue()))
+                    .getInt();
+            if (selector.getLocalPortHigh() != null && selector.getLocalPortLow() != null) {
+                addTsRequest.startPort = selector.getLocalPortLow().getValue().shortValue();
+                addTsRequest.endPort = selector.getLocalPortHigh().getValue().shortValue();
+            }
+        } else if (selector.getRemoteAddressHigh() != null && selector.getRemoteAddressLow() != null) {
+            addTsRequest.isLocal = ByteDataTranslator.BYTE_FALSE;
+            addTsRequest.startAddr = ByteBuffer
+                    .wrap(ipv4AddressNoZoneToArray(selector.getRemoteAddressLow().getIpv4Address().getValue()))
+                    .getInt();
+            addTsRequest.endAddr = ByteBuffer
+                    .wrap(ipv4AddressNoZoneToArray(selector.getRemoteAddressHigh().getIpv4Address().getValue()))
+                    .getInt();
+            if (selector.getRemotePortHigh() != null && selector.getRemotePortLow() != null) {
+                addTsRequest.startPort = selector.getRemotePortLow().getValue().shortValue();
+                addTsRequest.endPort = selector.getRemotePortHigh().getValue().shortValue();
+            }
+        }
+        if (selector.getProtocol() != null) {
+            addTsRequest.proto = selector.getProtocol().byteValue();
+        }
+        if (policyName != null) {
+            addTsRequest.name = policyName.getBytes();
+        }
+        return addTsRequest;
+    }
+
+    private Ikev2ProfileSetAuth translateAuthToRequest(Policy policy) {
+        final Ikev2ProfileSetAuth request = new Ikev2ProfileSetAuth();
+        Authentication auth = policy.getAuthentication();
+        if (auth != null) {
+            request.name = policy.getName().getBytes();
+            if (auth.isPresharedKey() != null && policy.getPreSharedKey() != null) {
+                request.authMethod = ByteDataTranslator.BYTE_FALSE;
+                if (policy.getPreSharedKey().getHexString() != null) {
+                    request.isHex = ByteDataTranslator.BYTE_TRUE;
+                }
+                request.data = policy.getPreSharedKey().stringValue().getBytes();
+            } else if (auth.isRsaSignature() != null) {
+                IpsecIkev2PolicyAugmentation aug = policy.augmentation(IpsecIkev2PolicyAugmentation.class);
+                if (aug != null && aug.getCertificate() != null) {
+                    request.data = aug.getCertificate().getBytes();
+                    request.authMethod = ByteDataTranslator.BYTE_TRUE;
+                }
+            }
+        }
+        return request;
+    }
+}
-- 
cgit 1.2.3-korg