tests: dbus_connect_eap to verify dNSName constraint configuration

This verifies that Certification signals include the expected
information on peer certificates and that dNSName constraint can be
configured based on that and is working both in matching and not
matching cases.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/tests/hwsim/test_dbus.py b/tests/hwsim/test_dbus.py
index 142ef9ff84bec027cc1d4635dffb7ac82f7b911b..34d669b91c88afb527593f01cf7b8fcf56bac346 100644 (file)
--- a/tests/hwsim/test_dbus.py
+++ b/tests/hwsim/test_dbus.py
@@ -1249,7 +1249,7 @@ def test_dbus_connect_eap(dev, apdev):
             self.add_signal(self.propertiesChanged, WPAS_DBUS_IFACE,
                             "PropertiesChanged")
             self.add_signal(self.certification, WPAS_DBUS_IFACE,
-                            "Certification")
+                            "Certification", byte_arrays=True)
             self.add_signal(self.networkRequest, WPAS_DBUS_IFACE,
                             "NetworkRequest")
             self.add_signal(self.eap, WPAS_DBUS_IFACE, "EAP")
@@ -1262,23 +1262,52 @@ def test_dbus_connect_eap(dev, apdev):
                 if self.state == 0:
                     self.state = 1
                     iface.EAPLogoff()
+                    logger.info("Set dNSName constraint")
+                    net_obj = bus.get_object(WPAS_DBUS_SERVICE, self.netw)
+                    args = dbus.Dictionary({ 'altsubject_match':
+                                             self.server_dnsname },
+                                           signature='sv')
+                    net_obj.Set(WPAS_DBUS_NETWORK, "Properties", args,
+                                dbus_interface=dbus.PROPERTIES_IFACE)
                 elif self.state == 2:
                     self.state = 3
-                    self.loop.quit()
+                    iface.Disconnect()
+                    logger.info("Set non-matching dNSName constraint")
+                    net_obj = bus.get_object(WPAS_DBUS_SERVICE, self.netw)
+                    args = dbus.Dictionary({ 'altsubject_match':
+                                             self.server_dnsname + "FOO" },
+                                           signature='sv')
+                    net_obj.Set(WPAS_DBUS_NETWORK, "Properties", args,
+                                dbus_interface=dbus.PROPERTIES_IFACE)
             if 'State' in properties and properties['State'] == "disconnected":
                 if self.state == 1:
                     self.state = 2
                     iface.EAPLogon()
                     iface.SelectNetwork(self.netw)
+                if self.state == 3:
+                    self.state = 4
+                    iface.SelectNetwork(self.netw)
 
         def certification(self, args):
             logger.debug("certification: %s" % str(args))
             self.certification_received = True
+            if args['depth'] == 0:
+                # The test server certificate is supposed to have dNSName
+                if len(args['altsubject']) < 1:
+                    raise Exception("Missing dNSName")
+                dnsname = args['altsubject'][0]
+                if not dnsname.startswith("DNS:"):
+                    raise Exception("Expected dNSName not found: " + dnsname)
+                logger.info("altsubject: " + dnsname)
+                self.server_dnsname = dnsname
 
         def eap(self, status, parameter):
             logger.debug("EAP: status=%s parameter=%s" % (status, parameter))
             if status == 'completion' and parameter == 'success':
                 self.eap_status = True
+            if self.state == 4 and status == 'remote certificate verification' and parameter == 'AltSubject mismatch':
+                self.state = 5
+                self.loop.quit()
 
         def networkRequest(self, path, field, txt):
             logger.debug("networkRequest: %s %s %s" % (path, field, txt))
@@ -1304,7 +1333,7 @@ def test_dbus_connect_eap(dev, apdev):
         def success(self):
             if not self.eap_status or not self.certification_received:
                 return False
-            return self.state == 3
+            return self.state == 5
 
     with TestDbusConnect(bus) as t:
         if not t.success():