diff options
Diffstat (limited to 'test/network_tests/security_tests')
12 files changed, 1178 insertions, 0 deletions
diff --git a/test/network_tests/security_tests/conf/security_test_config_client_external_allow.json.in b/test/network_tests/security_tests/conf/security_test_config_client_external_allow.json.in new file mode 100644 index 0000000..e73f3db --- /dev/null +++ b/test/network_tests/security_tests/conf/security_test_config_client_external_allow.json.in @@ -0,0 +1,90 @@ +{ + "unicast" : "@TEST_IP_MASTER@", + "netmask" : "255.255.255.0", + "logging" : + { + "level" : "info", + "console" : "true", + "file" : { "enable" : "false", "path" : "/tmp/vsomeip.log" }, + "dlt" : "false" + }, + "applications" : + [ + { + "name" : "client-sample", + "id" : "0x1255" + }, + { + "name" : "routingmanagerd", + "id" : "0x2222" + } + ], + "services" : + [ + { + "service" : "0x1234", + "instance" : "0x5678", + "unicast" : "@TEST_IP_MASTER@", + "unreliable" : "30509" + }, + { + "service" : "0x111", + "instance" : "0x5678", + "unicast" : "@TEST_IP_MASTER@", + "unreliable" : "30509" + }, + { + "service" : "0x1234", + "instance" : "0x02", + "unicast" : "@TEST_IP_MASTER@", + "unreliable" : "30509" + } + ], + "security" : + { + "check_credentials" : "true", + "allow_remote_clients" : "true", + "policies" : + [ + { + "credentials" : { "uid" : "@TEST_UID@", "gid" : "@TEST_GID@" }, + "allow" : + { + "requests": + [ + { + "service" : "0x1234", + "instances" : + [ + { + "ids" : ["0x5678"], + "methods" : [ {"first" : "0x8421", "last" : "0x8422" }, "0x8001", "0x7777" ] + } + ] + } + ] + } + } + ] + }, + "routing" : "routingmanagerd", + "routing-credentials" : + { + "uid" : "@TEST_UID@", + "gid" : "@TEST_GID@" + }, + "service-discovery" : + { + "enable" : "true", + "multicast" : "224.0.0.1", + "port" : "30490", + "protocol" : "udp", + "initial_delay_min" : "10", + "initial_delay_max" : "100", + "repetitions_base_delay" : "200", + "repetitions_max" : "3", + "ttl" : "3", + "cyclic_offer_delay" : "2000", + "request_response_delay" : "1500" + } +} diff --git a/test/network_tests/security_tests/conf/security_test_config_client_external_deny.json.in b/test/network_tests/security_tests/conf/security_test_config_client_external_deny.json.in new file mode 100644 index 0000000..1161f4f --- /dev/null +++ b/test/network_tests/security_tests/conf/security_test_config_client_external_deny.json.in @@ -0,0 +1,90 @@ +{ + "unicast" : "@TEST_IP_MASTER@", + "netmask" : "255.255.255.0", + "logging" : + { + "level" : "info", + "console" : "true", + "file" : { "enable" : "false", "path" : "/tmp/vsomeip.log" }, + "dlt" : "false" + }, + "applications" : + [ + { + "name" : "client-sample", + "id" : "0x1255" + }, + { + "name" : "routingmanagerd", + "id" : "0x2222" + } + ], + "services" : + [ + { + "service" : "0x1234", + "instance" : "0x5678", + "unicast" : "@TEST_IP_MASTER@", + "unreliable" : "30509" + }, + { + "service" : "0x111", + "instance" : "0x5678", + "unicast" : "@TEST_IP_MASTER@", + "unreliable" : "30509" + }, + { + "service" : "0x1234", + "instance" : "0x02", + "unicast" : "@TEST_IP_MASTER@", + "unreliable" : "30509" + } + ], + "security" : + { + "check_credentials" : "true", + "allow_remote_clients" : "false", + "policies" : + [ + { + "credentials" : { "uid" : "@TEST_UID@", "gid" : "@TEST_GID@" }, + "allow" : + { + "requests": + [ + { + "service" : "0x1234", + "instances" : + [ + { + "ids" : ["0x5678"], + "methods" : [ {"first" : "0x8421", "last" : "0x8422" }, "0x8001", "0x7777" ] + } + ] + } + ] + } + } + ] + }, + "routing" : "routingmanagerd", + "routing-credentials" : + { + "uid" : "@TEST_UID@", + "gid" : "@TEST_GID@" + }, + "service-discovery" : + { + "enable" : "true", + "multicast" : "224.0.0.1", + "port" : "30490", + "protocol" : "udp", + "initial_delay_min" : "10", + "initial_delay_max" : "100", + "repetitions_base_delay" : "200", + "repetitions_max" : "3", + "ttl" : "3", + "cyclic_offer_delay" : "2000", + "request_response_delay" : "1500" + } +} diff --git a/test/network_tests/security_tests/conf/security_test_config_service_external_allow.json.in b/test/network_tests/security_tests/conf/security_test_config_service_external_allow.json.in new file mode 100644 index 0000000..4d9129a --- /dev/null +++ b/test/network_tests/security_tests/conf/security_test_config_service_external_allow.json.in @@ -0,0 +1,84 @@ +{ + "unicast" : "@TEST_IP_SLAVE@", + "netmask" : "255.255.255.0", + "logging" : + { + "level" : "info", + "console" : "true", + "file" : { "enable" : "false", "path" : "/tmp/vsomeip.log" }, + "dlt" : "false" + }, + "applications" : + [ + { + "name" : "service-sample", + "id" : "0x1277" + }, + { + "name" : "routingmanagerd", + "id" : "0x1111" + } + ], + "services" : + [ + { + "service" : "0x1234", + "instance" : "0x5678", + "unicast" : "@TEST_IP_MASTER@", + "unreliable" : "30509" + }, + { + "service" : "0x111", + "instance" : "0x5678", + "unicast" : "@TEST_IP_MASTER@", + "unreliable" : "30509" + }, + { + "service" : "0x1234", + "instance" : "0x02", + "unicast" : "@TEST_IP_MASTER@", + "unreliable" : "30509" + } + ], + "security" : + { + "check_credentials" : "true", + "allow_remote_clients" : "true", + "policies" : + [ + { + "credentials" : { "uid" : "@TEST_UID@", "gid" : "@TEST_GID@" }, + "allow" : + { + "offers": + [ + { + "service" : "0x1234", + "instance" : "0x5678" + } + ] + } + } + ] + }, + "routing" : "routingmanagerd", + "routing-credentials" : + { + "uid" : "@TEST_UID@", + "gid" : "@TEST_GID@" + }, + "service-discovery" : + { + "enable" : "true", + "multicast" : "224.0.0.1", + "port" : "30490", + "protocol" : "udp", + "initial_delay_min" : "10", + "initial_delay_max" : "100", + "repetitions_base_delay" : "200", + "repetitions_max" : "3", + "ttl" : "3", + "cyclic_offer_delay" : "2000", + "request_response_delay" : "1500" + } +} diff --git a/test/network_tests/security_tests/conf/security_test_config_service_external_deny.json.in b/test/network_tests/security_tests/conf/security_test_config_service_external_deny.json.in new file mode 100644 index 0000000..769b04f --- /dev/null +++ b/test/network_tests/security_tests/conf/security_test_config_service_external_deny.json.in @@ -0,0 +1,84 @@ +{ + "unicast" : "@TEST_IP_SLAVE@", + "netmask" : "255.255.255.0", + "logging" : + { + "level" : "info", + "console" : "true", + "file" : { "enable" : "false", "path" : "/tmp/vsomeip.log" }, + "dlt" : "false" + }, + "applications" : + [ + { + "name" : "service-sample", + "id" : "0x1277" + }, + { + "name" : "routingmanagerd", + "id" : "0x1111" + } + ], + "services" : + [ + { + "service" : "0x1234", + "instance" : "0x5678", + "unicast" : "@TEST_IP_MASTER@", + "unreliable" : "30509" + }, + { + "service" : "0x111", + "instance" : "0x5678", + "unicast" : "@TEST_IP_MASTER@", + "unreliable" : "30509" + }, + { + "service" : "0x1234", + "instance" : "0x02", + "unicast" : "@TEST_IP_MASTER@", + "unreliable" : "30509" + } + ], + "security" : + { + "check_credentials" : "true", + "allow_remote_clients" : "false", + "policies" : + [ + { + "credentials" : { "uid" : "@TEST_UID@", "gid" : "@TEST_GID@" }, + "allow" : + { + "offers": + [ + { + "service" : "0x1234", + "instance" : "0x5678" + } + ] + } + } + ] + }, + "routing" : "routingmanagerd", + "routing-credentials" : + { + "uid" : "@TEST_UID@", + "gid" : "@TEST_GID@" + }, + "service-discovery" : + { + "enable" : "true", + "multicast" : "224.0.0.1", + "port" : "30490", + "protocol" : "udp", + "initial_delay_min" : "10", + "initial_delay_max" : "100", + "repetitions_base_delay" : "200", + "repetitions_max" : "3", + "ttl" : "3", + "cyclic_offer_delay" : "2000", + "request_response_delay" : "1500" + } +} diff --git a/test/network_tests/security_tests/conf/security_test_local_config.json.in b/test/network_tests/security_tests/conf/security_test_local_config.json.in new file mode 100644 index 0000000..60036f8 --- /dev/null +++ b/test/network_tests/security_tests/conf/security_test_local_config.json.in @@ -0,0 +1,78 @@ +{ + "unicast" : "localhost", + "logging" : + { + "level" : "info", + "console" : "true", + "file" : { "enable" : "false", "path" : "/tmp/vsomeip.log" }, + "dlt" : "false" + }, + "applications" : + [ + { + "name" : "service-sample", + "id" : "0x1277" + }, + { + "name" : "client-sample", + "id" : "0x1255" + }, + { + "name" : "routingmanagerd", + "id" : "0x1111" + } + ], + "security" : + { + "check_credentials" : "true", + "policies" : + [ + { + "credentials" : { "uid" : "@TEST_UID@", "gid" : "@TEST_GID@" }, + "allow" : + { + "offers": + [ + { + "service" : "0x1234", + "instance" : "0x5678" + } + ], + "requests": + [ + { + "service" : "0x1234", + "instances" : + [ + { + "ids" : ["0x5678"], + "methods" : [ {"first" : "0x8421", "last" : "0x8422" }, "0x8001", "0x7777" ] + } + ] + } + ] + } + } + ] + }, + "routing" : "routingmanagerd", + "routing-credentials" : + { + "uid" : "@TEST_UID@", + "gid" : "@TEST_GID@" + }, + "service-discovery" : + { + "enable" : "true", + "multicast" : "224.244.224.245", + "port" : "30490", + "protocol" : "udp", + "initial_delay_min" : "10", + "initial_delay_max" : "100", + "repetitions_base_delay" : "200", + "repetitions_max" : "3", + "ttl" : "3", + "cyclic_offer_delay" : "2000", + "request_response_delay" : "1500" + } +} diff --git a/test/network_tests/security_tests/security_test_client.cpp b/test/network_tests/security_tests/security_test_client.cpp new file mode 100644 index 0000000..2890e74 --- /dev/null +++ b/test/network_tests/security_tests/security_test_client.cpp @@ -0,0 +1,278 @@ +// Copyright (C) 2017 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +#include "security_test_client.hpp" + +static bool is_remote_test = false; +static bool remote_client_allowed = true; + +security_test_client::security_test_client(bool _test_external_communication, + bool _is_remote_client_allowed) + : app_(vsomeip::runtime::get()->create_application()), + is_available_(false), + sender_(std::bind(&security_test_client::run, this)), + received_responses_(0), + received_allowed_events_(0), + test_external_communication_(_test_external_communication), + is_remote_client_allowed_(_is_remote_client_allowed) { + +} + +bool security_test_client::init() { + if (!app_->init()) { + ADD_FAILURE() << "Couldn't initialize application"; + return false; + } + + app_->register_state_handler( + std::bind(&security_test_client::on_state, this, + std::placeholders::_1)); + + app_->register_message_handler(vsomeip::ANY_SERVICE, + vsomeip_test::TEST_SERVICE_INSTANCE_ID, vsomeip::ANY_METHOD, + std::bind(&security_test_client::on_message, this, + std::placeholders::_1)); + + app_->register_availability_handler(vsomeip_test::TEST_SERVICE_SERVICE_ID, + vsomeip_test::TEST_SERVICE_INSTANCE_ID, + std::bind(&security_test_client::on_availability, this, + std::placeholders::_1, std::placeholders::_2, + std::placeholders::_3)); + + app_->register_availability_handler(0x111, + vsomeip_test::TEST_SERVICE_INSTANCE_ID, + std::bind(&security_test_client::on_availability, this, + std::placeholders::_1, std::placeholders::_2, + std::placeholders::_3)); + + app_->register_availability_handler(vsomeip_test::TEST_SERVICE_SERVICE_ID, + 0x02, + std::bind(&security_test_client::on_availability, this, + std::placeholders::_1, std::placeholders::_2, + std::placeholders::_3)); + return true; +} + +void security_test_client::start() { + VSOMEIP_INFO << "Starting..."; + + app_->start(); +} + +void security_test_client::stop() { + VSOMEIP_INFO << "Stopping..."; + + if (is_remote_client_allowed_) { + shutdown_service(); + } + + std::this_thread::sleep_for(std::chrono::milliseconds(100)); + + app_->clear_all_handler(); + app_->stop(); +} + +void security_test_client::on_state(vsomeip::state_type_e _state) { + if(_state == vsomeip::state_type_e::ST_REGISTERED) { + app_->request_service(vsomeip_test::TEST_SERVICE_SERVICE_ID, + vsomeip_test::TEST_SERVICE_INSTANCE_ID, false); + + // request not allowed service ID + app_->request_service(0x111, + vsomeip_test::TEST_SERVICE_INSTANCE_ID, false); + + // request not allowed instance ID + app_->request_service(vsomeip_test::TEST_SERVICE_SERVICE_ID, + 0x02, false); + + // request events of eventgroup 0x01 which holds events 0x8001 (allowed) and 0x8002 (denied) + std::set<vsomeip::eventgroup_t> its_eventgroups; + its_eventgroups.insert(0x01); + app_->request_event(vsomeip_test::TEST_SERVICE_SERVICE_ID, vsomeip_test::TEST_SERVICE_INSTANCE_ID, + static_cast<vsomeip::event_t>(0x8001), + its_eventgroups, vsomeip::event_type_e::ET_FIELD, + vsomeip::reliability_type_e::RT_UNRELIABLE); + app_->request_event(vsomeip_test::TEST_SERVICE_SERVICE_ID, vsomeip_test::TEST_SERVICE_INSTANCE_ID, + static_cast<vsomeip::event_t>(0x8002), + its_eventgroups, vsomeip::event_type_e::ET_FIELD, + vsomeip::reliability_type_e::RT_UNRELIABLE); + + app_->subscribe(vsomeip_test::TEST_SERVICE_SERVICE_ID, vsomeip_test::TEST_SERVICE_INSTANCE_ID, 0x01, + vsomeip::DEFAULT_MAJOR, static_cast<vsomeip::event_t>(0x8001)); + + app_->subscribe(vsomeip_test::TEST_SERVICE_SERVICE_ID, vsomeip_test::TEST_SERVICE_INSTANCE_ID, 0x01, + vsomeip::DEFAULT_MAJOR, static_cast<vsomeip::event_t>(0x8002)); + } +} + +void security_test_client::on_availability(vsomeip::service_t _service, + vsomeip::instance_t _instance, bool _is_available) { + + VSOMEIP_INFO << std::hex << "Client 0x" << app_->get_client() + << " : Service [" << std::setw(4) << std::setfill('0') << std::hex + << _service << "." << _instance << "] is " + << (_is_available ? "available." : "NOT available."); + + // check that only the allowed service / instance ID gets available + if (_is_available) { + EXPECT_EQ(vsomeip_test::TEST_SERVICE_SERVICE_ID, _service); + EXPECT_EQ(vsomeip_test::TEST_SERVICE_INSTANCE_ID, _instance); + } + + if(vsomeip_test::TEST_SERVICE_SERVICE_ID == _service + && vsomeip_test::TEST_SERVICE_INSTANCE_ID == _instance) { + std::unique_lock<std::mutex> its_lock(mutex_); + if(is_available_ && !_is_available) { + is_available_ = false; + } + else if(_is_available && !is_available_) { + is_available_ = true; + condition_.notify_one(); + } + } +} + +void security_test_client::on_message(const std::shared_ptr<vsomeip::message> &_response) { + VSOMEIP_INFO << "Received a response from Service [" + << std::setw(4) << std::setfill('0') << std::hex << _response->get_service() + << "." + << std::setw(4) << std::setfill('0') << std::hex << _response->get_instance() + << "] to Client/Session [" + << std::setw(4) << std::setfill('0') << std::hex << _response->get_client() + << "/" + << std::setw(4) << std::setfill('0') << std::hex << _response->get_session() + << "]"; + + if(_response->get_message_type() == vsomeip::message_type_e::MT_RESPONSE) { + EXPECT_EQ(vsomeip_test::TEST_SERVICE_SERVICE_ID, _response->get_service()); + EXPECT_EQ(vsomeip_test::TEST_SERVICE_INSTANCE_ID, _response->get_instance()); + EXPECT_EQ(vsomeip_test::TEST_SERVICE_METHOD_ID, _response->get_method()); + + if (_response->get_service() == vsomeip_test::TEST_SERVICE_SERVICE_ID && + _response->get_instance() == vsomeip_test::TEST_SERVICE_INSTANCE_ID && + _response->get_method() == vsomeip_test::TEST_SERVICE_METHOD_ID) { + received_responses_++; + if (received_responses_ == vsomeip_test::NUMBER_OF_MESSAGES_TO_SEND_SECURITY_TESTS) { + VSOMEIP_WARNING << std::hex << app_->get_client() + << ": Received all messages ~> going down!"; + } + } + } else if (_response->get_message_type() == vsomeip::message_type_e::MT_NOTIFICATION) { + // check that only allowed event 0x8001 is received + EXPECT_EQ(vsomeip_test::TEST_SERVICE_SERVICE_ID, _response->get_service()); + EXPECT_EQ(vsomeip_test::TEST_SERVICE_INSTANCE_ID, _response->get_instance()); + EXPECT_EQ(0x8001, _response->get_method()); + received_allowed_events_++; + } +} + +void security_test_client::run() { + for (uint32_t i = 0; i < vsomeip_test::NUMBER_OF_MESSAGES_TO_SEND_SECURITY_TESTS; ++i) { + { + std::unique_lock<std::mutex> its_lock(mutex_); + while (!is_available_) + { + condition_.wait(its_lock); + } + } + + auto request = vsomeip::runtime::get()->create_request(false); + request->set_service(vsomeip_test::TEST_SERVICE_SERVICE_ID); + request->set_instance(vsomeip_test::TEST_SERVICE_INSTANCE_ID); + request->set_method(vsomeip_test::TEST_SERVICE_METHOD_ID); + + // send a request which is allowed by policy -> expect answer + app_->send(request); + + // send a request with a not allowed method ID -> expect no answer + request->set_method(0x888); + app_->send(request); + + std::this_thread::sleep_for(std::chrono::milliseconds(250)); + } + + std::this_thread::sleep_for(std::chrono::milliseconds(250)); + + if (!test_external_communication_) { + EXPECT_EQ(vsomeip_test::NUMBER_OF_MESSAGES_TO_SEND_SECURITY_TESTS, + received_responses_); + EXPECT_EQ(received_allowed_events_, (uint32_t) 0x01); + } else if (test_external_communication_ && !is_remote_client_allowed_) { + EXPECT_EQ((uint32_t)0, received_responses_); + EXPECT_EQ((uint32_t)0, received_allowed_events_); + } else if (test_external_communication_ && is_remote_client_allowed_) { + EXPECT_EQ(vsomeip_test::NUMBER_OF_MESSAGES_TO_SEND_SECURITY_TESTS, + received_responses_); + EXPECT_EQ(received_allowed_events_, (uint32_t) 0x01); + } + stop(); +} + +void security_test_client::join_sender_thread() +{ + if (sender_.joinable()) { + sender_.join(); + } +} + +void security_test_client::shutdown_service() { + auto request = vsomeip::runtime::get()->create_request(false); + request->set_service(vsomeip_test::TEST_SERVICE_SERVICE_ID); + request->set_instance(vsomeip_test::TEST_SERVICE_INSTANCE_ID); + request->set_method(vsomeip_test::TEST_SERVICE_METHOD_ID_SHUTDOWN); + app_->send(request); +} + +TEST(someip_security_test, basic_subscribe_request_response) +{ + security_test_client test_client(is_remote_test, remote_client_allowed); + if (test_client.init()) { + test_client.start(); + test_client.join_sender_thread(); + } +} + +int main(int argc, char** argv) { + + std::string test_remote("--remote"); + std::string test_local("--local"); + std::string test_allow_remote_client("--allow"); + std::string test_deny_remote_client("--deny"); + std::string help("--help"); + + int i = 1; + while (i < argc) + { + if(test_remote == argv[i]) + { + is_remote_test = true; + } + else if(test_local == argv[i]) + { + is_remote_test = false; + } + else if(test_allow_remote_client == argv[i]) + { + remote_client_allowed = true; + } + else if(test_deny_remote_client == argv[i]) + { + remote_client_allowed = false; + } + else if(help == argv[i]) + { + VSOMEIP_INFO << "Parameters:\n" + << "--remote: Run test between two hosts\n" + << "--local: Run test locally\n" + << "--allow: test is started with a policy that allows remote messages sent by this test client to the service\n" + << "--deny: test is started with a policy that denies remote messages sent by this test client to the service\n" + << "--help: print this help"; + } + i++; + } + + ::testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} diff --git a/test/network_tests/security_tests/security_test_client.hpp b/test/network_tests/security_tests/security_test_client.hpp new file mode 100644 index 0000000..df2acc8 --- /dev/null +++ b/test/network_tests/security_tests/security_test_client.hpp @@ -0,0 +1,55 @@ + +// Copyright (C) 2015-2017 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +#ifndef SECURITY_TEST_CLIENT_HPP +#define SECURITY_TEST_CLIENT_HPP + +#include <gtest/gtest.h> + +#include <vsomeip/vsomeip.hpp> + +#include "../someip_test_globals.hpp" + +#include <thread> +#include <mutex> +#include <condition_variable> +#include <atomic> + +class security_test_client { +public: + security_test_client(bool _test_external_communication, + bool _is_remote_client_allowed); + bool init(); + void start(); + void stop(); + + void on_state(vsomeip::state_type_e _state); + void on_availability(vsomeip::service_t _service, + vsomeip::instance_t _instance, bool _is_available); + void on_message(const std::shared_ptr<vsomeip::message> &_response); + + void run(); + void join_sender_thread(); + +private: + void shutdown_service(); + + std::shared_ptr<vsomeip::application> app_; + + std::mutex mutex_; + std::condition_variable condition_; + bool is_available_; + + std::thread sender_; + + std::atomic<std::uint32_t> received_responses_; + std::atomic<std::uint32_t> received_allowed_events_; + + bool test_external_communication_; + bool is_remote_client_allowed_; +}; + +#endif // SECURITY_TEST_CLIENT_HPP diff --git a/test/network_tests/security_tests/security_test_external_master_start.sh b/test/network_tests/security_tests/security_test_external_master_start.sh new file mode 100755 index 0000000..fae63a7 --- /dev/null +++ b/test/network_tests/security_tests/security_test_external_master_start.sh @@ -0,0 +1,78 @@ +#!/bin/bash +# Copyright (C) 2015-2018 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Purpose: This script is needed to start the services with +# one command. This is necessary as ctest - which is used to run the +# tests - isn't able to start multiple binaries for one testcase. Therefore +# the testcase simply executes this script. This script then runs the services +# and checks that all exit successfully. + +if [ $# -lt 2 ] +then + echo "Please pass a json file to this script and wether remote clients are allowed or not " + echo "For example: $0 security_test_config_client_external_allow.json --allow" + exit 1 +fi + +MASTER_JSON_FILE=$1 +SERVICE_JSON_FILE=${MASTER_JSON_FILE/client/service} +ALLOW_DENY=$2 + +FAIL=0 + +export VSOMEIP_CONFIGURATION=$1 +export VSOMEIP_APPLICATION_NAME=routingmanagerd +# start daemon +../../examples/routingmanagerd/./routingmanagerd & +PID_VSOMEIPD=$! + +export VSOMEIP_CONFIGURATION=$1 +export VSOMEIP_APPLICATION_NAME=client-sample +./security_test_client --remote $2 & +PID_CLIENT=$! + + +if [ ! -z "$USE_LXC_TEST" ]; then + echo "starting external security test on slave LXC" + ssh -tt -i $SANDBOX_ROOT_DIR/commonapi_main/lxc-config/.ssh/mgc_lxc/rsa_key_file.pub -o StrictHostKeyChecking=no root@$LXC_TEST_SLAVE_IP "bash -ci \"set -m; cd \\\$SANDBOX_TARGET_DIR/vsomeip_lib/test/network_tests; ./security_test_external_slave_start.sh $SERVICE_JSON_FILE $2\"" & +elif [ ! -z "$USE_DOCKER" ]; then + docker exec $DOCKER_IMAGE sh -c "cd $DOCKER_TESTS && ./security_test_external_slave_start.sh $SERVICE_JSON_FILE $2" & +else +cat <<End-of-message +******************************************************************************* +******************************************************************************* +** Please now run: +** security_test_external_slave_start.sh $SERVICE_JSON_FILE $2 +** from an external host to successfully complete this test. +** +** You probably will need to adapt the 'unicast' settings in +** security_test_config_service_external_allow.json and +** security_test_config_client_external_allow.json to your personal setup. +******************************************************************************* +******************************************************************************* +End-of-message +fi + +# Wait until client and service are finished +for client_pid in "${PID_CLIENT}" +do + if [ -n "$client_pid" ]; then + # Fail gets incremented if either client or service exit + # with a non-zero exit code + wait "$client_pid" || ((FAIL+=1)) + fi +done + +kill $PID_VSOMEIPD +kill $PID_CLIENT + +# Check if both exited successfully +if [ $FAIL -eq 0 ] +then + exit 0 +else + exit 1 +fi diff --git a/test/network_tests/security_tests/security_test_external_slave_start.sh b/test/network_tests/security_tests/security_test_external_slave_start.sh new file mode 100755 index 0000000..3c324d5 --- /dev/null +++ b/test/network_tests/security_tests/security_test_external_slave_start.sh @@ -0,0 +1,55 @@ +#!/bin/bash +# Copyright (C) 2015-2018 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Purpose: This script is needed to start the services with +# one command. This is necessary as ctest - which is used to run the +# tests - isn't able to start multiple binaries for one testcase. Therefore +# the testcase simply executes this script. This script then runs the services +# and checks that all exit successfully. + +if [ $# -lt 2 ] +then + echo "Please pass a json file to this script and wether remote clients are allowed or not " + echo "For example: $0 security_test_config_service_external_allow.json --allow" + exit 1 +fi + +CLIENT_JSON_FILE=$1 +ALLOW_DENY=$2 + +FAIL=0 + +export VSOMEIP_CONFIGURATION=$1 +export VSOMEIP_APPLICATION_NAME=routingmanagerd +# start daemon +../../examples/routingmanagerd/./routingmanagerd & +PID_VSOMEIPD=$! + +export VSOMEIP_CONFIGURATION=$1 +export VSOMEIP_APPLICATION_NAME=service-sample +./security_test_service --remote $2 & +PID_SERVICE=$! + +# Wait until client and service are finished +for client_pid in "${PID_SERVICE}" +do + if [ -n "$client_pid" ]; then + # Fail gets incremented if either client or service exit + # with a non-zero exit code + wait "$client_pid" || ((FAIL+=1)) + fi +done + +kill $PID_VSOMEIPD +kill $PID_SERVICE + +# Check if both exited successfully +if [ $FAIL -eq 0 ] +then + exit 0 +else + exit 1 +fi diff --git a/test/network_tests/security_tests/security_test_local_start.sh b/test/network_tests/security_tests/security_test_local_start.sh new file mode 100755 index 0000000..421788e --- /dev/null +++ b/test/network_tests/security_tests/security_test_local_start.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# Copyright (C) 2015-2017 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +export VSOMEIP_CONFIGURATION=security_test_local_config.json + +export VSOMEIP_APPLICATION_NAME=routingmanagerd +# start daemon +../../examples/routingmanagerd/routingmanagerd & +PID_VSOMEIPD=$! + +sleep 1 + +export VSOMEIP_APPLICATION_NAME=service-sample +./security_test_service --local & + +sleep 1 + +export VSOMEIP_APPLICATION_NAME=client-sample +./security_test_client --local + +kill $PID_VSOMEIPD +sleep 1 diff --git a/test/network_tests/security_tests/security_test_service.cpp b/test/network_tests/security_tests/security_test_service.cpp new file mode 100644 index 0000000..35e6fbc --- /dev/null +++ b/test/network_tests/security_tests/security_test_service.cpp @@ -0,0 +1,217 @@ +// Copyright (C) 2017 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +#include "security_test_service.hpp" + +static bool is_remote_test = false; +static bool remote_client_allowed = true; + +security_test_service::security_test_service() : + app_(vsomeip::runtime::get()->create_application()), + is_registered_(false), + blocked_(false), + number_of_received_messages_(0), + offer_thread_(std::bind(&security_test_service::run, this)) { +} + +bool security_test_service::init() { + std::lock_guard<std::mutex> its_lock(mutex_); + + if (!app_->init()) { + ADD_FAILURE() << "Couldn't initialize application"; + return false; + } + app_->register_message_handler(vsomeip_test::TEST_SERVICE_SERVICE_ID, + vsomeip_test::TEST_SERVICE_INSTANCE_ID, vsomeip_test::TEST_SERVICE_METHOD_ID, + std::bind(&security_test_service::on_message, this, + std::placeholders::_1)); + + app_->register_message_handler(vsomeip_test::TEST_SERVICE_SERVICE_ID, + vsomeip_test::TEST_SERVICE_INSTANCE_ID, + vsomeip_test::TEST_SERVICE_METHOD_ID_SHUTDOWN, + std::bind(&security_test_service::on_message_shutdown, this, + std::placeholders::_1)); + + app_->register_state_handler( + std::bind(&security_test_service::on_state, this, + std::placeholders::_1)); + + // offer allowed field 0x8001 eventgroup 0x01 + std::set<vsomeip::eventgroup_t> its_eventgroups; + its_eventgroups.insert(0x01); + + app_->offer_event(vsomeip_test::TEST_SERVICE_SERVICE_ID, vsomeip_test::TEST_SERVICE_INSTANCE_ID, + static_cast<vsomeip::event_t>(0x8001), its_eventgroups, + vsomeip::event_type_e::ET_FIELD, std::chrono::milliseconds::zero(), + false, true, nullptr, vsomeip::reliability_type_e::RT_UNRELIABLE); + + // also offer field 0x8002 which is not allowed to be received by client + app_->offer_event(vsomeip_test::TEST_SERVICE_SERVICE_ID, vsomeip_test::TEST_SERVICE_INSTANCE_ID, + static_cast<vsomeip::event_t>(0x8002), its_eventgroups, + vsomeip::event_type_e::ET_FIELD, std::chrono::milliseconds::zero(), + false, true, nullptr, vsomeip::reliability_type_e::RT_UNRELIABLE); + + // set value to fields + std::shared_ptr<vsomeip::payload> its_payload = + vsomeip::runtime::get()->create_payload(); + vsomeip::byte_t its_data[2] = {static_cast<vsomeip::byte_t>((vsomeip_test::TEST_SERVICE_SERVICE_ID & 0xFF00) >> 8), + static_cast<vsomeip::byte_t>((vsomeip_test::TEST_SERVICE_SERVICE_ID & 0xFF))}; + its_payload->set_data(its_data, 2); + + app_->notify(vsomeip_test::TEST_SERVICE_SERVICE_ID, vsomeip_test::TEST_SERVICE_INSTANCE_ID, + static_cast<vsomeip::event_t>(0x8001), its_payload); + + app_->notify(vsomeip_test::TEST_SERVICE_SERVICE_ID, vsomeip_test::TEST_SERVICE_INSTANCE_ID, + static_cast<vsomeip::event_t>(0x8002), its_payload); + + return true; +} + +void security_test_service::start() { + VSOMEIP_INFO << "Starting..."; + app_->start(); +} + +void security_test_service::stop() { + VSOMEIP_INFO << "Stopping..."; + app_->clear_all_handler(); + app_->stop(); +} + +void security_test_service::join_offer_thread() { + if (offer_thread_.joinable()) { + offer_thread_.join(); + } +} + +void security_test_service::offer() { + app_->offer_service(vsomeip_test::TEST_SERVICE_SERVICE_ID, vsomeip_test::TEST_SERVICE_INSTANCE_ID); + + // try to offer a not allowed instance ID 0x02 (client requesting the service should not get available) + app_->offer_service(vsomeip_test::TEST_SERVICE_SERVICE_ID, 0x02); + + // try to offer a not allowed service ID 0x111 (client requesting the service should not get available) + app_->offer_service(0x111, vsomeip_test::TEST_SERVICE_INSTANCE_ID); +} + +void security_test_service::stop_offer() { + app_->stop_offer_service(vsomeip_test::TEST_SERVICE_SERVICE_ID, vsomeip_test::TEST_SERVICE_INSTANCE_ID); +} + +void security_test_service::on_state(vsomeip::state_type_e _state) { + VSOMEIP_INFO << "Application " << app_->get_name() << " is " + << (_state == vsomeip::state_type_e::ST_REGISTERED ? "registered." : + "deregistered."); + + if(_state == vsomeip::state_type_e::ST_REGISTERED) { + if(!is_registered_) { + is_registered_ = true; + std::lock_guard<std::mutex> its_lock(mutex_); + blocked_ = true; + // "start" the run method thread + condition_.notify_one(); + } + } + else { + is_registered_ = false; + } +} + +void security_test_service::on_message(const std::shared_ptr<vsomeip::message>& _request) { + ASSERT_EQ(vsomeip_test::TEST_SERVICE_SERVICE_ID, _request->get_service()); + ASSERT_EQ(vsomeip_test::TEST_SERVICE_INSTANCE_ID, _request->get_instance()); + + VSOMEIP_INFO << "Received a message with Client/Session [" << std::setw(4) + << std::setfill('0') << std::hex << _request->get_client() << "/" + << std::setw(4) << std::setfill('0') << std::hex + << _request->get_session() << "] method: " << _request->get_method() ; + + // send response + std::shared_ptr<vsomeip::message> its_response = + vsomeip::runtime::get()->create_response(_request); + + app_->send(its_response); + + number_of_received_messages_++; + if(number_of_received_messages_ == vsomeip_test::NUMBER_OF_MESSAGES_TO_SEND_SECURITY_TESTS) { + VSOMEIP_INFO << "Received all messages!"; + } +} + +void security_test_service::on_message_shutdown( + const std::shared_ptr<vsomeip::message>& _request) { + (void)_request; + VSOMEIP_INFO << "Shutdown method was called, going down now."; + stop(); +} + +void security_test_service::run() { + std::unique_lock<std::mutex> its_lock(mutex_); + while (!blocked_) + condition_.wait(its_lock); + + offer(); + + // do not wait for the shutdown method to be called + if (is_remote_test && !remote_client_allowed) { + std::this_thread::sleep_for(std::chrono::milliseconds(250 * vsomeip_test::NUMBER_OF_MESSAGES_TO_SEND_SECURITY_TESTS + 10000)); + VSOMEIP_INFO << "Shutdown the service after timeout as remote client is not allowed by policy to call shutdown method!"; + stop(); + } + +} + +TEST(someip_security_test, basic_subscribe_request_response) { + security_test_service test_service; + if (test_service.init()) { + test_service.start(); + test_service.join_offer_thread(); + } +} + +#if defined(__linux__) || defined(ANDROID) +int main(int argc, char** argv) { + + std::string test_remote("--remote"); + std::string test_local("--local"); + std::string test_allow_remote_client("--allow"); + std::string test_deny_remote_client("--deny"); + std::string help("--help"); + + int i = 1; + while (i < argc) + { + if(test_remote == argv[i]) + { + is_remote_test = true; + } + else if(test_local == argv[i]) + { + is_remote_test = false; + } + else if(test_allow_remote_client == argv[i]) + { + remote_client_allowed = true; + } + else if(test_deny_remote_client == argv[i]) + { + remote_client_allowed = false; + } + else if(help == argv[i]) + { + VSOMEIP_INFO << "Parameters:\n" + << "--remote: Run test between two hosts\n" + << "--local: Run test locally\n" + << "--allow: test is started with a policy that allows remote messages sent by this test client to the service\n" + << "--deny: test is started with a policy that denies remote messages sent by this test client to the service\n" + << "--help: print this help"; + } + i++; + } + + ::testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} +#endif diff --git a/test/network_tests/security_tests/security_test_service.hpp b/test/network_tests/security_tests/security_test_service.hpp new file mode 100644 index 0000000..21f1f7c --- /dev/null +++ b/test/network_tests/security_tests/security_test_service.hpp @@ -0,0 +1,44 @@ +// Copyright (C) 2015-2017 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +#ifndef SECURITY_TEST_SERVICE_HPP +#define SECURITY_TEST_SERVICE_HPP + +#include <gtest/gtest.h> + +#include <vsomeip/vsomeip.hpp> + +#include "../someip_test_globals.hpp" + +#include <thread> +#include <mutex> +#include <condition_variable> + +class security_test_service { +public: + security_test_service(); + bool init(); + void start(); + void stop(); + void offer(); + void stop_offer(); + void join_offer_thread(); + void on_state(vsomeip::state_type_e _state); + void on_message(const std::shared_ptr<vsomeip::message> &_request); + void on_message_shutdown(const std::shared_ptr<vsomeip::message> &_request); + void run(); + +private: + std::shared_ptr<vsomeip::application> app_; + bool is_registered_; + + std::mutex mutex_; + std::condition_variable condition_; + bool blocked_; + std::uint32_t number_of_received_messages_; + std::thread offer_thread_; +}; + +#endif // SECURITY_TEST_SERVICE_HPP |