diff options
Diffstat (limited to 'tests/topotests/key_sendaccept/test_keychain.py')
| -rw-r--r-- | tests/topotests/key_sendaccept/test_keychain.py | 150 |
1 files changed, 150 insertions, 0 deletions
diff --git a/tests/topotests/key_sendaccept/test_keychain.py b/tests/topotests/key_sendaccept/test_keychain.py new file mode 100644 index 0000000..b11d31b --- /dev/null +++ b/tests/topotests/key_sendaccept/test_keychain.py @@ -0,0 +1,150 @@ +#!/usr/bin/env python +# -*- coding: utf-8 eval: (blacken-mode 1) -*- +# SPDX-License-Identifier: ISC +# +# March 4 2024, Christian Hopps <chopps@labn.net> +# +# Copyright (c) 2024, LabN Consulting, L.L.C. +# +""" +Test static route functionality +""" +import json + +import pytest +from lib.topogen import Topogen + +pytestmark = [pytest.mark.ripd, pytest.mark.mgmtd] + + +@pytest.fixture(scope="module") +def tgen(request): + "Setup/Teardown the environment and provide tgen argument to tests" + + topodef = {"s1": ("r1", "r2")} + + tgen = Topogen(topodef, request.module.__name__) + tgen.start_topology() + + router_list = tgen.routers() + for rname, router in router_list.items(): + router.load_frr_config("frr.conf") + + tgen.start_router() + yield tgen + tgen.stop_topology() + + +DIR_SEND = 0 +DIR_ACCEPT = 1 + + +def is_key_active(router, keychain, keyid, direction): + dstr = "send" if direction == DIR_SEND else "accept" + node = f"{dstr}-lifetime-active" + output = router.net.cmd_raises( + "vtysh -c 'show mgmt get-data " + f'/ietf-key-chain:key-chains/key-chain[name="{keychain}"]' + f'/key[key-id="{keyid}"]/{node} json' + "'" + ) + jd = json.loads(output) + return jd["ietf-key-chain:key-chains"]["key-chain"][0]["key"][0][node] + + +def test_send_accept(tgen): + if tgen.routers_have_failure(): + pytest.skip(tgen.errors) + + r1 = tgen.gears["r1"] + + conf = """conf t +key chain kc + key 1 + key-string theSecret + cryptographic-algorithm hmac-sha-256 + exit +exit +""" + r1.vtysh_multicmd(conf.split("\n"), pretty_output=True) + assert is_key_active(r1, "kc", 1, DIR_SEND) + assert is_key_active(r1, "kc", 1, DIR_ACCEPT) + + conf = """conf t +key chain kc + key 1 + key-string theSecret + cryptographic-algorithm hmac-sha-256 + send-lifetime 00:00:00 Jan 1 2024 infinite + accept-lifetime 00:00:00 Jan 1 2024 infinite + exit +exit +""" + r1.vtysh_multicmd(conf.split("\n"), pretty_output=True) + assert is_key_active(r1, "kc", 1, DIR_SEND) + assert is_key_active(r1, "kc", 1, DIR_ACCEPT) + + conf = """conf t +key chain kc + key 1 + send-lifetime 00:00:00 Jan 1 2035 infinite + accept-lifetime 00:00:00 Jan 1 2035 infinite + exit +exit +""" + r1.vtysh_multicmd(conf.split("\n"), pretty_output=True) + assert not is_key_active(r1, "kc", 1, DIR_SEND) + assert not is_key_active(r1, "kc", 1, DIR_ACCEPT) + + secs_in_10_years = 60 * 60 * 24 * 365 * 10 + conf = f"""conf t +key chain kc + key 2 + key-string theSecret + cryptographic-algorithm hmac-sha-256 + send-lifetime 00:00:00 Jan 1 2024 duration {secs_in_10_years} + accept-lifetime 00:00:00 Jan 1 2024 duration {secs_in_10_years} + exit +exit +""" + r1.vtysh_multicmd(conf.split("\n"), pretty_output=True) + assert is_key_active(r1, "kc", 2, DIR_SEND) + assert is_key_active(r1, "kc", 2, DIR_ACCEPT) + + conf = f"""conf t +key chain kc + key 2 + send-lifetime 00:00:00 Jan 1 2000 duration 10 + accept-lifetime 00:00:00 Jan 1 2000 duration 10 + exit +exit +""" + r1.vtysh_multicmd(conf.split("\n"), pretty_output=True) + assert not is_key_active(r1, "kc", 2, DIR_SEND) + assert not is_key_active(r1, "kc", 2, DIR_ACCEPT) + + conf = """conf t +key chain kc + key 3 + key-string theSecret + cryptographic-algorithm hmac-sha-256 + send-lifetime 00:00:00 Jan 1 2024 23:59:59 Dec 31 2034 + accept-lifetime 00:00:00 Jan 1 2024 23:59:59 Dec 31 2034 + exit +exit +""" + r1.vtysh_multicmd(conf.split("\n"), pretty_output=True) + assert is_key_active(r1, "kc", 3, DIR_SEND) + assert is_key_active(r1, "kc", 3, DIR_ACCEPT) + + conf = """conf t +key chain kc + key 3 + send-lifetime 00:00:00 Dec 1 2035 23:59:59 Dec 31 2034 + accept-lifetime 00:00:00 Dec 1 2035 23:59:59 Dec 31 2034 + exit +exit +""" + r1.vtysh_multicmd(conf.split("\n"), pretty_output=True) + assert not is_key_active(r1, "kc", 3, DIR_SEND) + assert not is_key_active(r1, "kc", 3, DIR_ACCEPT) |