From b5c485b0546b8a000c367d970917096e01fc8aa5 Mon Sep 17 00:00:00 2001 From: Mattia Dal Ben Date: Fri, 12 Jan 2024 08:39:19 +0100 Subject: [PATCH 1/3] fix(nm): remove unusable 802.1x password parameters --- .../kura/nm/configuration/NMSettingsConverter.java | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/kura/org.eclipse.kura.nm/src/main/java/org/eclipse/kura/nm/configuration/NMSettingsConverter.java b/kura/org.eclipse.kura.nm/src/main/java/org/eclipse/kura/nm/configuration/NMSettingsConverter.java index ab4b73428cc..4e380fe34c7 100644 --- a/kura/org.eclipse.kura.nm/src/main/java/org/eclipse/kura/nm/configuration/NMSettingsConverter.java +++ b/kura/org.eclipse.kura.nm/src/main/java/org/eclipse/kura/nm/configuration/NMSettingsConverter.java @@ -204,14 +204,7 @@ private static void create8021xTls(NetworkProperties props, String deviceId, Map } else { logger.error("Unable to decode Private Key for interface \"{}\"", deviceId); } - - Optional privateKeyPassword = props.getOpt(Password.class, - "net.interface.%s.config.802-1x.private-key-password", deviceId); - - privateKeyPassword.ifPresent(value -> settings.put("private-key-password", new Variant<>(value.toString()))); - settings.put("private-key-password-flags", new Variant<>(NM_SECRET_FLAGS_NOT_REQUIRED)); - } private static void create8021xOptionalCaCertAndAnonIdentity(NetworkProperties props, String deviceId, @@ -230,10 +223,6 @@ private static void create8021xOptionalCaCertAndAnonIdentity(NetworkProperties p logger.warn("Unable to decode CA Certificate for interface \"{}\", caused by: ", deviceId, e); } }); - - Optional caCertPassword = props.getOpt(Password.class, - "net.interface.%s.config.802-1x.ca-cert-password", deviceId); - caCertPassword.ifPresent(value -> settings.put("ca-cert-password", new Variant<>(value.toString()))); } private static void create8021xMschapV2(NetworkProperties props, String deviceId, From ea2bc63e469e120583fb2068ed48b8b7065b2d33 Mon Sep 17 00:00:00 2001 From: Mattia Dal Ben Date: Fri, 12 Jan 2024 08:40:00 +0100 Subject: [PATCH 2/3] test(nm): update tests to take into account password param removal --- .../NMSettingsConverterTest.java | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/kura/test/org.eclipse.kura.nm.test/src/test/java/org/eclipse/kura/nm/configuration/NMSettingsConverterTest.java b/kura/test/org.eclipse.kura.nm.test/src/test/java/org/eclipse/kura/nm/configuration/NMSettingsConverterTest.java index 9ad41d0d70a..2053331ce96 100644 --- a/kura/test/org.eclipse.kura.nm.test/src/test/java/org/eclipse/kura/nm/configuration/NMSettingsConverterTest.java +++ b/kura/test/org.eclipse.kura.nm.test/src/test/java/org/eclipse/kura/nm/configuration/NMSettingsConverterTest.java @@ -567,7 +567,6 @@ public void build8021xSettingsShouldWorkWithTtlsAndMschapV2AndOptionalParams() { givenMapWith("net.interface.wlan0.config.802-1x.anonymous-identity", "anonymous-identity-test-var"); givenMapWith("net.interface.wlan0.config.802-1x.ca-cert-name", buildMockedCertificateWithCert("binary ca cert")); - givenMapWith("net.interface.wlan0.config.802-1x.ca-cert-password", new Password("secure-password")); givenMapWith("net.interface.wlan0.config.802-1x.identity", "example-user-name"); givenMapWith("net.interface.wlan0.config.802-1x.password", new Password("secure-test-password-123!@#")); givenNetworkPropsCreatedWithTheMap(this.internetNetworkPropertiesInstanciationMap); @@ -580,10 +579,10 @@ public void build8021xSettingsShouldWorkWithTtlsAndMschapV2AndOptionalParams() { thenResultingMapContains("phase2-auth", "mschapv2"); thenResultingMapContains("anonymous-identity", "anonymous-identity-test-var"); thenResultingMapContainsBytes("ca-cert", "binary ca cert"); - thenResultingMapContains("ca-cert-password", "secure-password"); thenResultingMapContains("identity", "example-user-name"); thenResultingMapContains("password", "secure-test-password-123!@#"); + thenResultingMapNotContains("ca-cert-password"); } @Test @@ -599,12 +598,13 @@ public void build8021xSettingsShouldWorkWithPeapAndMschapV2() { thenNoExceptionOccurred(); thenResultingMapContainsArray("eap", new Variant<>(new String[] { "peap" }).getValue()); - thenResultingMapNotContains("anonymous-identity"); - thenResultingMapNotContains("ca-cert"); - thenResultingMapNotContains("ca-cert-password"); thenResultingMapContains("phase2-auth", "mschapv2"); thenResultingMapContains("identity", "example-user-name"); thenResultingMapContains("password", "secure-test-password-123!@#"); + + thenResultingMapNotContains("anonymous-identity"); + thenResultingMapNotContains("ca-cert"); + thenResultingMapNotContains("ca-cert-password"); } @Test @@ -613,7 +613,6 @@ public void build8021xSettingsShouldWorkWithPeapAndMschapV2AndCertificates() { givenMapWith("net.interface.wlan0.config.802-1x.anonymous-identity", "anonymous-identity-test-var"); givenMapWith("net.interface.wlan0.config.802-1x.ca-cert-name", buildMockedCertificateWithCert("binary ca cert")); - givenMapWith("net.interface.wlan0.config.802-1x.ca-cert-password", new Password("secure-password")); givenMapWith("net.interface.wlan0.config.802-1x.innerAuth", "Kura8021xInnerAuthMschapv2"); givenMapWith("net.interface.wlan0.config.802-1x.identity", "example-user-name"); givenMapWith("net.interface.wlan0.config.802-1x.password", new Password("secure-test-password-123!@#")); @@ -626,10 +625,11 @@ public void build8021xSettingsShouldWorkWithPeapAndMschapV2AndCertificates() { thenResultingMapContainsArray("eap", new Variant<>(new String[] { "peap" }).getValue()); thenResultingMapContains("anonymous-identity", "anonymous-identity-test-var"); thenResultingMapContainsBytes("ca-cert", "binary ca cert"); - thenResultingMapContains("ca-cert-password", "secure-password"); thenResultingMapContains("phase2-auth", "mschapv2"); thenResultingMapContains("identity", "example-user-name"); thenResultingMapContains("password", "secure-test-password-123!@#"); + + thenResultingMapNotContains("ca-cert-password"); } @Test @@ -652,7 +652,6 @@ public void build8021xSettingsShouldWorkWithTls() { buildMockedCertificateWithCert("binary client cert")); givenMapWith("net.interface.wlan0.config.802-1x.private-key-name", buildMockedPrivateKeyWithKey("binary private key")); - givenMapWith("net.interface.wlan0.config.802-1x.private-key-password", new Password("secure-password")); givenNetworkPropsCreatedWithTheMap(this.internetNetworkPropertiesInstanciationMap); whenBuild8021xSettingsIsRunWith(this.networkProperties, "wlan0"); @@ -666,7 +665,10 @@ public void build8021xSettingsShouldWorkWithTls() { thenResultingMapContainsBytes("client-cert", "binary client cert"); thenResultingMapContainsBytes("private-key", "-----BEGIN PRIVATE KEY-----\nYmluYXJ5IHByaXZhdGUga2V5\n-----END PRIVATE KEY-----\n"); - thenResultingMapContains("private-key-password", "secure-password"); + + thenResultingMapNotContains("private-key-password"); + thenResultingMapNotContains("ca-cert-password"); + thenResultingMapNotContains("client-cert-password"); } @Test @@ -679,7 +681,6 @@ public void build8021xSettingsShouldThrowWithTlsWithNullPrivateKey() { givenMapWith("net.interface.wlan0.config.802-1x.client-cert-name", buildMockedCertificateWithCert("binary client cert")); givenMapWith("net.interface.wlan0.config.802-1x.private-key-name", null); - givenMapWith("net.interface.wlan0.config.802-1x.private-key-password", new Password("secure-password")); givenNetworkPropsCreatedWithTheMap(this.internetNetworkPropertiesInstanciationMap); whenBuild8021xSettingsIsRunWith(this.networkProperties, "wlan0"); @@ -697,7 +698,6 @@ public void build8021xSettingsShouldThrowWithTlsWithWrongTypePrivateKey() { givenMapWith("net.interface.wlan0.config.802-1x.client-cert-name", buildMockedCertificateWithCert("binary client cert")); givenMapWith("net.interface.wlan0.config.802-1x.private-key-name", ""); - givenMapWith("net.interface.wlan0.config.802-1x.private-key-password", new Password("secure-password")); givenNetworkPropsCreatedWithTheMap(this.internetNetworkPropertiesInstanciationMap); whenBuild8021xSettingsIsRunWith(this.networkProperties, "wlan0"); @@ -715,7 +715,6 @@ public void build8021xSettingsShouldWorkWithTlsWithNullCACert() { buildMockedCertificateWithCert("binary client cert")); givenMapWith("net.interface.wlan0.config.802-1x.private-key-name", buildMockedPrivateKeyWithKey("binary private key")); - givenMapWith("net.interface.wlan0.config.802-1x.private-key-password", new Password("secure-password")); givenNetworkPropsCreatedWithTheMap(this.internetNetworkPropertiesInstanciationMap); whenBuild8021xSettingsIsRunWith(this.networkProperties, "wlan0"); @@ -727,10 +726,12 @@ public void build8021xSettingsShouldWorkWithTlsWithNullCACert() { thenResultingMapContainsBytes("client-cert", "binary client cert"); thenResultingMapContainsBytes("private-key", "-----BEGIN PRIVATE KEY-----\nYmluYXJ5IHByaXZhdGUga2V5\n-----END PRIVATE KEY-----\n"); - thenResultingMapContains("private-key-password", "secure-password"); thenResultingMapNotContains("phase2-auth"); thenResultingMapNotContains("ca-cert"); + thenResultingMapNotContains("private-key-password"); + thenResultingMapNotContains("ca-cert-password"); + thenResultingMapNotContains("client-cert-password"); } @Test @@ -744,7 +745,6 @@ public void build8021xSettingsShouldWorkWithTlsWithWrongTypeCACert() { buildMockedCertificateWithCert("binary client cert")); givenMapWith("net.interface.wlan0.config.802-1x.private-key-name", buildMockedPrivateKeyWithKey("binary private key")); - givenMapWith("net.interface.wlan0.config.802-1x.private-key-password", new Password("secure-password")); givenNetworkPropsCreatedWithTheMap(this.internetNetworkPropertiesInstanciationMap); whenBuild8021xSettingsIsRunWith(this.networkProperties, "wlan0"); @@ -756,10 +756,12 @@ public void build8021xSettingsShouldWorkWithTlsWithWrongTypeCACert() { thenResultingMapContainsBytes("client-cert", "binary client cert"); thenResultingMapContainsBytes("private-key", "-----BEGIN PRIVATE KEY-----\nYmluYXJ5IHByaXZhdGUga2V5\n-----END PRIVATE KEY-----\n"); - thenResultingMapContains("private-key-password", "secure-password"); thenResultingMapNotContains("phase2-auth"); thenResultingMapNotContains("ca-cert"); + thenResultingMapNotContains("private-key-password"); + thenResultingMapNotContains("ca-cert-password"); + thenResultingMapNotContains("client-cert-password"); } @Test @@ -1447,7 +1449,6 @@ public void buildSettingsShouldWorkWith8021x() { givenMapWith("net.interface.wlan0.config.802-1x.anonymous-identity", "anonymous-identity-test-var"); givenMapWith("net.interface.wlan0.config.802-1x.ca-cert-name", buildMockedCertificateWithCert("binary ca cert")); - givenMapWith("net.interface.wlan0.config.802-1x.ca-cert-password", new Password("secure-password")); givenMapWith("net.interface.wlan0.config.802-1x.identity", "example-user-name"); givenMapWith("net.interface.wlan0.config.802-1x.password", new Password("secure-test-password-123!@#")); givenNetworkPropsCreatedWithTheMap(this.internetNetworkPropertiesInstanciationMap); @@ -1472,7 +1473,6 @@ public void buildSettingsShouldWorkWith8021x() { thenResultingBuildAllMapContains("802-1x", "phase2-auth", "mschapv2"); thenResultingBuildAllMapContains("802-1x", "anonymous-identity", "anonymous-identity-test-var"); thenResultingBuildAllMapContainsBytes("802-1x", "ca-cert", "binary ca cert"); - thenResultingBuildAllMapContains("802-1x", "ca-cert-password", "secure-password"); thenResultingBuildAllMapContains("802-1x", "identity", "example-user-name"); thenResultingBuildAllMapContains("802-1x", "password", "secure-test-password-123!@#"); } From 406bfe04ff04473e0ccfe96df1da15d5c672f093 Mon Sep 17 00:00:00 2001 From: Mattia Dal Ben Date: Fri, 12 Jan 2024 08:47:30 +0100 Subject: [PATCH 3/3] test(nm): add additional check for ca-cert-password non-existence --- .../eclipse/kura/nm/configuration/NMSettingsConverterTest.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kura/test/org.eclipse.kura.nm.test/src/test/java/org/eclipse/kura/nm/configuration/NMSettingsConverterTest.java b/kura/test/org.eclipse.kura.nm.test/src/test/java/org/eclipse/kura/nm/configuration/NMSettingsConverterTest.java index 2053331ce96..dae4d0cf547 100644 --- a/kura/test/org.eclipse.kura.nm.test/src/test/java/org/eclipse/kura/nm/configuration/NMSettingsConverterTest.java +++ b/kura/test/org.eclipse.kura.nm.test/src/test/java/org/eclipse/kura/nm/configuration/NMSettingsConverterTest.java @@ -1475,6 +1475,8 @@ public void buildSettingsShouldWorkWith8021x() { thenResultingBuildAllMapContainsBytes("802-1x", "ca-cert", "binary ca cert"); thenResultingBuildAllMapContains("802-1x", "identity", "example-user-name"); thenResultingBuildAllMapContains("802-1x", "password", "secure-test-password-123!@#"); + + thenResultingBuildAllMapNotContains("802-1x", "ca-cert-password"); } @Test