govwifi_eapoltest 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +7 -0
  2. data/lib/eapoltest_client.rb +7 -0
  3. data/lib/govwifi_eapoltest/version.rb +5 -0
  4. data/lib/govwifi_eapoltest.rb +61 -0
  5. data/lib/matchers/eapoltest_matchers.rb +37 -0
  6. data/lib/services.rb +9 -0
  7. data/templates/eap-tls.conf.erb +8 -0
  8. data/templates/peap-mschapv2.conf.erb +11 -0
  9. metadata +96 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: ad381ae439ded57796071496a6ab798564086fee616d0be6a3b2401d73666afe
4
+ data.tar.gz: 79c09a1498203146e6e4d292258d22abd7bf837e3d10f7be325a036f31cf1718
5
+ SHA512:
6
+ metadata.gz: d07945a7d60b93c569da0313bbd0e43d1a02879fa9d8d2af318bbaf4034aebf9002645917a4dfa9e2f43fcece4613193e0815ec512770369f19ca21cfb6c1d04
7
+ data.tar.gz: 613cfbfe187baac5a18ec17ad41a226a31f38ec54b819bdd9d71ffa5be2b262aefe1395f42a3688769a444bfd6003475202511b66dc22489cfb9d34f930113f9
data/lib/eapoltest_client.rb ADDED
@@ -0,0 +1,7 @@
1
+ # frozen_string_literal: true
2
+
3
+ class EapoltestClient
4
+ def self.run(config_file_path: nil, radius_ip: nil, secret: nil)
5
+ `eapol_test -t9 -c #{config_file_path} -a #{radius_ip} -s #{secret}`
6
+ end
7
+ end
data/lib/govwifi_eapoltest/version.rb ADDED
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ class GovwifiEapoltest
4
+ VERSION = "0.1.0"
5
+ end
data/lib/govwifi_eapoltest.rb ADDED
@@ -0,0 +1,61 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "erb"
4
+ require "tempfile"
5
+ require_relative "./govwifi_eapoltest/version"
6
+ require_relative "./matchers/eapoltest_matchers"
7
+ require_relative "./services"
8
+ class GovwifiEapoltest
9
+ PEAP_MSCHAP_TEMPLATE_PATH = "#{File.dirname(__FILE__)}/../templates/peap-mschapv2.conf.erb".freeze
10
+ EAP_TLS_TEMPLATE_PATH = "#{File.dirname(__FILE__)}/../templates/eap-tls.conf.erb".freeze
11
+ SSID = "GovWifi"
12
+
13
+ def initialize(radius_ips:, secret:)
14
+ @radius_ips = radius_ips
15
+ @secret = secret
16
+ end
17
+
18
+ def run_peap_mschapv2(server_cert_path:, username:, password:, tls_version: :tls1_2)
19
+ raise "Unknown TLS version #{tls_version}" unless %i[tls1_0 tls1_1 tls1_2 tls1_3].include?(tls_version)
20
+
21
+ phase1_tls1_0 = "tls_disable_tlsv1_0=#{tls_version == :tls1_0 ? 0 : 1}"
22
+ phase1_tls1_1 = "tls_disable_tlsv1_1=#{tls_version == :tls1_1 ? 0 : 1}"
23
+ phase1_tls1_2 = "tls_disable_tlsv1_2=#{tls_version == :tls1_2 ? 0 : 1}"
24
+ phase1_tls1_3 = "tls_disable_tlsv1_3=#{tls_version == :tls1_3 ? 0 : 1}"
25
+
26
+ phase1 = [phase1_tls1_0, phase1_tls1_1, phase1_tls1_2, phase1_tls1_3].join(" ")
27
+
28
+ variables = {
29
+ ssid: SSID,
30
+ identity: username,
31
+ password:,
32
+ server_cert_path:,
33
+ phase1:,
34
+ }
35
+
36
+ run_eapol(PEAP_MSCHAP_TEMPLATE_PATH, variables:)
37
+ end
38
+
39
+ def run_eap_tls(server_cert_path:, client_cert_path:, client_key_path:)
40
+ variables = {
41
+ server_cert_path:,
42
+ client_cert_path:,
43
+ client_key_path:,
44
+ }
45
+
46
+ run_eapol(EAP_TLS_TEMPLATE_PATH, variables:)
47
+ end
48
+
49
+ private
50
+
51
+ def run_eapol(config_template_path, variables: {})
52
+ file = Tempfile.new
53
+ file.write ERB.new(File.read(config_template_path)).result_with_hash(variables)
54
+ file.close
55
+ @radius_ips.map do |radius_ip|
56
+ Services.eapol_test.run(config_file_path: file.path, radius_ip:, secret: @secret)
57
+ end
58
+ ensure
59
+ file.unlink
60
+ end
61
+ end
data/lib/matchers/eapoltest_matchers.rb ADDED
@@ -0,0 +1,37 @@
1
+ # frozen_string_literal: true
2
+
3
+ RSpec::Matchers.define :use_tls_version_1_0 do
4
+ match do |output|
5
+ !output.include?("SSL: Using TLS version TLSv1.") && output.include?("SSL: Using TLS version TLSv1")
6
+ end
7
+ end
8
+
9
+ RSpec::Matchers.define :use_tls_version_1_1 do
10
+ match do |output|
11
+ output.include?("SSL: Using TLS version TLSv1.1")
12
+ end
13
+ end
14
+
15
+ RSpec::Matchers.define :use_tls_version_1_2 do
16
+ match do |output|
17
+ output.include?("SSL: Using TLS version TLSv1.2")
18
+ end
19
+ end
20
+
21
+ RSpec::Matchers.define :use_tls_version_1_3 do
22
+ match do |output|
23
+ output.include?("SSL: Using TLS version TLSv1.3")
24
+ end
25
+ end
26
+
27
+ RSpec::Matchers.define :have_been_successful do
28
+ match do |output|
29
+ output.split("\n").last == "SUCCESS"
30
+ end
31
+ end
32
+
33
+ RSpec::Matchers.define :have_failed do
34
+ match do |output|
35
+ output.split("\n").last == "FAILURE"
36
+ end
37
+ end
data/lib/services.rb ADDED
@@ -0,0 +1,9 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "./eapoltest_client"
4
+
5
+ module Services
6
+ def self.eapol_test
7
+ EapoltestClient
8
+ end
9
+ end
data/templates/eap-tls.conf.erb ADDED
@@ -0,0 +1,8 @@
1
+ network={
2
+ key_mgmt=WPA-EAP
3
+ eap=TLS
4
+ anonymous_identity="test@client.org"
5
+ ca_cert="<%= server_cert_path %>"
6
+ client_cert="<%= client_cert_path %>"
7
+ private_key="<%= client_key_path %>"
8
+ }
data/templates/peap-mschapv2.conf.erb ADDED
@@ -0,0 +1,11 @@
1
+ network={
2
+ ssid="<%= ssid %>"
3
+ key_mgmt=WPA-EAP
4
+ eap=PEAP
5
+ identity="<%= identity %>"
6
+ anonymous_identity="anonymous"
7
+ password="<%= password %>"
8
+ phase1="<%= phase1 %>"
9
+ phase2="autheap=MSCHAPV2"
10
+ ca_cert="<%= server_cert_path %>"
11
+ }
metadata ADDED
@@ -0,0 +1,96 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: govwifi_eapoltest
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - koetsier
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2023-10-15 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rspec
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rubocop-govuk
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ description: These are a set of helpers to test Freeradius.
56
+ email:
57
+ - jos.koetsier@digital.cabinet-office.gov.uk
58
+ executables: []
59
+ extensions: []
60
+ extra_rdoc_files: []
61
+ files:
62
+ - lib/eapoltest_client.rb
63
+ - lib/govwifi_eapoltest.rb
64
+ - lib/govwifi_eapoltest/version.rb
65
+ - lib/matchers/eapoltest_matchers.rb
66
+ - lib/services.rb
67
+ - templates/eap-tls.conf.erb
68
+ - templates/peap-mschapv2.conf.erb
69
+ homepage: https://github.com/alphagov/govwifi_eapoltest
70
+ licenses:
71
+ - MIT
72
+ metadata:
73
+ homepage_uri: https://github.com/alphagov/govwifi_eapoltest
74
+ source_code_uri: https://github.com/alphagov/govwifi_eapoltest
75
+ changelog_uri: https://www.wifi.service.gov.uk/
76
+ post_install_message:
77
+ rdoc_options: []
78
+ require_paths:
79
+ - lib
80
+ - templates
81
+ required_ruby_version: !ruby/object:Gem::Requirement
82
+ requirements:
83
+ - - ">="
84
+ - !ruby/object:Gem::Version
85
+ version: 3.2.2
86
+ required_rubygems_version: !ruby/object:Gem::Requirement
87
+ requirements:
88
+ - - ">="
89
+ - !ruby/object:Gem::Version
90
+ version: '0'
91
+ requirements: []
92
+ rubygems_version: 3.4.20
93
+ signing_key:
94
+ specification_version: 4
95
+ summary: Test helpers for Freeradius
96
+ test_files: []