///////////////////////////////////////////////////////////////////////////////
// Copyright (c) 2000-2019 Ericsson Telecom AB                               //
//                                                                           //
// All rights reserved. This program and the accompanying materials          //
// are made available under the terms of the Eclipse Public License v2.0     //
// which accompanies this distribution, and is available at                  //
// https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.html                                 //
///////////////////////////////////////////////////////////////////////////////
module EPTF_Transport_IPsecHandler_TestCases {

import from EPTF_Transport_IPsecHandler_Test_Definitions all;
import from EPTF_Transport_IPsecHandler_Test_Functions all;
import from TCCIPsec_XFRM_Definitions all;
import from TCCIPsec_Definitions all;

import from EPTF_CLL_Transport_IPsecHandler_Functions all;
import from EPTF_CLL_Transport_Functions all;
import from EPTF_CLL_Base_Functions all;

import from EPTF_CLL_Transport_IPsecHandler_Logging_Server_Definitions all;
import from EPTF_CLL_Transport_IPsecHandler_Logging_Server_Functions all;

// starts with:
// sudo ~/ethjgi/sudo.sh  ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_createSA_test
// creates SP and removes it, checks it with "ip addr policy"
testcase tc_Transport_IPsecHandler_createSP_test() runs on EPTF_Transport_IPsecHandler_Test_CT {

    f_EPTF_Transport_IPsecHandler_init_CT("tc_Transport_IPsecHandler_createSP_test");
    

    var charstring pl_srcAddr := "127.0.0.1";//"6.0.0.86";//"127.0.0.1";
    var integer pl_srcPort := 44332;
    var charstring pl_dstAddr := "127.0.0.1";//"6.0.0.159";//"6.0.0.86";//"127.0.0.1";
    var integer pl_dstPort := 44333;
    var integer pl_spi := 1;
    var integer pl_lifeTime := 10;
    var TCCIPsec_PolicyDirection  pl_dir := outDir;
    var TCCIPsec_Algorithm pl_algo := {encrAndAuth := {
      ealgo := EALG_AESCBC,//EALG_NONE,
      ekey := {text := "0123456789012345"},
      aalgo := AALG_MD5HMAC,
      akey := {text := "0123456789012345"}
    }};
    
    
    var XFRM_Result vl_XFRM_Result;

    var SPAddInfo vl_add_pol_info := {
      update := true,
      protocol := TCP,
      src := {pl_srcAddr,pl_srcPort,omit},
      dst := {pl_dstAddr,pl_dstPort,omit},
		  dir := OUT,
		  tmpl := {
		  {
			  src := omit,
			  dst := omit,
			  spi := 1,
			  reqid := 1,
			  share := omit,
			  ipsec := ESP,
			  mode := TRANSPORT,
			  level := use
		  }
      },
      info := {	
        share := USER,
        priority := omit,
        policy_action := ALLOW,
        index := omit,
        interface_index := omit,
        limits := {
          soft_byte_limit := omit,
          hard_byte_limit := omit,
          soft_packet_limit := omit,
          hard_packet_limit := omit,
          soft_add_expires_seconds := 3600,
          hard_add_expires_seconds := 3600,
          soft_use_expires_seconds := omit,
          hard_use_expires_seconds := omit
        }
      }
    };
    
    action("vl_add_pol_info: ", vl_add_pol_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info);
    action("createSP RESULT: ",vl_XFRM_Result);
    
    // check pol info by shell command:
    //var charstring vl_command := "ip xfrm state";
    var charstring vl_command := "ip xfrm policy";
    var charstring vl_stdout, vl_stderr;
    if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
      setverdict(inconc,"Cannot execute the command "&vl_command);
    }
    action("Result: ", vl_stdout, " errors: ",vl_stderr);
    var boolean vl_passResult := vl_stdout != "" and vl_stderr == "";


    // delete SP:
    
    var SPDelInfo vl_del_pol_info := {
      dir := OUT,
      protocol := TCP, 
      src := {pl_srcAddr,pl_srcPort,omit},
      dst := {pl_dstAddr,pl_dstPort,omit}
    };
    
    action("vl_del_pol_info: ", vl_del_pol_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSP(vl_del_pol_info);
    action("deleteSP RESULT: ",vl_XFRM_Result);
    
    // check the result
    
    if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
      setverdict(inconc,"Cannot execute the command "&vl_command);
    }
    action("Result: ", vl_stdout, " errors: ",vl_stderr);
    vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == "";
    if (vl_passResult) {
      setverdict (pass)
    } else {
      setverdict (fail, "Create/Delete SP failed")
    }

    f_EPTF_Base_stop(none);
}

// starts with:
// sudo ~/ethjgi/sudo.sh  ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_createSA_test
// creates SA and removes it, checks it with "ip addr policy/state"
testcase tc_Transport_IPsecHandler_createSA_test() runs on EPTF_Transport_IPsecHandler_Test_CT {

    f_EPTF_Transport_IPsecHandler_init_CT("tc_Transport_IPsecHandler_createSA_test");
    

    var charstring pl_srcAddr := "127.0.0.1";//"6.0.0.86";//"127.0.0.1";
    var integer pl_srcPort := 44332;
    var charstring pl_dstAddr := "127.0.0.1";//"6.0.0.159";//"6.0.0.86";//"127.0.0.1";
    var integer pl_dstPort := 44333;
    var integer pl_spi := 1;
    var integer pl_lifeTime := 10;
    var TCCIPsec_PolicyDirection  pl_dir := outDir;
    var TCCIPsec_Algorithm pl_algo := {encrAndAuth := {
      ealgo := EALG_AESCBC,//EALG_NONE,
      ekey := {text := "0123456789012345"},
      aalgo := AALG_MD5HMAC,
      akey := {text := "0123456789012345"}
    }};
    
    
    var XFRM_Result vl_XFRM_Result;

    var SPAddInfo vl_add_pol_info := {
      update := true,
      protocol := TCP,
      src := {pl_srcAddr,pl_srcPort,omit},
      dst := {pl_dstAddr,pl_dstPort,omit},
		  dir := OUT,
		  tmpl := {
		  {
			  src := omit,
			  dst := omit,
			  spi := 1,
			  reqid := 1,
			  share := omit,
			  ipsec := ESP,
			  mode := TRANSPORT,
			  level := use
		  }
      },
      info := {	
        share := USER,
        priority := omit,
        policy_action := ALLOW,
        index := omit,
        interface_index := omit,
        limits := {
          soft_byte_limit := omit,
          hard_byte_limit := omit,
          soft_packet_limit := omit,
          hard_packet_limit := omit,
          soft_add_expires_seconds := 3600,
          hard_add_expires_seconds := 3600,
          soft_use_expires_seconds := omit,
          hard_use_expires_seconds := omit
        }
      }
    };
    
    action("vl_add_pol_info: ", vl_add_pol_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info);
    action("createSP RESULT: ",vl_XFRM_Result);
    
    var SAAddInfo vl_sa_add_info := {
    	update := omit,
        protocol := TCP,
    	ipsec := ESP,
    	ipsec_algos := {
      	auth := { name := HMAC_MD5, key := {text:="0123456789012345"}},
      	enc  := { name := CBC_AES, key := {text:="0123456789012345"}}
    	},
    	mode := TRANSPORT,
    	spi := 1,
    	src := {pl_srcAddr,pl_srcPort, omit},
    	dst := {pl_dstAddr,pl_dstPort, omit},
			nat_t := omit,//{ESPINUDP,4500,4500,omit},
			info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}}
  	};
    
    action("vl_sa_add_info: ", vl_sa_add_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info);
    action("createSA RESULT: ",vl_XFRM_Result);


    // check pol info by shell command:
    //var charstring vl_command := "ip xfrm state";
    var charstring vl_command := "ip xfrm policy";
    var charstring vl_stdout, vl_stderr;
    if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
      setverdict(inconc,"Cannot execute the command "&vl_command);
    }
    action("Result: ", vl_stdout, " errors: ",vl_stderr);
    var boolean vl_passResult := vl_stdout != "" and vl_stderr == "";
    
    // check association info by shell command:
    vl_command := "ip xfrm state";
    if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
      setverdict(inconc,"Cannot execute the command "&vl_command);
    }
    action("Result: ", vl_stdout, " errors: ",vl_stderr);
    vl_passResult := vl_passResult and vl_stdout != "" and vl_stderr == "";


    // delete SP
    
    var SPDelInfo vl_del_pol_info := {
      dir := OUT,
      protocol := TCP, 
      src := {pl_srcAddr,pl_srcPort,omit},
      dst := {pl_dstAddr,pl_dstPort,omit}
    };
    
    action("vl_del_pol_info: ", vl_del_pol_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSP(vl_del_pol_info);
    action("deleteSP RESULT: ",vl_XFRM_Result);
    
    
    // delete SA:
    
    var SADelInfo vl_del_sa_info := {
      proto := ESP,
      spi := 1,
      src := {pl_srcAddr,pl_srcPort, omit},
      dst := {pl_dstAddr,pl_dstPort, omit}
    };     
	 
    action("vl_del_sa_info: ", vl_del_sa_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSA(vl_del_sa_info);
    action("deleteSA RESULT: ",vl_XFRM_Result);

    // check the result:
    
    vl_command := "ip xfrm policy";
    if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
      setverdict(inconc,"Cannot execute the command "&vl_command);
    }
    action("Result: ", vl_stdout, " errors: ",vl_stderr);
    vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == "";

    vl_command := "ip xfrm state";
    if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
      setverdict(inconc,"Cannot execute the command "&vl_command);
    }
    action("Result: ", vl_stdout, " errors: ",vl_stderr);
    vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == "";


    if (vl_passResult) {
      setverdict (pass)
    } else {
      setverdict (fail, "Create/Delete SP/SA failed")
    }

    f_EPTF_Base_stop(none);
}

// starts with:
// sudo ~/ethjgi/sudo.sh  ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_createSAWithLogging_test
// creates SA and removes it, checks it with "ip addr policy/state"
// This is the same test as tc_Transport_IPsecHandler_createSA_test but with IPSec logging enabled
testcase tc_Transport_IPsecHandler_createSAWithLogging_test() runs on EPTF_Transport_IPsecHandler_Test_CT {

    var EPTF_CLL_Transport_IPsecHandler_Logging_Server_CT vl_loggingServer := EPTF_CLL_Transport_IPsecHandler_Logging_Server_CT.create;
    vl_loggingServer.start(f_EPTF_CLL_Transport_IPsecHandler_Logging_Server_behaviour("./", "IPsec.log"));
    
    f_EPTF_Transport_IPsecHandler_init_CT("tc_Transport_IPsecHandler_createSAWithLogging_test",vl_loggingServer);
    

    var charstring pl_srcAddr := "127.0.0.1";//"6.0.0.86";//"127.0.0.1";
    var integer pl_srcPort := 44332;
    var charstring pl_dstAddr := "127.0.0.1";//"6.0.0.159";//"6.0.0.86";//"127.0.0.1";
    var integer pl_dstPort := 44333;
    var integer pl_spi := 1;
    var integer pl_lifeTime := 10;
    var TCCIPsec_PolicyDirection  pl_dir := outDir;
    var TCCIPsec_Algorithm pl_algo := {encrAndAuth := {
      ealgo := EALG_AESCBC,//EALG_NONE,
      ekey := {text := "0123456789012345"},
      aalgo := AALG_MD5HMAC,
      akey := {text := "0123456789012345"}
    }};
    
    
    var XFRM_Result vl_XFRM_Result;

    var SPAddInfo vl_add_pol_info := {
      update := true,
      protocol := TCP,
      src := {pl_srcAddr,pl_srcPort,omit},
      dst := {pl_dstAddr,pl_dstPort,omit},
		  dir := OUT,
		  tmpl := {
		  {
			  src := omit,
			  dst := omit,
			  spi := 1,
			  reqid := 1,
			  share := omit,
			  ipsec := ESP,
			  mode := TRANSPORT,
			  level := use
		  }
      },
      info := {	
        share := USER,
        priority := omit,
        policy_action := ALLOW,
        index := omit,
        interface_index := omit,
        limits := {
          soft_byte_limit := omit,
          hard_byte_limit := omit,
          soft_packet_limit := omit,
          hard_packet_limit := omit,
          soft_add_expires_seconds := 3600,
          hard_add_expires_seconds := 3600,
          soft_use_expires_seconds := omit,
          hard_use_expires_seconds := omit
        }
      }
    };
    
    action("vl_add_pol_info: ", vl_add_pol_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info);
    action("createSP RESULT: ",vl_XFRM_Result);
    
    var SAAddInfo vl_sa_add_info := {
    	update := omit,
        protocol := TCP,
    	ipsec := ESP,
    	ipsec_algos := {
      	auth := { name := HMAC_MD5, key := {text:="0123456789012345"}},
      	enc  := { name := CBC_AES, key := {text:="0123456789012345"}}
    	},
    	mode := TRANSPORT,
    	spi := 1,
    	src := {pl_srcAddr,pl_srcPort, omit},
    	dst := {pl_dstAddr,pl_dstPort, omit},
			nat_t := omit,//{ESPINUDP,4500,4500,omit},
			info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}}
  	};
    
    action("vl_sa_add_info: ", vl_sa_add_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info);
    action("createSA RESULT: ",vl_XFRM_Result);


    // check pol info by shell command:
    //var charstring vl_command := "ip xfrm state";
    var charstring vl_command := "ip xfrm policy";
    var charstring vl_stdout, vl_stderr;
    if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
      setverdict(inconc,"Cannot execute the command "&vl_command);
    }
    action("Result: ", vl_stdout, " errors: ",vl_stderr);
    var boolean vl_passResult := vl_stdout != "" and vl_stderr == "";
    
    // check association info by shell command:
    vl_command := "ip xfrm state";
    if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
      setverdict(inconc,"Cannot execute the command "&vl_command);
    }
    action("Result: ", vl_stdout, " errors: ",vl_stderr);
    vl_passResult := vl_passResult and vl_stdout != "" and vl_stderr == "";


    // delete SP
    
    var SPDelInfo vl_del_pol_info := {
      dir := OUT,
      protocol := TCP, 
      src := {pl_srcAddr,pl_srcPort,omit},
      dst := {pl_dstAddr,pl_dstPort,omit}
    };
    
    action("vl_del_pol_info: ", vl_del_pol_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSP(vl_del_pol_info);
    action("deleteSP RESULT: ",vl_XFRM_Result);
    
    
    // delete SA:
    
    var SADelInfo vl_del_sa_info := {
      proto := ESP,
      spi := 1,
      src := {pl_srcAddr,pl_srcPort, omit},
      dst := {pl_dstAddr,pl_dstPort, omit}
    };     
	 
    action("vl_del_sa_info: ", vl_del_sa_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSA(vl_del_sa_info);
    action("deleteSA RESULT: ",vl_XFRM_Result);

    // check the result:
    
    vl_command := "ip xfrm policy";
    if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
      setverdict(inconc,"Cannot execute the command "&vl_command);
    }
    action("Result: ", vl_stdout, " errors: ",vl_stderr);
    vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == "";

    vl_command := "ip xfrm state";
    if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
      setverdict(inconc,"Cannot execute the command "&vl_command);
    }
    action("Result: ", vl_stdout, " errors: ",vl_stderr);
    vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == "";


    // check IPsec.log created by the server:
    vl_command := "cat IPsec.log";
    if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
      setverdict(inconc,"Cannot execute the command "&vl_command);
    }
    action("Result: ", vl_stdout, " errors: ",vl_stderr);
    if (vl_stdout == "" or vl_stderr != "") {
      setverdict(fail, "The IPsecLogging failed to create the log")
    } else {
      action("Content of IPsec logfile: "& vl_stdout);
    }


    if (vl_passResult) {
      setverdict (pass)
    } else {
      setverdict (fail, "Create/Delete SP/SA failed")
    }
    
    f_EPTF_Base_stop(none);
}

// starts with:
// sudo ~/ethjgi/sudo.sh  ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_createSA_test
// creates more then one SP/SA and removes them with flushSA/SP it, checks it with "ip addr policy/state"
testcase tc_Transport_IPsecHandler_flushSASP_test() runs on EPTF_Transport_IPsecHandler_Test_CT {

    f_EPTF_Transport_IPsecHandler_init_CT("tc_Transport_IPsecHandler_createSA_test");
    

    var charstring pl_srcAddr := "127.0.0.1";//"6.0.0.86";//"127.0.0.1";
    var integer pl_srcPort := 44332;
    var charstring pl_dstAddr := "127.0.0.1";//"6.0.0.159";//"6.0.0.86";//"127.0.0.1";
    var integer pl_dstPort := 44333;
    var integer pl_spi := 1;
    var integer pl_lifeTime := 10;
    var TCCIPsec_PolicyDirection  pl_dir := outDir;
    var TCCIPsec_Algorithm pl_algo := {encrAndAuth := {
      ealgo := EALG_AESCBC,//EALG_NONE,
      ekey := {text := "0123456789012345"},
      aalgo := AALG_MD5HMAC,
      akey := {text := "0123456789012345"}
    }};
    
    
    var XFRM_Result vl_XFRM_Result;

    var SPAddInfo vl_add_pol_info := {
      update := true,
      protocol := TCP,
      src := {pl_srcAddr,pl_srcPort,omit},
      dst := {pl_dstAddr,pl_dstPort,omit},
		  dir := OUT,
		  tmpl := {
		  {
			  src := omit,
			  dst := omit,
			  spi := 1,
			  reqid := 1,
			  share := omit,
			  ipsec := ESP,
			  mode := TRANSPORT,
			  level := use
		  }
      },
      info := {	
        share := USER,
        priority := omit,
        policy_action := ALLOW,
        index := omit,
        interface_index := omit,
        limits := {
          soft_byte_limit := omit,
          hard_byte_limit := omit,
          soft_packet_limit := omit,
          hard_packet_limit := omit,
          soft_add_expires_seconds := 3600,
          hard_add_expires_seconds := 3600,
          soft_use_expires_seconds := omit,
          hard_use_expires_seconds := omit
        }
      }
    };
    
    action("vl_add_pol_info: ", vl_add_pol_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info);
    action("createSP RESULT: ",vl_XFRM_Result);
    
    vl_add_pol_info := {
      update := true,
      protocol := TCP,
      src := {pl_srcAddr,pl_srcPort+100,omit},
      dst := {pl_dstAddr,pl_dstPort+100,omit},
		  dir := OUT,
		  tmpl := {
		  {
			  src := omit,
			  dst := omit,
			  spi := 2,
			  reqid := 2,
			  share := omit,
			  ipsec := ESP,
			  mode := TRANSPORT,
			  level := use
		  }
      },
      info := {	
        share := USER,
        priority := omit,
        policy_action := ALLOW,
        index := omit,
        interface_index := omit,
        limits := {
          soft_byte_limit := omit,
          hard_byte_limit := omit,
          soft_packet_limit := omit,
          hard_packet_limit := omit,
          soft_add_expires_seconds := 3600,
          hard_add_expires_seconds := 3600,
          soft_use_expires_seconds := omit,
          hard_use_expires_seconds := omit
        }
      }
    };    action("vl_add_pol_info: ", vl_add_pol_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info);
    action("createSP RESULT: ",vl_XFRM_Result);
   
    var SAAddInfo vl_sa_add_info := {
    	update := omit,
        protocol := TCP,
    	ipsec := ESP,
    	ipsec_algos := {
      	auth := { name := HMAC_MD5, key := {text:="0123456789012345"}},
      	enc  := { name := CBC_AES, key := {text:="0123456789012345"}}
    	},
    	mode := TRANSPORT,
    	spi := 1,
    	src := {pl_srcAddr,pl_srcPort, omit},
    	dst := {pl_dstAddr,pl_dstPort, omit},
			nat_t := omit,//{ESPINUDP,4500,4500,omit},
			info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}}
  	};
    
    action("vl_sa_add_info: ", vl_sa_add_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info);
    action("createSA RESULT: ",vl_XFRM_Result);
    
    vl_sa_add_info := {
    	update := omit,
        protocol := TCP,
    	ipsec := ESP,
    	ipsec_algos := {
      	auth := { name := HMAC_MD5, key := {text:="0123456789012345"}},
      	enc  := { name := CBC_AES, key := {text:="0123456789012345"}}
    	},
    	mode := TRANSPORT,
    	spi := 2,
    	src := {pl_srcAddr,pl_srcPort+100, omit},
    	dst := {pl_dstAddr,pl_dstPort+100, omit},
			nat_t := omit,//{ESPINUDP,4500,4500,omit},
			info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}}
  	};
    
    action("vl_sa_add_info: ", vl_sa_add_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info);
    action("createSA RESULT: ",vl_XFRM_Result);


    // check pol info by shell command:
    //var charstring vl_command := "ip xfrm state";
    var charstring vl_command := "ip xfrm policy";
    var charstring vl_stdout, vl_stderr;
    if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
      setverdict(inconc,"Cannot execute the command "&vl_command);
    }
    action("Result: ", vl_stdout, " errors: ",vl_stderr);
    var boolean vl_passResult := vl_stdout != "" and vl_stderr == "";
    
    // check association info by shell command:
    vl_command := "ip xfrm state";
    if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
      setverdict(inconc,"Cannot execute the command "&vl_command);
    }
    action("Result: ", vl_stdout, " errors: ",vl_stderr);
    vl_passResult := vl_passResult and vl_stdout != "" and vl_stderr == "";


    // delete all SA/SP with the flush functions:

    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_flushSP();
    action("flushSP RESULT: ",vl_XFRM_Result);
    
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_flushSA();
    action("flushSA RESULT: ",vl_XFRM_Result);
    
    // check the result:
    vl_command := "ip xfrm policy";
    if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
      setverdict(inconc,"Cannot execute the command "&vl_command);
    }
    action("Result: ", vl_stdout, " errors: ",vl_stderr);
    vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == "";

    vl_command := "ip xfrm state";
    if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
      setverdict(inconc,"Cannot execute the command "&vl_command);
    }
    action("Result: ", vl_stdout, " errors: ",vl_stderr);
    vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == "";


    if (vl_passResult) {
      setverdict (pass)
    } else {
      setverdict (fail, "flush SA/SP failed")
    }

    f_EPTF_Base_stop(none);
}

// client(B) + server(A) (uses same host, => no encryption) without sudo there is no enrcyption either
// starts with:
// sudo ~/ethjgi/sudo.sh  ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_basic_SA_testAB
// creates IPsec connection B-->A, no encryption!!, message is sent from B to A
testcase tc_Transport_IPsecHandler_basic_SA_testAB() runs on EPTF_Transport_IPsecHandler_Test_CT {

    f_EPTF_Transport_IPsecHandler_init_CT("Transport_IPsecHandler_basic_SA_testAB");
    
// from function f_IMS_SIP_Auth_AKA_createIPSecSA


    var charstring pl_srcAddr := "127.0.0.1";//"6.0.0.86";//"127.0.0.1";
    var integer pl_srcPort := 44332;
    var charstring pl_dstAddr := "127.0.0.1";//"6.0.0.159";//"6.0.0.86";//"127.0.0.1";
    var integer pl_dstPort := 44333;
    var integer pl_spi := 1;
    var integer pl_lifeTime := 10;
    var TCCIPsec_PolicyDirection  pl_dir := outDir;
    var TCCIPsec_Algorithm pl_algo := {encrAndAuth := {
      ealgo := EALG_AESCBC,//EALG_NONE,
      ekey := {text := "0123456789012345"},
      aalgo := AALG_MD5HMAC,
      akey := {text := "0123456789012345"}
    }};
    
    
    var XFRM_Result vl_XFRM_Result;

    var SPAddInfo vl_add_pol_info := {
      update := true,
      protocol := TCP,
      src := {pl_srcAddr,pl_srcPort,omit},
      dst := {pl_dstAddr,pl_dstPort,omit},
		  dir := OUT,
		  tmpl := {
		  {
			  src := omit,
			  dst := omit,
			  spi := 1,
			  reqid := 1,
			  share := omit,
			  ipsec := ESP,
			  mode := TRANSPORT,
			  level := use
		  }
      },
      info := {	
        share := USER,
        priority := omit,
        policy_action := ALLOW,
        index := omit,
        interface_index := omit,
        limits := {
          soft_byte_limit := omit,
          hard_byte_limit := omit,
          soft_packet_limit := omit,
          hard_packet_limit := omit,
          soft_add_expires_seconds := 3600,
          hard_add_expires_seconds := 3600,
          soft_use_expires_seconds := omit,
          hard_use_expires_seconds := omit
        }
      }
    };
    
    action("vl_add_pol_info: ", vl_add_pol_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info);
    action("createSP RESULT: ",vl_XFRM_Result);
    
    var SAAddInfo vl_sa_add_info := {
    	update := omit,
        protocol := TCP,
    	ipsec := ESP,
    	ipsec_algos := {
      	auth := { name := HMAC_MD5, key := {text:="0123456789012345"}},
      	enc  := { name := CBC_AES, key := {text:="0123456789012345"}}
    	},
    	mode := TRANSPORT,
    	spi := 1,
    	src := {pl_srcAddr,pl_srcPort, omit},
    	dst := {pl_dstAddr,pl_dstPort, omit},
			nat_t := omit,//{ESPINUDP,4500,4500,omit},
			info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}}
  	};
    
    action("vl_sa_add_info: ", vl_sa_add_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info);
    action("createSA RESULT: ",vl_XFRM_Result);


    var integer vl_connId;
    var integer vl_listenId;
  
    f_EPTF_Transport_IPsecHandler_Test_createConnection(
      pl_transportType := IPL4,
      pl_proto := {tcp := {}},
      pl_srcAddr := pl_srcAddr,
      pl_srcPort := pl_srcPort,
      pl_dstAddr := pl_dstAddr,
      pl_dstPort := pl_dstPort,
      pl_listenId := vl_listenId,
      pl_connId := vl_connId
    );
    
    f_EPTF_Transport_IPsecHandler_Test_sendMsg(
      pl_transportType := IPL4,
      pl_connId := vl_connId,
      pl_msg := '0102030405060708'O,
      pl_proto := {tcp := {}}
    );
    
    
    f_EPTF_Transport_IPsecHandler_Test_closeConnection( IPL4, vl_connId, vl_listenId);


    var SPDelInfo vl_del_pol_info := {
      dir := OUT,
      protocol := TCP, 
      src := {pl_srcAddr,pl_srcPort,omit},
      dst := {pl_dstAddr,pl_dstPort,omit}
    };
    
    action("vl_del_pol_info: ", vl_del_pol_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSP(vl_del_pol_info);
    action("deleteSP RESULT: ",vl_XFRM_Result);
    
    var SADelInfo vl_del_sa_info := {
      proto := ESP,
      spi := 1,
      src := {pl_srcAddr,pl_srcPort, omit},
      dst := {pl_dstAddr,pl_dstPort, omit}
    };     
	 
    action("vl_del_sa_info: ", vl_del_sa_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSA(vl_del_sa_info);
    action("deleteSA RESULT: ",vl_XFRM_Result);


    f_EPTF_Base_stop(none);
}

// server: runs on toolserver159,
// starts with:
// sudo ~/ethjgi/sudo.sh  ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_basic_SA_testA_Manual
// creates IPsec connection B-->A, message should be received from B
// should be started before tc_Transport_IPsecHandler_basic_SA_testB_Manual
testcase tc_Transport_IPsecHandler_basic_SA_testA_Manual() runs on EPTF_Transport_IPsecHandler_Test_CT {

    f_EPTF_Transport_IPsecHandler_init_CT("Transport_IPsecHandler_basic_SA_testA");
    
// from function f_IMS_SIP_Auth_AKA_createIPSecSA


    var charstring pl_srcAddr := "6.0.0.86";//"127.0.0.1";
    var integer pl_srcPort := 44332;
    var charstring pl_dstAddr := "6.0.0.159";//"6.0.0.86";//"127.0.0.1";
    var integer pl_dstPort := 44333;
    var integer pl_spi := 1;
    var integer pl_lifeTime := 10;
    var TCCIPsec_PolicyDirection  pl_dir := outDir;
    var TCCIPsec_Algorithm pl_algo := {encrAndAuth := {
      ealgo := EALG_AESCBC,//EALG_NONE,
      ekey := {text := "0123456789012345"},
      aalgo := AALG_MD5HMAC,
      akey := {text := "0123456789012345"}
    }};
    
    
    var XFRM_Result vl_XFRM_Result;

    var SPAddInfo vl_add_pol_info := {
      update := true,
      protocol := TCP,
      src := {pl_srcAddr,pl_srcPort,omit},
      dst := {pl_dstAddr,pl_dstPort,omit},
		  dir := OUT,
		  tmpl := {
		  {
			  src := omit,
			  dst := omit,
			  spi := 1,
			  reqid := 1,
			  share := omit,
			  ipsec := ESP,
			  mode := TRANSPORT,
			  level := use
		  }
      },
      info := {	
        share := USER,
        priority := omit,
        policy_action := ALLOW,
        index := omit,
        interface_index := omit,
        limits := {
          soft_byte_limit := omit,
          hard_byte_limit := omit,
          soft_packet_limit := omit,
          hard_packet_limit := omit,
          soft_add_expires_seconds := 3600,
          hard_add_expires_seconds := 3600,
          soft_use_expires_seconds := omit,
          hard_use_expires_seconds := omit
        }
      }
    };

    action("vl_add_pol_info: ", vl_add_pol_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info);
    action("createSP RESULT: ",vl_XFRM_Result);
    
    var SAAddInfo vl_sa_add_info := {
    	update := omit,
        protocol := TCP,
    	ipsec := ESP,
    	ipsec_algos := {
      	auth := { name := HMAC_MD5, key := {text:="0123456789012345"}},
      	enc  := { name := CBC_AES, key := {text:="0123456789012345"}}
    	},
    	mode := TRANSPORT,
    	spi := 1,
    	src := {pl_srcAddr,pl_srcPort, omit},
    	dst := {pl_dstAddr,pl_dstPort, omit},
			nat_t := omit,//{ESPINUDP,4500,4500,omit},
			info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}}
  	};
    
    action("vl_sa_add_info: ", vl_sa_add_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info);
    action("createSA RESULT: ",vl_XFRM_Result);


    var integer vl_listenId;
  
    f_EPTF_Transport_IPsecHandler_Test_listen(
      pl_transportType := IPL4,
      pl_proto := {tcp := {}},
      pl_srcAddr := pl_srcAddr,
      pl_srcPort := pl_srcPort,
      pl_dstAddr := pl_dstAddr,
      pl_dstPort := pl_dstPort,
      pl_listenId := vl_listenId
    );
    
    timer t_wait := 20.0;
    t_wait.start;
    t_wait.timeout; // wait for connection...    
    
    f_EPTF_Transport_IPsecHandler_Test_closeConnection( IPL4, -1, vl_listenId);


    var SPDelInfo vl_del_pol_info := {
      dir := OUT,
      protocol := TCP, 
      src := {pl_srcAddr,pl_srcPort,omit},
      dst := {pl_dstAddr,pl_dstPort,omit}
    };
    
    action("vl_del_pol_info: ", vl_del_pol_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSP(vl_del_pol_info);
    action("deleteSP RESULT: ",vl_XFRM_Result);
    
    var SADelInfo vl_del_sa_info := {
      proto := ESP,
      spi := 1,
      src := {pl_srcAddr,pl_srcPort, omit},
      dst := {pl_dstAddr,pl_dstPort, omit}
    };     
	 
    action("vl_del_sa_info: ", vl_del_sa_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSA(vl_del_sa_info);
    action("deleteSA RESULT: ",vl_XFRM_Result);


    f_EPTF_Base_stop(none);
}

// client: runs on toolserver086
// starts with:
// sudo ~/ethjgi/sudo.sh  ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_basic_SA_testB_Manual
// creates IPsec connection B-->A and send a message to A,
// should be started after tc_Transport_IPsecHandler_basic_SA_testA_Manual
testcase tc_Transport_IPsecHandler_basic_SA_testB_Manual() runs on EPTF_Transport_IPsecHandler_Test_CT {

    f_EPTF_Transport_IPsecHandler_init_CT("Transport_IPsecHandler_basic_SA_testB");
    
// from function f_IMS_SIP_Auth_AKA_createIPSecSA


    var charstring pl_srcAddr := "6.0.0.86";//"127.0.0.1";
    var integer pl_srcPort := 44332;
    var charstring pl_dstAddr := "6.0.0.159";//"6.0.0.86";//"127.0.0.1";
    var integer pl_dstPort := 44333;
    var integer pl_spi := 1;
    var integer pl_lifeTime := 10;
    var TCCIPsec_PolicyDirection  pl_dir := outDir;
    var TCCIPsec_Algorithm pl_algo := {encrAndAuth := {
      ealgo := EALG_AESCBC,//EALG_NONE,
      ekey := {text := "0123456789012345"},
      aalgo := AALG_MD5HMAC,
      akey := {text := "0123456789012345"}
    }};
    
    
    var XFRM_Result vl_XFRM_Result;

    var SPAddInfo vl_add_pol_info := {
      update := true,
      protocol := TCP,
      src := {pl_srcAddr,pl_srcPort,omit},
      dst := {pl_dstAddr,pl_dstPort,omit},
		  dir := OUT,
		  tmpl := {
		  {
			  src := omit,
			  dst := omit,
			  spi := 1,
			  reqid := 1,
			  share := omit,
			  ipsec := ESP,
			  mode := TRANSPORT,
			  level := use
		  }
      },
      info := {	
        share := USER,
        priority := omit,
        policy_action := ALLOW,
        index := omit,
        interface_index := omit,
        limits := {
          soft_byte_limit := omit,
          hard_byte_limit := omit,
          soft_packet_limit := omit,
          hard_packet_limit := omit,
          soft_add_expires_seconds := 3600,
          hard_add_expires_seconds := 3600,
          soft_use_expires_seconds := omit,
          hard_use_expires_seconds := omit
        }
      }
    };
    
    action("vl_add_pol_info: ", vl_add_pol_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info);
    action("createSP RESULT: ",vl_XFRM_Result);
    
    var SAAddInfo vl_sa_add_info := {
    	update := omit,
        protocol := TCP,
    	ipsec := ESP,
    	ipsec_algos := {
      	auth := { name := HMAC_MD5, key := {text:="0123456789012345"}},
      	enc  := { name := CBC_AES, key := {text:="0123456789012345"}}
    	},
    	mode := TRANSPORT,
    	spi := 1,
    	src := {pl_srcAddr,pl_srcPort, omit},
    	dst := {pl_dstAddr,pl_dstPort, omit},
			nat_t := omit,//{ESPINUDP,4500,4500,omit},
			info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}}
  	};
    
    action("vl_sa_add_info: ", vl_sa_add_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info);
    action("createSA RESULT: ",vl_XFRM_Result);


    var integer vl_connId;
  
    f_EPTF_Transport_IPsecHandler_Test_connect(
      pl_transportType := IPL4,
      pl_proto := {tcp := {}},
      pl_srcAddr := pl_srcAddr,
      pl_srcPort := pl_srcPort,
      pl_dstAddr := pl_dstAddr,
      pl_dstPort := pl_dstPort,
      pl_connId := vl_connId
    );
    
    f_EPTF_Transport_IPsecHandler_Test_sendMsg(
      pl_transportType := IPL4,
      pl_connId := vl_connId,
      pl_msg := '0102030405060708'O,
      pl_proto := {tcp := {}}
    );
    
    timer t_wait := 10.0;
    t_wait.start; t_wait.timeout;
    f_EPTF_Transport_IPsecHandler_Test_closeConnection( IPL4, vl_connId, -1);


    var SPDelInfo vl_del_pol_info := {
      dir := OUT,
      protocol := TCP, 
      src := {pl_srcAddr,pl_srcPort,omit},
      dst := {pl_dstAddr,pl_dstPort,omit}
    };
    
    action("vl_del_pol_info: ", vl_del_pol_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSP(vl_del_pol_info);
    action("deleteSP RESULT: ",vl_XFRM_Result);
    
    var SADelInfo vl_del_sa_info := {
      proto := ESP,
      spi := 1,
      src := {pl_srcAddr,pl_srcPort, omit},
      dst := {pl_dstAddr,pl_dstPort, omit}
    };     
	 
    action("vl_del_sa_info: ", vl_del_sa_info);
    vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSA(vl_del_sa_info);
    action("deleteSA RESULT: ",vl_XFRM_Result);


    f_EPTF_Base_stop(pass);
}

control {
  execute(tc_Transport_IPsecHandler_basic_SA_testAB());
}

} // module